[00:00:00] Speaker 04: The next and final case for argument this morning is 15-1146, trustees of Columbia University versus the Man Tech Corporation. [00:00:26] Speaker 00: Good morning, Honors. [00:00:27] Speaker 00: David Gindler for Columbia University. [00:00:30] Speaker 00: I'm here with my colleagues Richard Gurnholz and Aaron Panner. [00:00:33] Speaker 00: This appeal deals exclusively with claim construction. [00:00:38] Speaker 00: I would like to start with the 544 and 907 patent families. [00:00:43] Speaker 00: There is one claim construction issue. [00:00:45] Speaker 00: It has to do with the term bike sequence feature. [00:00:49] Speaker 00: It is found in all of the claims of the patent, and it's found in all of the claims that were filed in the patent. [00:00:55] Speaker 00: that claim was restricted by the district court to machine code instructions. [00:01:01] Speaker 00: That interpretation would essentially read out virtually every embodiment in the patent save possibly one. [00:01:11] Speaker 00: The problem with the district court's construction is it violates several well-established rules [00:01:19] Speaker 00: A plane construction. [00:01:20] Speaker 01: Are you suggesting that the meaning of that phrase is different in the provisional application and in the final patent? [00:01:31] Speaker 00: The provisional application doesn't define the phrase. [00:01:34] Speaker 01: What's the answer to my question? [00:01:36] Speaker 01: Does it have a different meaning in the tip? [00:01:39] Speaker 00: Well, the phrase bite sequence feature [00:01:44] Speaker 00: actually is not used in the provisional application. [00:01:47] Speaker 00: The term byte sequence is used in the provisional application. [00:01:51] Speaker 00: There are three embodiments which are discussed. [00:01:53] Speaker 00: It's used under the heading of features, right? [00:01:55] Speaker 00: It's used in a discussion of features, but the discussion of byte sequence in the provisional application deals is under a heading called using hex dump to extract byte sequence features. [00:02:13] Speaker 00: Could you just, before you go on, I'm just going to answer Judge Dyck's question. [00:02:20] Speaker 00: So the heading of that particular section of the paper says, bite sequences using hex dump. [00:02:31] Speaker 00: Now, hex dump is, in fact, a particular embodiment which is described in the patent. [00:02:39] Speaker 00: It's described as an exemplary embodiment in the patent, not as a definition. [00:02:43] Speaker 00: In the language of the provisional, which is a publication, it says the following. [00:02:49] Speaker 00: We use hexdump, a tool that transforms binary files into hexadecimal files. [00:02:56] Speaker 00: The byte sequence feature is the most informative because it represents the machine code in an executable instead of resource information like live BFD features. [00:03:07] Speaker 00: By the way, that sentence does not appear in that way in the specification. [00:03:12] Speaker 00: It is changed in the specification. [00:03:14] Speaker 00: But more importantly, [00:03:17] Speaker 00: The paragraph goes on and says, secondly, analyzing the entire binary gives more information for non-PE format executables than the strings method. [00:03:30] Speaker 00: This is a comment on looking at the entire binary. [00:03:34] Speaker 00: The entire executable using hexdump gives you more information. [00:03:42] Speaker 00: And the use of hexdump in the actual specification [00:03:46] Speaker 00: of the patent is just one exemplary embodiment. [00:03:50] Speaker 00: You can find that in the 544 patent at Column 6, Line 7 to 8, where it says, in the exemplary embodiment, hex stump was used in the feature extraction step. [00:04:05] Speaker 00: It's just one embodiment. [00:04:07] Speaker 00: And one of the rules that we have learned from claim construction is we do not read limitations from a particular embodiment into the claim. [00:04:16] Speaker 01: Look, coming back to the provisional application 3586, it says byte sequences are the last of a set of features. [00:04:23] Speaker 01: So they're talking about a byte sequence feature, which is the language used in the client. [00:04:28] Speaker 01: And then it says the byte sequence feature, and it does use that phrase that I referred to, is the most informative because it represents the machine code in an executable instead of resource information like libfd features. [00:04:42] Speaker 01: That seems to say that byte sequence feature is machine code. [00:04:48] Speaker 00: It says why it's informative. [00:04:50] Speaker 00: It says that this length, it says the byte sequence feature