United States District Court, E.D. Virginia, Alexandria Division
April 11, 2013
DISNEY ENTERPRISES, INC., Plaintiff,
TERESA STANEK REA, Acting Under Secretary of Commerce for Intellectual Property and Acting Director of the United States Patent and Trademark Office, Defendant
For Disney Enterprises, Inc., Plaintiff: Jeffrey Paul Kushan, Sidley Austin LLP, Washington, DC.
For David Kappos, Honorable. Under Secretary of Commerce for Intellectual Property and Director of the United States Patent and Trademark Office, Defendant: Dennis Carl Barghaan, Jr., LEAD ATTORNEY, United States Attorney's Office, Alexandria, VA.
Leonie M. Brinkema, United States District Judge.
In this civil action brought pursuant to 35 U.S.C. § 145, plaintiff Disney Enterprises, Inc. (" Disney" ) seeks a judgment that it is entitled to a reissue of U.S. Patent No. 5,963,915 (" the '915 patent" ) covering the pending claims in United States Reissue Patent Application 09/970,772 (" the '772 application" ), all of which were rejected as obvious by the United States Patent and Trademark Office (" USPTO" ) after extensive administrative proceedings. A one-day bench trial was held, during which the only witnesses were two experts, one testifying on behalf of the plaintiff and the other on behalf of the defendant. Having heard the evidence
and reviewed the trial exhibits and the administrative record, the Court makes the following findings of fact and concludes that Disney has failed to prove that it is entitled to the reissue patent it seeks.
I. LEGAL PRINCIPLES
A. Standard of Review and Burden of Proof
This civil action was brought under 35 U.S.C. § 145, which " gives the Court the power to set aside any ruling refusing a patent and determine patentability de novo." Hitachi Koki Co., Ltd. v. Doll, 620 F.Supp.2d 4, 16 (D.D.C. 2009)  (citing Mazzari v. Rogan, 323 F.3d 1000, 1004 (Fed. Cir. 2003); Newman v. Quigg, 877 F.2d 1575, 1579 (Fed. Cir. 1989)) (citation and internal quotation marks omitted). The Supreme Court recently held that § 145 actions " should be conducted according to the ordinary course of equity practice and procedure and . . . should be prepared and heard upon all competent evidence adduced and upon the whole merits." Kappos v. Hyatt, 132 S.Ct. 1690, 1699-1700, 182 L.Ed.2d 704 (2012) (quoting Butterworth v. United States ex rel. Hoe, 112 U.S. 50, 61, 5 S.Ct. 25, 28 L.Ed. 656, 1884 Dec. Comm'r Pat. 429 (1884)) (internal quotation marks omitted). Because " the district court acts as a factfinder when new evidence is introduced in a § 145 proceeding," it " must assess the credibility of new witnesses and other evidence, determine how the new evidence comports with the existing administrative record, and decide what weight the new evidence deserves." Id. at 1700. The standard of review of the new evidence must therefore " [a]s a logical matter" be " de novo because [the district court] is the first tribunal to hear the evidence in question." Id. Nevertheless, " the district court may, in its discretion, consider the proceedings before and findings of the Patent Office in deciding what weight to afford an applicant's newly-admitted evidence." Id. at 1700 (quoting Hyatt v. Kappos, 625 F.3d 1320, 1335 (Fed. Cir. 2010) (en banc)) (internal quotation marks omitted).
Patent prosecutions before the USPTO employ a " burden-shifting" framework, which is " merely a procedural device that enables an appropriate shift of the burden of production." In re Jung, 637 F.3d 1356, 1362 (Fed. Cir. 2011) (citation and internal quotation marks omitted). During prosecution, the initial burden is on the examiner to establish a prima facie case of unpatentability, which " need not be a full exposition on every conceivable deficiency of a claim . . . . Rather, its purpose is simply to provide sufficient notice to the applicant to facilitate his effective submission of information." Hyatt v. Dudas, 492 F.3d 1365, 1370 (Fed. Cir. 2007). The burden then shifts to the applicant to produce evidence or argument to rebut that prima facie case. Id. Finally, patentability is " determined on the entirety of the record, by a preponderance of evidence and weight of argument." In re Glaug, 283 F.3d 1335, 1338 (Fed. Cir. 2002).
Disney implied during closing arguments that the USPTO bears the burden of re-establishing such a prima facie case in this § 145 proceeding:
[T]he central story here is whether the person with skill . . . would have concluded at the first instance in what we
call a prima facie case, whether that case, that invention is obvious. If that is not, that is not established by the evidence, the rejection of the PTO are [sic] incorrect; and under this proceeding, you have the authority to direct the PTO to issue Disney the patent.
Trial Tr. [Dkt. No. 70] at 234:17-25. That argument is unsupported by case law and " appears to urge the Court to improperly allow the meaning of 'prima facie case' in the context of ordinary litigation to supplant its meaning in patent prosecution." Alberts v. Kappos, 917 F.Supp.2d 94, No. 10-1727, 2013 WL 204694, at *6 (D.D.C. Jan. 18, 2013). The Federal Circuit has explained that " the prosecution and litigation contexts are distinct." In re Cyclobenzaprine Hydrochloride Extended-Release Capsule Patent Litig., 676 F.3d 1063, 1080 n.7 (Fed. Cir. 2012). Moreover, if § 145 proceedings are to be " conducted according to the ordinary course of equity practice and procedure," Hyatt, 625 F.3d at 1335, it is the plaintiff and not the USPTO that bears the burden of proof. See also Alberts, 2013 WL 204694, at *7 (indicating that the Court did not believe that the USPTO had the burden of re-establishing a prima facie case in § 145 proceedings, while also finding that the USPTO would have met such a burden).
Accordingly, Disney bears the burden of proving by a preponderance of the evidence that it is entitled to a reissue patent covering the pending claims in the '772 application. See, e.g., Johnson v. Brenner, 253 F.Supp. 919, 923 (D.D.C. 1966) (noting in a § 145 action that the burden of proof was borne by the patent applicant).
B. Reissue Patents
Under 35 U.S.C. § 251(a), reissue patents are available " [w]henever any patent is, through error, deemed wholly or partly inoperative or invalid . . . by reason of the patentee claiming more or less than he had a right to claim in the patent." Applying for a reissue patent is therefore a means of attempting to correct or amend a patent that has already been issued. See Manual of Patent Examining Procedures (" MPEP" ) § 1400.01 (8th ed. rev. Aug. 2012); see also Medrad, Inc. v. Tyco Healthcare Grp. LP, 466 F.3d 1047, 1052 (Fed. Cir. 2006) (holding that " any error that causes a patentee to claim more or less than he had a right to claim" is correctable through reissue).
