(Total Views: 564)
Posted On: 02/07/2019 1:41:11 AM
Post# of 82676
SecureAuth Argument transcript -
*Please note that this may have minor errors, however every attempt was made to be as close to exact as spoken by the parties involved in oral arguments.
SA: If I may please the court. The decision below should be affirmed because the district court correctly held that the focus of these claims here is out-of-band authentication and that idea is not specific to computer technology.
And we can see that from this court’s cases such as SecureMail, Prism, both of which were addressed in the briefs. As well as a case that came out after our briefing was complete [Ausgary, Comrony, November, 2016 -2415] which also dealt with a form of out-of-band authentication.
So, there has been 3 cases where specific ways of performing authentication in a computer network were held to be abstract, and those are the cases that we are relying on. The cases that opposing council, Strikeforce’s council is pointing to , do not relate even to authentication . Their , their just simply not as analogous as the cases we are relying on. And the reason why SecuredMail, Prism, and [Asgary/ Comrony] held the claims there ineligible is because authentication even when using different communication channels is not a computer specific problem. And the use of multiple channels is not a computer specific solution.
Communication channels could be paper mail, they could be telephones, they could be all manners of different communication channels and that’s what our preschool analogy illustrates.
And l’ll note that in Prism and SecuredMail this court relied on analogies to determine that the ideas at issue were not computer specific. And that’s what we have done here.
I do want to address Strikeforce’s criticism of our analogy. They mention this idea of authenticating who Aunt Sally is. I don’t see anything in the claims that require a verification of the identity of a person apart from verifying that they have the correct information. So there is nothing in the claims that reflects this idea of authenticating who Aunt Sally is as opposed of just that , uh , they have the right login identification. And, So I think that that distinction just doesn’t hold water.
I would also like to address Ancora.... So that case, again, found that the claims were not abstract because they were directed to a computer specific solution, to a computer specific problem.
Specifically there was this BIOS memory and it was alleged that the structure of this BIOS memory, which is of course is unique to computers, is what allowed the solution there to prevent hacking.
So specifically the BIOS memory had multiple areas , the BIOS-ROM, and the BIOS Esquared PROM, and that later part is where the license verification structure was stored. And the reason that that provided an improvement to computer security was that the patent explained BIOS, Esquared PROM is more difficult to access , uh, for a programmer , and when you do access it improperly there is a higher risk that the computer will be disabled.
So they are relying on this very specific computer structure, a memory within the computer that has different traits from other memories that make tampering with that memory less likely to be successful for a hacker.
Here we’re re not seeing any structure that is computer specific that’s being relied on to provide the alleged benefits. The supposed resistance to hacking comes from the use of two separate communication channels. Communication channels , as I have said, are not computer specific and using two separate communication channels improves security outside of computers as well.
We saw that in SecuredMail, we saw that in [Ausgary/Comrony], and let me just explain that a little more since it wasn’t in the briefs, since it had not come out yet, why there are two channels at issue there.
So I do want to note that’s a rule 36 afferent so we don’t know what the reasoning of this court was, but we do know.....
Judge: And it’s not precedent!
SA: That’s correct, it’s not precedent but it is persuasive. I believe under federal circuit rule #32.1.
So we what we know is the context of the claim there....
Judge: The rule 36 is persuasive??
SA: It, non-precedential dispositions are persuasive......
Judge: I don’t know remember any case that says a rule 36 disposition is persuasive.
SA: I believe-well, I guess your honor, is of course, free to decide however persuasive you think it is.
But I will just explain what the facts were there, and what the claims said.
The claims said, that you have a central authority, and external....... I’m sorry, central entity , an external entity , and a user.
The user is trying to access the external entity. So they first start a transaction with that entity and then in order to authenticate that transaction they separately communicate with the central entity to get a code. So there is communication between the external entity, that’s one communication path and the user, and communications between the central entity and the user. And those two separate communication paths are both needed to perform the authentication.
But, setting that aside since it is a rule 36 judgement.
