UNITED STATES DISTRICT COURT
`SOUTHERN DISTRICT OF NEW YORK
`
`, DOC #:
`
`I
`
`I
`
`Case 1:13-cv-03777-AKH Document 82 Filed 03/18/14 Page 1 of 13
`1
`I~================~
`II USDC Sf.:\y
`I
`IELl' ':1.,,).\ I CALL FILEDj
`I DOO ':'~',T
`~ DATE FI:.ED: ~{rzVf .­
`
`~••------------~--~-------------------------------------------- Je
`
`INTELLECTUAL VENTURES II L.L.C.,
`
`Plaintiff,
`
`-against­
`
`JP MORGAN CHASE & CO. et al.
`
`Defendants.
`
`ORDER REGARDING CLAIM
`CONSTRUCTION AND
`PATENT SUMMARIES
`
`l3 Civ. 3777 (AKH)
`
`--------------------------------------------------------------- Je
`
`ALVIN K. HELLERSTEIN, UNITED STATES DISTRICT JUDGE:
`
`On March 5 and March 6,2014, the Court held a hearing in accordance with
`
`Markman v. Westview Instruments, Inc., 52 F.3d 967 (Fed. Cir. 1995) (en bane), afJ'd 516 U.S.
`
`370 (1996), regarding the patents asserted in this case, U.S. Patents Nos. 6,715,084 (the '084
`
`Patent), 6,314,409 (the '409 Patent), 5,745,574 (the '574 Patent), 6,826,694 (the '694 Patent),
`
`and 7,634,666 (the '666 Patent). At the hearing, the Court additionally directed the parties to
`
`comment on proposed summaries to be used to introduce the patents to the jury.
`
`STANDARD
`
`The purpose of a Markman hearing is to allow a court to eJeamine and resolve
`
`disputes over the scope and meaning of the claim language in the patent.
`
`"[T]he interpretation and construction of patent claims, which define the scope of
`
`the patentee's rights under the patent, is a matter oflaw eJeclusively for the court." Markman, 52
`
`F.3d at 970-71. A court's construction of disputed language is governed by the following
`
`principles:
`
`1
`
`Commerce Bancshares, Inc., et al.
`Exhibit 1006
`Page 1
`
`

`

`Case 1:13-cv-03777-AKH Document 82 Filed 03/18/14 Page 2 of 13
`
`"The words of a claim are generally given their ordinary and customary meanings
`
`as understood by a person of ordinary skill in the art when read in the context of the specification
`
`and prosecution history." Thorner v. Sony Entertainment America, LLC, 699 FJd 1362, 1365
`
`(Fed. Cir. 2012). "In some cases, the ordinary meaning of claim language as understood by a
`
`person of skill in the art may be readily apparent even to lay judges, and claim construction in
`
`such cases involves little more than the application of the widely accepted meaning of commonly
`
`understood words." Phillips v. A WH Corp. , 415 F.3d 1303, 1314 (Fed. Cir. 2005) (en bane).
`
`"The claims are directed to the invention that is described in the specification;
`
`they do not have meaning removed from the context from which they arose." Netword, LLC v.
`
`Centraal Corp., 242 F.3d 1347, 1352 (Fed. Cir. 2001). "[T]he context in which a term is used in
`
`the asserted claim can be highly instructive. . .. Because claim terms are normally used
`
`consistently throughout the patent, the usage of a term in one claim can often illuminate the
`
`meaning of the same term in other claims. Differences among claims can also be a useful guide
`
`in understanding the meaning of particular claim terms." Phillips, 415 F.3d at 1314-15.
`
`"[C]laims must be read in view of the specification, of which they are a part .... the specification
`
`is always highly relevant to the claim construction analysis. Usually, it is dispositive; it is the
`
`single best guide to the meaning of a disputed term." Id. at 1315.
`
`"Claims are interpreted with an eye toward giving effect to all terms in the claim."
`
`Digital-Vending Servs. Int'l v. University ofPhoenix, Inc., 672 F.3d 1270, 1275 (Fed. Cir. 2012).
`
`"[A] court should also consider the patent's prosecution history, ifit is in
`
`evidence. Like the specification, the prosecution history provides evidence of how the PTO and
`
`the inventor understood the patent. . " [T]he prosecution history can often inform the meaning
`
`of the claim language by demonstrating how the inventor understood the invention and whether
`
`2
`
`
`Commerce Bancshares, Inc., et al.
`Exhibit 1006
`Page 2
`
`