An application for reissue " constitute[s] an offer to surrender [the original] patent, and the surrender shall take effect upon reissue of the patent" ; however, " [u]ntil a reissue application is granted, the original patent . . . remain[s] in effect." 37 C.F.R. § 1.178(a). If the reissue is granted, it will be valid only " for the unexpired part of the term of the original patent." 35 U.S.C. § 251(a); see also MPEP § 1405 (" The maximum term of the original patent is fixed at the time the patent is granted. While the term may be subsequently shortened, . . . it cannot be extended through the filing of a reissue." ).
Although a reissue application may not include any " new matter," 37 C.F.R. § 1.173; accord 35 U.S.C. § 251(a), it is examined in the same manner as a newly submitted application and is generally subject to the same requirements. See 37 C.F.R. § 1.176(a). As a consequence, " the claims in a reissue application are subject to any and all rejections which the examiner deems appropriate," regardless of " whether the claims are identical to those of the [original] patent or changed from those in the [original] patent." MPEP § 1445.
C. Obviousness Standard
Under the patent statute, an invention that would have been obvious to a person of ordinary skill in the relevant art
at the time of the invention is not patentable. Specifically:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102,  if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
35 U.S.C. § 103; see also Pub. L. No. 112-29 § 3, 125 Stat. 284, 287. An obviousness analysis concerns the patent's claims, not the embodiments described in the specification.
See, e.g., Jackson Jordan, Inc. v. Plasser Am. Corp., 747 F.2d 1567, 1578 (Fed. Cir. 1984) (" The claims, not the particular embodiments, must be the focus of the obviousness inquiry." (emphasis in original));
see also KSR Int'l Co. v. Teleflex Inc., 550 U.S. 398, 419, 127 S.Ct. 1727, 167 L.Ed.2d 705 (2007) (" In determining whether the subject matter of a patent claim is obvious, neither the particular motivation nor the avowed purpose of the patentee controls. What matters is the objective reach of the claim." ). During examination, claims must be given " their broadest reasonable interpretation consistent with the specification, and . . . claim language should be read in light of the specification as it would be interpreted by one of ordinary skill in the art." In re Am. Acad. of Sci. Tech. Ctr., 367 F.3d 1359, 1364 (Fed. Cir. 2004) (quoting In re Bond, 910 F.2d 831, 833 (Fed. Cir. 1990)) (omission in original) (internal quotation marks omitted).
Obviousness is a question of law based on underlying facts, which include " the scope and content of the prior art . . .; differences between the prior art and the claims at issue . . .; and the level of ordinary skill in the pertinent art." Graham v. John Deere Co. of Kan. City, 383 U.S. 1, 17, 86 S.Ct. 684, 15 L.Ed.2d 545 (1966). Objective evidence of nonobviousness must also be considered, including " secondary considerations" such as " commercial success, long felt but unsolved needs, failures of others, etc." Id.;
see also KSR Int'l Co. v. Teleflex Inc., 550 U.S. 398, 407, 127 S.Ct. 1727, 167 L.Ed.2d 705 (2007) (" While the sequence of these questions might be reordered in any particular case, the [Graham] factors continue to define the controlling inquiry." ). Because Disney has never presented any evidence or argument regarding secondary considerations, either during these proceedings or before the USPTO, they are not addressed below.
In its most recent case directly addressing the obviousness standard, the Supreme Court rejected the Federal Circuit's " 'teaching, suggestion, or motivation' test (TSM test), under which a patent claim is only proved obvious if 'some motivation or suggestion to combine the prior art teachings' can be found in the prior art, the nature of the problem, or the knowledge of a person having ordinary skill in the art." KSR, 550 U.S. at 407 (quoting Al-Site Corp. v. VSI Int'l, Inc., 174 F.3d 1308, 1323-24 (Fed. Cir. 1999)). Instead, the Supreme Court found that the proper obviousness inquiry asks " whether the improvement is more than the predictable use of prior art elements according to their established functions," observing that " [w]hen a work is available in one field of endeavor, design incentives and other market forces can prompt variations of it, either in the same field or a different one." Id. at 417. Such predictable
variations, including " the simple substitution of one known element for another or the mere application of a known technique to a piece of prior art ready for the improvement," are likely barred from patentability by the obviousness doctrine. Id.
The Supreme Court recognized that an obviousness analysis will often require " a court to look to interrelated teachings of multiple patents; the effects of demands known to the design community or present in the marketplace; and the background knowledge possessed by a person having ordinary skill in the art, all in order to determine whether there was an apparent reason to combine the known elements in the fashion claimed by the patent at issue." Id. at 418. In conducting that analysis, however, " a court can take account of the inferences and creative steps that a person of ordinary skill in the art would employ," and thus " the analysis need not seek out precise teachings directed to the specific subject matter of the challenged claim." Id.; see also id. at 421 (" A person of ordinary skill is also a person of ordinary creativity, not an automaton." ).
Although the Court recognized that the TSM test was not incompatible with this approach if treated as a " [h]elpful insight" instead of a " rigid and mandatory formula," it also cautioned against " a formalistic conception of the words teaching, suggestion, and motivation," and " overemphasis on the importance of published articles and the explicit content of issued patents" because " [i]n many fields it may be that there is little discussion of obvious techniques or combinations, and it often may be the case that market demand, rather than scientific literature, will drive design trends." Id. at 419. Allowing applicants to patent " advances that would occur in the ordinary course without real innovation retards progress and may, in the case of patents combining previously known elements, deprive prior inventions of their value or utility." Id.; see also id. at 415-16 (" For over a half century, the Court has held that a patent for a combination which only unites old elements with no change in their respective functions . . . obviously withdraws what already is known into the field of its monopoly and diminishes the resources available to skillful men." (quoting Great A. & Pac. Tea Co. v. Supermkt. Equip. Corp., 340 U.S. 147, 152-53, 71 S.Ct. 127, 95 L.Ed. 162, 1951 Dec. Comm'r Pat. 572 (1950) (internal quotation marks omitted))).