is the most informative because it represents the machine code in an executable. [00:05:01] Speaker 00: But then it goes on to say... So it does use the word byte sequence feature, right? [00:05:05] Speaker 00: It does, in that one part. [00:05:08] Speaker 00: But right, I misspoke. [00:05:09] Speaker 00: It does use it in this one part. [00:05:12] Speaker 00: But is this the definition of byte sequence feature in the specification of the patent? [00:05:19] Speaker 00: And I think the answer to that question, Your Honor, is no. [00:05:21] Speaker 01: So the answer to my earlier question is your contention is the meaning changed between the provisional and the final. [00:05:27] Speaker 00: No, I don't think that's right, Your Honor, because if you look at the provisional, the provisional looks at three embodiments, actually the three same embodiments which are discussed in the specification. [00:05:38] Speaker 00: And those three are looking at extracting [00:05:41] Speaker 00: bite sequence features using hex dump, a second embodiment, which involves extracting another kind of bite sequence features, which are bite strings representative of resources, which are referenced by the executable, and a third which are called strings or printable strings. [00:05:59] Speaker 00: And the paper looks at each one of these and compares their utility in trying to identify malicious aspects [00:06:08] Speaker 00: of programs using a rule classifier set. [00:06:11] Speaker 00: And it talks about how they compare to each other. [00:06:14] Speaker 00: Here, you have two sentences which talk about bite sequence. [00:06:18] Speaker 03: Let's assume we disagree with you about the claim construction. [00:06:20] Speaker 03: We think the district court got it right. [00:06:22] Speaker 03: Does that mandate his conclusion on invalidity? [00:06:28] Speaker 03: I found that invalidity argument or decision kind of hard to follow. [00:06:32] Speaker 03: Do you agree that if the district court adopted the right claim construction, [00:06:37] Speaker 03: that your patent is also invalid under 112. [00:06:41] Speaker 00: It's very hard to understand, Your Honor, because the court did not give much guidance in terms of what the court meant. [00:06:47] Speaker 00: As far as I can tell, the court was saying that machine code instructions are a different animal [00:06:54] Speaker 00: than bite strings representative of resources referenced by the executable and therefore one can't be a subset of the other. [00:07:02] Speaker 00: That's the most I can discern from the claim. [00:07:04] Speaker 01: Let me ask the same question in a different way. [00:07:05] Speaker 01: Suppose we were to say that the district court, as Judge Hughes said, got the claim construction right. [00:07:11] Speaker 01: Is there an argument that under that claim construction there is no indefiniteness problem here and that the claims are still valid? [00:07:24] Speaker 00: Your honor, I think the answer is yes, but it's very hard to say, because there is so little that's given to us in the opinion. [00:07:32] Speaker 01: I'm not sure what the district court said about it. [00:07:33] Speaker 01: I'm asking what you're arguing. [00:07:35] Speaker 01: Let's say you lose on the claim construction. [00:07:37] Speaker 01: Do you think the claims are still valid? [00:07:40] Speaker 00: I think the answer is yes, because I think there are circumstances in which machine code can be involved with byte strings, which are representative of resources, referenced by the executable. [00:07:51] Speaker 00: But that was an issue that was never addressed in that way by the district court. [00:07:57] Speaker 00: Here, Your Honor. [00:07:58] Speaker 04: Did you make that argument in your brief? [00:08:00] Speaker 04: The appeal brief in blue? [00:08:02] Speaker 04: Because I don't see it. [00:08:02] Speaker 04: I mean, you obviously challenged the claim construction. [00:08:05] Speaker 00: You challenged... The argument we fundamentally made in our brief on appeal was that if the district court's same construction [00:08:15] Speaker 00: of limiting byte sequence feature to machine code instruction is wrong, then his 112 ruling is wrong. [00:08:24] Speaker 00: Correct. [00:08:24] Speaker 00: And that's what we limit ourselves to. [00:08:25] Speaker 04: An alternative argument that even if it's right, there's still an issue with respect to whether or not the claim is indefinite. [00:08:33] Speaker 00: We did not take that additional step, Your Honor, because we didn't think we had to. [00:08:37] Speaker 03: We think that the language of the specification... So the invalidity decision rises or falls with the