[00:00:09] Speaker 01: Good morning. [00:00:11] Speaker 01: I'd like to address several errors that we believe are of claim construction from the decision of the board. [00:00:18] Speaker 01: The first one I'd like to address deals with the construction of the term application community. [00:00:25] Speaker 01: Now that was actually construed by the board as members of a community running the same program or a selected portion of the program. [00:00:36] Speaker 01: We thought it was pretty clear [00:00:38] Speaker 01: That program refers to the program in the body of the claim, which is used throughout the body of the claim, because that's what is being modeled and monitored. [00:00:49] Speaker 01: The PTAB, though, very narrowly construed the claim when applying it, and actually took the word program to mean a worm. [00:01:01] Speaker 03: Well, we run into this problem, this issue, a lot in claim construction cases, and sometimes called the O2 micro issue. [00:01:09] Speaker 03: So you got the construction you wanted, or I don't know that there was no dispute about the construction. [00:01:15] Speaker 01: I think that's right. [00:01:16] Speaker 03: So now you're here, and we've got to figure out whether this is even a claim construction question, because it's in a little different box, right? [00:01:27] Speaker 01: Right. [00:01:27] Speaker 01: And I think it is, and I think you can tell that it is in the following way. [00:01:31] Speaker 01: which is there's no dispute about the scope or the content of the prior art. [00:01:35] Speaker 01: I'm not arguing about that issue at all. [00:01:38] Speaker 01: It's literally a question of what's the program? [00:01:42] Speaker 01: What does that mean in the claim construction? [00:01:44] Speaker 01: Is it satisfied by? [00:01:45] Speaker 03: And how does your view of program, how does it walk me through the steps about why that then dislodges the obviousness conclusion or is it the anticipation? [00:01:54] Speaker 01: It dislodges an anticipation or an obviousness conclusion. [00:01:58] Speaker 03: And are all the claims implicated [00:02:00] Speaker 01: The claims that are implicated by this case, by this issue, are all in the 115 patent, and there are claims 1, 3 through 8, 11, 13 to 18, and 21, which were found obvious over a combination of Kazan and Arnold, except for claims 3 and 13, which added Agrawal. [00:02:21] Speaker 01: But this would be, I believe, dispositive [00:02:24] Speaker 01: of the issue if the term program is understood to mean, as in the body of the claim, the program that is being monitored. [00:02:34] Speaker 01: Claim one, I think, is representative. [00:02:36] Speaker 01: It's a method of detecting anomalous program executions, comprises a number of steps, executing at least a part of the program, comparing a function call made in an emulator to a model of function calls for a part of the program, [00:02:51] Speaker 01: And then upon identifying an anomalous function call, you notify an application community of the anomalous function call. [00:02:59] Speaker 01: And it's in that context that you have the definition of an application community, members of the community running the same program. [00:03:09] Speaker 01: or a selected portion of the program. [00:03:11] Speaker 00: It seems to me that that part of the spec that defines and that you point to as defining application community, it defines more community as opposed to application. [00:03:24] Speaker 01: I think it does both. [00:03:25] Speaker 01: I believe the passage that you're referring to is at column seven, excuse me, column six, excuse me, at lines 31 to 47. [00:03:34] Speaker 01: And to look at the language, I think it pretty clearly [00:03:38] Speaker 01: demonstrates that the application that's in the application community is essentially the program that's being referred to in the body of the claims. [00:03:48] Speaker 01: So let's look at that language. [00:03:50] Speaker 01: It says in Column 6 of that passage, models are shared among many members of a community running the same application, referred to as an application community. [00:04:01] Speaker 01: For example, instead of running a particular application for days, [00:04:08] Speaker 01: at a single site, according to various embodiments, thousands