US 6,259,789


Claims of US patent 6,259,789 in the name of Paone were found to be patent eligible subject matter under 35 USC 101 becausethe `789 patent claims a specific method of encryption, not a process that involves the encryption of data for some abstract purpose.


  • Claims that do not describe pre-existing relationships but rather set forth unconventional steps for achieving a goal may be patentable.
  • Software is, generally, patent eligible.
  • “Pencil and paper” and “machine or transformation tests” should not be applied inflexibly to software patents but a better concern is whether humans engaged in the claimed activity long before the invention of computers.

Broad description of the invention

  1. The US patent 6,259,789 claims certain computer-implemented methods of encrypting data, as well as certain cryptographic communications systems that employ the same methods. Generally speaking, a method for encrypting and decrypting readable information (“plaintext”) is known as a “cipher.” The cipher described by the `789 patent, as many do, employs a “symmetric key,” which is an additional piece of information that is used as an input to the encryption and decryption algorithm. If the cipher is used for the transmission of encoded data, both the cipher (method) and the key (information) must be known to both sender and receiver.

Digital information takes the form of a long stream of ones and zeros (called bits). When a symmetric key cipher is used to encode digital information, it can encode those bits either in groups, known as “blocks,” or one at a time. The former is called a block cipher, and the latter is called a stream cipher. Computer implemented block ciphers have been in wide use in the United States since the 1970s. The `789 patent describes a particular block cipher.

Characteristic Claim

1     A computer implemented method for encrypting data comprising the steps of:

creating at least one object key in a block cipher, the at least one object key comprising data and methods that operate on said data;

creating a key schedule based upon the at least one object key;

encrypting a random session object key in a block cipher encryption process with the at least one object key;

encrypting a block of input plaintext data utilizing said key schedule;

modifying the at least one object key based on seeding from the random session object key;

modifying the key schedule based upon the at least one modified object key;

encrypting a next block of input plaintext data utilizing said modified key schedule; and

repeating the steps of modifying the at least one object key, modifying the key schedule and encrypting utilizing the modified key schedule until the encrypting of blocks of plaintext data is completed.


The claims at issue here contain three limitations that are of particular relevance. First, all of the claims are limited to the encryption of data in “block[s],” as described above. Second, each claim requires the use of a particular type of key that the patent calls an “object key.” Third, each of the two method claims at issue in this case (claims 2 and 33) includes the required steps of “modifying the . . . object key” based on a particular input and “repeating the steps of modifying the . . . object key” and then encrypting the current block of plaintext “until the encrypting of blocks of plaintext data is completed.”

Defendants Broadcom Corporation and Mediatek USA, Inc. (for purposes of this discussion, “defendants”) move to dismiss the complaints against them on the ground that the `789 patent is invalid for failing to claim patent-eligible subject matter. See 35 U.S.C. § 101. Defendants argue specifically that the asserted claims are directed to an “abstract idea” and lack an “inventive concept” sufficient to render that idea patent-eligible, in light of the Supreme Court’s recent decision in Alice Corp. Pty. Ltd. v. CLS Bank Int’l, ___ U.S. ___, 134 S. Ct. 2347 (2014).

Section 101 of the Patent Act defines four broad categories of patentable inventions: processes, machines, manufactures, and compositions of matter. But § 101 also has wellrecognized exceptions. Specifically, whether or not they fall into one of the above categories, laws of nature, physical phenomena, and abstract ideas are not patentable. See generally, e.g., Diamond v. Diehr, 450 U.S. 175, 101 S. Ct. 1048 (1981).

The history and impact of the cases that developed these exceptions have been examined in detail by the numerous Federal Circuit and district court decisions that have attempted to apply § 101 in recent years, see, e.g., California Inst. of Tech. v. Hughes Commc’ns Inc., 59 F. Supp. 3d 974 (C.D. Cal. 2014), and I need not reiterate that history here. It is enough to say that for several decades following Diehr, few validity challenges raised the issue of eligibility under § 101, focusing instead on other requirements for patentability such as novelty, nonobviousness, and disclosure. See 35 U.S.C. §§ 102, 103, and 112. But in three decisions handed down since 2010, the Supreme Court has placed renewed focus on the § 101 exceptions in the fields of computer programming and natural science. See Alice, 134 S. Ct. 2347; Mayo Collaborative Servs. v. Prometheus Labs., Inc., ___ U.S. ___, 132 S. Ct. 1289 (2012); Bilski v. Kappos, 561 U.S. 593, 130 S. Ct. 3218 (2010).

pThere are divergent views on the extent to which Alice, which involved a claimed method of using third-party clearing houses for financial transactions, changed the § 101 landscape. But it is generally agreed that “[o]n one important issue . . . [Alice] went beyond Bilski. The claims in Bilski did not require the use of computers, while the claims in [Alice] did. Significantly, the Court held that the introduction of a computer into the claims did not render the claims in [Alice] patentable.” Loyalty Conversion Sys. Corp. v. Am. Airlines, Inc., 66 F. Supp. 3d 829, 836-37 (E.D. Tex. 2014) (Bryson, J.).