claim construction. [00:08:45] Speaker 00: In terms of what's been presented to the court, I believe that is correct. [00:08:49] Speaker 00: Again, we don't know all the disparate court's reasoning. [00:08:52] Speaker 00: We just have the two-page decision. [00:08:58] Speaker 03: I want to go back though. [00:08:59] Speaker 03: But the short answer is, you didn't give us any reason to reverse the invalidity decision if we agree with the client construction. [00:09:08] Speaker 00: That is correct, Your Honor. [00:09:10] Speaker 01: But what I want to correct leads you to the other four patents. [00:09:15] Speaker 00: Would you mind if I took just one second? [00:09:18] Speaker 00: Because it's important to look at the final specification, and it's important to look at how the discussion of this hex dub utility is described in a different way, in a more fulsome way, in the specification, the final specification, which I believe deserves respect. [00:09:38] Speaker 01: OK, let's move on to the other four. [00:09:40] Speaker 01: I find it really confusing on this. [00:09:44] Speaker 01: And I had an insight. [00:09:46] Speaker 01: And that is that both sides would like all four patents to stand or fall together. [00:09:52] Speaker 01: And in fact, when you look at it, they don't. [00:09:55] Speaker 01: There are two different specifications for two sets of patents. [00:10:01] Speaker 01: And that each side has really good arguments with respect to one set of patents and a not so good argument with respect to the other. [00:10:12] Speaker 01: So what I'm really asking you is, [00:10:15] Speaker 01: Isn't there a distinct possibility here that the district court got the claim instruction right with respect to the 084 and 306 patents and got it wrong with respect to the 115 and 322 patents? [00:10:35] Speaker 00: Well, let me put it to you this way, Your Honor. [00:10:37] Speaker 00: I think first the district court [00:10:39] Speaker 00: definitely got it wrong on the 115 and the 322. [00:10:42] Speaker 01: Try to answer the right question. [00:10:44] Speaker 00: I thought I was, but I'll start with the 084 and the 306. [00:10:47] Speaker 01: It is possible to distinguish between the two. [00:10:51] Speaker 01: They don't necessarily stand together. [00:10:54] Speaker 00: In fact, I think they don't stand together. [00:10:56] Speaker 00: They have completely different specifications. [00:10:58] Speaker 00: They're not part of the same patent family. [00:11:00] Speaker 00: They do have some common inventors, but that's not enough to treat them. [00:11:04] Speaker 00: The words of the claims are totally different. [00:11:07] Speaker 00: They address completely different things. [00:11:09] Speaker 00: The 115 family of patents is about detecting anomalous program executions. [00:11:15] Speaker 00: The 084 family is about detecting inclusions into the operation of a computer system. [00:11:24] Speaker 00: that are found in the claims of the 084 are not found anywhere in the language of the 115 and the 322. [00:11:32] Speaker 01: Why was he wrong about the 084 and the 306? [00:11:36] Speaker 01: Because it seems to me that the specification and the language of the claims strongly supports his interpretation that you're creating the model based on normal computer use. [00:11:48] Speaker 00: I think the mistake that the district court made [00:11:51] Speaker 00: was turning the claim into a closed set. [00:11:56] Speaker 00: In other words, what the court did is it converted claim elements, reciting what must be present, into negative limitations, excluding everything else. [00:12:07] Speaker 01: Because the specification tells you to create the model using normal computer usage. [00:12:11] Speaker 01: And in order to practice. [00:12:12] Speaker 01: Wait, wait, wait. [00:12:13] Speaker 01: Sorry? [00:12:14] Speaker 01: Rather than attack data, right? [00:12:16] Speaker 00: And I agree with that. [00:12:18] Speaker 00: And in order to practice this claim, that's what you have to do. [00:12:21] Speaker 00: There's no debate about that. [00:12:23] Speaker 00: But this is a comprising claim. [00:12:26] Speaker 00: The question is not whether you have to perform all of the steps of the patent as recited. [00:12:32] Speaker 00: Of course you have to perform all of the steps of the patent exactly as recited. [00:12:38] Speaker 00: The question is, can you do more? [00:12:41] Speaker 00: That's been answered many, many times. [00:12:44] Speaker 00: In the Sun Tiger case, it was said it is fundamental that one cannot avoid infringement merely by adding elements [00:12:51] Speaker 00: if each element recited in the claims is found in the accused