of replicated applications can be run for short periods of time, and the models created based on the distributed data can be shared. [00:04:21] Speaker 01: That is exactly talking about the use of a distributed application community that engages in this process of creating models and of using models to look for anomalous function calls. [00:04:35] Speaker 01: And that goes on to say [00:04:37] Speaker 01: While only a portion of each application instance may be monitored, for example, the entire software body can be monitored across the entire community. [00:04:46] Speaker 01: This is talking about the concept of monitoring and modeling and using an application community to solve a problem in the prior art, which was there's a lot of computing power that's required to create these models. [00:05:02] Speaker 01: But what if we, in fact, use an application community [00:05:04] Speaker 01: to monitor the program or parts of a program, it completely makes the claim almost incomprehensible if the word program in the claim can be a worm, because then you would have a claim that would read on detecting anomalous executions of a worm. [00:05:24] Speaker 01: And then the claims would be directed at monitoring when a group of computers, all of which were already infected with a worm, [00:05:34] Speaker 01: act in a way that differs from how an already infected computer acts. [00:05:39] Speaker 01: That's just strange and bizarre. [00:05:41] Speaker 03: There are a number of issues in this case. [00:05:43] Speaker 03: What's number two? [00:05:45] Speaker 03: Because there's one I want to get to. [00:05:46] Speaker 03: I don't know if it's the same one you want to get to. [00:05:49] Speaker 01: Well, I'm happy to get to the one that you'd like to get to. [00:05:53] Speaker 03: Maybe it's not top to your list, because I think it only affects two claims. [00:05:57] Speaker 03: But it's the model that reflects attack, that question. [00:06:01] Speaker 03: Are you referring to Kazan? [00:06:03] Speaker 01: Yes. [00:06:05] Speaker 01: You're referring to the anticipation argument as the claims 29 and 39. [00:06:09] Speaker 01: Right. [00:06:10] Speaker 01: Let me briefly attack that. [00:06:13] Speaker 01: So this deals with whether Kazan anticipates. [00:06:16] Speaker 01: And what is very unusual about the analysis here is that there's no argument about what the Kazan invention is. [00:06:25] Speaker 01: Kazan basically looks at [00:06:27] Speaker 01: a model created using a static picture of the program code. [00:06:32] Speaker 01: Okay? [00:06:33] Speaker 01: And it is doing what's called anomaly detection. [00:06:36] Speaker 01: It's trying to determine what's different from the normal execution of the program. [00:06:41] Speaker 01: What's different from the Columbia patent is that it's not using actual execution or usage. [00:06:47] Speaker 01: It's talking about a static model. [00:06:50] Speaker 01: But it's anomaly detection. [00:06:52] Speaker 01: What was unusual, and I think incorrect, about the [00:06:58] Speaker 01: board's decision is that it took a passage from the background section on a prior art method called misuse detection. [00:07:10] Speaker 01: Misuse detection is much different. [00:07:12] Speaker 01: That's just a matter of you have essentially a collection in a database of applications [00:07:18] Speaker 01: Excuse me, of worms. [00:07:20] Speaker 03: So just to cut to the chase. [00:07:21] Speaker 03: Yes. [00:07:22] Speaker 03: Is it your argument that they shouldn't have looked at paragraph 9 at all, either because it's misused detection or because it deals with the prior item, wasn't the invention? [00:07:32] Speaker 00: That's correct. [00:07:32] Speaker 03: Or is it your argument tied to sort of your claim construction point about it should have done known and therefore we should not go paragraph 9 on that basis? [00:07:44] Speaker 01: No, it's independent of that. [00:07:46] Speaker 01: In other words, separate and apart from any claim construction issue, [00:07:49] Speaker 01: They're actually looking at something which is completely irrelevant and different than the invention, which is disclosed and claimed. [00:07:57] Speaker 03: So what was the basis of the board's being sane? [00:08:00] Speaker 03: I mean, what was