In Mayo, the Supreme Court set forth a framework to distinguish patents that claim ineligible subject matter, or add too little to it, from those that claim patent-eligible applications of abstract ideas and natural laws. First, of course, we must determine whether the claims at issue are in fact directed to an ineligible abstract idea. See DDR Holdings, LLC v., L.P., 773 F.3d 1245, 1255 (Fed. Cir. 2014) (citing Alice, 134 S. Ct. at 2355). If the patent is directed at an abstract idea, we then consider the limitations of each claim, both individually and as an “ordered combination,” to determine whether the additional limitations transform the nature of the claim into a patent-eligible application. Id. This second step is referred to as the search for an “inventive concept.” Id. Distinguishing claims that recite a patent-eligible invention and claims that add too little to a patent-ineligible abstract concept can be “difficult, as the line separating the two is not always clear.” Id.

Step one of Mayo requires us to “ascertain[] the purpose of the claimed invention.” Hughes, 59 F. Supp. 3d at 980. In the instant case, the parties do not materially dispute how to characterize the subject matter of the `789 patent. Defendants characterize it as “directed to block cipher encryption with dynamic keys,” and plaintiff appears to adopt as his characterization of the patent Judge Spatt’s finding that his invention improved upon existing block cipher technology (as it had existed for decades) by “chang[ing] the encryption key for each data block, based on additional, randomly generated data.” Microsoft I, 771 F. Supp. at 227. I need not further refine the terms in which the broad subject matter of the `789 patent is defined, because these characterizations are effectively the same. It is enough for purposes of Mayo step one to conclude that the patent is directed at a method or system for encrypting digital information using a symmetric key block cipher with dynamic keys.[4]

Having so defined the broad subject matter of the patent, the case that is most instructive in applying the § 101 analysis, TQP Dev., LLC v. Intuit Inc., No. 12-cv-180, 2014 WL 651935 (E.D. Tex. Feb. 19, 2014) (Bryson, J.), is one that somewhat conflates the two steps of Mayo. For that reason, and because I think that it is not necessary to the eligibility analysis before me, I do not decide whether a patent claiming that subject matter without further limitations would be eligible (although I am certain that it would be invalid for other reasons, such as lack of novelty). I therefore turn to step two, the search for an “inventive concept.”

In TQP, which predates the Supreme Court’s decision in Alice by several months, but which considered and followed the Federal Circuit decision that the Supreme Court affirmed, Judge Bryson of the Court of Appeals for the Federal Circuit (sitting by designation in the District Court for the Eastern District of Texas) denied the defendant’s motion for summary judgment on § 101 grounds.

The case concerned infringement of a patent covering an encryption technology claimed with a similar level of specificity to the one here. Judge Bryson characterized the invention — what he called the “fundamental concept” at which the patent was directed — as “the use of a predetermined characteristic of the data being transmitted, specifically the number of blocks of data transmitted, to trigger the generation of new key values used for encryption and decryption in a data communication system.” Id. at *3. Although, as noted above, he somewhat conflated the two steps of Mayo, it is clear that he was addressing the second step when he noted that the claims at issue were limited to

a method for transmitting encrypted data . . . by (1) inputting a seed value to identical pseudo-random number generators in the transmitter and receiver, (2) using the pseudo-random number generators to generate identical new key values at the transmitter and receiver, and (3) changing the key values . . . each time a predetermined number of blocks of data are transmitted.

Id. at *1. These limitations, he found, meant that the patent was “drawn to a very specific method of changing encryption keys” and therefore “it contains an `inventive concept,'” id. at *4 (quoting CLS Bank Int’l v. Alice Corp. Pty. Ltd., 717 F.3d 1269, 1283 (Fed. Cir. 2013)).

Judge Bryson recognized the need to prevent artful drafting from “circumvent[ing] the basic exceptions to §101 [by] using, for example, highly stylized language, hollow field-of-use limitations, or the recitation of token post-solution activity.” Id. at *2 (citing CLS Bank, 717 F.3d at 1281). Nevertheless, in his view, the limitations above were sufficient to ensure that “the preemptive effect of the claim is very much diminished,” id. at *4, i.e., that it is patentable.

