Cybersecurity Patent Strategies vs. the Growing Barriers to Software Patents

More and more companies who offer blockchain and other next generation cybersecurity technologies are seeking patents to help protect their competitive position. The U.S. Patent and Trademark Office’s (USPTO’s) Technology Center 2400, which covers networking, multiplexing, cable and security technologies, includes over 200 Patent Examiners who focus on security technologies. TC 2400 issued over 33,000 patents in 2017. During this period, the USPTO’s overall allowance rate was 59.4%.

Despite this apparent boom, patent applications covering cybersecurity technologies have faced increasing scrutiny since the June 2014 U.S. Supreme Court decision in Alice Corporation Pty Ltd. v. CLS Bank Int’l. In Alice, the Court found that a software implementation of an escrow arrangement was not eligible for patenting in the U.S. because it merely involved implementing an “abstract idea” on a computer. The Court did not define the term “abstract idea” other than to describe it as a building block of human ingenuity, or a fundamental concept, including concepts that involve a “fundamental economic practice.”

Since then, the USPTO has issued several guidance documents, and lower courts have issued several opinions, describing when software is and (more often) is not eligible for patenting under Section 101 of the Patent Act. The USPTO typically denies, and courts often strike down, patent applications and patents covering methods of manipulating data, completing financial transactions, and algorithms that do not require any particular hardware other than a general-purpose computer.

Patent applications that focus on financial applications of blockchain technologies often face patent-eligibility hurdles. A search of the USPTO’s Patent Application Information Retrieval (PIR) system indicated that as of January 2018, over 90% of the published applications and issued patents having the term “blockchain” and any combination of “cryptocurrency,” “coin,” or “currency” in the claims were assigned to the USPTO’s Technology Center 3600. (TC 3600 includes the USPTO’s business methods examining unit.) Over 80% of these patents and patents applications received a Section 101 rejection on first action. In addition, the allowance rate in TC 3600 remains far below that of the USPTO’s overall statistics.

Claim Drafting Strategies

Despite the challenges that software patent applications currently face, the USPTO continues to grant, and courts continue to uphold, patents for innovations in cybersecurity technologies. To help improve a patent application’s chances of success, both before a court and if challenged, patent applicants should consider some or all of the following:

(1) Technical problem / technical solution: The patent application’s narrative should not focus on the business problem that the invention solves (such as allowing a financial transaction to be completed). Instead, the narrative should focus on the technical problem, as well as the technical solution that the problem solves. Examples of technical solutions include inventions that improve network security, that reduce bandwidth or data storage needs, that improve processing speed, or that help defend against cyberattacks, bots and other malicious systems.

By way of example, U.S. patent 9,836,908 contains the following claim:

1. A voting system comprising:
one or more voting machines connected to each other by network connections to form a distributed network;
wherein each of said one or more voting machines comprises:
a computer processor;
a non-volatile computer-readable memory;
a scanner configured to read data from barcodes and/or voting ballots; and
a network interface;
wherein the non-volatile computer-readable memory is configured with computer instructions configured to:
receive a private key and public key pair from a voter,
receive voting data comprising one or more votes for one or more candidates in an election,
use said private key to digitally sign said voting data to produce signed voting data,
broadcast said signed voting data with said public key to a distributed network,
store said signed voting data with said public key on a blockchain database managed by the one or more voting machines forming said distributed network,
store, in a voter block which is a fork block of a slidechain, voter data identifying the voter and elections in which said voter is allowed to cast votes,
store voting data from said voter in a voting block which is a slidechain root block storing a voter hash of said voter block,
wherein said voter block also stores a voting hash computed from data in said voting block, and
accept the longest chain on said slidechain as a valid chain and accept as valid a chain where any voter block stores a voting hash of a voting block which, in turn, stores a voter hash of said any voter block.

In a first Office Action, the USPTO Examiner (in Technology Center 3600) rejected this claim under Section 101 of the Patent Act as being directed to the abstract idea of “using categories to organize, store and transmit information” and/or “data recognition and storage.”

In response, the applicant argued that the claims covered a solution to the technical problem of preventing the circumvention of anti-privacy measures. Therefore, the applicant also argued that the claims were not directed to a long-prevalent and fundamental practice, nor were they related to commerce or finance. The applicant also amended the claim to include the text printed in bold above, and the applicant argued that even if the claim included an abstract idea the amendments represented significantly more. The Examiner withdrew the Section 101 rejection and allowed the case.

(2) Hardware: Patent applications that claim unique hardware configurations, rather than a general purpose computer, may have a better chance of success.

By way of example, U.S. patent 9,862,222 contains the following claim:

1. A seal application device comprising:
a scanner;
an applicator;
at least one processor; and
a memory storing instructions which, when executed by the at least one processor, cause the at least one processor to perform operations comprising:
receiving at least one image of a document, the at least one image generated by the scanner;
determining, based on the at least one image, data associated with the document;
instructing the applicator to generate a seal that encodes the data associated with the document, the seal being applicable to a tangible version of the document;
based on a scan of the seal applied to the tangible version of the document, the scan performed by the scanner, determining the data that is encoded in the seal;
employing the data to verify at least one characteristic of the tangible version of the document;
employing the data to determine an address on a blockchain network; and
accessing funds associated with the address.

