credit-cards

Last week brought a major development in the world of software patents. Don’t get too excited (or nervous if that’s your perspective), but it looks like it just got harder to patent software. Let’s talk about the rise (or should it be the fall?) of the machines!

CyberSource Corp. v. Retail Decisions, Inc., No. 2009-1358 (Fed. Cir. Aug. 16, 2011) (Judges Dyk, Bryson, and Prost)

What types of software are patentable? Congress hasn’t told us, and the trial courts are all over the place. The Supreme Court took a case on this issue and basically ducked the question. The fact that software patents even exist is controversial (see here, here, here, and here for a variety of opinions). In the CyberSource opinion, the Federal Circuit has given more ammunition to folks who are against software patents.

Here’s the main idea behind the court’s opinion: To be patentable, a software patent needs to be specific. You can’t come up with a vague idea and preempt every way of doing it. It also doesn’t help to do some fancy claim drafting – an abstract idea is still abstract.

People often use their credit cards from the same computer

CyberSource owns U.S. Patent No. 6,029,154, which claims methods of verifying credit card transactions over the Internet. It’s pretty typical of patents of this type. Here’s the only illustration of the method in the patent:

 Federal Circuit Spotlight: Rise (or Fall?) of the Machines • Figure 4 from 154 patent

It’s extremely vague. In fact, there is no explanation at all of how to actually implement this method. And here’s claim 3, which is the first claim the court dealt with:

3. A method for verifying the validity of a credit card transaction over the Internet comprising the steps of:

a) obtaining information about other transactions that have utilized an Internet address that is identified with the [ ] credit card transaction;

b) constructing a map of credit card numbers based upon the other transactions and;

c) utilizing the map of credit card numbers to determine if the credit card transaction is valid.

A simple way of reading this is that you look at which computers someone has used before for their credit card. If this is one of those, it’s probably a legitimate use. If not, maybe there’s a problem.

Really? That’s your idea?

The underlying issue here is whether software should be eligible for patent protection. And if so, which software?

This has been a difficult issue. The Supreme Court weighed in, sort of, in Bilski v. Kappos, 130 S.Ct. 3218 (2010), but didn’t give much guidance.

We know a couple of things, though. We know that if there’s a “machine” or a “transformation” involved in the method, it is patentable. And we know that “mental processes” are not patentable.

In this case, we have a method that works over the Internet, so there must be a computer involved. Isn’t that a machine?

Not according to the Federal Circuit. Judge Dyk wrote this opinion, and he is not a big fan of software patents. Judge Dyk wrote an impassioned concurring opinion in In re Bilski, 545 F.3d 943 (Fed. Cir. 2008) (en banc) as well as the court’s opinion in another major decision on this issue in In re Comiskey, 554 F.3d 967, 980 (Fed. Cir. 2009).

The court explained that you can’t just take an algorithm and put it on a machine and get a patent. What matters is whether the machine imposes “meaningful limits” on the claim. As I understand that, it means that the machine has to be an essential part of the invention. And CyberSource’s claim doesn’t require any particular machine to do what is claimed.

The Internet’s pretty smart, but…

Claim 3 says it’s a method for verifying a transaction “over the Internet,” and CyberSource argued that the Internet is enough of a machine to make the method patentable. The court didn’t buy it. The Internet doesn’t execute the method, so it’s not the machine. (If it did, there would be a different problem, namely divided infringement.) In fact, there’s no particular machine or implementation required by the claim.

And that’s the main problem with claim 3. If all you’re doing is comparing an IP address with a list of known addresses, that’s something you can do manually. Sure, it might be faster on a computer, but it’s the same method with or without it.

So the court held that claim 3 describes a “mental process,” which is not patentable.

OK, but what if I put it on a CD?

There is another patent claim, and this is the critical one. Here’s claim 2:

2. A computer readable medium containing program instructions for detecting fraud in a credit card transaction between a consumer and a merchant over the Internet, wherein execution of the program instructions by one or more processors of a computer system causes the one or more processors to carry out the steps of:

a) obtaining credit card information relating to the transactions from the consumer; and

b) verifying the credit card information based upon values of plurality of parameters, in combination with information that identifies the consumer, and that may provide an indication whether the credit card transaction is fraudulent,

wherein each value among the plurality of parameters is weighted in the verifying step according to an importance, as determined by the merchant, of that value to the credit card transaction, so as to provide the merchant with a quantifiable indication of whether the credit card transaction is fraudulent,

wherein execution of the program instructions by one or more processors of a computer system causes that one or more processors to carry out the further steps of;

[a] obtaining information about other transactions that have utilized an

Internet address that is identified with the credit card transaction;

[b] constructing a map of credit card numbers based upon the other transactions; and

[c] utilizing the map of credit card numbers to determine if the credit card transaction is valid.