Accordingly, " [w]hen there is a design need or market pressure to solve a problem and there are a finite number of identified, predictable solutions, a person of ordinary skill has good reason to pursue the known options within his or her technical grasp." Id. at 421. If one of those known options is successful, that success " is likely the product not of innovation but of ordinary skill and common sense." Id. In such circumstances, " the fact that a combination was obvious to try might show that it was obvious under § 103." Id. Of course, " [a] factfinder should be aware . . . of the distortion caused by hindsight bias and must be cautious of arguments reliant upon ex post reasoning," but " [r]igid preventative rules that deny factfinders recourse to common sense . . . are neither necessary under [Supreme Court] case law nor consistent with it." Id.
After KSR, the USPTO promulgated and published guidelines concerning how its examiners should conduct such an obviousness analysis; those guidelines provide that examiners must " ensure that the written record includes findings of fact concerning the state of the art and the teachings of the references applied," and
in certain circumstances should " include explicit findings as to how a person of ordinary skill would have understood prior art teachings, or what a person of ordinary skill would have known or could have done." Examination Guidelines for Determining Obviousness Under 35 U.S.C. 103 in View of the Supreme Court Decision in KSR International Co. v. Teleflex Inc., 72 Fed. Reg. 57526, 57527 (Oct. 10, 2007). Additionally:
[T]he focus when making a determination of obviousness should be on what a person of ordinary skill in the pertinent art would have known at the time of the invention, and on what such a person would have reasonably expected to have been able to do in view of that knowledge. This is so regardless of whether the source of that knowledge and ability was documentary prior art, general knowledge in the art, or common sense.
Id. In short, " [a]n obviousness analysis measures the difference between the claimed invention and the prior art to determine whether the subject matter as a whole would have been obvious at the time the invention was made to a person having ordinary skill in the art." Unigene Labs., Inc. v. Apotex, Inc., 655 F.3d 1352, 1360 (Fed. Cir. 2011) (quoting Alza Corp. v. Mylan Labs., Inc., 464 F.3d 1286, 1289 (Fed. Cir. 2006)) (internal quotation marks omitted).
II. FINDINGS OF FACT
A. Background Findings
1. Procedural Background
On February 21, 1996, Steven Kirsch (" Kirsch" ) filed a patent application titled " Secure, Convenient and Efficient System and Method of Performing Trans-Internet Purchase Transactions." Administrative Record ("A.R." )  at A1-43. That application resulted in the issuance of the '915 patent on October 5, 1999. Pl.'s Trial Ex. (" PX" ) 6. The '915 patent was initially assigned to Infoseek Corporation and was later assigned to Disney.  A.R. at A116, A134-35; PX 6.
Two years after the '915 patent was issued, on October 4, 2001, Kirsch filed the '772 application, which seeks reissue of the '915 patent with broader claims pursuant to 35 U.S.C. § 251. A.R. at A136-38, A140, A217. The '772 application was also initially assigned to Infoseek Corporation and later assigned to Disney. A.R. at A138, A1375-80. For the first six years of administrative proceedings, the USPTO rejected the '772 application numerous times based on U.S. Patent No. 5,774,670 (" the Montulli patent" ) and several other prior art references. See, e.g., A.R. at A296-99, A505-31, A545-67, A617-46. Afterward, the rejections were generally based on U.S. Patent No. 5,708,780 (" the Levergood patent" ) (PX 7) and several other prior art references. See, e.g., A.R. at A1935-57, A2053, A2603-04, A2609-34, A2696-2726, A2933-35.
On April 6, 2011, after almost ten years of administrative proceedings, including numerous Office Actions, several amendments to the claims in the '772 application, and three Requests for Continued Examination, the examiner issued the USPTO's
last notice of rejection of all pending claims. A.R. at A2900-37. The examiner rejected claim 1, which is the focus of this litigation, as obvious over the Levergood patent, the Admitted Prior Art (APA) in the '915 patent specification (PX 6 at 1:30-4:42), and U.S. Patent No. 5,732,219 (" the Blumer patent" ). A.R. at A2903.
On April 13, 2011, Disney appealed this final rejection to the Board of Patent Appeals and Interferences  (" the Board" ). The Board affirmed the examiner's decision on November 17, 2011, and denied Disney's subsequent request for rehearing on April 25, 2012. A.R. at A3024-34, A3050-56. Disney timely filed the instant civil action in this Court pursuant to 35 U.S.C. § 145 on June 22, 2012.  Dkt. No. 1.
2. Level of Ordinary Skill in the Pertinent Art
The field of the claimed invention is Internet and web networking technologies, specifically those technologies related to web servers, web browsers, and the HyperText Transfer Protocol (" HTTP" ). A person of ordinary skill in those arts during February 1996 would have had an undergraduate degree in computer science or a related discipline, or equivalent work experience, and would have worked with the relevant Internet or web networking technologies for at least one year. See Trial Tr. at 148:8-149:9.
Although the USPTO did not object to Disney's expert,  Disney vigorously disputed the qualifications of the USPTO's expert, Glenn Weadock. See Pl.'s First Mot. in Limine [Dkt. No. 41]; Memorandum Opinion of Feb. 11, 2013 [Dkt. No. 62]. The Court finds that despite Disney's objection, both experts were qualified to opine as to what a person of ordinary skill in the art in February 1996 would have thought and understood regarding the issues relevant to the obviousness determination.
Specifically, plaintiff's expert, David Geller, has many years of experience as a software engineer, including personally creating a publicly accessible web server before February 1996, and has written several articles about relevant technology. See PX 9; Trial Tr. at 15:17-16:4. Defendant's expert, Glenn Weadock, received a bachelor of science in general engineering from Stanford University, and as part of that degree took classes in computer science. See DX1; Trial Tr. at 201:21-22. He has written many books about information technology, including one about Intranet technology,  and has experience developing commercial websites after 1996. See DX1; Trial Tr. at 199:1-19; Memorandum Opinion of Feb. 11, 2013 at 20-22. His book about Intranet technology was published in 1997 and, during the 1996 timeframe, he created websites that were deployed on
private networks as part of his research for that book. See Memorandum Opinion of Feb. 11, 2013 at 21.
3. State of the Pertinent Art in February 1996
The appropriate time period for evaluating whether the '772 reissue application was obvious is February 1996, when Kirsch filed the application for the '915 patent with the USPTO. See A.R. at A1. The following findings of fact therefore describe technology that would have been known to one of ordinary skill in the art in February 1996. The parties largely agree on the substantive technical definitions provided below; however, they dispute how and to what extent some of the technologies, specifically persistent cookies and SSL, were used by those of ordinary skill in the art in February 1996.