device. [00:12:55] Speaker 00: So here, we completely agree. [00:12:59] Speaker 00: You will have to have a probabilistic model of normal computer usage, which is generated from what we'll call normal records. [00:13:10] Speaker 00: If you don't have that, you won't be infringing this patent. [00:13:14] Speaker 00: The question is, can you do something else too? [00:13:17] Speaker 00: Can somebody take that invention and say, you know what? [00:13:20] Speaker 00: I've got an add-on that will make that even better. [00:13:23] Speaker 00: I'll give you an example. [00:13:26] Speaker 00: What the patent talks about here is essentially finding deviations, so to speak, from normal accesses to the registry. [00:13:40] Speaker 00: Not every one of those is going to be malicious. [00:13:43] Speaker 00: They'll just be deviations. [00:13:45] Speaker 00: Some will not be malicious, some will be malicious. [00:13:50] Speaker 00: Somebody could come along and say, I've got a better mousetrap because I'm going to now add on data about what's malicious and what's not. [00:13:59] Speaker 00: And I'm going to look at what you've figured out using this patent claim and refine it further to help me establish this is bad, this is not bad. [00:14:09] Speaker 00: That's the problem with the district court's claim construction. [00:14:11] Speaker 00: It comes up mostly [00:14:14] Speaker 00: It comes up mostly, Your Honor, in the ruling for clarification, where we ask them, did you really mean only? [00:14:22] Speaker 00: And the district court said, yes, I meant only. [00:14:27] Speaker 00: It's the only thing you can do. [00:14:29] Speaker 00: The claim becomes a closed debt. [00:14:32] Speaker 00: And that's the problem with the 084 patent family. [00:14:36] Speaker 00: The problem with the 115 and 322 patent family [00:14:43] Speaker 00: is that the court literally took words like attack-free and computer system usage, which appear nowhere in the specification or the prosecution history, and just brought them over and talked about defining the term anomalous as requiring attack-free data. [00:15:03] Speaker 00: Well, the major problem with that would be claim eight. [00:15:09] Speaker 00: and claim 18, and claim 29, and claim 39, all of which say the exact same thing. [00:15:18] Speaker 00: They are all dependent claims to the independent claims of the patent, and they all say the model reflects a tax against at least a part of the program. [00:15:29] Speaker 00: And the first rule of claim construction is that you start with the words of the claims. [00:15:34] Speaker 00: Starting with the words of the claims there, [00:15:38] Speaker 00: It's very hard to come up with an attack-free model of computer system usage when you have claims that expressly recite including attack data in the model. [00:15:51] Speaker 00: But it's actually, and remember, in that patent, a different model. [00:15:54] Speaker 00: It's a model of function calls, whereas in the 084 patent, we're dealing with something completely different, which is a probabilistic model of normal computer usage, which looks at accesses to the Windows registry. [00:16:10] Speaker 04: Well, you've exceeded your rebuttal time. [00:16:13] Speaker 04: We'll restore two minutes. [00:16:14] Speaker 04: Let's hear from you. [00:16:15] Speaker 01: Thank you. [00:16:26] Speaker 02: Good morning, Your Honors. [00:16:28] Speaker 02: Dave Nelson on behalf of Symantec. [00:16:30] Speaker 02: May I please report? [00:16:31] Speaker 02: So let me begin with the 084 family. [00:16:35] Speaker 03: Could you begin with the 115 because I think that's where you have the most problems. [00:16:41] Speaker 03: I understand the 084 has all that normal language when it talks about generating a model. [00:16:46] Speaker 03: I don't see anything in the 115 where it talks about [00:16:51] Speaker 03: using attack-free data or normal data or anything. [00:16:54] Speaker 03: It just says a model of function calls. [00:16:57] Speaker 01: So plus you've got all these dependent claims which suggest that the model is created using attack data. [00:17:04] Speaker 01: I'll address that as well. [00:17:06] Speaker 01: So which would you like being addressed first? [00:17:12] Speaker 02: So in terms of the specification of the patent, you're correct. [00:17:15] Speaker 02: There aren't statements. [00:17:16] Speaker 02: There are statements about [00:17:18] Speaker 02: normal computer system usage and that's how the model is created. [00:17:22] Speaker 02: It doesn't use the term attack free. [00:17:24] Speaker 02: There are references in the provisionals. [00:17:25] Speaker 02: They're incorporated by reference to