SRI International Inc. v. Internet Security Systems, Inc.

456 F. Supp. 2d 623, 2006 U.S. Dist. LEXIS 75081, 2006 WL 2949142

• Court: District Court, D. Delaware
• Decided: October 17, 2006
• Docket: 04-1199 SLR
• Status: Published

Opinion

MEMORANDUM OPINION

SUE L. ROBINSON, Chief Judge.

I. INTRODUCTION

Plaintiff SRI International, Inc. (“SRI”) brought suit against defendants Symantec Corporation (“Symantec”) and Internet Security Systems, Inc. 1 (“ISS”) charging infringement of four patents: United States Patent Nos. 6,484,203 (“the ’203 patent”), 6,708,212 (“the ’212 patent”), 6,321,338 (“the ’338 patent”), and 6,711,615 (“the ’615 patent”). 2

Currently before the court is defendants’ motion for summary judgment that each of the four patents in suit is invalid pursuant to 35 U.S.C. § 102 and § 103. (D.I.297) Defendants’ invalidity arguments may be summarized as follows:

1. A publication entitled “EMERALD: Event Monitoring Enabling Responses to Anomalous Live Disturbances” (“EMERALD 1997”) anticipates the asserted claims of the ’203, ’212, and ’615 patents pursuant to 35 U.S.C. § 102;

2. In the alternative, EMERALD 1997 in combination with a publication entitled “A Method to Detect Intrusive Activity in a Networked Environment” (“Intrusive Activity 1991”) renders the asserted claims of the ’203 and ’615 patents obvious pursuant to 35 U.S.C. § 103;

3. A publication entitled “Live Traffic Analysis of TCP/IP Gateways” (“Live Traffic”) anticipates the asserted claims of all of the patents in suit pursuant to 35 U.S.C. § 102;

4. In the alternative, Live, Traffic in combination with EMERALD 1997 renders claims 4, 11, 15 and 22 of the ’203 patent, claims 6, 13, 17, and 24 of the ’212 patent, and claims 4, 12, 16, 23, 37, 43, 47, and 53 of the ’615 patent obvious pursuant to 35 U.S.C. § 103; and

5. A publication entitled “Architecture Design of a Scalable Intrusion Detection System for the Emerging Network Infrastructure” (referred to as the “JiNao Report”) anticipates the asserted claims of the patents in suit pursuant to 35 U.S.C. § 102.

(D.I. 299 at 5-6)

Also before the court are additional motions on overlapping and/or related issues regarding the validity of the patents in suit, specifically: defendants’ motion for summary judgment of invalidity for failure to disclose best mode according to 35 U.S.C. § 112 (D.I.282); and plaintiffs motions for partial summary judgment of no anticipation by the EMERALD 1997 publication (D.I.276), 3 no anticipation based on combinations of additional prior art references which may be asserted by defendants at trial (D.I.279), and that the Live Traffic paper is not a printed publication pursuant to 35 U.S.C. § 102(b) (D.I.270). Also before the court is defendant ISS’s motion to preclude plaintiff from disputing evidence that the Live Traffic paper qualifies as a § 102(b) printed publication based on plaintiffs conduct during discovery. (D.I.364)

For the following reasons, defendants’ motion for summary judgment of invalidity (D.I.297) is granted.

II. BACKGROUND

The patents in suit relate to the monitoring and surveillance of computer networks for intrusion detection. In particular, the patents in suit teach a computer-automated method of hierarchical event monitoring and analysis within an enterprise network that allows for real-time detection of intruders. Upon detecting any suspicious activity, the network monitors generate reports of such activity. The claims of the ’203 and ’615 patents focus on methods and systems for deploying a hierarchy of network monitors that can generate and receive reports of suspicious network activity.

To detect attacks which do not possess deterministic signatures or to detect previously unknown (new) attacks, the patents in suit disclose the use of statistical detec tion methods on network data. The claims of the ’338 patent are directed to a particular statistical algorithm for detecting suspicious network activity. The claims of the ’212 patent combine both the use of statistical detection methods and a hierarchical architecture of network monitors.

The patents in suit share a common specification and priority date of November 9, 1998. 4 (D.I.301, exs.A-D) The critical date is November 9, 1997 for purposes of 35 U.S.C. § 102(b).