The Internet is a series of interconnected computing networks. In the February 1996 time period consumers, who are sometimes called " end users," generally accessed the Internet through " dial-up" modem technology provided by Internet Service Providers (" ISPs" ). " Servers" are programs that run on computer systems connected to the Internet that make resources within those computer systems available to other computer systems. " Clients" are computer systems that access and receive those resources by connecting to servers through the Internet.
Each computer connected to the Internet, whether as a server or as a client, is assigned a unique Internet Protocol address (" IP address" ). IP addresses can be " static," such that a particular computer is assigned an IP address that does not change, or " dynamic," such that each time a particular computer connects to the Internet it receives a randomly assigned IP address from a pool of available IP addresses. In February 1996, both static and dynamic IP addresses were available; however, most Internet users were issued dynamically allocated IP addresses by their ISPs. See Trial Tr. at 24:23-25:10, 61:6-17, 160:13-24.
The World Wide Web (the " web" ) is a subset of the Internet that appears to end users as " web pages," which are organized into " web sites." Web " browsers" are software programs that allow an end user to connect to web servers through the Internet and to view the information they provide; accordingly, web browsers are one example of " client" computer systems. The HyperText Markup Language (" HTML" ) governs how web pages are organized and displayed in web browsers.
The Domain Name System correlates easily understandable names for Internet hosts, or " domain names" (for example, " content.com" ), with those hosts' IP addresses. Uniform Resource Locators (" URLs" ), known colloquially as " links," provide addresses for finding information on the Internet. URLs are generally made up of three parts: the transfer format or protocol, the domain name, and the path to the specific resource. For example, in the URL " http://content.com/report," " http" is the transfer format or protocol, " content.com" is the domain name, and " report" is the path to the requested resource. See Trial Tr. at 20:12-21:2.
Communications on the web are governed by the HyperText Transfer Protocol (" HTTP" ). Under this protocol, a web browser issues an " HTTP request" to a web server; upon receipt of such an " HTTP request," a web server will send an " HTTP response" back to the web browser that made the request. Communications through HTTP are generally " stateless," such that each HTTP request-response pair is handled independently from earlier
interactions between the client and the server. See Trial Tr. 30:14-25.
The term " session" can refer to many concepts, all of which were understood in February 1996:
1. An " HTTP Session" consists of a single request from a web browser and a corresponding response from a web server. Trial Tr. at 28:1-29:7.
2. A " web browsing session" encompasses a series of logically connected communications between an end user and a web server. Such a session begins when an end user enters a website and can be ended either by the server or by the user. For example, a server may terminate a session if it logs a user out after a certain timeout period, and a user can terminate a session by leaving the website, closing the browser window, quitting the web browser program, or physically turning off the computer. See Trial Tr. at 29:10-30:13.
3. An " ISP session" begins when a user connects to the Internet through his or her ISP and ends when the user disconnects from it. See Trial Tr. at 163:1-4.
HTTP " cookies" are text files that a web server sends to a web browser in an HTTP response. The web browser stores the cookie and, if appropriate, will send the cookie back to the web server in subsequent HTTP requests. Cookies allow " state" to be maintained across HTTP sessions by storing information about earlier interactions and later sending that information back to the server with the new HTTP request.
Cookies were introduced in the Netscape Navigator web browser in 1994. By 1995, cookies were supported in the two most popular web browsers, Netscape Navigator and Internet Explorer. Accordingly, cookies would have been known to one of ordinary skill in the art by February 1996. See Trial Tr. at 31:8-14, 32:11-33:1, 48:13-15, 85:9-15, 157:22-158:1.
Cookies have several attributes, including (1) an identifier (2) a domain, (3) an optional expiration date, and (4) an optional secure marker. The identifier attribute includes text representing the information that the server wishes to store. The domain attribute consists of the domain that generated the cookie; a web browser will only send the cookie in an HTTP request to a server that matches the domain in the cookie. Accordingly, a cookie created by a web server in one domain, such as " auth.com," will not be sent to a web server in a different domain, such as " content.com." The expiration attribute consists of a date and time at which the cookie will no longer be valid and can be discarded by the web browser. The secure marker is a simple flag that indicates to the web browser that the cookie should be sent to the server only through a secure communications channel.
Cookies come in two forms: " session cookies" and " persistent cookies," both of which were known in February 1996. A session cookie is retained by the web browser only for the duration of a web browsing session; accordingly, a session cookie expires either when a specific and brief amount of time has passed, when the user leaves the issuing web site or domain, when the server terminates the connection, or when the browser window or the browser program is closed. In contrast, a persistent cookie " persists" beyond the specific web browsing session and will be retained by the web browser until the date and time of the expiration attribute set by the web server that generated the cookie.
A person of ordinary skill in the art in February 1996 would have recognized three security risks associated with cookies: (1) " network threats," also called " man in the middle" attacks, in which
cookies can be intercepted during transmission across the network; (2) " end-system threats," in which cookies are copied from the user's computer without that user's cooperation; and (3) " cookie-harvesting threats," in which the attacker " spoofs" or otherwise impersonates a website that generates and accepts cookies from users, while the users believe they are communicating with a legitimate web server. See Trial Tr. at 84:9-24; PX 23 at DISNEY01247-48. At the time of the invention, " man in the middle" attacks were known to pose the greatest security risk. See Trial Tr. at 190:25-191:15.
The Secure Socket Layer (" SSL" ) is one method for providing some security for Internet communications. SSL provides security by establishing a secure channel for communications between a web browser and the web server; that is, SSL ensures that the messages passed between the client web browser and the web server are encrypted. In February 1996, SSL was not yet a fully adopted and ratified standard,  and it had weaknesses that were known to those of ordinary skill in the art. See PX 30; Trial Tr. at 86:3-8, 91:4-92:16, 205:22-206:5. A person of ordinary skill in the art would nevertheless have recognized that SSL was gaining acceptance among professionals in the field and was on its way to becoming an international Internet standard. See DX 2; DX 3; DX 5; DX 6; DX 7; DX 22; see also '915 patent at 2:1-19. Moreover, by February 1996, SSL was supported in both Internet Explorer and Netscape Navigator, the two most popular web browsers. Trial Tr. at 86:3-7, 155:14-17.
The " secure marker" attribute of cookies was designed to work with technologies such as SSL, and was well known to those of ordinary skill in the art by February 1996. Combining SSL with a secure marker allowed a website designer to ensure that cookies would be transmitted from the client web browser to the web server only if that transmission was encrypted. This functionality lessens the security risks associated with " network threats," or " man in the middle" attacks, the greatest of the three security risks associated with cookies. It does not address the other two security risks; however, these risks are far less problematic than network threats. See Trial Tr. at 88:23-89:23, 190:25-191:15.
