Rule-Based Data Processing Patent Held to Be Directed to Patent-Ineligible Subject Matter
By Joseph Herndon --
On October 11, 2016, the Federal Circuit issued a precedential opinion in FairWarning IP, LLC v. Iatric Systems, Inc. affirming dismissal of a patent infringement suit brought by FairWarning holding that the asserted patent, U.S. Patent No. 8,578,500, claims patent-ineligible subject matter under 35 U.S.C. § 101. The Federal Circuit essentially found that the claims were directed to a combination of previously identified abstract-idea categories, and thus, they were found invalid.
The '500 patent is titled "System and Method of Fraud and Misuse Detection" and discloses ways to detect fraud and misuse by identifying unusual patterns in users' access of sensitive data. The specification describes systems and methods to detect fraud by an otherwise-authorized user of a patient's protected health information ("PHI"). According to the specification, pre-existing systems were able to record audit log data concerning user access of digitally stored PHI. The claimed systems and methods record this data, analyze it against a rule, and provide a notification if the analysis detects misuse. Claim 1 recites:
1. A method of detecting improper access of a patient's protected health information (PHI) in a computer environment, the method comprising:
generating a rule for monitoring audit log data representing at least one of transactions or activities that are executed in the computer environment, which are associated with the patient's PHI, the rule comprising at least one criterion related to accesses in excess of a specific volume, accesses during a pre-determined time interval, accesses by a specific user, that is indicative of improper access of the patient's PHI by an authorized user wherein the improper access is an indication of potential snooping or identity theft of the patient's PHI, the authorized user having a pre-defined role comprising authorized computer access to the patient's PHI;
applying the rule to the audit log data to determine if an event has occurred, the event occurring if the at least one criterion has been met;
storing, in a memory, a hit if the event has occurred; and
providing notification if the event has occurred.
A § 101 challenge has a first step requiring a court to "determine whether the claims at issue are directed to a patent-ineligible concept." The District Court found that "the '500 patent is directed to or drawn to the concept of analyzing records of human activity to detect suspicious behavior." The Federal Circuit agreed with the District Court.
The patented method, as illustrated by claim 1 quoted above, collects information regarding accesses of a patient's personal health information, analyzes the information according to one of several rules (i.e., related to accesses in excess of a specific volume, accesses during a pre-determined time interval, or accesses by a specific user) to determine if the activity indicates improper access, and provides notification if it determines that improper access has occurred.
The Federal Circuit found that the claims are directed to a combination of previously identified abstract-idea categories. Specifically, the claims here are directed to collecting and analyzing information to detect misuse and notifying a user when misuse is detected.
Comparing the claims to the recent decision in McRO, Inc. v. Bandai Namco Games America Inc. (Fed. Cir. 2016), which also involved claims reciting rules, the Federal Circuit found distinctions. In McRO, the Federal Circuit held that, in analyzing step one, the claims were not directed to an abstract idea, but instead were directed to "a specific asserted improvement in computer animation, i.e., the automatic use of rules of a particular type." The Federal Circuit explained in McRO that the claimed improvement was allowing computers to produce accurate and realistic lip synchronization and facial expressions in animated characters that previously could only be produced by human animators, and the claimed rules in McRO transformed a traditionally subjective process performed by human artists into a mathematically automated process executed on computers.
The Federal Circuit found that the present claims merely implement an old practice in a new environment. The claimed rules ask whether accesses of PHI, as reflected in audit log data, are 1) "by a specific user," 2) "during a pre-determined time interval," or 3) "in excess of a specific volume." These are the same questions (though perhaps phrased with different words) that humans in analogous situations detecting fraud have asked for decades, if not centuries.
The Federal Circuit also found that the claims here are not directed to an improvement in the way computers operate, nor does FairWarning contend as much. While the claimed system and method certainly purport to accelerate the process of analyzing audit log data, the speed increase comes from the capabilities of a general-purpose computer, rather than the patented method itself.
Thus, because these claims were found to be directed to an abstract idea at step one of the patent-eligibility inquiry, we turn to step two.
At step two, the court must then examine the elements of the claim to determine whether it contains an inventive concept sufficient to transform the claimed abstract idea into a patent-eligible application.
The Federal Circuit again agreed with the District Court, which explained that the claims generally require (1) generating a rule related to the number of accesses, the timing of accesses, and the specific users in order to review transactions or activities that are executed in a computer environment; (2) applying the rule; (3) storing the result; and (4) announcing the result.
The claim limitations, analyzed alone and in combination, were considered to fail to add something more to transform the claimed abstract idea of collecting and analyzing information to detect misuse into a patent-eligible application.
FairWarning argued some system claims separately, but they were found to fail as well because they simply add the requirement that the system include a "user interface" for selection of a rule, as well as a microprocessor that analyzes audit log data under various rules.
In sum, the Federal Circuit found that the claimed invention is directed to the broad concept of monitoring audit log data, and the claims here do not propose a solution or overcome a problem specifically arising in the realm of computer technology.
Thus, the claims were found to be patent-ineligible under § 101.
The District Court granted Iatric's motion and dismissed the case under Rule 12(b)(6) of the Federal Rules of Civil Procedure. On appeal, FairWarning also argued that "there is an identified claim construction issue" that precludes dismissal under Rule 12(b)(6). FairWarning argued that, under a correct construction, the District Court would have understood the term audit log data to exist in the computer environment after at least one of the transactions or activities are executed in the computer environment by an authorized user, and the implication of this construction, FairWarning argued, would be that the '500 patent is necessarily rooted in computer technology.
The Federal Circuit found that simply requiring computer implementation of an otherwise abstract-idea process, as FairWarning would require of the claim, does not make the claims patent eligible, and regardless of the resolution of this construction issue, the '500 patent claims patent-ineligible subject matter. Thus, any claim construction issue was rendered moot.
FairWarning IP, LLC v. Iatric Systems, Inc. (Fed. Cir. 2016)
Panel: Circuit Judges Lourie, Plager, and Stoll
Opinion by Circuit Judge Stoll