Trustees of Columbia Univ. v. Symantec Corp.

Addressing various claim constructions that led to a stipulated judgment of non-infringement and partial invalidity, the US Court of Appeals for the Federal Circuit affirmed two claim constructions and a related indefiniteness holding, but reversed a third construction.Trustees of Columbia Univ. v. Symantec Corp., Case No. 15-1146 (Fed. Cir., Feb. 2, 2016) (Dyk, J).

Columbia sued Symantec for infringement of six patents related to detecting malicious computer software. Two of the patents were directed to detecting malicious email attachments, another two were for detecting computer intrusions, and the remaining patents were directed to detecting anomalous program executions. During claim construction, the district court construed three contested claim terms narrowly in Symantec’s favor and found another term to be indefinite. Columbia appealed.

The Federal Circuit first rejected Columbia’s general position that claim terms must carry their “accustomed meaning in the relevant community” unless expressly redefined or disavowed. The Court instead explained that claim terms are to be interpreted in the context of the specification and that any resort to dictionaries only comes later, if necessary.

The Federal Circuit then considered the term “byte sequence feature” from the malicious email attachment patents. Symantec argued that such a feature could only be obtained from code instructions, whereas Columbia said it could also arise from non-instruction information related to the code. The Court affirmed the narrow construction based on a discussion in the specification that such a feature represents code instructions “instead of” the related information. The Court rejected Columbia’s reliance on other parts of the specification to the effect that the feature “may comprise” code arising from the related information, and held that such inconsistent and confusing specification language cannot support a broad construction. The Court was also unpersuaded by a dependent claim that listed the related information as a source for a “byte sequence feature,” and instead simply invalidated the dependent claim as indefinite for contradicting the construction.

The Federal Circuit next turned to the term “probabilistic mode of normal computer system usage” in the computer intrusion detection patents. These patents used probability models from “normal” computer usage to detect deviations from the norm that could indicate attacks. The dispute concerned whether the “normal” usage data was limited to “attack-free” data. The Court found it dispositive that the specification never described using attack data and that during prosecution Columbia had distinguished prior art that had used attack data. The Court dismissed as mere fleeting references Columbia’s reliance on other specification discussion about storing attack data.

The Federal Circuit finally addressed the term “anomalous” from the patents for detecting anomalous program executions, where the district court had likewise imposed an “attack-free” limitation. Here, however, the Federal Circuit disagreed with the district court and relied on a dependent claim, which required the use of attack data, as support for a broader construction. The Court also relied on a discussion in the specification describing the use of attack data, and contrasted that discussion with the lack of any such discussion in the computer intrusion detection patents. The Federal Circuit thus reversed the construction and remanded the case back to the district court.