Invention That Monitored and Analyzed Network Activity Found Patent Eligible

By: Irah H. Donner

In SRI International, Inc. v. Cisco Systems, Inc.,1 the Federal Circuit held a claimed invention that used network monitors to detect suspicious network activity by analyzing network traffic data, generating and integrating reports of that suspicious activity using hierarchical monitors, was patent-eligible. SRI owned U.S. Patent Nos. 6,484,203 and 6,711,615. The ’615 patent (titled “Network Surveillance”) was a continuation of the ’203 patent (titled “Hierarchical Event Monitoring and Analysis”). Claim 1 of the ’615 patent recited the following:

1. A computer-automated method of hierarchical event monitoring and analysis within an enterprise network comprising:

deploying a plurality of network monitors in the enterprise network;

detecting, by the network monitors, suspicious network activity based on analysis of network traffic data selected from one or more of the following categories: network packet data transfer commands, network packet data transfer errors, network packet data volume, network connection requests, network connection denials, error codes included in a network packet, network connection acknowledgements, and network packets indicative of well-known network-service protocols;

generating, by the monitors, reports of said suspicious activity;

and automatically receiving and integrating the reports of suspicious activity, by one or more hierarchical monitors.2

The Federal Circuit relayed the test for determining patent eligibility:

To determine whether a patent claims ineligible subject matter, the Supreme Court has established a two-step framework. First, we must determine whether the claims at issue are directed to a patent-ineligible concept such as an abstract idea. . . . Second, if the claims are directed to an abstract idea, we must “consider the elements of each claim both individually and ‘as an ordered combination’ to determine whether the additional elements ‘transform the nature of the claim’ into a patent-eligible application.” . . . To transform an abstract idea into a patent-eligible application, the claims must do “more than simply stat[e] the abstract idea while adding the words ‘apply it.’”3

The court held that the claimed invention was not abstract under the first step of Alice and, therefore, analysis of the second step was not necessary:

We resolve the eligibility issue at Alice step one and conclude that claim 1 is not directed to an abstract idea. . . . The district court concluded that the claims are more complex than merely reciting the performance of a known business practice on the Internet and are better understood as being necessarily rooted in computer technology in order to solve a specific problem in the realm of computer networks. . . . We agree. The claims are directed to using a specific technique—using a plurality of network monitors that each analyze specific types of data on the network and integrating reports from the monitors—to solve a technological problem arising in computer networks: identifying hackers or potential intruders into the network.

 

Contrary to Cisco’s assertion, the claims are not directed to just analyzing data from multiple sources to detect suspicious activity. Instead, the claims are directed to an improvement in computer network technology. Indeed, representative claim 1 recites using network monitors to detect suspicious network activity based on analysis of network traffic data, generating reports of that suspicious activity, and integrating those reports using hierarchical monitors. . . . The “focus of the claims is on the specific asserted improvement in computer capabilities”—that is, providing a network defense system that monitors network traffic in real-time to automatically detect large-scale attacks.4

Why it matters:

The SRI International, Inc. v. Cisco Systems, Inc. decision is important because the Federal Circuit clarified that claims will not be considered abstract under step one of Alice Corp. v. CLS Bank International if the “focus of the claims is on the specific asserted improvement in computer capabilities.” In this case, the improvement in computer capabilities was providing a network defense system that monitored network traffic in real time to automatically detect large-scale attacks. Significantly, the court did not require the improvement to be in computer processing efficiency; that is, improved computer “capabilities” was sufficient to be considered patent eligible under step one of Alice, and there was no need to consider step two of Alice. Thus, this decision should increase the likelihood of patent eligibility for more computer software-related inventions.

1 SRI International, Inc. v. Cisco Systems, Inc., 918 F.3d 1368, 2019 USPQ2d 94789, 2019 WL 1271160 (Fed. Cir. 2019).

2 Id., 918 F.3d at 1374 (quoting U.S. Patent No. 6,711,615, col. 15 ll. 2-21).

3 Id., 918 F.3d at 1374 (quoting Alice Corp. v. CLS Bank Int’l, 573 U.S. 208, 217, 221, 110 USPQ2d 1976, 1981, 1982-83 (2014)).

4 Id., 918 F.3d at 1375.