Trustees of Columbia Univ. v. Symantec Corporation
811 F.3d 1359
| Fed. Cir. | 2016Background
- Columbia sued Symantec alleging infringement of six patents (’544, ’907, ’084, ’306, ’115, ’322) related to using data-analytics models to detect malware and anomalous program behavior. Parties stipulated to final judgments of non-infringement based on the district court’s claim constructions; Columbia appealed those constructions.
- Patents group into three families: ’544/’907 (malicious email attachments; “byte sequence feature”), ’084/’306 (detecting intrusions via registry access; “probabilistic model of normal computer system usage”), and ’115/’322 (detecting anomalous program executions; term “anomalous”).
- District court construed (1) “byte sequence feature” as limited to representations of machine-code instructions; (2) “probabilistic model of normal computer system usage” as built only from attack-free (typical) data; and (3) “anomalous” as deviation from a model built from attack-free data. The court later clarified that the second construction requires building the model with only attack-free data.
- Based on those constructions the parties stipulated to non-infringement for all asserted claims and the district court found claims 1 and 16 of the ’544 patent indefinite. Columbia appealed the claim constructions and indefiniteness ruling.
- The Federal Circuit reviewed claim construction de novo (with subsidiary factual findings for clear error) and analyzed claim language, specification, and prosecution history to determine whether the district court correctly imported limitations from the specification.
Issues
| Issue | Plaintiff's Argument | Defendant's Argument | Held |
|---|---|---|---|
| Meaning of “byte sequence feature” (’544, ’907) | Term should mean any attribute of a sequence of bytes from any part of an executable (plain meaning) | Specification shows term refers to representations of machine-code instructions only | Court affirmed district court: term limited to features representing machine-code instructions; judgment of non-infringement affirmed |
| Indefiniteness of claims 1 and 16 (’544) | Claims not indefinite | Claims conflate byte-sequence (machine code) with resource information (non‑code), creating inconsistency | Affirmed indefiniteness for claims 1 & 16 |
| “Probabilistic model of normal computer system usage” (’084, ’306) | Term has plain meaning; should not be limited to models built only from attack-free data | Specification and prosecution history show model is built from records of normal (attack-free) processes | Affirmed district court: model must be built from attack-free (normal) data; non-infringement affirmed |
| Meaning of “anomalous” (’115, ’322) | “Anomalous” need not require model built only from attack-free data; specification and prosecution history allow models built with attack and non-attack data | District court imported attack-free limitation by analogy to ’084/’306 construction | Reversed: construction limiting to attack-free training data was incorrect; judgment of non-infringement vacated and remanded |
Key Cases Cited
- Teva Pharm. USA, Inc. v. Sandoz, Inc., 135 S. Ct. 831 (clarified standard: claim construction is legal with subsidiary factual findings reviewed for clear error)
- Phillips v. AWH Corp., 415 F.3d 1303 (en banc) (specification is primary guide; may redefine terms by implication)
- Renishaw PLC v. Marposs Societa' per Azioni, 158 F.3d 1243 (construction that aligns with claim language and specification is correct)
- In re Abbott Diabetes Care Inc., 696 F.3d 1142 (specification can exclude subject matter implicitly even without explicit disclaimer)
- Astrazeneca AB v. Mut. Pharm. Co., 384 F.3d 1333 (special meaning in specification governs over ordinary meaning)