The USPTO examined this patent application in TC2800 (Semiconductors, Electrical and Optical Systems and Components) and allowed it on first action.

(3) Improvements to the underlying technology: Patent applications that expressly claim features that could only happen with blockchain technologies or distributed networks, and which could not occur in the abstract or be implemented by humans alone, may have a better chance of success. While this may end up with a narrower claim, the claim can be more likely to withstand challenges.

Examples include the following claim from U.S. Patent 9,825,931:

1. A system for tracking and validating instances of a user, the system comprising:
a memory device with computer-readable program code stored thereon;
a communication device;
a processing device operatively coupled to the memory device and the communication device, wherein the processing device is configured to execute the computer-readable program code to:
receive an initial identification for the user at one or more nodes of the block chain distributed network;
update a distributed ledger with the initial identification via transmission of data from the one or more nodes to the distributed ledger associated with the block chain distributed network;
receive one or more subsequent identifications for the user at the one or more nodes of the block chain distributed network, wherein the received one or more identifications identify morphs in the user identification over a time period;
confirm, via communication with third party systems, the received one or more subsequent identifications are associated with the user;
link the one or more subsequent identifications for the user to the initial identification to generate a timeline illustrating morphing of user identification over time, wherein the timeline illustrates changes in user identification including changes in signatures, physical attributes of the user, and geographic relocations of the user;
correlate user facts received from the one or more nodes of the block chain distributed network and third party systems to the timeline, wherein user facts include a signature the user has previously used, locations where and when the user lived, and physical attributes of the user at various previous times;
generate one or more authentication questions based on the user facts and timeline; and
present the generated one or more authentication questions to the user via a user device for user access into third party secure locations.

The USPTO examined this claim in TC2400 and allowed it on first action.

As another example, U.S. patent 9,824,031 contains the following claim:

1. A method implemented by at least one hardware processor of coalescing transactions between trusted and un-trusted parties, the method comprising:
receiving first transaction data from a computing device associated with a first trusted party, the first transaction data comprising a first pending transaction between the first trusted party and a second trusted party and a second pending transaction between the first trusted party and an un-trusted party;
receiving second transaction data from a computing device associated with the second trusted party, the second transaction data comprising a third pending transaction between the second trusted party and the un-trusted party;
analyzing the first and second transaction data to determine whether more than one trusted party has a pending transaction with the same un-trusted party, wherein the analyzing comprises generating a transaction graph, the transaction graph comprising an identification of the first trusted party, second trusted party, un-trusted party, first pending transaction, second pending transaction, and third pending transaction;
determining based on the analysis that the first trusted party and the second trusted party each have a pending transaction with the un-trusted party, wherein the determination is based on the transaction graph;
modifying the first pending transaction, the second pending transaction, and the third pending transaction based on the determination, the modification comprising removing the third pending transaction.

During prosecution the Examiner (in USPTO TC2400) originally rejected the claim as ineligible under Section 101. However, the Examiner also indicated that the claim would be allowable if the applicant amended the claim to include the text that is presented in bold above. The applicant made the amendment, and the USPTO issued the patent.

For more examples of patent claims in which the U.S. Court of Appeals for the Federal Circuit, U.S. District courts and the Patent Trial and Appeals Board have upheld patent-eligibility of software inventions, see this post on IP Spotlight.

Procedural strategies

A common feature of many of the patents granted on blockchain technologies is that the applicant sought expedited review under the USPTO’s Track One prioritized examination program. Under this program, for an additional fee of $4000 (less for small entities), the USPTO will issue a final determination (allowance or final rejection) within twelve months. This typically means that the USPTO will issue a first action in less than four months. Although USPTO statistics indicate that the allowance rate is just under 50% for cases in Track One, anecdotal evidence indicates that USPTO Examiners are often more willing to working with the applicant early in the process to find allowable subject matter.

In addition, cases that are allowed under Track One receive an allowance within an average of six months after filing. An early allowance in the U.S. can help applicants implement a cost-effective global filing strategy in counties that offer a “Patent Prosecution Highway” (PPH) program with the U.S. A common feature of PPH programs is that if a patent application is allowed in one participating country, other countries’ patent offices will more quickly review the application — and often will allow it — based on the allowance in one participating country. Using PPH treatment, cases allowed in the U.S. often can quickly receive allowance in other PPH-participating jurisdictions such as Australia, Israel, South Korea, China, and the United Kingdom.

Another strategy for getting early allowance of a patent application directed to cybersecurity technologies is to request an interview with the USPTO Examiner prior to first action. The USPTO’s First Action Interview Pilot gives applicants a chance to discuss the patent application with the Examiner before the Examiner issues a first formal Office Action. As of January 2018 USPTO statistics indicate that over 29% of cases in the First Action Interview Pilot had a first action that allowed at least some claims, while only 13.4% of standard track cases were allowed on first action.

For other posts in this four-part series, see:
Intellectual Property Strategies For Next Generation Cybersecurity Technologies
Trends in Patenting Blockchain Technologies
Defensive Patent Strategies For Blockchain and Distributed Ledger Technologies

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.