Appeal
from the United States District Court for the District of
Delaware in No. 1:13-cv-01534-SLR-SRF, Judge Sue L. Robinson.
Frank
Scherkenbach, Fish & Richardson, PC, Boston, MA, argued
for plaintiff-appellee. Also represented by Proshanto
Mukherji; David Michael Hoffman, Austin, TX; Howard G.
Pollack, Redwood City, CA; Francis J. Albert, John Winston
Thornburgh, San Diego, CA.
William F. Lee, Wilmer Cutler Pickering Hale and Dorr LLP,
Boston, MA, argued for defendant-appellant. Also represented
by Andrew J. Danford, Lauren B. Fletcher, Louis W. Tompros.
Before
Lourie, O'Malley, and Stoll, Circuit Judges.
OPINION
STOLL,
CIRCUIT JUDGE.
This is
an appeal from a final judgment in a patent case. Cisco
Systems, Inc. ("Cisco") appeals the district
court's (1) denial of Cisco's motion for summary
judgment of patent ineligibility under § 101, (2)
construction of the claim term "network traffic
data," (3) grant of summary judgment of no anticipation,
and (4) denial of judgment as a matter of law of no willful
infringement. Cisco also appeals the district court's
grant of enhanced damages, attorneys' fees, and ongoing
royalties.
We
affirm the district court's denial of summary judgment of
ineligibility, adopt its construction of "network
traffic data," and affirm its summary judgment of no
anticipation. We vacate and remand the district court's
denial of judgment as a matter of law of no willful
infringement, and therefore vacate the district court's
enhancement of damages. We also vacate the district
court's award of attorneys' fees and remand for
recalculation. Finally, we affirm the district court's
award of ongoing royalties on post-verdict sales of products
that were actually found to infringe or are not colorably
different. Accordingly, we af-firm-in-part, vacate-in-part,
and remand for further proceedings consistent with this
opinion.
Background
I
While
the interconnectivity of computer networks facilitates access
for authorized users, it also increases a network's
susceptibility to attacks from hackers, malware, and other
security threats. Some of these security threats can only be
detected with information from multiple sources. For
instance, a hacker may try logging in to several computers or
monitors in a network. The number of login attempts for each
computer may be below the threshold to trigger an alert,
making it difficult to detect such an attack by looking at
only a single monitor location in the network. In an attempt
to solve this problem, SRI developed the inventions claimed
in U.S. Patent Nos. 6, 484, 203 and 6, 711, 615. The '615
patent (titled "Network Surveillance") is a
continuation of the '203 patent (titled
"Hierarchical Event Monitoring and Analysis").
II
SRI had
performed considerable research and development on network
intrusion detection prior to filing the pa-tents-in-suit. In
fact, SRI's Event Monitoring Enabling Responses to
Anomalous Live Disturbances ("EMERALD") project had
attracted considerable attention in this field. The
Department of Defense's Defense Advanced Research
Projects Agency, which helped fund EMERALD, called it a
"gem in the world of cyber defense" and "a
quantum leap improvement over" previous technology. J.A.
1272-73 at 272:16-17, 273:7-9. In October 1997, SRI presented
a paper entitled "EMERALD: Event Monitoring Enabling
Responses to Anomalous Live Disturbances" ("EMERALD
1997") at the 20th National Information Systems Security
Conference.
EMERALD
1997 is a conceptual overview of the EMERALD system. It
describes in detail SRI's early research in intrusion
detection technology and outlines the development of next
generation technology for detecting network anomalies.
SRI Int'l Inc. v. Internet Sec. Sys., Inc., 647
F.Supp.2d 323, 334 (D. Del. 2009). The parties do not dispute
that EMERALD 1997 constitutes prior art under 35 U.S.C.
§ 102(b). EMERALD 1997 is listed as a reference on the
face of the '615 patent.
III
The
patents share a nearly identical specification and a priority
date of November 9, 1998. At the summary judgment stage, SRI
asserted claims 1-4, 14-16, and 18 of the '615 patent and
claims 1-4, 12-15, and 17 of the '203 patent. By the time
of trial, SRI had narrowed the asserted claims to claims 1,
2, 12, and 13 of the '203 patent and claims 1, 2, 13, and
14 of the '615 patent. The jury considered only this
narrower set of claims.
The
parties identify different representative claims. Cisco
proposes claim 1 of the '203 patent, while SRI proposes
claim 1 of the '615 patent. The claims are substantially
similar, as the minor differences between them are not
material to any issue on appeal. As such, we adopt SRI's
proposal and use '615 patent claim 1 as the
representative claim.[1] It reads:
1. A
computer-automated method of hierarchical event monitoring
and analysis within an enterprise network comprising:
deploying a plurality of network monitors in the enterprise
network;
detecting, by the network monitors, suspicious network
activity based on analysis of network traffic data selected
from one or more of the following categories: (network packet
data transfer commands, network packet data transfer errors,
network packet data volume, network connection requests,
network connection denials, error codes included in a network
packet, network connection acknowledgements, and network
packets indicative of well-known network-service protocols};
generating, by the monitors, reports of said suspicious
activity; and
automatically receiving and integrating the reports of
suspicious activity, by one or more hierarchical monitors.