Of course, TQP predated the Supreme Court’s Alice decision by several months. But I do not think that anything in Judge Bryson’s reasoning is disturbed by the movement in the law of § 101 — perhaps better characterized as a clarification — that came with the Supreme Court’s decision affirming the Federal Circuit. Tellingly, consistent with the Supreme Court’s subsequent decision in Alice, Judge Bryson’s decision in TQP in no way relied on the fact that the claimed method was performed using a computer.

Judge Bryson himself seems to have agreed. In Loyalty Conversion, decided for the same court later the same year, he granted judgment on the pleadings, this time invalidating a patent on a system for exchanging loyalty award credits (such as frequent flyer miles). In so doing, however, he criticized a hypothetical blanket rule barring business method patents (which he found the patent before him to be), because it would be too difficult to distinguish “other, legitimate patents that happen to have application to the conduct of business.” Loyalty Conversion, 66 F. Supp. 3d at 846. In endorsing eligibility for the latter category, he included within it “patents on methods for encrypting business transactions over the Internet” because they “can involve complex algorithms that are designed to defeat even sophisticated efforts at decryption by hackers and other unauthorized persons.” Id. n.7 (citing TQP). He also noted that during oral argument in Alice before the Supreme Court, both the accused infringer and the United States, as amicus, “pointed to patents on methods of encryption as examples of technology that are directed to methods of doing business but would not be invalid as unpatentable subject matter.” Id.

I therefore read TQP and Loyalty Conversion for the proposition that, despite the various ways in which software patents have been called into question following Alice, a patent on a method of data encryption is not per se invalid, as long as it is specific enough.

This brings us to the `789 patent. It is difficult to distinguish the claim limitations — on their face or as construed by Judge Spatt in Microsoft I — from the limitations considered by Judge Bryson in TQP.[5] That is in part because defendants make no serious effort to explain why the limitations recited by the `789 patent fail to constitute an “inventive concept,” much less why they do not describe a “very specific method of changing encryption keys” that is patent-eligible. Defendants focus instead on the fact that the claims do not recite more than generic hardware.

That is understandable, given that this was the main thrust of the holding of Alice, but it misses the point. Just as here, the patent at issue in TQP contained what amounts to a dynamic key block cipher, and its limitations (at least, the ones that were considered by the court) amounted to a requirement that the cipher be capable of changing its encryption key every time a fixed number of blocks were transmitted. Simply put, if that limitation is sufficient to confer patentability, I do not see how the claim limitations contained in the `789 patent could be said to add less. In that regard, this case is not at all analogous to those in which a claim is ineligible because it is directed at accomplishing an intangible result by the use of software, but lacks sufficient specificity as to how that result is to be accomplished. Cf. Internet Patents Corp. v. Active Network, Inc., 790 F.3d 1343, 1348 (Fed. Cir. 2015) (claim directed at “the idea of retaining information in the navigation of online forms” is not rendered eligible by limitation requiring “maintaining the state” of an online form when the limitation “describes the effect or result dissociated from any method by which maintaining the state is accomplished”).

Defendants apparently urge me to ignore the `789 patent’s many limitations, arguing that courts “have repeatedly invalidated encryption patents under § 101” in light of Alice, but they mischaracterize the cases on which they rely in support of this assertion. In Walker Digital, LLC v. Google, Inc., 66 F. Supp. 3d 501 (D. Del. 2014), for example, the court held ineligible two patents it viewed as being directed to “the basic concept of controlled exchange of information about people as historically practiced by matchmakers and headhunters,” id. at 508, because it found that the patents’ limitations were not sufficient to supply an inventive concept to that abstract idea. With reference to those limitations, the court found that “all of these steps could be performed (and have been performed) by human beings interacting with one another prior to the filing of the [] patent.” Id. at 508-09. Among other limitations, one of the two patents in suit included a dependent claim reciting the added step of “authenticating authorship” of one party’s information by “executing a cryptographic operation using a cryptographic key.” Id. at 512. Notably, this limitation did not place any limit on what kind of cryptographic method would be used — in fact, the court noted that this limitation could “include something like the type of substitution cipher one might find in a newspaper (A=T, B=U, etc.).” Id. at 513.

Walker, in my view, actually says nothing about the patentability of the cryptographic method itself. To read the case that way would be no different than saying that because “[s]tating an abstract idea while adding the words `apply it with a computer'” does not confer eligibility, Alice, 134 S. Ct. at 2358, we must draw the conclusion that “a computer” is not patentable. That is an untenable reading of Alice.