There are a lot of words here, so let’s unpack it a little. For non-patent folks, this is what’s called a Beauregard claim (named for In re Beauregard, 53 F.3d 1583 (Fed. Cir. 1995)). Basically, a Beauregard claim describes a physical copy of software that runs a method. This type of claim helps inventors get around a big problem in software: what if a company sells software that performs your method?

To infringe a method claim, you have to perform the method. But selling software that performs the method isn’t the same thing. So, patent lawyers came up with the idea of claiming the “computer readable medium” (like a CD or DVD) that has the software that performs the method. Now you can go after the software sales.

If you read claim 2, you can see “processors of a computer system” in a couple of places. Isn’t that enough of a machine to make this patentable?

No, and this is probably the most important part of the opinion.

The court says that you have to look past the “computer readable medium” to see what the claim is really about. Claim 2 is just the same method of claim 3, but executed on a computer. That is, running a mental process on a computer is no more patentable than the mental process itself.

But there’s a problem with the court’s reasoning: it seems to conflict with some earlier decisions. In In re Alappat, 33 F.3d 1526, 1545 (Fed. Cir. 1994), the court said that programming a computer with a particular algorithm “creates a new machine, because a general purpose computer in effect becomes a special purpose computer once it is programmed to perform particular functions pursuant to instructions from program software.” Basically, once you program a computer, it’s now a specific machine. That sounds like what happened here.

Except that if you read Alappat, you see that the claims were tied to a very particular implementation. The inventor didn’t try to claim all ways of doing something. CyberSource’s patent just generally claims a high-level algorithm.

The harder case is Research Corp. Techs. v. Microsoft Corp., 627 F.3d 859 (Fed. Cir. 2010). In RCT, one of the claims at issue was:

1. A method for the halftoning of gray scale images by utilizing a pixel-by-pixel comparison of the image against a blue noise mask in which the blue noise mask is comprised of a random non-deterministic, non-white noise single valued function which is designed to produce visually pleasing dot profiles when thresholded at any level of said gray scale images.

Here’s the figure describing the method from that patent:

 Federal Circuit Spotlight: Rise (or Fall?) of the Machines • Fig. 2 of 310 patent in RCT v. Microsoft

The court in RCT said this method is patentable. So why is this patentable, but CyberSource’s claim isn’t?

Honestly, the court didn’t give us much help. Here’s everything the court said about RCT:

Because the method required the manipulation of computer data structures (e.g., the pixels of a digital image and a two-dimensional array known as a mask) and the output of a modified computer data structure (a halftoned digital image), the method could not, as a practical matter, be performed entirely in a human’s mind.

(Page 21.) Timothy B. Lee at Ars Technica said that the difference is that the math is harder. He points out, rightly, that a “computer data structure” is just an abstraction that can be drawn on paper.

But I think this misses the real underlying difference between the cases. In RCT, the method has to be run on a machine, because it is used to modify the operation of a computer display or a printer. But there’s another big difference that you need to look at the RCT opinion to see. The RCT panel noted that

This court also observes that the claimed methods incorporate algorithms and formulas that control the masks and halftoning. These algorithms and formulas, even though admittedly a significant part of the claimed combination, do not bring this invention even close to abstractness that would override the statutory categories and context.

(RCT at 869.) So it’s important that the claim includes very specific implementations to perform the method. In contrast, CyberSource’s patent tries to claim any possible implementation of performing some pretty high-level steps.

That point is, I think, the main thing to take away. A software patent needs to be specific. You can’t block every way of doing something abstract, like checking IP addresses against a list. You also have to look at the real invention to decide if it’s eligible for patent protection. You can’t make a method patentable by claiming software that does it. Put another way, you can patent an invention,but not just an idea.

You can read the CyberSource opinion here.