'615 patent col. 15 ll. 2-21.
After
SRI sued Cisco for infringement of the '615 patent and
the '203 patent, Cisco unsuccessfully moved for summary
judgment on several issues, including that the claims are
ineligible and that the EMERALD 1997 reference anticipates
the claims.[2] SRI Int'l, Inc. v. Cisco Sys.,
Inc., 179 F.Supp.3d 339 (D. Del. Apr. 11, 2016)
("Summary Judgment Op."). The district
court denied Cisco's motions and instead sua sponte
granted summary judgment of no anticipation in SRI's
favor.[3] Id. at 369.
The
court then held a jury trial on infringement, validity, and
willful infringement of claims 1, 2, 13, and 14 of the
'615 patent and claims 1, 2, 12, and 13 of the '203
patent, as well as damages. The jury found that Cisco
intrusion protection system ("IPS") products, Cisco
remote management services, Cisco IPS services,
Sourcefire[4] IPS products, and Sourcefire professional
services directly and indirectly infringed the asserted
claims. The jury awarded SRI a 3.5% reasonable royalty for a
total of $23, 660, 000 in compensatory damages. The jury also
found by clear and convincing evidence that Cisco's
infringement was willful.
After
post-trial briefing, the district court denied Cisco's
renewed motion for JMOL of no willfulness. SRI Int'l,
Inc. v. Cisco Sys., Inc., 254 F.Supp.3d 680, 717 (D.
Del. 2017) ("Post-Trial Motions Op.").
Based on the willfulness verdict, the district court
determined that "some enhancement is appropriate given
Cisco's litigation conduct," the "fact that
Cisco lost on all issues during summary judgment," and
"its apparent disdain for SRI and its business
model." Id. at 723. The court then doubled the
damages award. It also granted SRI's motion for
attorneys' fees, compulsory license, and prejudgment
interest.
Cisco
appeals the district court's claim construction and
denial of summary judgment of ineligibility, [5] as well as its
grant of summary judgment of no anticipation, enhanced
damages, attorneys' fees, and ongoing royalties. We have
jurisdiction under 28 U.S.C. § 1295(a)(1).
Discussion
I
We
review de novo whether a claim is drawn to patent-eligible
subject matter. Berkheimer v. HP Inc., 881 F.3d
1360, 1365 (Fed. Cir. 2018) (citing Intellectual Ventures
I LLC v. Capital One Fin. Corp., 850 F.3d 1332, 1338
(Fed. Cir. 2017)). Section 101 defines patent-eligible
subject matter as "any new and useful process, machine,
manufacture, or composition of matter, or any new and useful
improvement thereof." 35 U.S.C. § 101. Laws of
nature, natural phenomena, and abstract ideas, however, are
not patentable. See Mayo Collaborative Servs. v.
Prometheus Labs., Inc., 566 U.S. 66, 70-71 (2012)
(citing Diamond v. Diehr, 450 U.S. 175, 185 (1981)).
To
determine whether a patent claims ineligible subject matter,
the Supreme Court has established a two-step framework.
First, we must determine whether the claims at issue are
directed to a patent-ineligible concept such as an abstract
idea. Alice Corp. v. CLS Bank Int'l, 573 U.S.
208, 217 (2014). Second, if the claims are directed to an
abstract idea, we must "consider the elements of each
claim both individually and 'as an ordered
combination' to determine whether the additional elements
'transform the nature of the claim' into a
patent-eligible application." Id. (quoting
Mayo, 566 U.S. at 79). To transform an abstract idea
into a patent-eligible application, the claims must do
"more than simply stat[e] the abstract idea while adding
the words 'apply it.'" Id. at 221
(quoting Mayo, 566 U.S. at 72 (internal alterations
omitted)).
We
resolve the eligibility issue at Alice step one and
conclude that claim 1 is not directed to an abstract idea.
See Enfish, LLC v. Microsoft Corp., 822 F.3d 1327,
1337 (Fed. Cir. 2016). The district court concluded that the
claims are more complex than merely reciting the performance
of a known business practice on the Internet and are better
understood as being necessarily rooted in computer technology
in order to solve a specific problem in the realm of computer
networks. Summary Judgment Op., 179 F.Supp.3d at
353-54 (citing '203 patent col. 1 ll. 37- 40; DDR
Holdings, LLC v. Hotels.com, L.P., 773 F.3d 1245, 1257
(Fed. Cir. 2014)). We agree. The claims are directed to using
a specific technique-using a plurality of network monitors
that each ...