Search Team

Search by Last Name

Veracode, Inc. v. Appthority, Inc.

Representative Claim

  1. A method for analyzing executable software code using a computer comprising a processor and a memory, the method comprising:

processing the executable software code to generate an optimized, exhaustive data flow model including parsing the executable software code to facilitate identification of data flows for inclusion in the exhaustive data flow model;

processing the executable software code to generate an optimized, exhaustive control flow model; and

storing, in the memory, an intermediate representation of the executable software code that provides a complete model of the executable software code based on the optimized data flow model and the optimized control flow model, thereby facilitating analysis of the executable software code according to comparison of the intermediate representation to reference models.


Post-trial Motions (11 in total).

Abstract Idea: Yes

“The claimed method in the ’609 Patent processes executable software code to generate ‘an optimized, exhaustive data flow model’ and ‘an optimized, exhaustive control flow model.’”

“… the primary functions of the invention at issue here – control flow and data flow analysis – are longstanding, recognized building blocks of computer science.”

“… both parties recognize that it is possible to analyze binary code manually or mentally.”

“It is clear, then, that the claimed invention of the ‘609 Patent is directed at a building block of computer science and a fundamental practice in the industry, and therefore is directed at a patent-ineligible concept.”

Something More: Yes

“Indeed, the case law makes clear that a process that simply automates a known transaction and requires nothing more than a generic computer to perform conventional computer functions and activities already known in the industry is not patent-eligible.”

“Despite this limitation on patent eligibility for claims involving computer implementation of abstract ideas or known mathematical algorithms, Alice left open the possibility that a method that ‘purport[s] to improve the functioning of the computer itself’ or ‘effect an improvement in any other technology or technical field’ could be patent-eligible.”

“Standing alone, the method [of claim 1] is an abstract idea. The translation of binary code and storing of an intermediate representation that can be used to analyze the underlying executable software code – in other words, decompilation – is not of ancient lineage like the contract, bank transaction, and bingo games …, but it is sufficiently well-established that there must be some meaningful innovative concept to render it patent-eligible.”

“The evidence presented … demonstrates that the optimized and exhaustive features of the claimed method “effect an improvement” in the technical field and the preexisting technology, compared to what could be done by humans or simply by automating a manual process.”

“By including both control flow and data flow models that aim for both optimization and exhaustion, the method achieves a more accurate and more complete translation of the binary for security analysts to review than what the existing methods could provide.”

“The claimed method both improved the speed and accuracy of the process and produced a largely complete result through optimization and exhaustion that was unobtainable using existing methods.”

“Here, the ’609 Patent claims do not claim a monopoly over all decompiling methods, but rather focus on a specific method for generating as-complete-as-possible data and control flow models in the form of an intermediate representation that can be used to identify flaws in the executable software code. In so doing, the ’609 Patent does not claim the broad concept of an intermediate representation, but rather a narrower manifestation of it, by articulating an iterative process that had previously been unavailable to programmers and security risk analysts that addressed the problem of analyzing illegible binary code.”

“In sum: the fact of having to translate from one language (source code) to another (binary) is in many respects unique to the world of software and computers. The claimed method, by offering an iterative process for achieving an optimized and as-near-to-exhaustive modeling of the underlying software as possible to enable a more complete security analysis to be conducted than could be performed through basic automation of human processes, presents ‘a unique computing solution that addresses a unique computing problem.’”