that, but not in the specification itself. [00:17:30] Speaker 02: Now, and it's correct that we agree, Your Honor, these do not rise and fall together with the OA-4 family of patent and we weren't saying that it was the same specification. [00:17:41] Speaker 02: But the 115 family of patents, that specification [00:17:46] Speaker 02: talks about achieving this invention with this probabilistic anomaly detection system, which is exactly the same system that's described in the 084 patent. [00:17:56] Speaker 02: It was an earlier patent. [00:17:58] Speaker 02: It comes out of the same laboratory work, similar. [00:18:01] Speaker 02: There are some shared inventors. [00:18:03] Speaker 02: And therefore, of course, there's not as much description of that probabilistic anomaly detection system in the later family of patents. [00:18:11] Speaker 02: Yet it is the same. [00:18:13] Speaker 01: in the provisional. [00:18:15] Speaker 01: Right, but it does talk about normal computer system usage. [00:18:33] Speaker 02: And normal computer system usage, the common understanding is that would be a tad free because that's the object of the patent. [00:18:39] Speaker 01: But the question is, how do you get there and what do you use as your model? [00:18:42] Speaker 01: How do you create your model? [00:18:44] Speaker 02: Right. [00:18:45] Speaker 02: That's correct, Your Honor. [00:18:46] Speaker 02: So in the provisional application, this is at A1064, it talks about different usage for this probabilistic anomaly detector, one of which is to [00:19:00] Speaker 02: detect anomalies for the Windows registry, which would be the OA4 family of patents, and also for process execution, which is the 115 family of patents. [00:19:09] Speaker 02: So in that provisional, it's referring to that same probabilistic anomaly detector and talks about different usages for doing that. [00:19:17] Speaker 02: So the way these systems work in terms of the description is you want to be able to detect attacks that you've never seen before. [00:19:26] Speaker 02: So the way that's done in these systems is to create a model of normal usage. [00:19:31] Speaker 02: And then when you receive, when you're running the system to try to detect attacks, you compare the received event, whatever that is. [00:19:40] Speaker 01: Creating a model of normal usage doesn't mean you can't use the attack data to create that model. [00:19:47] Speaker 01: And the problem is, you know, a pretty good argument with respect to the 084 and 306, that the model is based solely on normal data. [00:19:57] Speaker 01: But the argument falls apart, doesn't it, with respect to the later two patents, the 115 and the 322, particularly in the light of dependent claims. [00:20:08] Speaker 01: I mean, I don't think you got any answer to the dependent claim. [00:20:11] Speaker 02: No, I do have an answer for the dependent claim, Your Honor. [00:20:13] Speaker 02: And thank you for reminding me to answer that question directly. [00:20:16] Speaker 02: So dependent claim eight, I believe, is the example of what we're talking about in the 115 path. [00:20:23] Speaker 02: And that claim, just so I have it in the language wrong, says the method of claim one wherein the model reflects a tax against at least a part of the program. [00:20:34] Speaker 02: So what Columbia has argued is then necessarily claim one, which has to be broader than a dependent claim, I agree with that, must be able, at least, [00:20:46] Speaker 02: to include a tax data because the dependent claim says it has to include. [00:20:51] Speaker 02: That's incorrect. [00:20:51] Speaker 02: That's an incorrect reading of what claim eight. [00:20:55] Speaker 02: And we've offered in the briefs, we made this argument, that when claim eight says it reflects a tax, that means that it will show a tax. [00:21:02] Speaker 02: It will detect a tax. [00:21:04] Speaker 02: And that isn't just Symantec saying that. [00:21:08] Speaker 02: It actually shows up in the prosecution history as well. [00:21:11] Speaker 02: This is at A652627. [00:21:15] Speaker 02: In response to a rejection under the VU reference, VU, which is one of the cited references in the 115 patent, the examiner rejected under VU, and it was an obvious NIST 103 combination. [00:21:29] Speaker 02: And specifically with respect to dependent claimate, the examiner says, VU does not explicitly disclose the model reflects attacks via at least a part of the program. [00:21:44] Speaker 02: It would have been obvious to one of ordinary school in the art at the time of the invention to have modified VU as taught by Chan because the models allow well-known attacks to be detected. [00:21:55] Speaker 