their rationale for? [00:08:02] Speaker 03: I think I agree with you, and we'll see if your friend disagrees, but that they did combine what was in the paragraph 9 and then what was in the invention. [00:08:13] Speaker 01: It's absolutely the case. [00:08:14] Speaker 01: Paragraph 9 is part of the background, and it's described [00:08:18] Speaker 01: It's talking about the existing systems. [00:08:21] Speaker 01: And it has a disclosure that under the prior art, misuse detection systems may miss, for example, slight variations of known MC malicious code that knew previously and knew previously unseen instances of MC. [00:08:39] Speaker 03: Which means so there could be stuff. [00:08:41] Speaker 03: It could be unknown. [00:08:42] Speaker 03: That's where the board got its unknowing. [00:08:44] Speaker 01: That's correct. [00:08:46] Speaker 01: Well, here, the board took this as, I'll read exactly what it says. [00:08:52] Speaker 03: Are you on page 22? [00:08:54] Speaker 01: I am on page 22. [00:08:56] Speaker 01: Kazan explicitly states to one of ordinary skill in the art that malicious code may be included in the model. [00:09:05] Speaker 01: And that's not Kazan's model. [00:09:08] Speaker 01: That is a prior art misuse detection model, which- [00:09:13] Speaker 03: Let's assume, I know we're going to say that that's different because it dealt with malicious and non-anomaly, but let's say it didn't. [00:09:21] Speaker 03: I mean, can you do anticipation based on the prior art included in, I don't know, maybe it's obviousness, but could you do an obviousness thing by combination of the prior art disclosed in the patent and then what's in the patent and then you combine the two? [00:09:39] Speaker 01: Conceivably, if there is a linkage, [00:09:42] Speaker 01: But there's no linkage here. [00:09:43] Speaker 01: In other words, one is a prior art misuse detection system which is different than the invention in the patent. [00:09:51] Speaker 01: They don't operate in anything like the same way. [00:09:54] Speaker 03: And there is no... Was that what the board was saying, though, that we're going to take these two pieces as if they were part of the, you know, and then under that analysis, there's anticipation? [00:10:06] Speaker 01: I don't think the board's analysis really went that deep. [00:10:09] Speaker 01: It just took the two passages. [00:10:11] Speaker 01: It found that in paragraph 9, you had this explicit disclosure that malicious code may be included in the model. [00:10:18] Speaker 01: But it's not Cazan's model. [00:10:20] Speaker 01: It's a prior art model. [00:10:22] Speaker 01: And there's no suggestion or linkage between that prior art misuse detection system and the Kazan anomaly detection. [00:10:32] Speaker 01: There's no passage in the Kazan reference disclosing the use of a program code unknowingly infected with malicious code to build Kazan's static model that is used to determine normal activity. [00:10:51] Speaker 01: It's just not there. [00:10:53] Speaker 01: And so that's why you have this bizarre combination of some language, short language from inscription of the prior art misuse system with the Kazan model. [00:11:05] Speaker 01: It is a, because there's no linkage, I think there is error as a matter of law. [00:11:11] Speaker 01: But even if you apply the substantial evidence test, I don't think this would stand up. [00:11:16] Speaker 01: Because there's literally no connection. [00:11:18] Speaker 01: It is Apple's and [00:11:21] Speaker 01: hardwood floor. [00:11:23] Speaker 01: It's not even apples and oranges. [00:11:26] Speaker 03: I will save the rest for rebuttal. [00:11:32] Speaker 02: Thank you. [00:11:38] Speaker 02: Good morning. [00:11:39] Speaker 02: Good morning, Your Honors. [00:11:40] Speaker 02: Michael Saxtetter, Fenwick and West, on behalf of Symantec. [00:11:43] Speaker 02: I'll take the issues that Mr. Gendler discussed just now, and I'll start with the most recent one. [00:11:49] Speaker 02: the model reflecting attacks and there are actually two issues there. [00:11:54] Speaker 02: First is the what is purported to be a claim construction issue that relates to more of the claims and it's pretty clear that it wasn't a claim construction issue that it was not raised after the institution