Let’s take a look at SecuredMail. Again that’s a case we pointed out uses not just out-of-band authentication but completely out-of-band authorization , which is what Strikeforce is relying on here. And in that case the/a person receives a piece of mail through the normal postal service and then wants to validate or authenticate that mail. And so they initiate a computer connection and over the computer connection you authenticate that the mail is authentic. And that is a bi-directional out-of-band communication channel. Because it’s separate from the paper mail.....
Judge: But you are presenting arguments under 102 or 103 not 101.
SA: No, I disagree your honor......I’m explaining that in these previous cases, SecuredMail, Prism, Ausgary,Comrony, this court found that all the claims were directed to abstract ideas. Not because they are old, and I’m not.......
Judge: But those cases depend on their facts. I know you are drawing analogy of the facts, but the 101 case, the abstract ideas, lines have been drawn as to what it is or isn’t an abstraction.
SA: The point I’m trying to make your honor, is that why made the ideas in those claims abstract is that they did not provide technology specific solutions to a technology specific problem.
So the way that ....
Judge: But you are -inaudible-
in this case technology specific details sufficiently have been provided!
SA: And the details opposing council provides that are allegedly technology specific is this use of two separate channels .
And that is why I’m going into SecuredMail to show that the use of two separate channels to perform authentication is not technology specific. SecuredMail negates the idea they are proposing that the use of two separate channels to perform authentication is technology specific.
Judge: So what would have to be needed the code, the computer code to overcome this gap?
SA: It’s - No, your honor, it’s not a question of inadequate disclosure of the use of two separate channels, it’s that the use of two separate channels itself is not technology specific because the use of communication channels is not limited to computers. And that’s why we provide this analogy to show that the use of multiple channels for authentication is performed outside the computer context. So they would need a completely different focus of their claims. They would need something like exploiting the structural traits of BIOS, as in Ancora, as distinguished from other computer memory - that is a computer specific solution because it arises specifically from the structure of a computer component. Here, there is nothing they are pointing to that arises specifically from the structure of a computer component that they are relying on for the solution.
Judge: The whole focus is computer hacking. I-I’m trying to understand where the line appropriately should be drawn - between the adequacy of overcoming 101 and not doing so.
SA: I think characterizing this as hacking your honor, is too general of a characterization to be useful. What they mean by hacking here is simply intercepting data that is in transit. Right? Intercepting ......
Judge: There, there is no dispute that that is the target.
SA: Sorry
Judge: interception, to avoid interception.
SA: Right, to avoid interception of information being communicated. That problem is not computer specific. Because, information is routinely intercepted in communication channels ......
Judge: Well it is considered computer specific but it’s applying the same concept that exists outside of computers in the computer context.
SA: The word, hacking , is a computer specific word. But I’m saying the substance of what they are using that word to refer to here, interception in a communication channel, is not computer specific. And that’s why they refer to Ancora because Ancora used the word hacking. But it was using that word to refer to something different. It was using that word to refer to tampering with data stored on the computer to obtain rights to run software that you do not own.
So......
Judge: So it would solve the 101 problem if they had exclusively said we were looking at computer hacks?
SA: No your Honor. The..... the word computer....the word hacking in this context simply means ... uh, intercepting communications in communication channel. Which is not computer specific.
Judge: So that......is to say that intercepting computer communications, is that the difference that you are giving?
SA: No, no, no, that’s just a verbal formulation , your honor, I’m talking about the substance of what their pointing to.
Judge: I-I’m trying to get at the substance of where , where it, it’s crystal clear that you are talking about computers and hacking-computer communications. I’m trying to understand the gap between 101 and 103.
SA: 103 is about what is old. 101 is about what is computer specific. And the reason I say that the so-called hacking here is not computer specific is because it’s no different than intercepting communications in a non-computer communication channel. Unlike the hacking in Ancora which was specifically about accessing computer memory and the use of different types of computer memories. So hacking, for...let me also make this point. Hacking is the problem, right? In order to have a non-abstract solution, you need both the problem to be computer specific and the solution. So I- I think for the reasons I have already explained that they don’t have a technology specific problem here...
But I, you know, that’s not the only issue. The other issue is, do they have a computer specific solution? And the answer to that is also, no, because their alleged solution is to use two separate communication channels in case the communications in one channel are intercepted.
