IP Law Daily Close questions about cybersecurity patents eligibility resolved in patentee Fortinet’s favor
Wednesday, June 16, 2021

Close questions about cybersecurity patents eligibility resolved in patentee Fortinet’s favor

By Robert Margolis, J.D.

When specifications and dependent claims are considered, patents could be construed as containing inventive technological advances making them eligible for protection under Section 101 of the Patent Act.

Fortinet, Inc.’s amended complaint adding two new patents-in-suit to its infringement action against Forescout Technologies, Inc., like the previously alleged patents, included sufficient allegations of patent-eligibility under Section 101 of the Patent Act to survive Forescout’s motion to dismiss, the federal district court in San Francisco has held. When specifications and dependent claims are considered, patents could be construed as containing inventive technological advances (Fortinet, Inc. v. Forescout Technologies, Inc., June 14, 2021, Chen, E.).

Patents-in-suit. Fortinet, Inc., sells cybersecurity products, software, and services to large institutional customers. Fortinet owns three patents: U.S. Patent Nos. 8,458,314 ("the ’314 Patent"), titled "System and method for offloading IT network tasks"; 9,369,299 ("the ’299 Patent"), titled "Network access control system and method for devices connecting to network using remote access control methods"; and 9,948,662 ("the ’662 Patent"), titled "Providing security in a communication network." Forescout Technologies, Inc., is a competitor of Fortinet.

Fortinet started licensing negotiations with Forescout, asserting that certain Forescout products infringed Fortinet’s patents. After failing to reach an agreement on licensing, Fortinet filed suit for patent infringement on theories of inducement, contributory infringement, and willful infringement. The district court previously granted in part Forescout’s motion to dismiss and dismissed the contributory and willful infringement claims (but not the others). Though it was skeptical that the patents-in-suit would ultimately prove valid, the court did not deem them invalid as Forescout sought. Fortinet was given leave to amend its complaint.

Amended complaint. The amended complaint added two new patents to the lawsuit—No. 9,894,034 ("the ’034 Patent"), titled "Automated Configuration of Endpoint Security Management"; and No. 9,503,421 ("the ’421 Patent"), titled "Security Information and Event Management." Forescout then moved to dismiss the amended complaint, arguing the newly alleged patents are invalid under 35 U.S.C. § 101, as claiming patent-ineligible subject matter. Forescout also challenged Fortinet’s induced, contributory, and willful infringement claims.

’034 Patent. As with the patents challenged on the prior motion, the court found it to be a "close question" whether the ’034 Patent was directed to a simple abstract idea, thus failing the first step in the Supreme Court’s test from Alice Corp. Pty. Ltd. v. CLS Bank Intern., 573 U.S. 208 (2014). According to its specification, that patent solves a problem in network security management "to keep a network secure while allowing many different devices to connect to the network." The patent claims to solve this "by having the client security application (1) determine [the user device’s] network connection state with respect to a private network, (2) select a configuration based on this, and (3) launch functionality." This allegedly improves on prior art, which required manual re-configuration by users. Forescout argued that this was nothing more than "selecting a course of action based on a condition," which is a simple abstract idea. Fortinet responded that the patent uses technology to solve a concrete problem encountered by client devices needing to connect to multiple network environments. The court adopted what it called a "flexible approach," considering both the step one question of whether the invention is directed to an ineligible abstract idea and the step two question of whether there is an "inventive concept" together.

It tended to agree with Forescout that at least Claim 1 of the ’034 Patent can be construed as directed to the abstract idea of "making a selection based on a condition." But when specifications and dependent claims were considered, which referred to specific technological features that restrict the invention to concrete technology, rather than abstraction, the court found that the patent was nudged over the line, at least at the pleading stage, without foreclosing a future motion by Forescout when the record is more developed.

’421 Patent. This patent’s abstract claims "[s]ystems and methods … for conducting workflows by [a Security Information and Event Management ("SIEM")] device to carry out a complex task automatically." The problem allegedly solved is that contemporary computer networks may comprise hundreds of different devices in different locations, including different security devices, which work independently with different parameters and configurations, and thus lack a way to comprehensively manage the security of the multiple devices. The ’421 Patent claims to solve this problem by configuring the SIEM "to allow users (1) to create a work flow that includes multiple security tasks to be performed by one or more security devices, (2) performing these tasks, and (3) collecting the results of these tasks." Forescout argued that conducting work flows to carry out tasks and then analyzing the data is "a longstanding human activity," and thus an abstract idea. Fortinet countered that improving SIEM devices solved a technical problem. The court again found the language of Claim 1 to be abstract, as Forescout argued, but when dependent claims were considered (and their greater degree of technological specificity), as well as the specification (which contained detailed descriptions of how the inventions preferred embodiments function), the court upheld the claim based. Fact questions remained that merited further development.

Induced infringement. The court had denied Forescout’s prior motion to dismiss this claim, holding that Fortinet’s allegations that Forescout provided instructions on its website and in instructional material on how to infringe showed the requisite intent. The court again found the pleadings sufficient on the both the original and newly asserted patents. The amended complaint pointed to particular instructional manuals and identified how Forescout instructed others to infringe the newly asserted patents.

Contributory infringement. The court previously dismissed the contributory infringement claims, finding that Fortinet failed to allege there were no non-infringing uses of the challenged products. The new complaint added allegations that each accused product "includes software components . . . which are programmed to be used to infringe the [patented] methods." The court found these allegations to be sufficient and upheld the claim.

Willful infringement. The court held that the prior complaint insufficiently alleged willfulness, in that it alleged Forescout merely continued to sell allegedly infringing products during a legal dispute about the validity of the patents. Fortinet’s amended complaint added allegations that Forescout refused to participate in discussions regarding the alleged infringement, but the court found that these new allegations still failed to show culpable knowledge, and dismissed this claim.

The case is No. 20-cv-03343-EMC.

Attorneys: John M. Neukom (Skadden, Arps, Slate, Meagher & Flom LLP) for Fortinet, Inc. Katherine Vidal (Winston & Strawn LLP) for Forescout Technologies, Inc.

Companies: Fortinet, Inc.; Forescout Technologies, Inc.

MainStory: TopStory Patent CaliforniaNews GCNNews

Back to Top

Interested in submitting an article?

Submit your information to us today!

Learn More

IP Law Daily: Breaking legal news at your fingertips

Sign up today for your free trial to this daily reporting service created by attorneys, for attorneys. Stay up to date on intellectual property legal matters with same-day coverage of breaking news, court decisions, legislation, and regulatory activity with easy access through email or mobile app.