A. The Live Traffic Paper

In 1997, the Internet Society 5 (“ISOC”) announced a conference to be held in March 1998, called the “Symposium on Network and Distributed System Security” (“SNDSS”). (D.I.272, exs.A-C) The ISOC posted a call on its website for papers for consideration as possible presentations at the SNDSS. (Id., exs. B, C) The ISOC website directed that such papers be sent to Matt Bishop, Program Chair for the SNDSS. (Id., ex. B)

On August 1,1997, Phillip Porras, one of the named inventors of each of the patents in suit, sent an email to Mr. Bishop in response to the ISOC’s call for papers. (D.I.368, ex. E) Mr. Porras emailed Mr. Bishop the Live Traffic paper, which was authored by him and Alfonso Valdes, the same inventors of each of the patents in suit. (Compare D.I. 301, ex. H with exs. A-D) Mr. Porras’s email contained both the full text of the Live Traffic paper, 6 as well as a link to a FTP 7 site where the Live Traffic paper was posted. (D.I. 271 at 2; D.I. 368, ex. E) In the same email, Mr. Porras indicated that the article would remain on the FTP site for about one week. (D.I.368, ex. E) The internet address for the article was ftp://ftp.csl.sri.com/pub/em-eraldfndss98.ps. (Id.)

In addition to the FTP site, plaintiff maintained a world wide web (“WWW”) site 8 on which it placed information on “The EMERALD Project.” 9 (D.I.368, ex. R) The record includes a document which reflects the contents of The EMERALD Project webpage captioned “Current Downloads as of (8/25/97).” (D.I.368, ex. Q) Among the “downloads” identified is a link to a HTML version of the Live Traffic title, dated August 1,1997.(Id.) The parties dispute that the Live Traffic paper was actually posted to plaintiffs WWW site, whether the HTML weblink was actually operable or active and, assuming so, the nature of the contents of the document or file contained thereon. (D.I. 367 at 6-8; D.I. 377 at 9-10)

It is undisputed, however, that on November 10, 1997, the day after the critical date, a version of the Live Traffic paper was published on plaintiffs WWW site. (D.I. 271 at 3; D.I. 272, ex. F) The patents in suit issued from a common application filed November 9, 1998. (D.I.301, exs.A-D) The Live Traffic paper was incorporated by reference into the text of the specification common to all four patents. 10 (See, e.g., id., ex. A col. 12 11. 61-65)

Plaintiff concedes that the Live Traffic paper, if satisfying the requirements for a printed publication under § 102(b), anticipates all claims of all patents in suit. Rather, plaintiff contests only that the Live Traffic paper is prior art pursuant to that section. 11 (D.I. 389 at 17-21) Plaintiff asserts that summary judgment is appropriate because there are no genuine issues of material fact which could alter the conclusion that the Live Traffic paper is not statutory prior art. (D.I. 377 at 7) Defendants assert that summary judgment is appropriate because it is beyond genuine dispute that the Live Traffic paper was published prior to the critical date. (D.I. 299 at 3-4)

B. EMERALD 1997

Mr. Porras and Peter G. Neumann, on behalf of plaintiff, published a conceptual overview of the EMERALD system in December 1996. (D.1.301, ex. JJ) In October 1997, the authors published a more thorough account of the EMERALD system in EMERALD 1997. (Id., ex. E) EMERALD 1997 was before the patent examiner during prosecution of the ’338 patent, from whose application the remaining patents in suit were derived, and is listed as a reference on the face of the ’212 and ’615 patents. (Id., exs. A, B, & D)

Within the text of EMERALD 1997 are twenty-four citations to outside references. (Id. at 365) Two of those references included the Intrusive Activity 1991 reference, of separate authorship, and a paper entitled “The NIDES Statistical Component Description and Justification” (“NIDES/Stats”), by Harold S. Javitz and Alfonso Valdes. (D.I.301, ex. G) Mr. Valdes, along with Mr. Porras, are named inventors on each of the patents in suit. (Id., exs. A-D)

Defendants assert that summary judgment is appropriate because there are no genuine issues of material fact which could alter the conclusion that EMERALD 1997 anticipates the asserted claims of the ’203,-’212, and ’615 patents. (D.I. 299 at 5, 22-30) Additionally, defendants assert that summary judgment is appropriate because it is beyond dispute that the disclosure of EMERALD 1997, combined with Intrusive Activity 1991, render the asserted claims of the ’203 and ’615 patents obvious pursuant to 35 U.S.C. § 103. (Id. at 5, 30-32) Plaintiff disputes that EMERALD 1997 anticipates the claims of the ’203 and ’615 patents, or that EMERALD 1997 is sufficiently enabling as to anticipate the asserted claims of the ’212 patent under section 102. (D.I. 339 at 6-9, 14-17) Plaintiff brings its own motion for partial summary judgment that EMERALD 1997 does not anticipate the asserted claims of the ’203,-’338, or ’615 patents. (D.I. 276; D.I. 277 at 3) With respect to obviousness, plaintiff asserts that defendants have not met their burden with respect to a motivation to combine EMERALD 1997 with Intrusive Activity 1991. (D.I. 339 at 10-14)