02: So the examiner read dependent claim 8 exactly as Symantec has argued in this case that what dependent claim 8 adds is the notion that it will detect attacks. [00:22:09] Speaker 02: So I think counsel said that there could be anomalous behavior such as [00:22:13] Speaker 02: a modification of operating system files that may be normal, but wouldn't show up in the initial model of normal computer system usage. [00:22:21] Speaker 02: So what claim eight says is, yes, in fact, it detects attacks. [00:22:26] Speaker 02: So that doesn't create a claim differentiation problem at all, Your Honor. [00:22:30] Speaker 02: And I think that's why this court's precedent says that claim differentiation is a guideline and not a hard and fast rule, because oftentimes there are facts such as these [00:22:42] Speaker 02: where claimant accreditation doesn't give you guidance because there is a very natural reading of claim eight that was also the same reading the examiner came up during the prosecution or understood during the prosecution history of the patent that maintains the description of this probabilistic anomaly detection system and how these models are trained, that they're created. [00:23:09] Speaker 02: And Columbia agrees with this. [00:23:10] Speaker 02: that the normal meaning of anomalous is a deviation from normal. [00:23:15] Speaker 02: That's at page 25, I believe, of their reply brief. [00:23:20] Speaker 02: So there's no dispute that that's the common meaning of anomalous. [00:23:26] Speaker 02: And then the question becomes, what is normal? [00:23:30] Speaker 02: And in the specification of these patents and in the prosecution history, in the provisionals that are incorporated by reference, [00:23:39] Speaker 02: the discussion of what normal computer system usage is, is directly consistent with the discussion in the 084 family of patents, because it's the same probabilistic anomaly detection system that you're using, only as the provisional says, applied in a different context, meaning to a different aspect of computer system usage, rather than registry use attacks, which is what the 084 family of patents, this is program execution. [00:24:07] Speaker 01: So where does the specification with respect to these latter two patents say that you are excluding the TAC data from the creation of the model? [00:24:17] Speaker 02: The specification of the 115 of the issued patent uses the term normal, and it's created from normal. [00:24:27] Speaker 02: And it also talks about in column, I believe it's in column [00:24:34] Speaker 02: In this patent, your honor, just to be clear, it's really only in columns four, five, and a little over six where they're talking about the creation of the model. [00:24:45] Speaker 02: A lot of the rest of the patent deals with patches and fixes to code and recovering from errors. [00:24:55] Speaker 02: But in that section of the patent in column four, it talks about [00:25:03] Speaker 02: Probabilistic anomaly detection algorithm can be used to train the model for detecting anomalies. [00:25:08] Speaker 02: This model may be, in essence, a density estimation, where the estimation of density function p of x over normal data allows the definition of anomalies as data elements that occur with low probability, meaning you define anomalies as those things that are not normal, which is exactly what Columbia agrees is the normal definition of anomalies. [00:25:32] Speaker 02: Going back to the way these systems are described to work, Your Honor, and the explicit discussion in some of the provisional applications, if you include attack data, now that attack data, by definition, becomes the norm. [00:25:47] Speaker 02: Such that when it appears again, in the teaching of these patents, and you're running these systems to try to detect attacks, [00:25:57] Speaker 02: what you end up with as a situation where that will be perceived by the probabilistic anomaly detection system as normal, because with including the training model. [00:26:05] Speaker 01: I don't understand that. [00:26:06] Speaker 01: Does that make any sense to me? [00:26:08] Speaker 01: We use the attack data to scrub out things that might otherwise seem to be normal, but that could be attacks. [00:26:15] Speaker 01: It's not that your model suddenly isn't determining what's normal. [00:26:22] Speaker 02: The patent does talk about that. [00:26:25] Speaker 02: The patent talks about adjusting the threshold, for example. [00:26:30] Speaker 02: In other words, so you have your model, your honor, and you would, according to this statement, you would look at a particular event. [00:26:38] Speaker 02: This is while the computer's running and