B. Facts Pertaining to Obviousness
Disney's position in the instant litigation has two prongs. First, Disney argues that by using persistent cookies its invention is " contrary to virtually every aspect of the Levergood system,"  Trial Tr. at 238:4-5, because the " session identification" (" SID" ) described in the Levergood patent is incompatible with persistent cookies for technical reasons. Specifically, Disney argues that the Levergood SID is " inherently
transient," meaning that it remains valid only within a single web browsing session and cannot persist across multiple web browsing sessions the way that cookies persist in Disney's claimed invention. Disney further argues that cookies cannot be used in the Levergood system because the authentication server runs on a separate domain from the content server.  Both of these arguments rely on an unduly narrow view of the Levergood invention, improperly limiting it to the preferred embodiment discussed in the specification. Even more fundamentally, these arguments rest on an erroneous understanding of the obviousness doctrine because they assume that Disney's claimed invention is obvious only if it combines persistent cookies with every element of the Levergood patent. In fact, a claimed invention can still be obvious if it combines only certain elements from one piece of prior art with other elements from another piece of prior art.
Disney argues in the alternative that even if these technical incompatibilities could be solved, storing an identifier in a persistent cookie was not obvious in February 1996 because one of ordinary skill in the art would have been discouraged from such a scheme due to security concerns. This argument is seriously undercut because Disney's claimed invention teaches such storage without any additional security protections, when the inventor was presumably a person of ordinary skill in the art. The argument is also unpersuasive because a person of ordinary skill in the art in February 1996 would have known that combining SSL with the secure marker on cookies provided sufficient protection against " man in the middle" attacks, the most significant security risk described by Disney's expert, to adequately resolve such concerns.
Further details and evidentiary support for these conclusions are provided below.
1. The Claimed Invention
Because the '772 application seeks reissue of the '915 patent, the specification in that reissue application is essentially identical to the specification of the '915 patent. See also Trial Tr. at 10:1-25. The pending claims in the '772 application are numbers 1-22, 90-119, 123-30, 132-43, and 145-46, for a total of 74 claims, 10 of which are independent, see A.R. at A2873-88; however, independent claim 1 is the only claim that has been addressed in this proceeding. Claim 1 provides:
A method for use by a merchant server for performing a purchase transaction between a client browser and said merchant server over a general purpose computer network, the method comprising:
establishing a client-side stored cookie including a persistent predetermined coded identifier on a client browser corresponding to an account record stored by a said merchant server;
providing for the serving of a Web page including a predetermined URL identifying a purchasable product or service to said client browser, said predetermined URL including a reference to said persistent predetermined coded identifier;
receiving an HTTP message having said predetermined URL by said merchant server;
receiving said persistent predetermined coded identifier as part of said HTTP message by said merchant server, said persistent predetermined coded
identifier corresponding to and passed with said predetermined URL, said persistent predetermined coded identifier not being located within said URL, and said persistent predetermined coded identifier identifying said account record;
validating said predetermined coded identifier against said account record; and
recording the identity of said purchasable product or service as derived from said predetermined URL by said merchant server.
A.R. at A2873, A3026-27.
The subject matter of the '772 reissue application relates to " systems of performing commercial activities over a general access computer network and, in particular, to a system and method of conveniently and efficiently performing advertising responsive secure commercial purchase transactions over the Internet utilizing the World Wide Web." '915 patent at 1:24-29. The background section describes some problems with commercial use of the web, including " security, convenience of use, and efficiency." Id. at 1:58-59. According to the specification, " commercial transactions over the Internet conventionally requires [sic] three distinct phases in order to securely perform a purchase transaction," id. at 2:60-62. These three phases are: (1) authentication through a " logon transaction," (2) selection of products or services, and (3) purchase or cancellation. Id. at 2:62-3:40.
The specification explains that this three-phase purchase transaction is inconvenient for users. Id. at 3:41-4:36. Because of this inconvenience, " there is a clear need for the ability to perform purchase transactions over the Internet that are secure, convenient and efficient both for a client user and the many different vendors of products and services available over the Internet." Id. at 4:38-42. Disney's claimed invention improves the convenience of such purchase transactions by pre-registering users' payment information, allowing those users to then make purchases with a single click.
In the preferred embodiment of the claimed invention, when a user clicks on a link to purchase an item, a secure session is established, for example by using SSL, and then the purchase request URL is sent to the appropriate server. See id. at 7:50-60. If the user has not pre-established " an authenticated credit relationship," then the server " initiate[s] a conventional process of establishing and validating a credit relationship with the client user" through a registration form " typically provid[ing] for the entry of a name, a password, a credit card number, billing and shipping addresses for the client user and possibly other relevant information." Id. at 7:64-8:7. The information entered by the user is entered into a database and is also used to " create and store a client-side cookie on the client system for use in connection with a subsequent URL purchase request." Id. at 8:7-12. The cookie additionally " encodes information sufficient to re-authenticate the client user to the [s]erver." Id. at 7:60-64.
Accordingly, the next time the user visits the purchase request URL, he or she will already have an established " authenticated credit relationship," evidenced by a cookie stored in the browser. Id. at 7:60-61. The browser will send that cookie to the server, the server can use the identifier in the cookie to find the user information stored in the database, and the cookie can be validated by decoding the additional information stored in the cookie and comparing it with the user information from the database. Id. at 8:13-17. Once the server has the necessary user account information,
the server can process the payment information and execute the purchase transaction. Id. at 8:21-32. From the user's perspective, this process means that once he or she has established an authenticated credit relationship, " subsequent purchase transactions . . . consist simply of a product or service selection phase followed by a confirmation phase where each phase requires nothing more than a single mouse click to complete." Id. at 8:64-9:3.
Accordingly, the '772 application seeks to patent an invention that makes commercial transactions over the Internet more convenient for end users, in that " [t]hey are able to purchase things on subsequent visits to the Web site without having to present all of their credentialed information." Trial Tr. at 63:4-9; see also id. at 62:8-10. The '772 application does not describe, implement, or add any unknown security features beyond what was already known to those of ordinary skill in the art in February 1996. See id. at 189:23-190:8.
2. Scope and Content of the Prior Art
The USPTO relied on three prior art references in support of its final rejection of claim 1 of the '772 patent as obvious: (1) the APA described in the '915 patent specification, (2) the Blumer patent, and (3) the Levergood patent. A.R. at A2903.