decision and we think that there is just no reason for that to be an issue on appeal. [00:12:12] Speaker 02: The second issue is what happens in Kazan and how the board handle [00:12:19] Speaker 02: the disclosures of Kazan and how the board handled other evidence that was submitted to it as well. [00:12:27] Speaker 02: Kazan, as has been mentioned, discusses in its background section the models sometimes get attack data into them. [00:12:36] Speaker 02: They are not perfect. [00:12:37] Speaker 03: But there are two, I mean, you know, you know the technology, but there are two separate detection, separate distinct detection systems, right? [00:12:43] Speaker 03: One is misused and one is denominated. [00:12:45] Speaker 03: Is that right? [00:12:46] Speaker 02: That's correct. [00:12:47] Speaker 03: And Kazan, nobody's disputing. [00:12:50] Speaker 03: That's the anomaly one. [00:12:52] Speaker 03: And that's what the patented issue is about, right? [00:12:57] Speaker 02: Kazan does anomaly detection, correct. [00:12:59] Speaker 03: So the board then went into this prior reference in the paragraph, which clearly deals with misuse detection, which isn't part and parcel of the Kazan invention. [00:13:09] Speaker 03: I mean, I think that's what your friend said. [00:13:11] Speaker 03: Is that right? [00:13:12] Speaker 03: Do you dispute any of the kind of fact statements that your friend made? [00:13:16] Speaker 02: I don't dispute what you have just said, Your Honor. [00:13:19] Speaker 02: What I think is important, though, is that Kazan is a unified reference. [00:13:23] Speaker 02: And it discloses what it discloses for purposes of anticipation. [00:13:28] Speaker 02: And it discloses that there are circumstances where attack data inadvertently gets into the model. [00:13:40] Speaker 02: And that happens. [00:13:41] Speaker 02: And then Symantec's expert, Dr. Goodrich, said the same thing. [00:13:48] Speaker 02: And he said, this just happens. [00:13:50] Speaker 02: And so you are going to have situations where attack data is inadvertently included in the model. [00:13:57] Speaker 02: And there's not much way to avoid it. [00:13:59] Speaker 00: But we don't know that for a fact, correct? [00:14:01] Speaker 00: I mean, it could be included. [00:14:04] Speaker 02: I'm sorry? [00:14:04] Speaker 00: I said, we don't know that for a fact. [00:14:06] Speaker 00: The attack data could be included, but we don't know whether it is or not. [00:14:10] Speaker 02: It can be, and it often is. [00:14:14] Speaker 00: Is that enough for a tissue? [00:14:15] Speaker 02: That's what our experts said, is that it could be included in modeling that happens. [00:14:21] Speaker 03: But it discloses there's this problem in the prior art, but their fix, what's in the Casano invention, doesn't have anything to do with that. [00:14:30] Speaker 02: There isn't any mention of it in the section that discusses the anomaly detection technique. [00:14:37] Speaker 03: It's a sort of theoretical matter. [00:14:40] Speaker 03: What framework has the board used? [00:14:42] Speaker 03: They've said, OK, Kazan does one thing. [00:14:45] Speaker 03: What it's invented is not anticipatory by itself of the claims in issue. [00:14:56] Speaker 03: So we're going to add to that an unrelated piece. [00:15:01] Speaker 03: I mean, even if there was obviousness, you'd have to have a motivation to combine the two. [00:15:06] Speaker 03: This is anticipation, right? [00:15:08] Speaker 02: Exactly. [00:15:09] Speaker 02: This is anticipation, which is disclosure in one reference. [00:15:13] Speaker 02: And the inclusion of, inadvertent inclusion of attack data in a model is disclosed in the single reference. [00:15:21] Speaker 03: And then Dr. Goodrich... But not what to do with it then. [00:15:24] Speaker 03: I mean, it's disclosed in the model, but then don't the claims that issue do a lot more than that? [00:15:32] Speaker 02: The claims that issue don't talk about how the attack data got into the model. [00:15:37] Speaker 02: They say it's [00:15:39] Speaker 02: claims that say wherein the model includes attack data. [00:15:43] Speaker 02: That's it. [00:15:45] Speaker 02: And there may be other discussion in the specification, but that hasn't been read into the claims in claim construction