III. STANDARD OF REVIEW

A court shall grant summary judgment only if “the pleadings, depositions, answers to interrogatories, and admissions on file, together with the affidavits, if any, show that there is no genuine issue as to any material fact and that the moving party is entitled to judgment as a matter of law.” Fed.R.Civ.P. 56(c). The moving party bears the burden of proving that no genuine issue of material fact exists. See Mat-sushita Elec. Indus. Co. v. Zenith Radio Corp., 475 U.S. 574, 586 n. 10, 106 S.Ct. 1348, 89 L.Ed.2d 538 (1986). “Facts that could alter the outcome are ‘material,’ and disputes are ‘genuine’ if evidence exists from which a rational person could conclude that the position of the person with the burden of proof on the disputed issue is correct.” Horowitz v. Fed. Kemper Life Assurance Co., 57 F.3d 300, 302 n. 1 (3d Cir.1995) (internal citations omitted). If the moving party has demonstrated an absence of material fact, the nonmoving party then “must come forward with ‘specific facts showing that there is a genuine issue for trial.’ ” Matsushita, 475 U.S. at 587, 106 S.Ct. 1348 (quoting Fed.R.Civ.P. 56(e)). The court will “view the underlying facts and all reasonable inferences therefrom in the light most favorable to the party opposing the motion.” Pa. Coal Ass’n v. Babbitt, 63 F.3d 231, 236 (3d Cir.1995). The mere existence of some evidence in support of the nonmoving party, however, will not be sufficient for denial of a motion for summary judgment; there must be enough evidence to enable a jury reasonably to find for the nonmoving party on that issue. See Anderson v. Liberty Lobby, Inc., 477 U.S. 242, 249, 106 S.Ct. 2505, 91 L.Ed.2d 202 (1986). If the nonmoving party fails to make a sufficient showing on an essential element of its case with respect to which it has the burden of proof, the moving party is entitled to judgment as a matter of law. See Celotex Corp. v. Catrett, 477 U.S. 317, 322, 106 S.Ct. 2548, 91 L.Ed.2d 265 (1986).

IV. DISCUSSION

A. The Live Traffic Paper — Anticipation

The “printed publication” bar of 35 U.S.C. § 102 states:

“A person shall be entitled to a patent unless-

(b) the invention was patented or described in a printed publication in this or a foreign country ... more than one year prior to the date of the application for patent in the United States .... ”

“The bar is grounded on the principle that once an invention is in the public domain, it is no longer patentable by anyone.” In re Bayer, 568 F.2d 1357, 1361 (Cust. & Pat.App.1978).

The touchstone in determining whether a reference constitutes a “printed publication” under 35 U.S.C. § 102(b) is “public accessibility.” In re Hall, 781 F.2d 897, 899 (Fed.Cir.1986) (citing In re Bayer, 568 F.2d at 1359; In re Wyer, 655 F.2d 221, 224 (Cust. & Pat.App.1981)). “A given reference is ‘publicly accessible’ upon a satisfactory showing that such document has been disseminated or otherwise made available to the extent that persons interested and ordinarily skilled in the subject matter or art exercising reasonable diligence, can locate it and recognize and comprehend therefrom the essentials of the claimed invention without need of further research or experimentation.” Bruckelmyer v. Ground Heaters, Inc., 445 F.3d 1374, 1378 (Fed.Cir.2006) (citing In re Wyer, 655 F.2d at 226); See also Constant v. Advanced Micro-Devices, Inc., 848 F.2d 1560, 1568 (Fed.Cir.1988) (“Accessibility goes to the issue of whether interested members of the public could obtain the information if they wanted to.”). The determination of whether a reference is a “printed publication” under § 102(b) involves a case-by-case inquiry into the facts and circumstances surrounding the reference’s disclosure to persons of skill in the art. In re Cronyn, 890 F.2d 1158, 1161 (Fed.Cir.1989); In re Hall, 781 F.2d at 899.

Plaintiff argues that the Live Traffic posting on the FTP site was not publicly accessible. (D.I. 271 at 5-7) Plaintiff states that the paper “could only be ‘requested’ by specifying its complete FTP address (ftp://ftp. csl. sri. com/pub/emer aldlndss98.ps) which bears no discernable relationship to either its author or the nature of its specific subject matter.” (Id. at 7) Further, plaintiff argues that defendants cannot identify any evidence that the FTP posting was classified or indexed, or otherwise searchable. (Id. at 6) Therefore, according to plaintiff, the only way that a person of ordinary skill in the art could have located the FTP posting was by “dumb luck,” or having been informed of the FTP link by either Mr. Porras, Mr. Bishop, or someone involved in the review of papers for the SNDSS. (Id.) That is, “the fact that persons may have been aware of the site does not suggest, let alone establish, that they could have found the particular document in question on that site unless specifically directed to it.” (D.I. 377 at 8)