And that solution is not specific to computers because it works with paper mail as we saw in SecuredMail. It works with telephones as we see in our preschool analogy.
And so, even if they did have a computer specific problem of hacking. Their way of preventing that hacking is not a computer specific solution. And I do want to also address this interception issue because this is .......
Judge: that, that, that’s ... You, You can’t mean that! You say even if you , if we all agree that this is a computer problem don’t bother looking at computer, uh, issues and solutions?
SA : If they had a computer specific solution , your honor, that would be patent eligible!
Judge: But why does that convert the issue into an abstract idea?
SA: That is the dividing line that this court has identified between abstract ideas and patentable computer specific improvements. So, in Ancora, in Enfish, in [PhenGen], the common trait that links all those cases your honor, is do you have a computer specific solution to a computer specific problem. And they don’t here. And that’s why.....
Judge: But their solution is implemented by computer .
SA: Implementing, an information based solution in a computer environment is not enough. And we pointed to, for example, [intellectual—- vs CapitalOne financial for that proposition, but that’s well established in the case law.
Implement, just as implementing escrow or intermediated settlement in a computer environment, under Alice, didn’t prevent the claims from being abstract.
And that’s what we have here. A communication channel solution that is simply implemented in a computer environment.
I don’t deny that it could be useful. Just as implementing intermediated settlement in a computer environment could be useful but it doesn’t make it computer specific and that is a crucial dividing line in the case law.
Before I run out of time, I just want to address this interception issue.
The agreed construction of interception device is something that prevents the host computer from receiving. That is a purely functional and generic construction and such purely functional and generic elements cannot provide an inventive concept as a matter of law.
I would also like to point out that the interception device does not even have to be separate from the host computer according to Strikeforce itself. For example, at appendix 799. And there’s embodiments that Strikeforce has referred to in its reply brief showing that the interception device and the host computer may be the same device. So to say that the interception device shields the host computer is false because Strikeforce has said that the interception device may be part of the host computer.
And even if that wasn’t the case because its purely functional and generic it cannot provide an inventive concept as a matter of law.
Judge: Ok, Thank you.
Thank you for your support!
B )
*Please note that this may have minor errors, however every attempt was made to be as close to exact as spoken by the parties involved in oral arguments.
SA: If I may please the court. The decision below should be affirmed because the district court correctly held that the focus of these claims here is out-of-band authentication and that idea is not specific to computer technology.
And we can see that from this court’s cases such as SecureMail, Prism, both of which were addressed in the briefs. As well as a case that came out after our briefing was complete [Ausgary, Comrony, November, 2016 -2415] which also dealt with a form of out-of-band authentication.
So, there has been 3 cases where specific ways of performing authentication in a computer network were held to be abstract, and those are the cases that we are relying on. The cases that opposing council, Strikeforce’s council is pointing to , do not relate even to authentication . Their , their just simply not as analogous as the cases we are relying on. And the reason why SecuredMail, Prism, and [Asgary/ Comrony] held the claims there ineligible is because authentication even when using different communication channels is not a computer specific problem. And the use of multiple channels is not a computer specific solution.
Communication channels could be paper mail, they could be telephones, they could be all manners of different communication channels and that’s what our preschool analogy illustrates.
And l’ll note that in Prism and SecuredMail this court relied on analogies to determine that the ideas at issue were not computer specific. And that’s what we have done here.
I do want to address Strikeforce’s criticism of our analogy. They mention this idea of authenticating who Aunt Sally is. I don’t see anything in the claims that require a verification of the identity of a person apart from verifying that they have the correct information. So there is nothing in the claims that reflects this idea of authenticating who Aunt Sally is as opposed of just that , uh , they have the right login identification. And, So I think that that distinction just doesn’t hold water.
I would also like to address Ancora.... So that case, again, found that the claims were not abstract because they were directed to a computer specific solution, to a computer specific problem.
Specifically there was this BIOS memory and it was alleged that the structure of this BIOS memory, which is of course is unique to computers, is what allowed the solution there to prevent hacking.