The '915 patent specification describes persistent cookies as follows:
A facility known as persistent client-side cookies has been introduced to provide a way for server systems to store selected information on client systems. Cookies are created at the discretion of the server system in response to specific client URL requests. Part of the server response is a cookie consisting of a particularly formatted string of text including a cookie identifier, a cookie path, a server domain name and, optionally, an expiration date, and a secure marker. The cookie is automatically discarded by the client system based on the expiration date. If the secure marker is present, then the cookie is only returned to a server system during a secure transaction. Where [sic] a URL client request [sic] made by the client, the cookie paths and domain names of cookies stored by the client are compared with those of the URL request. Cookies with matching paths and domain names are passed with the client URL request to the server system. Any text associated with the identifier is also passed back to the server system. In Internet purchasing applications, the identifiers and associated text can be used to store information about the current purchase selections.
Id. at 3:13-32. The examiner relied on this description in rejecting the '772 reissue application as obvious. See A.R. at A2903-04. Specifically, the examiner noted that " as stated in applicant's APA, the URLs implicitly referring to persistent predetermined identifiers . . . were old and well known in the art." A.R. at A2904 (citing '915 patent at 3:15-30).
The examiner did not expressly rely on the '915 patent's APA to address security concerns; however, because much of the testimony at trial addressed what a person of ordinary skill in the art would have known or believed about Internet security protocols in February 1996, it bears noting that the '915 patent specification's section on related art also describes SSL in detail:
An exemplary security system utilized by conventional HTTP browsers and servers is known as the secure sockets layer (SSL). The secure sockets layer defines and implements a protocol for providing data security layered under various application protocols, such as HTTP in particular, and over a conventional TCP/IP communications stack. The secure sockets layer protocol discretely
provides the potential for data encryption, server authentication, message integrity, and client authentication for supported protocol connections over a TCP/IP connection. In use, the secure sockets layer is implemented at both the client browser and server ends of a network connection. A conventional uniform resource locator (URL), utilizing " https" as the secure HTTP protocol identifier, is issued by the client browser to specifically request a secure client/server session. A series of handshake transactions are provided to negotiate the establishment of the secure session including performing an encryption key exchange that is used in an encryption algorithm implemented by both the client-side and server-side secure sockets layers.
'915 patent at 2:1-19. The specification concludes that " commercial use of the Web to sell products and services practically requires the establishment of a forms based user identification scheme, typically based on user name and password, by the server system to securely identify and re-identify a specific client user," id. at 2:33-37. Accordingly, the APA in the '915 patent specification discloses persistent cookies, SSL, and combining the two through the secure marker attribute of cookies.
Although the Blumer patent  teaches sending information from a client web browser to a web server through the HTTP " entity body," rather than through the URL or through a cookie, it is relevant prior art because it would have disclosed to one of ordinary skill in the art that information could be passed between a web server and a web browser outside of the URL, and specifically through the entity body. See also Trial Tr. at 104:21-105:15, 132:6-16, 166:1-4, 192:8-19.
The Levergood patent describes " methods for controlling and monitoring access to network servers," specifically " client-server sessions over the Internet involving hypertext files," and assures that only authorized users are able to view controlled content by appending a session identification (SID) to the request from client to server " within a session of requests." PX 7 at abstract, 3:7-15, 3:18-20. The " preferred embodiment" of this invention " involves returning the SID from the server to the client upon an initial service request made by the client." Id. at 3:16-18. In this preferred embodiment, when a user requests a controlled file (for example, " http://content.com/report" ) with no SID included in the request, the server will authorize the user (for example, by asking for a username and password or, for a new user, by asking for account information), and if the authorization is successful, the server will then generate a SID. Id. at 3:21-32, 5:46-52, 6:36-7:13.
The description in the Levergood patent of the generation of the SID is of particular importance to this litigation because it is the focal point of Disney's argument about persistence. On this point the specification provides:
A valid SID typically comprises a user identifier, an accessible domain, a key identifier, an expiration time such as date, the IP address of the user computer, and an unforgettable digital signature such as a cryptographic hash of all of the other items in the SID encrypted with a secret key.
Id. at 3:33-37. More specifically, the specification states:
The preferred SID is a sixteen character ASCII string that encodes 96 bits of SID data, 6 bits per character. It contains a 32-bit digital signature, a 16-bit expiration date with a granularity of one hour, a 2-bit key identifier used for key management, an 8-bit domain comprising a set of information files to which the current SID authorizes access, and a 22-bit user identifier. The remaining bits are reserved for expansion. The digital signature is a cryptographic hash of the remaining items in the SID and the authorized IP address which are encrypted with a secret key which is shared by the authentication and content servers.
Id. at 5:54-65.
The Levergood patent further provides that after the SID has been generated, the server inserts the SID into the controlled file URL, resulting in a URL such as " http://content.com/[SID]/report," and redirects the user's web browser to that URL. Id. at 3:37-42, 5:52-54. When a user requests a controlled file with a SID included in the request, as in the URL above, it will " validate the SID" ; if the SID is valid, the controlled file will be sent to the client for display. Id. at 3:44-49. In the preferred process, validation proceeds as follows:
(1) [T]he SID's digital signature is compared against the digital signature computed from the remaining items in the SID and the user IP address using the secret key shared by the authentication and content servers; (2) the domain field of the SID is checked to verify that it is within the domain authorized; and (3) the EXP field of the SID is checked to verify that it is later than the current time.
Id. at 6:9-16.
Disney contends that Levergood's use of the user's IP address in generating and validating a SID means that the SID inherently cannot persist between web browsing sessions. Specifically, because most users receive dynamically assigned IP addresses, a user will almost certainly have a new IP address in each ISP session, and will often have a new IP address in each web browsing session. Consequently, the SID generated using the user's old IP address in an earlier ISP or web browsing session will not be valid in a new session because it does not match the user's new IP address, which is checked during validation. See Trial Tr. at 60:20-61:5, 140:18-25. Under Disney's theory, this quality differentiates the Levergood invention from the invention Disney claims in the '772 application because the Levergood invention is " inherently session-oriented," Trial Tr. at 140:24, whereas Disney's invention uses persistent cookies that last across web browsing and ISP sessions.