The evidence of record indicates that the ftp://ftp.csl.sri.com site was publicly accessible. 12 (D.I. 368, ex. D at 16:24-17:1) On several occasions, Mr. Porras provided this FTP web address to other members of the intrusion detection community both in presentations and via email. (D.I. 368, exs. G, H & K) Mr. Porras testified that he provided links to this FTP site at least as early as January 1997 specifically to inform colleagues of where they could find materials on EMERALD. (D.I. 368, ex. D at 57:16-61:18) In such instances, Mr. Porras provided specific links to documents within the FTP site, for example, directing an individual to “ftp.csl.sri.com under /pub/emeraldLps.” (D.I. 368, ex, H at SRIF-0051584)

The record also contains evidence that the FTP site was commonly referenced by individuals on Google Groups 13 prior to the critical date. (D.I.368, ex. M) Additionally, there is evidence of record that plaintiffs FTP site was interchanged as a source of information on computer technology prior to 1997, on another online newsgroup forum maintained by Risks Digest. 14 (D.I. 368, exs. O & P)

Defendants acknowledge that several steps are necessary to navigate from the ftp://ftp.csl.sri.com site to the Live Traffic paper. Upon accessing the site, a user must first choose the latter of two folders, “dev” and “pub,” on the index page. (D.I. 367 at 3; D.I. 368, ex. F) Once in the “pub” folder, the “emerald” folder appears among a list of project folders. (D.I.368, ex. F) The “ndss98.ps” file sent by Mr. Porras to Mr. Bishop was posted on the “emerald” page, as indicated by the filen-ame (ftp:/,’/ftp. cslsri. com/pub/emer- aldhidss98.ps). (D.I.368, ex. E)

Defendants state that the “pub” folder contained “an indexed list of projects including EMERALD.” (D.I. 367 at 3) The snapshot of the contents of the “pub” folder provided by defendants shows that file names were listed within this folder by alphabetical order (“anetd,” “dsa,” “emerald,” “pvs,” “reports,” and “users”). 15 (D.I. 368 at ex. F) Indexing, however, is only a component of the “public accessibility” inquiry. In re Klopfenstein, 380 F.3d 1345, 1348 (Fed.Cir.2004). Accordingly, defendants argue that the FTP site “contained a logical grouping by project folders” (D.I. 367 at 10), such that a person of ordinary skill in the art, upon entering the website, could locate the project files for the EMERALD project, including the Live Traffic paper. (D.I. 367 at 3-5)

The court finds defendants’ arguments convincing. It is not genuinely disputed that ftp://ftp.csl.sri.com was disseminated to members of the intrusion detection community prior to the critical date. Though the particular path and/or file name for individual papers varied (e.g. “/pub/emerald-oakland97.ps”, D.I. 368, ex. K), the ftp://ftp.csl.sri.com host name was common to every communication involving a FTP file location.

The patents at issue involve complex computer software technology, related to safeguarding internet access to computer networks. A person of ordinary skill in this art, having the FTP host address available to him/her, could readily navigate through two subfolders on a simple website and access the Live Traffic paper.

This is especially the case considering that the names of the folders themselves provided some guidance. The “/pub/” path name had been the path location of several other papers prior to 1997. (See, e.g., D.I. 368, ex. K at SRIF-0053367 (paper available “on ftp.csl.srl.com under /pub/emerald-oakland97.ps”)) Presented with only two folder options, “dev” and “pub,” a person of ordinary skill in the computer arts would likely enter the “pub” folder by process of simple elimination, because of its similarity as an acronym for “publications,” “published,” or “public” information, and/or because the “/pub/” path had been the location of useful articles on intrusion detection technology in the past.

Further, the Live Traffic paper was listed within the “emerald” subfolder. The evidence demonstrates, and the parties do not dispute, that persons of skill in the art were aware of EMERALD prior to the critical date. Plaintiff has worked and published works in the intrusion detection field since the 1980s. (D.I. 299 at 8; D.I. 301, ex. N) A paper entitled “EMERALD — Conceptual Overview Statement” was published by plaintiff in December 1996. 16 A person of ordinary skill in the art of intrusion detection technology would have known and recognized the “emerald” folder name as relating to plaintiffs work relating to developing intrusion detection systems and, therefore, likely containing materials relevant to that art. Additionally, the Live Traffic paper’s “ndss98.ps” filename gives some indication that its contents were relevant to the 1998 Symposium (SNDSS) and, thus, the field of intrusion detection technology. 17 Compare In re Cronyn, 890 F.2d at 1161 (thesis was not sufficiently accessible for purposes of § 102(b) where “the only research aid was the student’s name, which of course, bears no relationship to the subject of the student’s thesis.”).