trying to protect against attacks. [00:26:42] Speaker 02: You would look at a particular event, you would say, oh, this is a low probability event based upon my model. [00:26:47] Speaker 02: Now, it may be a situation where that's [00:26:53] Speaker 02: you're installing a new file for the operating system, which didn't occur during your training phase, the creation of the model. [00:27:00] Speaker 02: And so what the patent says is that you can go ahead, because you know that's not an attack, you can ignore those things. [00:27:07] Speaker 02: So I agree that the patent talks about the fact that you may be able to use knowledge of attacks in order to adjust the threshold, in order to do things like repair other sections of the code that have the similar [00:27:22] Speaker 02: vulnerabilities that you've detected attacks on before, but none of those sections talk about using attacks to change the model. [00:27:31] Speaker 02: And the provisional applications in particular, or the papers that are incorporated, the provisional applications explain that doing so creates a problem because if that attack data, your honor, is part of the model, then it's perceived as normal. [00:27:47] Speaker 02: Because you're creating a situation with the model, [00:27:51] Speaker 01: The way this works is... I don't understand why that's true. [00:27:55] Speaker 01: I mean, you create a model, let's say, using normal data, and then you use attack data to say, well, one feature of this normal data is not really normal data. [00:28:08] Speaker 01: It's a feature of attack data, so we're going to take that out of our model. [00:28:13] Speaker 02: But there's no teaching in the patent of that, you're honest. [00:28:16] Speaker 01: That's what I'm saying. [00:28:25] Speaker 02: But in your example, Your Honor, the ATT&CK data would not be used to create the model. [00:28:36] Speaker 02: So in other words, it wouldn't be part of the data set that's used to create the model in that example. [00:28:41] Speaker 02: And that's what we're talking about here. [00:28:44] Speaker 02: And again, according to the teaching of the patent, the situation that you've just described would be part of the adjustment of the threshold in determining when things are flagged as anomalies, whether I'm going to sound an alarm and have that be flagged as an attack. [00:29:02] Speaker 02: But that isn't, according to the teaching of the patent, a modification of the model itself, which still consists of normal data. [00:29:15] Speaker 02: So I'd like to address one thing that Council said with respect to the 08-4 patent, if I may. [00:29:24] Speaker 02: Columbia's basic. [00:29:26] Speaker 02: So I don't think that they disagree that there, in that patent, the model of normal computer system usage needs to be created from a chat-free data. [00:29:35] Speaker 02: What they're saying, as well as a comprising claim, that, so therefore, you can use other things. [00:29:41] Speaker 02: So I think they cited Sun Tiger. [00:29:44] Speaker 02: The problem with that is, [00:29:45] Speaker 02: You can't, by virtue of the fact that it's a comprising claim, reach into each and every element and change the element. [00:29:52] Speaker 02: The problem is the 084 patent specification defines very clearly that the model of normal computer system usage is created from attack-free data. [00:30:03] Speaker 02: And so what the district court merely recognized is you can't then use attack data to create the model and still meet that element. [00:30:12] Speaker 02: That's where the only came from. [00:30:14] Speaker 02: the motion to clarify. [00:30:18] Speaker 02: I think Council has, or Columbia seems to be confusing the issue slightly in that the issue there was not, can I use attack data for something else? [00:30:29] Speaker 02: For example, I just gave you one where you would be adjusting the threshold, Your Honor. [00:30:34] Speaker 02: That's a completely separate question. [00:30:37] Speaker 02: What was stipulated to, the summary judgment that was stipulated to in the claim construction before the district court is whether [00:30:43] Speaker 02: in creating the model of normal computer system usage, you can use attack data. [00:30:49] Speaker 02: And the district court said no, because that would obliterate that element. [00:30:53] Speaker 02: And that's what the real issue is. [00:30:54] Speaker 02: So the SunTiger case doesn't apply in the sense that there the issue was, well, you applied this gray coating and that changed the transmissivity characteristics of the lens, except for this one little piece on the lower right corner. [00:31:08] Speaker 02: And we're going to reman [00:31:09] Speaker 02: for the determination as to whether that's enough for infringement. [00:31:13] Speaker 02: That's not what we're talking about here. [00:31:15] Speaker 02: What we're really, this is more like the Dippin' Dots case, where the question, there was an element that required formation of beads. [00:31:23] Speaker 02: And the accused product, it happened to make some beads, but it also made other non-spherical shapes. [00:31:30] Speaker 02: And the agreement was beads are, that's a spherical shape. [00:31:34] Speaker 02: And there this court said, yeah, you can't use a comprising thing to reach in the element and obliterate the element that says creating beads from this. [00:31:42] Speaker 02: So that's exactly what we have with the 084 patent, your honor, which is a situation where Columbia is trying to use the comprising argument to reach in and obliterate the requirement of creating the model of normal computer system usage. [00:31:57] Speaker 04: Thank you. [00:31:58] Speaker 02: Thank you. [00:32:07] Speaker 00: Your Honor, the specification of the 5-4-4 patent fundamentally negates the proposition that byte sequence feature is limited to machine code. [00:32:17] Speaker 00: You can find that in column three, at line 37-40. [00:32:20] Speaker 03: Could you respond to his argument on the 1-15 patent? [00:32:23] Speaker 03: I'm sorry? [00:32:23] Speaker 03: Can you respond to his argument on the 1-15 patent? [00:32:25] Speaker 00: Your Honor, I barely followed it. [00:32:27] Speaker 01: Let me help you. [00:32:29] Speaker 01: Let me tell you what I understand what he's saying. [00:32:31] Speaker 01: He's saying that the model is composed of attack-free data. [00:32:37] Speaker 01: but that in shaping the model, you can use attack data. [00:32:42] Speaker 00: I think you would then have to read claims with almost the same language in different ways. [00:32:47] Speaker 00: Because remember that the dependent claims come in pairs, one referring to the model reflecting normal data, the other referring to the model reflecting attack data. [00:33:00] Speaker 00: I assume they mean the same thing in each dependent claim. [00:33:04] Speaker 00: They use the exact same word. [00:33:05] Speaker 01: Or would you find an interpretation that says that the model has to incorporate only normal data but that in shaping the model you can use attack data? [00:33:16] Speaker 00: Where will you find that in the claims? [00:33:18] Speaker 00: That kind of limitation is found nowhere in the claims. [00:33:22] Speaker 00: The claims have dependent claims which refer to normal [00:33:27] Speaker 00: Data being reflected and attack data being reflected the exact same language. [00:33:32] Speaker 00: They both can be reflected Your honors I do very much want to return to give me just a moment to speak to the 544 because the specification really does conclusively negate a conclusion that by sequence feature means machine code instructions it is [00:33:49] Speaker 00: In fact, in the paragraph discussing the preferred embodiments in the patent, it's in column 3, at lines 37 to 40, according to another embodiment, extracting the byte sequence features from the executable attachment may comprise creating a byte string representative of resources referenced by said executable attachment. [00:34:11] Speaker 00: There is no dispute between the parties. [00:34:15] Speaker 00: that a byte string representative of resources referenced by set executable attachment includes a lot of stuff that's not machine code. [00:34:23] Speaker 00: That preferred embodiment is excluded from the patent by the definition. [00:34:29] Speaker 00: This is from the final specification. [00:34:31] Speaker 00: Moreover, in the discussion about byte sequence feature in the final specification, [00:34:38] Speaker 00: It says, and I'll read you the language that's in those finals. [00:34:41] Speaker 04: Why don't you give us the site? [00:34:42] Speaker 04: Because your time is well over, so we don't need you to read what's already there. [00:34:47] Speaker 00: If you look at column 13, 24 to 26, you'll see where it says byte sequence is useful because it represents a machine code and executable. [00:34:54] Speaker 00: And the next sentence says, in addition, this approach involves analyzing the entire binary rather than portions such as header, an approach that consequently gives [00:35:07] Speaker 00: a great more deal of information. [00:35:09] Speaker 00: That's the second sentence that's in the provisional, which talks about looking at the entire binary. [00:35:16] Speaker 00: Hextump looks at the entire binary, not just machine code. [00:35:19] Speaker 04: Thank you.