In Intellectual Ventures II LLC v. JP Morgan Chase & Co., No. 13-cv-3777, 2015 WL 1941331, at *12 (S.D.N.Y. Apr. 28, 2015), the court held invalid a patent directed at a method of post-distribution protection of intellectual property that claimed the steps of “(1) encrypting portions of data; (2) distributing the encrypted data; and (3) controlling access to decrypted portions of the distributed data by applying various, unspecified rules defining access rights.” Id. at *12. It was not disputed that the first two steps were routine, and Judge Hellerstein’s analysis (which I believe was correct) concluded that the claimed third step swept too broadly because it encompassed “all manners” of “controlling post-distribution access to decrypted data.” Id. at *14 n.7. Just as is true of Walker, the fact that the patent’s claimed method, in one of its forms, involved the use of encryption, and was held to be abstract, says nothing about whether a particular method of encryption is patentable.

The same can be said of the representative claim at issue in Fidelity Nat’l Info. Servs., Inc. v. DataTreasury Corp., CBM2014-00021, 2015 WL 1967328 (P.T.A.B. Apr. 29, 2015), which was “directed to the underlying idea of transferring information from one location to another where the transferred information is unreadable without a secret decoder key.” Id. at *7. Tellingly, the Board did not hold otherwise, for although it noted that “[e]ncryption of data as a security measure” was not sufficient to supply an inventive concept to the underlying abstract idea, id., the Board recognized the distinction between a recitation of encryption “in general” and a patent directed at the “very specific encryption method” claimed in TQP. Id. at *8 (citing 2014 WL 651935, at *7-14).

In short, it is of no moment that “[e]ncryption, in general, represents a basic building block of human ingenuity that has been used for hundreds, if not thousands, of years.” Id. at *8. That is because the ‘789 patent does not claim a process that can or does involve the encryption of data for some purpose that is otherwise abstract. Rather, it claims a specific method of doing so.

Defendants make several additional arguments that are similarly misplaced. First, they contend that the `789 patent should be deemed invalid under § 101 because it is drafted “so broadly as to preempt both known and unknown uses of block cipher encryption,” i.e., it risks preemption of “a significant portion of the field of cryptography.” I note at the outset that this contention is ironic, because these defendants also argue that the patent does not cover TKIP, a widely used encryption technology, in light of Judge Spatt’s claim construction and summary judgment rulings. Of course, defendants are entitled to make these arguments in the alternative, but Judge Spatt’s rulings would be instructive whether defendants had chosen to rely on them in this litigation or not. If Judge Spatt has construed the patent correctly — and I see no reason to think, at this stage, that he has not — I do not see how it can be said to preempt the field of cryptography. See Hughes, 59 F. Supp. 3d at 996 (finding no preemption concern where claims contained limitations requiring “irregular repetition of message bits and the use of a prior parity bit for calculating a subsequent parity bit,” the algorithm “does not describe a preexisting relationship but rather sets forth unconventional steps for achieving error correction,” and the patent as a whole “capture[s] only one effective form of error correction”).

Even more generally, I reject the argument that the `789 patent is analogous to the vast majority of the patents not involving encryption that have been held invalid under § 101 in light of the Alice decision. For the most part, these decisions reflect the Supreme Court’s clarification that a method of “organizing human activity,” 134 S. Ct. at 2356, is not eligible subject matter just because it is performed on a computer. See TQP, 2014 WL 651935, at *6 (citing Bilski, 130 S. Ct. at 3234 (Stevens, J., concurring)).

As the Federal Circuit has acknowledged, at least one central thrust of the Supreme Court’s recent § 101 jurisprudence is to avoid monopolization of business methods. Cf., e.g., Content Extraction & Transmission LLC v. Wells Fargo Bank, N.A., 776 F.3d 1343, 1347 (Fed. Cir. 2014) (“The concept of data collection, recognition, and storage is undisputedly well-known. Indeed, humans have always performed these functions. And banks have, for some time, reviewed checks, recognized relevant data . . . and stored that information in their records.”); DietGoal Innovations LLC v. Bravo Media LLC, 33 F. Supp. 3d 271, 284 (S.D.N.Y. 2014) (holding that “selecting meals that align with the user’s individual preferences and nutritional goals . . . and calculating the dietary impact of the addition or subtraction of certain foods (for example, by determining how many calories you will save by swapping out French fries for broccoli)” are “conventional and quotidian tasks” performed without the aid of technology by, inter alia, “parents planning meals for their children”), aff’d, 599 F. App’x 956 (Fed. Cir. 2015).