“The statutory phrase ‘printed publication’ has been interpreted to give effect to ongoing advances in the technologies of data storage, retrieval, and dissemination.” In re Hall, 781 F.2d at 898 (citing In re Wyer, 655 F.2d at 226). In In re Hall, the court held that a “single catalogued thesis in one university library” at Frieburg University, Germany, constituted sufficient accessibility to those interested in the art exercising reasonable diligence. Id. at 899-900. As the court in American Stock Exchange, LLC v. Mopex. Inc. recently observed:

The need to flip through hundreds of documents, although time-consuming, clearly falls within the bounds of “reasonable diligence”. Surely, if a single copy of a doctoral dissertation maintained in one university library in Germany has been found to be “publicly accessible”, see In re Hall, 781 F.2nd at 899-900, so too is an application that is indexed in the Reference Room — the most logical place to look for prior art.

250 F.Supp. 2nd 323, 329 (S.D.N.Y.2003) (holding a document accessible only through the Public Reference Room at the Securities and Exchange Commission constituted a printed publication under § 102(b)). To a person of skill in the art, browsing a few folders on plaintiffs FTP site surely requires less effort than searching the libraries of the world or browsing hundreds of documents.

It is also noteworthy that Mr. Porras sent the Live Traffic paper not to a member of the general public, but to the ISOC (care of Mr. Bishop), for review by colleagues with knowledge and skills in the fields of internet security and intrusion detection. See In re Wyer, 655 F.2d at 222 (stating that “intent to make public” is one of several factors which “may aid in determining whether an item may be termed a ‘printed publication’ ”). Although there is no direct evidence of record as to Mr. Porras’s intent in submitting the Live Traffic paper to the ISOC, in the absence of any indication that the FTP site at issue was protected from public access (e.g., by encryption or password) or that Mr. Por-ras himself requested that the paper be kept confidential, 18 certainly it is logical to infer that the Live Traffic paper was meant to be, and was, in the public do main. 19 (D.I.368, ex. E)

For all of the aforementioned reasons, the court finds that a person of ordinary skill in the computer arts, in possession of plaintiffs ftp://fbp.csl.sri.com address which had been disseminated to the intrusion detection community, as well as the knowledge that plaintiff conducted extensive research in this area, could have, using reasonable diligence, located the “emerald” subfolder and ultimately the “ndss98.ps” Live Traffic paper posted to that site on August 1, 1997. Accordingly, plaintiffs motion (D.1.270) is denied. 20 Defendants’ motion for summary judgment of invalidity (D.I.297) is granted on this ground. Defendant ISS’s motion to preclude plaintiff from disputing the evidence establishing that Live Traffic is a § 102(b) invalidating reference (D.I.364) is denied as moot.

B. EMERALD 1997 — Anticipation

“A claim is anticipated only if each and every element as set forth in the claim is found, either expressly or inherently described, in a single prior art reference.” Verdegaal Bros. v. Union Oil Co. of California, 814 F.2d 628, 631 (Fed.Cir. 1987). Plaintiff does not argue that the EMERALD 1997 paper fails to disclose each of the limitations of the asserted claims of the ’212 patent. 21 (D.I. 339 at 14—16) Rather, plaintiff asserts that EMERALD 1997 cannot anticipate claim 1 of the ’212 patent because it does not provide an enabling disclosure of the claimed invention. (Id. at 14) Whether a prior art reference is enabling is a question of law based upon underlying factual findings. SmithKline Beecham Corp. v. Apotex Corp., 403 F.3d 1331, 1342-43 (Fed.Cir. 2005) (citation omitted). “[Wjithout genuine factual disputes underlying the anticipation inquiry, the issue is ripe for judgment as a matter of law.” Id.

The standard for enablement of a prior art reference for purposes of anticipation under section 102 differs from the enablement standard under 35 U.S.C. § 112. While section 112 provides that the specification must enable one skilled in the art to “use” the invention, section 102 makes no such requirement as to an anticipatory disclosure.

Significantly, ... anticipation does not require actual performance of suggestions in a disclosure. Rather, anticipation requires that those suggestions be enabled to one of skill in the art.

Novo Nordisk Pharmaceuticals, Inc. v. Bio-Technology General Corp., 424 F.3d 1347, 1355 (Fed.Cir.2005) (internal quotations and citations omitted).