`

`Case 1:13-cv-03777-AKH Document 82 Filed 03/18/14 Page 3 of 13
`
`the inventor limited the invention in the course of prosecution, making the claim scope narrower
`
`than it would otherwise be." Phillips, 415 F.3d at 1317.
`
`When it comes to providing a jury with instructions, the trial court should provide
`
`adequate guidance that "can be understood and given effect by the jury once it resolves the issues
`
`of fact which are in dispute." Sulzer Textil A.G. v. Picanol N V, 358 F.3d 1356, 1366 (Fed. Cir.
`
`2004). The trial judge does not need to repeat his claim construction in the jury instructions.
`
`But, "the district court must instruct the jury on the meanings to be attributed to all disputed
`
`terms used in the claims in suit so that the jury will be able to intelligently determine the
`
`questions presented." Id.
`
`In this case, there is a dispute regarding means-plus-function limitations on
`
`certain of the '409 Patent claims. 35 U.S.C. § 112(f) provides that: "An element in a claim for a
`
`combination may be expressed as a means or step for performing a specified function without the
`
`recital of structure, material, or acts in support thereof, and such claim shall be construed to
`
`cover the corresponding structure, material, or acts described in the specification and equivalents
`
`thereof."
`
`"All one needs to do in order to obtain the benefit of [§ 112(f)] is to recite some
`
`structure corresponding to the means in the specification, as the statute states, so that one can
`
`readily ascertain what the claim means and comply with the particularity requirement of [§
`
`112(b)]." Atmel Corp. v. Information Storage Devices, Inc., 198 F.3d 1374, 1382 (Fed. Cir.
`
`1999). "[A] means-plus-function clause is indefinite if a person of ordinary skill in the art would
`
`be unable to recognize the structure in the specification and associate it with the corresponding
`
`function in the claim." Noah Sys., Inc. v. Intuit Inc., 675 F.3d 1302, 1312 (Fed. Cir. 2012)
`
`(quotation omitted). "The amount of detail that must be included in the specification depends on
`
`3
`
`
`Commerce Bancshares, Inc., et al.
`Exhibit 1006
`Page 3
`
`

`

`Case 1:13-cv-03777-AKH Document 82 Filed 03/18/14 Page 4 of 13
`
`the subject matter that is described and its role in the invention as a whole, in view of the existing
`
`knowledge in the field of the invention." Typhoon Touch Techs., Inc. v. Dell, Inc., 659 F.3d
`
`1376, 1385 (Fed.Cir.2011). There is no need for the patent to contain information that one of
`
`skill in the art would not need, but "the testimony of one of skill in the art cannot supplant the
`
`total absence of structure from the specification." Default ProofCredit Card System, Inc. v.
`
`Home Depot US.A, Inc., 412 F.3d 1291, 1302 (Fed. Cir. 2005).
`
`"Without evidence, ordinarily neither the district court nor [the Federal Circuit]
`
`can decide whether, for a specific function, the description in the specification is adequate from
`
`the viewpoint of a person of ordinary skill in the field of the invention." Elcommerce.com, Inc.
`
`v. SAP AG, --- F.3d ----, No. 2011-1369, 2014 WL 685622 (Fed. Cir. Feb. 24,2014)
`
`RULINGS
`
`The Court's rulings regarding the disputed claim terms and the summaries of the
`
`patents follow. The summaries may be subject to future revision.
`
`I.
`
`The '084 Patent
`
`A. Summary of the Patent
`
`This patent covers a network-based system for detecting intruders. The patent
`
`describes a data collection and processing center, which looks at information from multiple
`
`hosts, servers and/or computer sites. The data is collected and then analyzed by the intrusion
`
`analysis unit. If an intrusion is detected, then the center alerts other network devices, or their
`
`administrators.
`
`The asserted novelty of this patent comes from comparing data from multiple
`
`sources. The idea behind the patent is that by looking at data across multiple sources, the
`
`claimed device can detect intrusions which would not be detected by looking at data on a single
`
`network.
`
`4
`
`
`Commerce Bancshares, Inc., et al.
`Exhibit 1006
`Page 4
`
`