Indeed, in DDR Holdings, 773 F.3d at 1248, the Federal Circuit found a patent “directed to systems and methods of generating a composite web page that combines certain visual elements of a `host’ website with content of a third-party merchant” eligible, but distinguished the bulk of post-Alice decisions as those in which “abstract ideas are plainly identifiable” because the claims at issue “in substance were directed to nothing more than the performance of an abstract business practice on the Internet or using a conventional computer.” Id. at 1256 (distinguishing Ultramercial, Inc. v. Hulu, LLC, 772 F.3d 709 (Fed. Cir. 2014); buySAFE, Inc. v. Google, Inc., 765 F.3d 1350 (Fed. Cir. 2014); Accenture Global Servs., GmbH v. Guidewire Software, Inc., 728 F.3d 1336, (Fed. Cir. 2013); and Bancorp Servs., L.L.C. v. Sun Life Assur. Co. of Canada (U.S.), 687 F.3d 1266 (Fed. Cir. 2012)).

As Judge Bryson observed in TQP, these cases do not require that an encryption patent be deemed ineligible — to the contrary, “[u]pon close inspection . . . it becomes evident that the similarities between those cases and the instant case [concerning an encryption method] are superficial.” 2014 WL 651935, at *6. Judge Bryon concluded that “[i]n most of those cases a computer was used to perform steps that are commonly performed without a computer,” but that the encryption patent before the court “involve[d] a way of making computer communication itself more effective by making that communication more secure.” Id. at *7. The same is clearly true of the one at bar.

I must address one further aspect of the Alice decision before I can conclude that the `789 patent covers eligible subject matter. There have been cases decided since Alice that can arguably be read to suggest that software patents as an entire category are no longer within the scope of § 101. The Court in Digitech Image Techs., LLC v. Elecs. for Imaging, Inc., 758 F.3d 1344 (Fed. Cir. 2014), for example, invalidated claims describing a digital image processor in part because “[i]f a claim is directed essentially to a method of calculating, using a mathematical formula, even if the solution is for a specific purpose, the claimed method is nonstatutory.” Id. at 1351 (quoting Parker v. Flook, 437 U.S. 584, 98 S. Ct. 2522 (1978)). And, of course, that is the only thing that software does. See Hughes, 59 F. Supp. 3d at 987. But I agree with the court in Hughes that it would be too extreme to read § 101 as excluding all software. See id. at 985 (noting that Alice “seems to acknowledge that software may be patentable if it improves the functioning of a computer” and that Congress, by enacting the America Invents Act, has endorsed software patents generally). In fact, any doubt that Hughes is correct on this point should be put squarely to rest by the Federal Circuit’s subsequent decision in DDR Holdings, which of course concerned a purely intangible software invention.

For the same reason, I reject defendants’ argument that the `789 patent claims ineligible subject matter because encryption fails the well-known “pencil and paper” and “machine or transformation” tests set forth in the § 101 cases that predate Alice. Although these tests retain a valid place in § 101 doctrine, I agree with those courts that have rejected the inflexible per se application of them in the context of a software patent, because (in theory, at least) that would have the effective result of invalidating all software patents. As for the “pencil and paper” approach, I think the better view of Alice is that this test is useful as “a stand-in for another concern: that humans engaged in the same activity long before the invention of computers.” Id. at 995 (rejecting pencil-and-paper analysis in the area of error correction codes because such codes “were not conventional activity that humans engaged in before computers, and the codes do not become conventional simply because humans can do math”).

Reflecting a related concern, in TQP, Judge Bryson rejected the notion that the claimed encryption method was a “mental process” ineligible under Gottschalk v. Benson, 409 U.S. 63, 93 S. Ct. 253 (1972), because “the invention involves a several-step manipulation of data that, except perhaps in its most simplistic form, could not conceivably be performed in the human mind or with pencil and paper.” 2014 WL 651935, at *4.

Judge Bryson also flatly rejected the machine-or-transformation test in terms that, at least as far as the application to this case is concerned, speak for themselves:

In the case of an invention in the field of encryption . . . the entire object of the invention is to transform data from one form into another . . . . In that setting, it does not make sense to say that the transformation of data . . . cannot qualify as a patent-eligible invention, because that is what the field of cryptology is all about.

Id. at *5.

In sum, it seems to me that it would require an overly broad view of the Supreme Court’s § 101 jurisprudence to find that a patent directed at a method of encryption does not claim eligible subject matter per se. This is not to say that a patent on a method of encryption that is not specific enough to claim more than the idea of encryption, or that fails any other requirement of patentability, should not be invalidated. It is simply to say that defendants have failed to show that this one should be.

Click here for a list of US court approved software patent examples