In support of its position that EMERALD 1997 is not enabled, plaintiff offers only the declaration of its expert, Dr. George Kesidis, who opined that EMERALD 1997 was a “[m]ere statement of the intent to try” to create the now-patented statistical profiling techniques appropriate for analyzing network traffic on an enterprise network. (D.I. 340, ex. B at ¶ 24) Dr. Kesidis cites to evidence that creating these techniques “took significant resources, time, and experimentation” and, thus, EMERALD 1997’s expression of an “intent to try” would not have enabled one of ordinary skill “to actually make it so.” (Id) Dr. Kesidis provided no analysis regarding the alleged differences between EMERALD 1997 and the disclosure of the ’212 patent, nor any supporting evidence for his interpretation that EMERALD 1997 was a mere statement of an “intent to try.” (Id.)

Defendants contend that both EMERALD 1997 and the specification of the ’212 patent contain similar descriptions of the use of NIDES algorithms for statistical detection. The specification of the ’212 patent states:

The profile engine 22 can use a wide range of multivariate statistical measures to profile network activity indicated by an event stream. A statistical score represents how closely currently observed usage corresponds to the established patterns of usage. The profiler engine 22 separates profile management and the mathematical algorithms used to access the anomaly of events. The profile engine 22 may use a statistical analysis technique described in A. Valdes and D. Anderson, “Statistical Methods for Computer Usage Anomaly Detection Using NIDES,” Proceedings of the Third International Workshop on Rough Sets and Soft Computing, January 1995, which is incorporated by reference in its entirety. Such an engine 22 can profile network activity via one or more variables called measures. Measures can be categorized into four classes: categorical, continuous, intensity, and event distribution measures.

(D.I. 301, ex. B at col. 5, 11. 46-61) In comparison, EMERALD 1997 states:

Requirements for an anomaly-detection system that became IDES were documented in [6]. This research led to the development of the NIDES statistical profile-based anomaly-detection subsystem (NIDES/Stats), which employed a wide range of multivariate statistical measures to profile the behavior of individual users [9] ...

* 5k Jk sk sk „ *

While NIDES/Stats has been reasonably successful profiling users and later applications, it will be extended to the more general subject class typography required by EMERALD. Nonetheless, the underlying mechanisms are well suited to the problem network anomaly detection, with some adaptation.

(D.I. 301, ex. Eat 359)

EMERALD 1997 continues to describe the changes to the algorithms for the application to network traffic. Notably, a major portion of the section identifying these changes in EMERALD 1997 appears verbatim in the specification of the ’212 patent. (Compare ’212 patent, col. 7, 11. 13-24 with D.I. 301, ex. E at 359). 22

The inquiry is whether EMERALD 1997, standing alone, enables one of skill in the art to practice the claimed invention. 23 See Advanced Display Sys., 212 F.3d at 1282 (“[I]nvalidity by anticipation requires that the four corners of a single, prior art document describe every element of the claimed invention.”). As discussed previously, both EMERALD 1997 and the specification of the ’212 patent contain a similar description of the statistical detection method of the invention. Plaintiffs expert confirms that statistical detection techniques that could be applied to network packet data were known to those of ordinary skill in the art prior to the invention. (D.I. 402, ex. SS at 380-81, 705) Mr. Porras also indicated that the inventors were not the first to use a statistical detection method on network traffic. (D.I. 402, ex. RR at 335-36) In contrast, aside from Dr. Kesidis’ opinion, there is no evidence of record that the description of the “adaptation” to known statistical methods in EMERALD 1997 was not enabled to one of skill in the art.

Moreover, for purposes of claim construction, plaintiff argued for a broad construction of “statistical detection method” with respect to the ’212 patent, encompassing any method of detecting suspicious activity by “applying one or more statistical functions” to analyze network traffic data. 24 By asserting that a variety of statistical functions may fall within the scope of the ’212 patent claims, plaintiffs argument tacitly acknowledges that the minute details of implementing a statistical detection method were within the knowledge of a person of ordinary skill in the art. It follows that a person of ordinary skill would find EMERALD 1997’s description enabling with respect to the invention of the ’212 patent.

The court also finds the similarity in disclosure between EMERALD 1997 and the specification of the ’212 patent convincing with respect to enablement. That is, if the specification of the ’212 patent was sufficient as to enable the claims of that patent, so, too, is the description of EMERALD 1997. 25 See In re Epstein, 32 F.3d 1559, 1568 (Fed.Cir.1994) (upholding decision of the Board where the Board observed that appellant did not provide the type of detail in his specification that he argued was necessary in prior art references).

For all of the aforementioned reasons, the court finds that no reasonable jury could conclude, based on the evidence of record, that EMERALD 1997 was a non-enabled “proposal” or an “intent to try” statistical profiling of network traffic. As plaintiff has not contested that EMERALD 1997 anticipates the claims of the ’212 patent (D.I. 339 at 14-16), the court finds the presumption of validity of the ’212 patent is overcome.

