Search Team

Search by Last Name
A
B
C
D
E
F
G
H
I
J
K
L
M
N
O
P
Q
R
S
T
U
V
W
X
Y
Z

SRI v. Cisco Systems

Representative Claim

1. A computer-automated method of hierarchical event monitoring and analysis within an enterprise
+++++ network comprising:
deploying a plurality of network monitors in the enterprise network;
detecting, by the network monitors, suspicious network activity based on analysis of network traffic
+++++ data selected from one or more of the following categories: {network packet data transfer
+++++ commands, network packet data transfer errors, network packet data volume, network
+++++ connection requests, network connection denials, error codes included in a network packet,
+++++ network connection acknowledgements, and network packets indicative of well-known
+++++ network-service protocols};
generating, by the monitors, reports of said suspicious activity; and
automatically receiving and integrating the re-ports of suspicious activity, by one or more hierarchical
+++++ monitors.

Posture:

Appeal from the United States District Court for the District of Delaware in No. 1:13-cv-01534-SLR-SRF, Judge Sue L. Robinson

Abstract Idea: No

The Federal Circuit confirmed the District Court’s Step One determination that “claim 1 is not directed to an abstract idea” because the “claims are directed to using a specific technique—using a plurality of network monitors that each analyze specific types of data on the network and integrating reports from the monitors—to solve a technological problem arising in computer networks: identifying hackers or potential intruders into the network.” In explanation, the opinion states:

“Here, the claims actually prevent the normal, expected operation of a conventional computer network. Like the claims in DDR, the claimed technology ‘overrides the routine and conventional sequence of events’ by detecting suspicious network activity, generating reports of suspicious activity, and receiving and integrating the reports using one or more hierarchical monitors.

However, the claims here are not directed to using a computer as a tool—that is, automating a conventional idea on a computer. Rather, the representative claim improves the technical functioning of the computer and computer networks by reciting a specific technique for improving computer network security.

Indeed, we tend to agree with [Plaintiff] that the human mind is not equipped to detect suspicious activity by using network monitors and analyzing network packets as recited by the claims.”

Something More: N/A

Judge Lourie “respectfully dissent[ed] from the majority’s decision upholding the eligibility of the claims” because (1) the “claims here recite nothing more than deploying network monitors, detecting suspicious network activity, and generating and handling reports,” (2) “the claims only rely on generic computer components, including a computer, memory, processor, and mass storage device,” and (3) the “claims as written, however, do not recite a specific way of enabling a computer to monitor network activity.”