before the board or any other place. [00:15:55] Speaker 02: And so the claims just say that the issue is that what needs to be disclosed in a prior art reference is that attack [00:16:06] Speaker 02: is included in the model, and that's what is disclosed. [00:16:14] Speaker 00: My question was whether it's actually disclosed in the priority or not. [00:16:19] Speaker 00: It seems to me, and you were using the word also, that the malicious code could be included, but we don't know that. [00:16:30] Speaker 00: I was referring to... Is that sufficient participation? [00:16:33] Speaker 02: I was referring to the evidence from Dr. Goodrich. [00:16:36] Speaker 02: when I said that I believe his words were that it could be included and it is something that that the board determined would be expected to be included based on the disclosure of Kazan and based on Dr. Goodrich's testimony and that that was the board's finding that we contend is supported by substantial evidence. [00:16:58] Speaker 00: I was looking at the board's language where they cited the language of Kazan [00:17:02] Speaker 00: that discloses the idea that the ATT&CK models may contain errors as a result of unforeseen ATT&CK information. [00:17:09] Speaker 00: And I'm just wondering whether that's just too much of an illusion. [00:17:15] Speaker 00: The certainty that the model can contain the same ATT&CK models can also flip to normal models. [00:17:26] Speaker 02: Well, most of the challenge patents don't address whether there is ATT&CK data included in the model. [00:17:32] Speaker 02: It is a, you know, there's a reference that says sometimes this happens in the patent, and that's what the board relied on. [00:17:41] Speaker 02: The board may have chosen its words poorly when it said may, but I think when it happens sometimes that that is disclosed by the reference. [00:17:54] Speaker 03: Move on into application. [00:17:56] Speaker 02: Sure. [00:17:57] Speaker 02: So this is another issue, and Your Honor, [00:18:02] Speaker 02: recognized it that they got the construction they wanted. [00:18:07] Speaker 02: This was an agreed construction, and now what we're doing, and we actually do it on a couple of terms here, is construing the construction and trying to determine what the term in the construction that was agreed, the same program, means. [00:18:23] Speaker 02: Now, Columbia appears to be asserting that that was narrowly construed to mean only a worm. [00:18:31] Speaker 02: That is not what the board did when the board applied the agreed construction to the disclosure. [00:18:39] Speaker 03: So what is the patent owner supposed to do in these circumstances? [00:18:43] Speaker 03: OK. [00:18:44] Speaker 03: They thought everybody was on the same page in terms of what program that is. [00:18:48] Speaker 03: And then the board goes ahead and applies it. [00:18:50] Speaker 03: And clearly, their thinking is different. [00:18:52] Speaker 03: I mean, this happens a lot in district court proceedings. [00:18:55] Speaker 03: Sometimes the district court goes back and says, OK, I need to construe this. [00:18:59] Speaker 03: The board didn't do that here, right? [00:19:01] Speaker 02: The board did not do that, but there was no attempt to do that after the institution decision in this case. [00:19:08] Speaker 02: Is that? [00:19:10] Speaker 02: Yeah, I don't think there was ever any attempt to say, wait a minute, they're making this other argument. [00:19:16] Speaker 02: And they're applying as factual question the construction in a way that we didn't anticipate it. [00:19:25] Speaker 02: I don't think that was raised before the board. [00:19:28] Speaker 02: You know, you can do that, as Your Honor said, in the district court. [00:19:32] Speaker 02: If you have a situation where that's happened, you go back and say, wait a minute, I think we're not on the same page. [00:19:37] Speaker 02: That didn't happen. [00:19:39] Speaker 02: We had a situation where the claim term was construed by agreement. [00:19:47] Speaker 02: The board read that claim term on the arguments that had been made, and the [00:19:53] Speaker 02: attempt to construe the construction now is to say that the same program has to be only the sort of untouched program that was the one that was being monitored. [00:20:05] Speaker 