Takeaway: Computer-related limitations that require nothing more than the routine and conventional use of a computer are not meaningful limitations that can render otherwise abstract claims patent eligible.

In its Decision, the Board instituted a covered business method patent (CBM) review proceeding of claims 1-60 of U.S. Patent No. 8,402,281 B2. The ’281 patent relates to protecting data against unauthorized access.

The ’281 patent is a continuation of U.S. Patent No. 6,321,201 B1, which is the subject of pending proceedings CBM2015-00002, CBM2015-00014, and CBM2015-00030.

The Board began by analyzing whether the challenged claims are unpatentable under § 101. Claim 1 recited “determining whether each of the one or more data processing rules associated with [a] requested data portion are satisfied.” The Specification “discloses that protection attributes (i.e., the claimed data processing rules) are used to protect against unauthorized access of a data portion in a database . . . and that banking [a financial activity] is a field where protection against unauthorized access to databases that are used for administering and storing sensitive information is desired.” Thus, the Board concluded that at least one claim “recites a method or corresponding apparatus for performing data processing or other operations used in the practice, administration, or management of a financial product or service.” The Board also concluded that claim 1 does not solve a technical problem using a technical solution and therefore is not directed to a technological invention. Accordingly, the ’281 patent is eligible for CBM patent review.

The Board then turned to claim construction, interpreting the claims using the broadest reasonable construction in light of the specification of the ’281 patent. Here, as in CBM2015-00002 proceeding, the Board construed “data processing rules” as “rules for processing data.” The Board then construed “data portion” as “a part or share of the database” and construed “data category” as “any class or division of data sharing one or more characteristics or attributes.”

Next, the Board considered whether the challenged claims are directed to patent-ineligible subject matter under 35 U.S.C. § 101, applying the framework set forth in Alice Corp. Pty, Ltd. v. CLS Bank Int’l, 134 S. Ct. 2347 (2014) and Mayo Collaborative Servs. v. Prometheus Labs., Inc., 132 S. Ct. 1289, 1305 (2012). The Board was persuaded that “the claims of the ’281 patent are directed to the abstract idea of determining whether access to data in a database should be granted based on whether one or more rules are satisfied.” Also, it concluded that the “computer-related limitations” in the independent claims “are not meaningful limitations that can salvage these claims to make them patent-eligible, and that these computer-related limitations require nothing more than the routine and conventional use of a computer having a database containing objects, a database containing attributes associated with those objects, and a processor.” It also concluded that the dependent claims, which “further define the data processing rules,” similarly “do not add significantly more to the abstract idea.” Accordingly, the Board was persuaded that all of the challenged claims more likely than not are patent ineligible under 35 U.S.C. § 101.

The Board then analyzed the challenged claims in view of the Denning reference, which is a book titled Cryptography and Data Security. The Board concluded that Claims 1-4, 6, 9, 17-20, 22, and 25 are more likely than not anticipated by Denning. However, with respect to claims 5 and 21, it concluded that Denning “does not describe using the access matrix model to restrict access to a data portion that is a column of data in a database” and therefore was not persuaded that claims 5 and 21 are more likely than not anticipated. With respect to claims 10 and 26, the Board was persuaded by Patent Owner that “Denning does not describe a time-dependent decision rule that specifies a method for removal for a portion of data” and therefore does not disclose all of the limitations of the claims. For claims 15, 31, 33-38, 43-52, 55, and 57-60, the Board was not persuaded that Denning discloses that “each of the plurality of data portions within the database is associated with a different data type.”

Next the Board considered whether certain of the challenged claims would have been obvious over Denning and FIPS PUB 140-1. The Board was not persuaded by Petitioner’s argument that FIPS PUB 140-1 discloses “a specified level of encryption,” as required by claims 7, 8, 23, and 24, instead agreeing with Patent Owner that “a ‘level’ of encryption refers to the strength of encryption that is to be used on data in a database,” and that FIPS PUB 140-1’s security levels are not levels of encryption.” With respect to claims 12-14, 16, 28-30, and 32, the Board was persuaded by Petitioner that the claims more likely than not are unpatentable because “modifying Denning’s access matrix model to include encrypting the objects with cryptographic keys so that the data can only be accessed by users or programs having the keys would have been obvious to one of ordinary skill in the art and is nothing more than the predictable use of prior art elements according to their established functions.”

The Board then considered whether claims 11, 27, 42, and 56 are obvious over Denning and Shear. It was persuaded that claims 11 and 27 more likely than not are unpatentable on the grounds that “modifying Denning’s access matrix model to include a processing rule that requires data logging, in light of the teachings of Shear, is nothing more than the predictable use of prior art elements according to their established functions.” The Board, however, was not persuaded by Petitioner’s arguments with respect to claims 42 and 56 because Shear did not disclose the use of “data categories,” which the Board earlier determined were not disclosed by Denning.

Informatica Corporation v. Protegrity Corporation, CBM2015-00010

Paper 13: Decision on Institution of Covered Business Method Patent Review

Dated: May 11, 2015 Before: Kevin F. Turner, Meredith C. Petravick, and Gregg I. Anderson

Written by: Petravick

Related Proceedings: Protegrity Corporation v. Informatica Corporation, No. 3:14-cv-02588 (N.D. Cal.); CBM2014-00024; CBM2014-00121; CBM2015-00006; CBM2014-00182