So specifically the BIOS memory had multiple areas , the BIOS-ROM, and the BIOS Esquared PROM, and that later part is where the license verification structure was stored. And the reason that that provided an improvement to computer security was that the patent explained BIOS, Esquared PROM is more difficult to access , uh, for a programmer , and when you do access it improperly there is a higher risk that the computer will be disabled.
So they are relying on this very specific computer structure, a memory within the computer that has different traits from other memories that make tampering with that memory less likely to be successful for a hacker.
Here we’re re not seeing any structure that is computer specific that’s being relied on to provide the alleged benefits. The supposed resistance to hacking comes from the use of two separate communication channels. Communication channels , as I have said, are not computer specific and using two separate communication channels improves security outside of computers as well.
We saw that in SecuredMail, we saw that in [Ausgary/Comrony], and let me just explain that a little more since it wasn’t in the briefs, since it had not come out yet, why there are two channels at issue there.
So I do want to note that’s a rule 36 afferent so we don’t know what the reasoning of this court was, but we do know.....
Judge: And it’s not precedent!
SA: That’s correct, it’s not precedent but it is persuasive. I believe under federal circuit rule #32.1.
So we what we know is the context of the claim there....
Judge: The rule 36 is persuasive??
SA: It, non-precedential dispositions are persuasive......
Judge: I don’t know remember any case that says a rule 36 disposition is persuasive.
SA: I believe-well, I guess your honor, is of course, free to decide however persuasive you think it is.
But I will just explain what the facts were there, and what the claims said.
The claims said, that you have a central authority, and external....... I’m sorry, central entity , an external entity , and a user.
The user is trying to access the external entity. So they first start a transaction with that entity and then in order to authenticate that transaction they separately communicate with the central entity to get a code. So there is communication between the external entity, that’s one communication path and the user, and communications between the central entity and the user. And those two separate communication paths are both needed to perform the authentication.
But, setting that aside since it is a rule 36 judgement.
Let’s take a look at SecuredMail. Again that’s a case we pointed out uses not just out-of-band authentication but completely out-of-band authorization , which is what Strikeforce is relying on here. And in that case the/a person receives a piece of mail through the normal postal service and then wants to validate or authenticate that mail. And so they initiate a computer connection and over the computer connection you authenticate that the mail is authentic. And that is a bi-directional out-of-band communication channel. Because it’s separate from the paper mail.....
Judge: But you are presenting arguments under 102 or 103 not 101.
SA: No, I disagree your honor......I’m explaining that in these previous cases, SecuredMail, Prism, Ausgary,Comrony, this court found that all the claims were directed to abstract ideas. Not because they are old, and I’m not.......
Judge: But those cases depend on their facts. I know you are drawing analogy of the facts, but the 101 case, the abstract ideas, lines have been drawn as to what it is or isn’t an abstraction.
SA: The point I’m trying to make your honor, is that why made the ideas in those claims abstract is that they did not provide technology specific solutions to a technology specific problem.
So the way that ....
Judge: But you are -inaudible-
in this case technology specific details sufficiently have been provided!
SA: And the details opposing council provides that are allegedly technology specific is this use of two separate channels .
And that is why I’m going into SecuredMail to show that the use of two separate channels to perform authentication is not technology specific. SecuredMail negates the idea they are proposing that the use of two separate channels to perform authentication is technology specific.
Judge: So what would have to be needed the code, the computer code to overcome this gap?
SA: It’s - No, your honor, it’s not a question of inadequate disclosure of the use of two separate channels, it’s that the use of two separate channels itself is not technology specific because the use of communication channels is not limited to computers. And that’s why we provide this analogy to show that the use of multiple channels for authentication is performed outside the computer context. So they would need a completely different focus of their claims. They would need something like exploiting the structural traits of BIOS, as in Ancora, as distinguished from other computer memory - that is a computer specific solution because it arises specifically from the structure of a computer component. Here, there is nothing they are pointing to that arises specifically from the structure of a computer component that they are relying on for the solution.
Judge: The whole focus is computer hacking. I-I’m trying to understand where the line appropriately should be drawn - between the adequacy of overcoming 101 and not doing so.
SA: I think characterizing this as hacking your honor, is too general of a characterization to be useful. What they mean by hacking here is simply intercepting data that is in transit. Right? Intercepting ......