`

`Case 1:13-cv-03777-AKH Document 82 Filed 03/18/14 Page 5 of 13
`
`The patent does not cover what specific techniques are used to detect an intrusion.
`
`B. Disputed Terms
`
`1. An anomaly
`
`An irregularity in the data
`
`2. Network based intrusion
`detection techniques
`
`Plurality of hosts, servers and
`computer sites in the
`networked computer system
`
`3.
`
`4.
`
`Techniques for detecting, by analyzing network
`communications, whether unauthorized computers have
`. entered or are seeking to enter a network, or are
`. conducting reconnaissance activities
`
`i
`
`. Multiple hosts, servers, and/or computer sites within a
`· computer network
`
`Pattern correlations across the Analysis ofpatterns ofdata across multiple hosts, servers,
`plurality of hosts, servers, and
`and/or computer sites
`computer sites
`
`5. Alerting the devices! alerts the NotifYing the device, an associatedfirewall, or
`administrator
`devices
`
`6.
`
`Sense data
`
`7. Host
`
`8. An electronic notification to
`one of the device and an
`
`administrator of the device
`
`
`Interpretation of terms not required
`
`mputer
`
`Interpretation of terms not required
`
`
`9. Reconnaissance activity
`
`Interpretation of terms not required
`
`10. Have been affected
`
`Interpretation of terms not required
`
`11. • An intrusion
`
`An entry by an unauthorized computer into the secured
`network
`
`12.
`
`13.
`
`Adjusting the firewall!
`controlling the device
`
`Reconfiguring or adjusting pertinent parameters [ofthe
`firewall! ofthe device]
`
`Generating an automated
`response to the intrusion
`
`Generating a response (including an alert, a log, a
`parameter adjustment, or a notification) to the intrusion
`without manual intervention
`
`5
`
`Commerce Bancshares, Inc., et al.
`Exhibit 1006
`Page 5
`
`

`

`Case 1:13-cv-03777-AKH Document 82 Filed 03/18/14 Page 6 of 13
`
`Capable ofbeing controlled, adjusted, or reconfigured
`with respect to pertinent parameters
`
`15.
`
`[A device] anticipated to be
`affected
`
`May be impacted
`
`II.
`
`The'409 Patent
`
`A. Summary of the Patent
`
`This patent is a method for limiting access to sensitive data. Sensitive data is
`
`encrypted and then sent with rules limiting who can access the data. (The rules can also be sent
`
`and/or stored separately.) A computer gives access to the date in an unencrypted form as
`
`provided for by the rules. Different people may be given different access to data, for different
`
`purposes.
`
`B. Disputed Terms
`
`1. Openly distributed data
`
`Data transmitted over an openly accessible
`communications channel
`
`2. Rules defining access rights
`
`Rules governing access to the data
`
`3. At least one low level effectively
`defines a virtual machine
`
`At least one low level is defined as A level
`within a computer system below a high-level
`application environment.
`
`A virtual machine is defined as a software
`process that emulates another process or
`computer
`
`6
`
`
`Commerce Bancshares, Inc., et al.
`Exhibit 1006
`Page 6
`
`

`

`Case 1:13-cv-03777-AKH Document 82 Filed 03/18/14 Page 7 of 13
`
`4. Means for outputting
`
`5. Means for generating
`
`6.
`
`Protected data portion / Protecting
`portions of the data / Protected portions
`of the data
`
`7. Data encrypting key ... corresponding
`data decrypting key
`
`8.
`
`Internal ... built in to the access
`mechanism
`
`9.
`
`Intensity of access to the data
`
`Function: Outputting the images represented by
`the accessed data / outputting the output signal
`represented by the accessed data
`
`Structure: I/O controller and associated display
`monitor or printer
`
`Function: Generating the output signal from the
`accessed data
`
`Structure: One or more devices inputting signals
`into the I/O controller and the I/O controller
`
`Encrypted data portion / Encrypting portions of
`the data / Encrypted portions ofthe data
`
`A key used to encrypt data . .. a key that may be
`used to decrypt the data encrypted with the data
`encryption key
`
`Integrated into the access mechanism
`
`The number or total volume ofread-access in a
`unit oftime
`
`10. Environmental characteristics
`
`Characteristics related to a user environment
`
`11. Made less restrictive
`
`Interpretation of terms not required
`
`12. A stand-alone device
`
`Interpretation of terms not required
`
`13. Means for storing / storage means
`
`Function: Storing the rules
`
`14. Means for displaying
`
`Structure: Computer storage
`
`Function: Displaying the images represented by
`the accessed data
`
`Structure: A display monitor
`
`15. Access control rights
`
`Permissions that control a user's access to data
`
`7
`
`
`Commerce Bancshares, Inc., et al.
`Exhibit 1006
`Page 7
`
`