V. CONCLUSION

For the reasons stated, defendants’ motion for summary judgment of invalidity (D.I.297) is granted. 26 With respect to the remainder of pending summary judgment motions: plaintiffs motion for partial summary judgment of no anticipation by the EMERALD 1997 publication (D.I.276) is denied as moot; plaintiffs motion for partial summary judgment that the Live Traffic paper is not a printed publication (D.I. 270) is denied; plaintiffs motion for partial summary judgment of no anticipation based on combinations of additional prior art references (D.1.279) is denied as moot; and defendant ISS’s motion to preclude plaintiff from disputing evidence that the Live Traffic paper qualifies as a § 102(b) printed publication based on plaintiffs conduct during discovery (D.I.364) is denied as moot.

ORDER

At Wilmington this 17th day of October 2006, consistent with the memorandum opinion issued this same date;

IT IS ORDERED that:

1. Defendants’ motion for summary judgment of invalidity (D.I.297) is granted;

2. Plaintiffs motion for partial summary judgment that the Live Traffic paper is not a section 102(b) printed publication (D.I.270) is denied;

3. Plaintiffs motion for partial summary judgment of no anticipation by the EMERALD 1997 publication (D.I.276) is denied as moot;

4. Defendants’ motion for summary judgment of invalidity for failure to disclose best mode according to 35 U.S.C. § 112 (D.I.282) is denied as moot;

5. Plaintiffs motion for partial summary judgment of no anticipation based on combinations of prior art references (D.I. 279) is denied as moot; and

6. Defendant ISS’s motion to preclude plaintiff from disputing evidence that the Live Traffic paper qualifies as a § 102(b) printed publication based on plaintiffs conduct during discovery (D.I.364) is denied as moot.

7. The Clerk of Court is directed to enter judgment in favor of defendants and against plaintiff.

1 . There are two defendants sharing the name "Internet Security Systems, Inc.,” one a Delaware corporation and one a Georgia corporation. For purposes of this opinion, they shall collectively be referred to as "ISS”.

2 . SRI has accused Symantec of infringing: '203 patent, claims 1-9, 11-20, 22; '212 patent, claims 1-11, 13-22, 24; '338 patent, claims 1-2, 4, 11-13, 18-19, 24; and '615 patent, claims 1-10, 12-21, 23, 34-41, 43-51, 53. SRI has accused ISS of infringing: '203 patent, claims 1-2, 4-6, 12-13 and 15-17; '338 patent, claims 1, 4, 5, 11-13, 18, 19 and 24; and '615 patent, claims 1-2, 4-6, 13-14 and 16-18.

3 . Plaintiff’s motion for partial summary judgment of no anticipation by EMERALD 1997 concerns defendants' allegations that EMERALD 1997 inherently anticipates certain claims of the ’203, '338, and '615 patents. (D.I. 277 at 1, 3)

4 . The patents in suit share almost identical written descriptions, and all issued without any office actions, rejections, or amendments.

5 . The Internet Society is a worldwide professional membership society which promotes and maintains activities focused on the Internet and associated technologies. See http:// www.isoc.org/isoc.

6 . Defendants do not allege that the email to Mr. Bishop itself constituted a printed publication under 35 U.S.C. § 102(b).

7 . FTP, or file transfer protocol, is a protocol for exchanging files over any computer network that supports the TCP/IP protocol (such as the Internet or an intranet). It is not disputed in this case that plaintiff maintained a FTP server.

8 . Plaintiff’s WWW site host name was www. csl.sri.com. (D.I.368, ex. R)

9 . The parties do not dispute that the WWW is publicly accessible and searchable.

10 . For examination purposes, “[t]he information incorporated [by reference] is as much a part of the [patent] application as filed as if the text was repeated in the application, and [is] treated as part of the text of the application as filed." MANUAL OF PATENT EXAMINING PROCEDURE § 2163.07(b) (8th Ed.2001) (rev.2006).

11 . Counsel for plaintiff admitted at oral argument that the Live Traffic paper describes the independent claims of the patents in suit. (D.I. 454 at 113) Counsel averred that, nevertheless, it "does not describe the API [depen-dant] claims," and that "some dependant claims [will] survive, and those are identified in our papers.” (Id.) A careful review of plaintiff’s submission, however, indicates that no such arguments regarding the dependant claims were presented. (D.I. 339 at 2-3, 17-21)

12 . Plaintiff's statement that the Live Traffic paper "could only be 'requested' by specifying its complete FTP address" (D.I. 271 at 7) incorrectly implies that papers cannot be accessed by accessing the ftp:Hftp.csl.sri.com site and navigating through the folders therein.

13 . Google Groups is a free groups and mailing list service from Google, where users can find online groups related to their interests and participate in threaded conversations. See http://groups.google.com.