Judge: There, there is no dispute that that is the target.
SA: Sorry
Judge: interception, to avoid interception.
SA: Right, to avoid interception of information being communicated. That problem is not computer specific. Because, information is routinely intercepted in communication channels ......
Judge: Well it is considered computer specific but it’s applying the same concept that exists outside of computers in the computer context.
SA: The word, hacking , is a computer specific word. But I’m saying the substance of what they are using that word to refer to here, interception in a communication channel, is not computer specific. And that’s why they refer to Ancora because Ancora used the word hacking. But it was using that word to refer to something different. It was using that word to refer to tampering with data stored on the computer to obtain rights to run software that you do not own.
So......
Judge: So it would solve the 101 problem if they had exclusively said we were looking at computer hacks?
SA: No your Honor. The..... the word computer....the word hacking in this context simply means ... uh, intercepting communications in communication channel. Which is not computer specific.
Judge: So that......is to say that intercepting computer communications, is that the difference that you are giving?
SA: No, no, no, that’s just a verbal formulation , your honor, I’m talking about the substance of what their pointing to.
Judge: I-I’m trying to get at the substance of where , where it, it’s crystal clear that you are talking about computers and hacking-computer communications. I’m trying to understand the gap between 101 and 103.
SA: 103 is about what is old. 101 is about what is computer specific. And the reason I say that the so-called hacking here is not computer specific is because it’s no different than intercepting communications in a non-computer communication channel. Unlike the hacking in Ancora which was specifically about accessing computer memory and the use of different types of computer memories. So hacking, for...let me also make this point. Hacking is the problem, right? In order to have a non-abstract solution, you need both the problem to be computer specific and the solution. So I- I think for the reasons I have already explained that they don’t have a technology specific problem here...
But I, you know, that’s not the only issue. The other issue is, do they have a computer specific solution? And the answer to that is also, no, because their alleged solution is to use two separate communication channels in case the communications in one channel are intercepted.
And that solution is not specific to computers because it works with paper mail as we saw in SecuredMail. It works with telephones as we see in our preschool analogy.
And so, even if they did have a computer specific problem of hacking. Their way of preventing that hacking is not a computer specific solution. And I do want to also address this interception issue because this is .......
Judge: that, that, that’s ... You, You can’t mean that! You say even if you , if we all agree that this is a computer problem don’t bother looking at computer, uh, issues and solutions?
SA : If they had a computer specific solution , your honor, that would be patent eligible!
Judge: But why does that convert the issue into an abstract idea?
SA: That is the dividing line that this court has identified between abstract ideas and patentable computer specific improvements. So, in Ancora, in Enfish, in [PhenGen], the common trait that links all those cases your honor, is do you have a computer specific solution to a computer specific problem. And they don’t here. And that’s why.....
Judge: But their solution is implemented by computer .
SA: Implementing, an information based solution in a computer environment is not enough. And we pointed to, for example, [intellectual—- vs CapitalOne financial for that proposition, but that’s well established in the case law.
Implement, just as implementing escrow or intermediated settlement in a computer environment, under Alice, didn’t prevent the claims from being abstract.
And that’s what we have here. A communication channel solution that is simply implemented in a computer environment.
I don’t deny that it could be useful. Just as implementing intermediated settlement in a computer environment could be useful but it doesn’t make it computer specific and that is a crucial dividing line in the case law.
Before I run out of time, I just want to address this interception issue.
The agreed construction of interception device is something that prevents the host computer from receiving. That is a purely functional and generic construction and such purely functional and generic elements cannot provide an inventive concept as a matter of law.
I would also like to point out that the interception device does not even have to be separate from the host computer according to Strikeforce itself. For example, at appendix 799. And there’s embodiments that Strikeforce has referred to in its reply brief showing that the interception device and the host computer may be the same device. So to say that the interception device shields the host computer is false because Strikeforce has said that the interception device may be part of the host computer.
And even if that wasn’t the case because its purely functional and generic it cannot provide an inventive concept as a matter of law.
Judge: Ok, Thank you.
Thank you for your support!
B )
(5)
(0)Scroll down for more posts ▼