`

`Case 1:13-cv-03777-AKH Document 82 Filed 03/18/14 Page 8 of 13
`
`Access that is not in accordance with applicable
`rules
`
`17. Unprotected form of the protected data Unencrypted form ofthe protected data portion /
`portion / Unprotected form of the
`Unencrypted form ofthe protected portions of
`protected portions of the data
`the data
`
`18. Access mechanism
`
`Hardware and/or software for controlling access
`to data
`
`III.
`
`The '574 Patent
`
`A. Summary of the Patent
`
`This patent covers a method of using Trusted Entities to ensure that encryption
`
`keys are authentic. Public/private key encryption (which existed prior to this patent) is used to
`
`encrypt data. A public key matches a private key: something encrypted by a public key can only
`
`be decrypted by the private key and vice versa. This patent makes sure that public keys are
`
`authentic by using a Trusted Entity, which holds keys and issues public key certificates, to vouch
`
`for keys. The patent claims various methods associated with these public key certificates
`
`including a method for issuing these certificates, for updating a certificate, and for authenticating
`
`a public key certificate using a chain of valid certificates.
`
`B. Disputed Terms
`
`2.
`
`Public Key
`
`A set ofprocesses and associated devices by
`which certification is achieved
`
`A key that can be used to encrypt data, and to
`decrypt data that has been encrypted by a
`corresponding private key
`
`8
`
`
`Commerce Bancshares, Inc., et al.
`Exhibit 1006
`Page 8
`
`

`

`Case 1:13-cv-03777-AKH Document 82 Filed 03/18/14 Page 9 of 13
`
`3.
`
`Public Key Certificate
`
`4. Certification authority
`
`5. Revoking the current certificate
`
`A certificate that vouches for the
`trustworthiness ofa public key including by
`indicating that the public key was issued by the
`issuer who was supposed to have issued it
`
`An authority established by the processing
`system to approve who may use the system
`according to policies or protocols duly
`established for that authority
`
`Designating the current certificate as revoked
`in a data structure that can respond to a query
`by indicating the certificate's revocation status
`
`6.
`
`Self-signing the data structure
`
`Interpretation of terms not required
`
`7. A computer process authorized as an
`. issuing certification authority
`
`
`8. A common certificate repository / A
`common repository
`
`
`Interpretation of terms not required
`
`
`Interpretation of terms not required
`
`
`9.
`
`End user
`
`. Interpretation of terms not required
`
`10.. All relevant certificate revocation lists
`
`Interpretation of terms not required
`
`11. Authorized to issue the new signed
`. certificate
`
`
`Interpretation of terms not required
`
`
`12. A certificate storage database
`
`13. Representation of a certificate
`infrastructure
`
`14. Policy certification authority
`
`Interpretation of terms not required
`IInterpretation of terms not required
`
`. Authority that defines a particular set of
`certification policies
`
`15. Revocation list
`
`A list identifYing revoked certificates
`
`16. Certifying and returning the data
`structure
`
`Signing the certificate and returning it to the
`requester
`
`17. Common point of trust
`
`A point that is trusted by both the sender and
`
`9
`
`
`Commerce Bancshares, Inc., et al.
`Exhibit 1006
`Page 9
`
`