This contention relies on an overly specific view of the Levergood patent. Although Levergood's specification describes the " typical" and " preferred" means for generating SIDs and the fields used in that process, the actual claims do not impose any requirements on the fields to be used. See id. at 115:2-15 (reciting a method comprising steps including " returning a session identifier from the server system to the client," but including no steps for the generation of that session identifier). Significantly, although some of the dependent claims in the Levergood patent recite methods wherein a user identifier and expiration time are included in the session identifier, see id. at 115:16-19 (claims 2 and 3), 116:1-4 (claims 14 and 15), none of the claims recite a limitation relating to the user's IP address.
Moreover, nothing in the Levergood invention requires the IP address to be used when generating the SID. Disney's expert testified that including the user's IP address
as a field when generating a SID is " an ideal way to protect the SID." Trial Tr. at 52:20. If a third party stole a user's SID and attempted to use it to view restricted content, the third party would be unable to gain access because his or her IP address would not match that of the original user. See id. at 52:17-53:9. Although generating a SID without including the user's IP address may result in the loss of some security, there is no technical requirement that the SID generation process include the user's IP address. Because a SID generated without using an IP address would still perform its primary function, which " is to securely reidentify a user without having the user necessarily go through a laborious process with each page access and to provide a convenient access to restricted or protected domains or . . . Web pages," Trial Tr. at 165:17-21, the Levergood invention would also continue to perform its core purpose, which is to " control and monitor access to network servers," Levergood patent at abstract.
Accordingly, if the only impediment to persistence across web browsing sessions is the inclusion of the user's IP address in the generation of the SID, a person of ordinary skill in the art could exercise his or her common sense and generate a SID without including the IP address. The decrease in security would simply have to be weighed against the increased convenience of persistence across web browsing sessions.
The factual predicate underlying Disney's argument is also not sound. Static IP addresses were available to the public in February 1996, although most users' IP addresses were dynamically assigned. Trial Tr. at 160:13-161:11. There is also evidence in the Levergood patent that the inventor thought of a user's IP address as a relatively static variable. See, e.g., Levergood patent at 6:60-63 (" A preferred account database may include a user profile which includes information for identifying purposes, such as client IP address and password" ); see also Trial Tr. at 161:15-162:9. Accordingly, Disney's reading of the Levergood patent is incorrect.
Disney's position is further undercut by " another embodiment" in the Levergood patent, in which:
[A] server access control may be maintained by programming the client browser to store an [sic] SID or a similar tag for use in each URL call to that particular server. This embodiment, however, requires a special browser which can handle such communications and is generally not suitable for the standard browser format common to the Web.
Id. at 4:24-31. Disputes over the teaching of this alternative embodiment have been the focus of much of the instant proceeding as well as the administrative proceedings before the USPTO.
Disney's position in the instant litigation is that this alternative embodiment is designed to " offload" some of the functionality of the server. The Levergood patent provides that the server may insert the SID into appropriate URLs in the generated webpage, thereby dynamically creating URLs that include the SID, such as " http://content.com/[SID]/report." This process allows users to access controlled content without having to re-enter their credentials because when a user clicks a URL that already includes a valid SID, the server will allow him or her to access the restricted content without further authentication. See Levergood patent at 4:7-18, 6:17-26. According to Disney's expert witness, Levergood's alternative embodiment is designed to remove this process from the server and shift it to a specialized web browser that can store the SID and insert
it into appropriate URLs. In his view, this embodiment allows the SID to be " maintained" across HTTP sessions, although the SID is not " persistent" across web browsing sessions. See Trial Tr. at 67:6-69:15, 122:14-24, 124:2-7.
The administrative record shows that Disney took a different position before the USPTO. Specifically, Disney argued before the Board that:
Levergood proposes and teaches two specific embodiments, a first embodiment, where the identifier is overwritten and is not persistent, and uses a standard browser, and a second embodiment, where the identifier is persistent and not overwritten, but must use a special browser to achieve persistency.
A.R. at A3016. Disney therefore conceded before the USPTO that in this alternative embodiment of the Levergood patent, the SID is " persistent and not overwritten." Disney also conceded before the Board that this alternative embodiment would allow " storing of the SID and reusing it for another session." A.R. at A3016; see also A.R. at A3017 (arguing that Levergood " warns one of ordinary skilled [sic] in the art that storing the SID for use in subsequent sessions requires a special browser" ).
The position of the USPTO, as adduced through its expert's testimony, is that this alternative embodiment is one of multiple pieces of evidence supporting the conclusion that Levergood's SID can persist across web browsing sessions. This litigation position is consistent with the USPTO's reasoning in the administrative record, and specifically is consistent with the examiner's stated reasons for rejecting Disney's persistency argument in 2010. See A.R. at A2634.
The USPTO's expert's testimony is entitled to greater weight than the testimony of Disney's expert based on the extensive administrative record. Disney raised its current " persistency" argument only once before the USPTO. See A.R. at A2591-94. At other times, Disney sought to distinguish its invention from the Levergood patent by arguing that in its invention, (1) the web page is served before account validation, whereas in Levergood validation precedes the serving of the web page, see A.R. at A2002-18, and (2) the identifier is not included within the URL, whereas Levergood requires that the URL be modified, see A.R. at A2680-81, A2892-95, A2956-57. Moreover, Disney conceded before the Board that Levergood's alternative embodiment allows the SID to persist across " sessions," although Disney did not clarify what kind of session it meant. Nevertheless, the shifting and sometimes inconsistent positions that Disney has taken with respect to the persistency of the Levergood SID, in contrast with the consistent position of the USPTO, leads the Court to conclude that the USPTO has the stronger position.
Finally, even if the Court were to accept Disney's position about this alternative Levergood embodiment, it would make no material difference. Disney's position is that the " special browser" in the alternative Levergood embodiment is adapted to store the SID and insert it into appropriate URLs, thus ensuring that the SID persists across multiple HTTP sessions. Once there is a mechanism for the SID to persist across HTTP sessions, it would be obvious to one of ordinary skill in the art that it would be useful for the SID to persist across web browsing sessions as well, and a person of ordinary skill in the art in February 1996 had the tools necessary to predictably accomplish this goal.
3. Differences Between the Claimed Invention and the Prior Art
Disney's expert witness testified that he found four differences between the claimed
invention and the Levergood patent, specifically:
1. The claimed invention is " a method for performing purchase transactions," whereas the Levergood invention is " a method for securing sessions." Trial Tr. at 64:13-15.
2. The claimed invention " uses persistent coded identifiers created before a Web browsing session to authenticate a user," whereas the Levergood invention uses SIDs " that are created only after a user is authenticated and only during a Web browsing session."
Id. at 64:16-20.
