Plausible Deniability

As reported elsewhere, a patent infringement lawsuit filed in the Eastern District of Texas has set its sights on the biggest names in the security industry, including Microsoft, Symantec, McAfee, Trend Micro, Sophos, Check Point and a slew of other security firms. The suit, filed on Dec. 30, 2008, is on behalf of that IT security stalwart Information Protection and Authentication of Texas LLC (Wait…WHO?!?!), a company that appears to exist solely for the purpose of exercising its patent ownership rights in court. At issue are two separate patents filed in the early 1990s and granted in 1994 and 1995, respectively, to one Addison Fisher of Naples Florida. They’re broadly written and appear to cover methods for doing application behavior monitoring and application control. The patents describe a method by which a “system monitor” limits the execution of other applications to “predefined resources (e.g., data files, disk writing capabilities, etc.)” which are defined as “program authorization information” or PAI. Once defined for an application, PAI is monitored while programs are running to confirm that the operation is within the defined program limits and to prevent actions that fall outside the authorized limits.

The firms named in the suit are a Who’s Who of enterprise IT security: Microsoft, Symantec, McAfee, Trend Micro, Check Point, Sophos, CA, Kaspersky, Novell, F-Secure, ESET, Webroot, PC Tools, Comodo, and so on. What’s surprising to us is that the suit doesn’t extend to application whitelisting vendors like Bit9, Solidcore, Websense and so on — especially given that the patents explicity mention methods of application control that involve “including a digital hash of said program to be executed as part of the program authorization information data structure,” but the owners might have figured there are plenty of dollars to shake loose from the companies named.

While Protection and Authentication of Texas LLC may be hoping for a quick payout of “leave us alone” money, we’re expecting the parties named to fight this one hard. First of all, they can. Second, recent Supreme Court rulings appear to be on their side — with the High Court ruling unanimously in recent years to take a tougher stand on so-called patent “obviousness.” The key case here is KSR vs. Teleflex, which was handed down in April, 2007 and overturned lower court rulings that were based on previous patent law standards that made it difficult to challenge granted patents on the grounds that they covered “obvious” applications of existing technologies or ideas — not really new inventions. While its unclear how novel the Texas company’s patents are, the legal environment has certainly changed from recent years, and the company can expect to face well financed defendents.  

We’ll be watching this one to see how it turns out.