January 30, 2023
Haaretz Cyber Magazine
Cybersecurity companies potentially risk everything when they fail to properly review products for “freedom to operate” because of the landmine of cybersecurity patents issued over the last 20-plus years. In this context, “freedom to operate” generally refers to examining new or updated software and/or hardware for potential infringement of issued patents and, if appropriate, modifying them to avoid a potential infringement claim (also referred to “designing around” patents). Cybersecurity companies also potentially risk their businesses when they fail to seek patent protection for their own innovations and core features that attract customers to their products. The failure to develop and implement a strong patent strategy that protects inventions allows competitors to effectively steal the inventions. Even worse, the thief does not need to invest in the R&D that spawned the inventions in the first place!
For example, early in 2022 a cybersecurity firm named Webroot and its parent company OpenText launched a series of eye-catching patent infringement lawsuits against big players in the industry, claiming to have patented techniques fundamental to modern malware detection. Could these companies have detected the risk from Webroot’s patents before introducing their products? The answer is that they likely could have; a simple search for “malware” in the U.S. Patent Office’s patent database would have uncovered the Webroot patents.
Webroot asserted six patents, the oldest of which issued in 2013. The first patent has 30 claims that generally recite systems and methods for classifying “computer objects” as malware and “disallowing” execution of the objects. The “computer objects” are generally described as including “computer file[s], part of a file or a sub-program, macro, web page or any other piece of code to be operated by or on the computer, or any other event whether executed, emulated, simulated or interpreted.”
While the accused infringers were not required by law to search for the patents that refer to “malware” in the claims, doing so likely could have prepared them for Webroot’s infringement claims. And while some may say that a search for patents that mention “malware” is unreasonably broad under the circumstances, “freedom to operate” searches can be as broad or narrow as appropriate for the specific cyber product at issue.
Smaller cyber companies may have difficulty defending against patent infringement cases because of the expense alone, not to mention the potential disruption to their business that can result from defending such cases. They lack the “deep pockets” that larger companies have to buy a license or pay damages if found to infringe a patent. One solution is to consider “freedom to operate” searches in advance of introducing a new product, service, or improvement to an existing product or service – especially for fundamentally new or pioneering technologies.
Cyber companies should also take note of recently issued patents because they illustrate the types and scope of patents they could obtain themselves. For example, a company named NXTKey Corporation recently announced that the U.S. Patent Office issued for a patent directed to methods and systems for secure sharing of data between user devices using a proxy re-encryption key. This patent took less than two years from filing to issue, and according to the company, it covers their invention for protecting against cyber attacks.
SecureMySocial, Inc. recently obtained a patent for systems and methods for securing social media for users and businesses, with rewards for enhancing security. According to the company, this patent as well as several others cover an invention that addresses the risks that posts to social media may pose to businesses and individuals.
Another company, Myota, announced that it obtained a patent that protects its inventions enabling businesses to withstand and recover from ransomware and data breach attacks. According to the company, this patent covers unique algorithms to allow for data transfer between distribution databases and coordinated replication requests. Like NXTKey, Myota obtained this patent in less than two years after filing.
And AIS recently received a patent that covers process core isolation for execution of multiple operating systems on a multicore computer system.
Of course, corporate behemoths can employ a strategy that establishes their dominance in the industry and neutralizes threats from emerging startups by simply copying the products of smaller companies – even the products that are patented, because it may be cheaper for them to do this than to pay for a license. It may even be cheaper for them to fight if sued for infringement because at least the odds of invalidating patents in the U.S. Patent Office are high at this time. The solution is clear for emerging cyber companies: make and continue a strong patent strategy as a foundational part of the business. Cyber companies that disregard patents, however, may pay the price.
Lecture
Patent Protection for Software-Related Inventions in Europe and the USA Training Course
June 5, 2024
Hybrid
Workshop
Life Sciences Workshop: Updates and Key Trends in Pharmaceutical and Biotechnology IP Law
May 2, 2024
Cambridge
Conference
Best Practices in Intellectual Property– A Decade of Dedication to IP Excellence
April 8-9, 2024
Tel Aviv
Due to international data regulations, we’ve updated our privacy policy. Click here to read our privacy policy in full.
We use cookies on this website to provide you with the best user experience. By accepting cookies, you agree to our use of cookies. Please note that if you opt not to accept or if you disable cookies, the “Your Finnegan” feature on this website will be disabled as well. For more information on how we use cookies, please see our Privacy Policy.
Finnegan is thrilled to announce the launch of our new blog, Ad Law Buzz, devoted solely to breaking news, developments, trends, and analysis in advertising law.