3. The claimed invention " works independent of a user's IP address," whereas the Levergood invention " is entirely dependent upon the user's IP address." Id.
Id. at 65:5-7.
The first difference enumerated by Disney's expert is not material to the obviousness analysis because the purposes of the Levergood patent and Disney's claimed invention are functionally related. Both require a process to verify that the user seeking access is entitled to that access, regardless of whether the user is seeking to access restricted content or to make a purchase using previously entered payment information. That such a process is applied in different contexts, specifically in the Levergood invention to control access to restricted content and in Disney's claimed invention to make commercial transactions more convenient, is not evidence of non-obviousness. Cf. KSR, 550 U.S. at 417 (" [I]f a technique has been used to improve one device, and a person of ordinary skill in the art would recognize that it would improve similar devices in the same way, using the technique is obvious unless its actual application is beyond his or her skill." ).
The remaining three differences enumerated by Disney's expert are not supported by the evidence. First, although the Levergood patent provides for the creation of a SID only after the end user has entered his or her credentials, Disney's claimed invention also requires the user to at least register a username and password before the cookie containing the " persistent, predetermined coded identifier" will be issued by the web server. See '915 patent at 7:64-8:12 (registration). Accordingly, the Court finds no substantive distinction between the Levergood invention and the claimed invention on this basis. See also Trial Tr. at 194:1-14; A.R. at A2053.
Second, as discussed earlier, the Levergood invention is not " entirely dependent on the user's IP address," Trial Tr. at 65:3-4, because the claims of the Levergood patent do not require the IP address to be used to generate the SID.
Finally, although the ability to separate authorization and content serving into different domains is a benefit of the Levergood invention, it is not necessary to its function. The invention still works if web servers running on the same domain authorize the user and serve the controlled content. Claim 1 of the Levergood patent supports this conclusion, as that claim requires only a single client browser and a single server. See Levergood patent at 115:2-15; Trial Tr. at 171:8-172:2. Disney's argument that Levergood is a " two-domain system," whereas its claimed invention
is a " one-domain system" therefore fails.
The Court recognizes that Disney's claimed invention stores a " persistent predetermined coded identifier" in a persistent cookie, whereas the Levergood invention inserts a SID into a URL. This difference, however, is not sufficiently substantial to render the claimed invention non-obvious to one of ordinary skill in the art in February 1996. A person of ordinary skill in the art in February 1996 would have been aware that the Levergood SID was conceptually related to cookies. Specifically, the Levergood SID includes a user identifier, the content web server domain, an expiration attribute, and a digital signature that is used to address security concerns. Cookies also include an identifier, a web server domain, an expiration attribute, and a secure marker that is used to address security concerns. Moreover, a Fall 1995 paper lists session identifiers and cookies as two methods for accomplishing the same goals, one example of which is tracking users across multiple web pages. See DX 18, at PTO-000450. Accordingly, a person of ordinary skill in the art would have known that HTTP cookies were an alternative means of implementing the basic function accomplished by Levergood's SID, which is to allow an authorized user to access controlled web pages without forcing that user to re-authenticate with every click.
Moreover, combining the APA in the '915 patent, the Blumer patent, and the Levergood patent would have taught one of ordinary skill in the art in February 1996 that there were a limited number of methods for passing information between a web client browser and a web server, including: (1) through the URL, as in the Levergood patent, (2) through cookies, as in the APA cited in the '915 patent, and (3) through other HTTP headers, including the entity body, as in the Blumer patent. See Trial Tr. at 166:1-8. The testimony of the USPTO's expert on this issue carries significant weight, not only because it is uncontroverted in the record, but also because it accords with the consistent position of the USPTO during the administrative proceedings. See, e.g., A.R. at A2697. Because there were a " finite number of identified, predictable solutions," a person of ordinary skill in the art would have had " good reason to pursue the[se] known options," all of which were " within his or her technical grasp." KSR, 550 U.S. at 421. Storing the SID or a similar identifier in a persistent cookie instead of inserting it into the URL would accordingly have been an obvious step.
Disney's expert testified that one of ordinary skill in the art would never have stored user-identifying information in a persistent cookie due to the security concerns surrounding cookies in February 1996; however, such storage is taught by Disney's '772 application. Disney argued in its closing argument that its invention was creative precisely because it disregarded the security concerns about cookies, and Disney's expert witness testified that such disregard could have been motivated by optimism about future security innovations. Trial Tr. at 96:4-7 (" I think the inventor of the Disney patent can look at things more optimistically and know that some of the failings even as he describes his invention will be solved in the future." ); id. at 232:5-23 (" This path that Disney took was contrary to what everybody was saying to do, and that's the classic paradigm of teaching away." ).
This contention deserves little weight. As discussed above, SSL and cookies' secure marker together ameliorate the most significant security concern. Moreover, around the time of the claimed invention in
February 1996, the idea of putting account-identifying information in a persistent cookie was being discussed in the field. See, e.g., DX 14 at 10:25-28; DX 19 at PTO-000461 (describing cookies' secure marker as " [i]ndicat[ing] whether cookie transmission requires a secure channel (a password or credit card number, for example)" ); see also Trial Tr. at 130:13-25 (testifying that the Montulli patent disclosed that cookies can store a customer identifier as well as registration and billing information, and could be used for shopping).
Applying the obviousness standard to these findings of fact, the Court concludes that the invention described by the pending claims in Disney's '772 application would have been obvious to a person of ordinary skill in the art in February 1996. Specifically, a person of ordinary skill in the art at that time would have known about persistent cookies, and would have known that the most significant security concern about storing sensitive information in them could be ameliorated by combining cookies' secure marker with SSL. A person of ordinary skill in the art would also have known that cookies were conceptually related to the Levergood SID, in that they were two alternative methods for identifying users and included essentially the same fields. When a person of ordinary skill in the art read in Levergood that " server access control may be maintained" across sessions only through use of a specially programmed browser, that person would have been motivated to find a method for maintaining such server access control in a standard web browser. Adapting the Levergood invention to work with persistent cookies, which were known to be one of a limited number of methods to communicate information between web servers and web browsers, would have been " the predictable use of prior art elements according to their established functions." KSR, 550 U.S. at 417.
The Court therefore concludes that Disney has not carried its burden of establishing that it is entitled to receive a reissue patent on the pending claims (1-22, 90-119, 123-130, 132-143, 145-146) of the '772 application. Accordingly, judgment will be entered in favor of the defendant by an Order to be issued with this Memorandum Opinion.