02: That's taking the same program, the construction was members of a community running the same program or a selected portion of the program. [00:20:19] Speaker 02: So what Columbia is trying to do is [00:20:21] Speaker 02: reconstrue the same program from the construction to mean only the application that is being monitored. [00:20:28] Speaker 02: But what what the reference does is that it says that that you notify the application community basically. [00:20:37] Speaker 02: You notify other computers that are running whatever thing happened on your computer. [00:20:45] Speaker 02: So if it's for instance the [00:20:47] Speaker 02: the kill signal that gets sent out includes, for instance, the name of the virus and the signature of the virus that has attacked the program that was running. [00:20:59] Speaker 02: Or if there's a worm, then the worm gets sent. [00:21:03] Speaker 02: That's what a worm does. [00:21:04] Speaker 02: It gets replicated and sent to other computers. [00:21:07] Speaker 02: And then it is a program that is running on all those computers. [00:21:11] Speaker 02: And there's no dispute that a worm is a program. [00:21:14] Speaker 02: So what happens is, [00:21:16] Speaker 02: You're trying to, you're doing exactly the same thing. [00:21:19] Speaker 02: And you are causing the same benefit by going out and notifying other computers to say, hey, something happened to me that was a problem. [00:21:31] Speaker 02: I need to tell you about it too. [00:21:33] Speaker 02: And that's what happens. [00:21:35] Speaker 02: And that is, that satisfies the construction of application community in this case. [00:21:44] Speaker 00: Your view is that the application community has to be running on the same application. [00:21:55] Speaker 00: Is that correct? [00:21:58] Speaker 02: That is, well, that's the construction. [00:22:00] Speaker 02: Members of a community running the same program or a selected portion of the program. [00:22:05] Speaker 00: Well, I'm reading out of the appellants' brief, and they're [00:22:10] Speaker 00: they're citing to the patent and the definition of application community. [00:22:15] Speaker 00: They say that despite this clear definition, the PTAD held that an application community exists as long as the members are infected with the same worm, regardless of whether they're running on the same application. [00:22:27] Speaker 00: And you dispute that part, regardless of whether they're running on the same application. [00:22:32] Speaker 02: I think our point was that the worm itself is an application. [00:22:36] Speaker 02: The worm is a program. [00:22:38] Speaker 02: But there are also, in the Arnold reference, they don't just talk about worms. [00:22:44] Speaker 02: They talk about programs that you're running that are then infected with a virus. [00:22:49] Speaker 02: And when you send a kill signal for those, what you do is you send out something that identifies the virus and a signature of the virus. [00:22:57] Speaker 02: So then you really are talking about the same application, potentially, that it is [00:23:04] Speaker 02: a program that's running on your computer that is also having an issue on the other computers, or potentially is. [00:23:11] Speaker 02: And so you say, hey, stop your programs, because you're going to get infected. [00:23:15] Speaker 02: So two basic ways that the program that is referenced in the claim construction can be running on the other computers. [00:23:28] Speaker 02: And that was a question of fact that the board [00:23:34] Speaker 02: resolved and is subject to substantial evidence. [00:23:39] Speaker 02: I have about one minute for our cross appeal. [00:23:43] Speaker 02: Actually, I have zero minutes for our cross appeal. [00:23:45] Speaker 03: Well, you can spend a minute and a half and then save a minute for rebuttal. [00:23:51] Speaker 03: Or we can rest on the briefs. [00:23:54] Speaker 02: Actually, I think the briefs are clear. [00:24:11] Speaker 01: If I come back first to the issue of claims 29 and 39 of the 115 patent, I think what you heard counsel argue is reliance upon their expert and not relying upon the disclosure in paragraph 9. [00:24:29] Speaker 01: And their expert does say, and I'll just quote the language, it is sometimes difficult to