14 .Risks Digest is an archive maintained by the Risks Forum newsgroup, which contains information on risks to the public in computers and which caters to the intrusion detection community. (D.I. 367 at 5 & fn.4)

15 . This alphabetical list could be considered an "index” as that term is commonly defined:

2: a list (as of bibliographical information or citations to a body of literature) arranged usually in alphabetical order of some specified datum (as author, subject, or keyword).

Merriam-Webster Dictionary (2006).

16 . It appears that an additional publication on EMERALD, entitled "EMERALD Event Monitoring Enabling Responses to Anomalous Live Disturbances — Conceptual Overview” was published in December 2006. (D.I. 301, ex. N (citing SYM_P_0499467-77)) The court notes that the publication date listed for this paper on plaintiff's current website is October 1997. See http:llwww.csl.sri.com/projectsl emerald/papers. html.

17 . Even if the only individuals who had knowledge that Mr. Porras submitted work for consideration to the SNDSS, and the specific nature of that work, were Mr. Bishop and presumably other members of the SNDSS review committee, it is hardly arguable that the intrusion detection community could have made an association between the "ndss98.ps" filename and the 1998 SNDSS with respect to the general nature of the contents of the file, especially considering that this file was contained in the "emerald” folder.

18 . The ISOC proposal required that identifying information should appear on the title page only, without specifying whether this addressed a security concern or simply promoted an impartial review. (D.I.272, ex. B)

19 . It is ironic that plaintiff, in the business of protecting information from unauthorized detection, asks the court to find that information purposefully posted on the internet could not be “detected” by those of skill in the art of intrusion detection.

20 . The court need not reach the issues regarding the parties' disputes over the posting of some portion of the Live Traffic paper to plaintiff's “The EMERALD Page” WWW site also dated August 1, 1997, in light of its holding regarding the accessibility of the reference via the FTP site.

21 .Plaintiff contests defendants' assertion that Mr. Valdes agreed that each of the limitations of claim 1 of the '212 patent were disclosed in EMERALD 1997. (D.I. 339 at 15-16) A review of the record indicates otherwise. (D.I. 301, ex. U at 466:12-467:5; D.I. 402, ex. TT at 450:25-451:23) Notwithstanding, plaintiff has provided no legitimate comparison of the disclosure of EMERALD 1997 with the claims.

22 . EMERALD 1997 and the '212 patent specification share the following passage:

Profiles are provided to the computational engine as classes defined in the resource object 32. The mathematical functions for anomaly scoring, profile maintenance, and updating do not require knowledge of the data being analyzed beyond what is encoded in the profile class. Event collection interoperability supports translation of the event stream to the profile and measure classes. At that point, analysis for different types of monitored entities is mathematically similar. This approach imparts great flexibility to the analysis in that fading memory constants, update frequency, meas ure type, and so on are tailored to the network entity being monitored.

23 .EMERALD 1997 cites to the NIDES/Stats prior publication on the NIDES algorithm, authored by Mr. Valdes and Mr. Javitz. (D.I. 301, ex. E at 359 (citing reference [9])) Defendants argue that the disclosure of NIDES/Stats is comparable to the "Statistical Methods for Computer Usage Anomaly Detection Using NIDES” publication which was incorporated by reference into the '212 patent specification. (D.I. 400 at 5; D.I. 301, ex. B at col. 5, 11. 46-58). The court declines to hold that merely citing a technical paper has the same legal effect as incorporation by reference in the context of an anticipation analysis. See Application of Saunders, 58 C.C.P.A. 1316, 444 F.2d 599, 601 (Cust. & Pat.App. 1971); See also Advanced Display Sys., Inc. v. Kent State Univ., 212 F.3d 1272, 1282 (Fed. Cir.2000) ("Material not explicitly contained in the single, prior art document may still be considered for purposes of anticipation if that material is incorporated by reference into the document.”) (emphasis added).

24 . The court has by separate order of the same date issued its claim construction decision in which “statistical detection method” was construed broadly in this manner.

25 . The court notes that the Federal Circuit has not spoken on the issue of whether non-patent prior art references are presumed to be enabled for purposes of invalidity. Novo Nor-disk, 424 F.3d at 1356 (reserving decision, stating that the district court "did not rely solely on the [presumption in] Amgenf Inc. v. Hoechst Marion Roussel, Inc., 314 F.3d 1313, 1355 (Fed.Cir.2003) that patent prior art references are presumed enabled] in finding that the [technical] article was enabled”). Accordingly, the court's holding is based in part on plaintiff’s failure to demonstrate that EMERALD 1997 is not enabled, and additionally based on its independent review of the reference and the patents’ specification, as well as the evidence of record as cited.

26 . The court does not address defendants' additional invalidity arguments based on obviousness, inherent anticipation, and anticipation by the JiNao Report (D.I.297) or failure to disclose best mode (D.I.282).