`

`Case 1:13-cv-03777-AKH Document 82 Filed 03/18/14 Page 10 of 13
`
`18. A certificate
`
`19. Application
`
`20.
`
`In common with
`
`21. Validated
`
`the receiver
`
`A public key certificate
`
`Computer Program
`
`Also trusted by
`
`Verified
`
`22. Verifying the authenticity of said request VerifYing that the request is from the requestor
`
`23. Subordinate computer process
`
`24. Data items required for a public key
`certificate
`
`A computer process at a lower level ofa given
`branch ofthe certification hierarchy
`
`A public key and the requestor's identity
`
`25. Performed upon expiration of an existing Performed after the certificate's expiration date
`certificate
`
`26. Verifying the authenticity of
`
`signatures iteratively, beginning with the
`common point of trust
`
`27. May also be verified by a direct inquiry
`to the certification authority which issued
`that certificate
`
`Decrypting the signature on the public key
`certificate ofthe computer process directly
`below the common point oftrust using the
`public key ofthe common point oftrust, then
`repeating the verification process for the next
`public key certificate in the chain between the
`common point oftrust and the sender, using the
`public key ofthe most recently verified
`computer process, until the sender is verified
`
`May also be verified by a request to the issuing
`certificate authority that is not acted upon by
`any other process in the certification
`infrastructure
`
`28.
`
`Issuing new certificates to all subordinate
`computer processes for which certificates
`had been previously signed by the first
`. computer process and copying to all
`• subordinate computer processes the new
`I certificate to be used for verification of
`
`Signing new certificates for all subordinate
`computer processes for which certificates had
`been previously signed by the first computer
`process, and distributing those new certificates
`to those subordinate processes for them to use
`
`10
`
`
`Commerce Bancshares, Inc., et al.
`Exhibit 1006
`Page 10
`
`

`

`Case 1:13-cv-03777-AKH Document 82 Filed 03/18/14 Page 11 of 13
`
`to verify new subordinate certificates
`
`29.
`
`Iteratively performing the distribution of Each new certificate recipient distributing the
`the new certificate to all subsequent
`new certificate to its direct subordinate entities
`subordinate computer processes
`
`IV.
`
`The '694 Patent
`
`A. Summary of the Patent
`
`This patent covers a method for filtering packets of information, based on the data
`
`contained in multiple packets.
`
`A packet of information typically has two components: (l) the header, which
`
`contains information about the destination and source, and (2) the payload, which contains the
`
`data. Frequently data is spread over several packets. The patent filters packets based on the data
`
`contained in the payload of a first packet, and the contents of at least one other packet.
`
`B. Disputed Terms·
`
`1. Packet
`
`2. A combination of the contents of the packet
`received in step a and the contents of at
`least one other packet
`
`3. Access rule
`
`Discrete unit ofinformation being routed
`through a computer network, often to a
`designated addressee
`
`Interpretation of terms not required
`
`A rule for filtering information traveling
`between a source and a destination
`
`Per the parties' agreement, the Court has not construed the term Implementing the access
`rule for a packet. If the construction of that term is disputed, then the Court will construe the
`term in due course.
`The parties have agreed that the construction of this Claim Term will also determine the
`2
`construction of the term Contents ofthe payload ofthe packet received in step a.
`
`11
`
`Commerce Bancshares, Inc., et al.
`Exhibit 1006
`Page 11
`
`

`

`Case 1:13-cv-03777-AKH Document 82 Filed 03/18/14 Page 12 of 13
`
`4. Selecting an access rule based upon the
`content of the payload ofthe packet
`received in step a
`
`IdentifYing an access rule based at least in
`part upon the content ofthe payload ofthe
`packet received in step a
`
`5. Payload
`
`Data conveyed by the packet outside the
`header segment
`
`V.
`
`The '666 Patent
`
`A. Summary of the Patent
`
`This patent covers a crypto-engine, a processor, which is dedicated to
`
`encryption/decryption. The cryptoengine uses two protocols for encrypting/decrypting data:
`
`RSA (which bases computations on the mUltiplication oflarge prime numbers) and ECC (which
`
`bases computations on an elliptic curve). Both protocols use modular multiplication.
`
`B. Disputed Terms
`
`A unit that performs multiplication
`
`A unit that performs addition
`
`Sign inversion
`unit
`
`A unit that changes positive numbers to negative numbers and changes
`negative numbers to positive numbers
`
`4. Output
`
`Interpretation of terms not required
`
`5. Feedback
`
`Interpretation of terms not required
`
`Host Processor A central processing unit that runs the computer system
`
`7. Op-code signal
`
`Signal capable ofindicating an RSA operation when it has one
`characteristic and an ECC operation when it has a different
`characteristic. RSA and ECC are two protocols for encryption.
`
`12
`
`
`Commerce Bancshares, Inc., et al.
`Exhibit 1006
`Page 12
`
`

`

`Case 1:13-cv-03777-AKH Document 82 Filed 03/18/14 Page 13 of 13
`
`SO ORDERED.
`
`Dated:
`
`New York, New York
`
`Marcy.." 2014
`
`~~ST~
`
`United States District Judge
`
`13
`
`
`Commerce Bancshares, Inc., et al.
`Exhibit 1006
`Page 13
`
`