find clean, attack-free training sets for training an intrusion detection model. [00:24:41] Speaker 01: Now, that's not talking about paragraph nine. [00:24:43] Speaker 01: This is an expert talking about how he would, as a person of skill in the art, think about training sets. [00:24:51] Speaker 01: But the key word here, of course, is sometimes, because it would have to be all the time in order to say that the Kazan reference necessarily discloses it. [00:25:04] Speaker 01: It would have to be an inherency argument. [00:25:07] Speaker 01: And I think it's pretty difficult to get to inherency land [00:25:11] Speaker 01: from this statement by Symantec's expert. [00:25:14] Speaker 03: Does it have to, does the disclosure have to cover all of the time, really? [00:25:19] Speaker 03: I mean, it covers 80 percent of the time it does this and 20 percent of the time it does that, even if the anticipatory reference is to that 20 percent. [00:25:30] Speaker 01: Right. [00:25:30] Speaker 01: But my, that's really a different question because what he's talking about is not the disclosure. [00:25:37] Speaker 01: See, he's not referring to paragraph 9, which talks about the prior art misuse detection systems, because that has nothing to do with training sets. [00:25:46] Speaker 01: Training sets are only used for anomaly detection. [00:25:49] Speaker 01: Here he's just making a statement. [00:25:51] Speaker 01: about how one of skill in the art would think about an anomaly detection system that uses training sets. [00:25:58] Speaker 03: What the board says is Kazan explicitly states to one ordinary skill in the art that malicious code may be included in the model. [00:26:06] Speaker 03: I presume that's a reference to paragraph 9. [00:26:08] Speaker 01: Exactly. [00:26:09] Speaker 03: Isn't that not a correct statement? [00:26:12] Speaker 01: So it's a correct statement of what takes place in a prior art misuse system which has absolutely nothing to do [00:26:21] Speaker 01: of any kind whatsoever with the Kazan. [00:26:24] Speaker 01: model of anomaly detection. [00:26:27] Speaker 01: Kazan's model of anomaly detection is building a model of normal computer activity by looking at computer code. [00:26:34] Speaker 03: What do we require in anticipation? [00:26:37] Speaker 03: This is simplistic, but a claim includes two different things. [00:26:43] Speaker 03: And you've got a piece of prior art, and invention is one of those things. [00:26:48] Speaker 03: And the other thing is included in other prior art that's cited in the second patent. [00:26:54] Speaker 03: Why isn't that sufficient for anticipation? [00:26:56] Speaker 01: Because for anticipation, the prior art has to arrange the disclosure. [00:27:02] Speaker 01: The disclosures have to be arranged as in the claim. [00:27:05] Speaker 01: It's not just enough that the words appear here and there. [00:27:10] Speaker 01: That's the key issue. [00:27:11] Speaker 01: You have to have the disclosures arranged as in the claim. [00:27:15] Speaker 01: This isn't even close to being arranged as in the claim because Kazan's model [00:27:21] Speaker 01: as a model of normal computer usage. [00:27:23] Speaker 01: It's not doing what the prior art misuse detection systems did, which was just look up if there is an example of malicious code and see if it matches. [00:27:35] Speaker 03: But what if the claim just took prior art and what's in Kazan and combined them into one system? [00:27:42] Speaker 01: If they were arranged as in the claim, that would work. [00:27:45] Speaker 01: The problem isn't so much limited to the fact that it's prior art. [00:27:50] Speaker 01: but that it's completely unlinked prior art, which has nothing to do at all with Kazan's disclosed invention. [00:27:58] Speaker 03: Would this have been an obviousness inquiry then? [00:28:00] Speaker 01: Well, these claims were not invalidated based upon an obvious inquiry. [00:28:05] Speaker 03: I understand. [00:28:05] Speaker 01: Well, that would then be a single reference obvious analysis, which was never raised below and I don't think would work in this instance. [00:28:16] Speaker 03: Thank you. [00:28:17] Speaker 03: Thank you very much. [00:28:23] Speaker 03: The next case for argument is 171347, CPC broadband versus coining optical.