Digital Privacy, Inc. v. RSA SECURITY, INC.

195 F.Supp.2d 771 (2002)

DIGITAL PRIVACY, INC., Plaintiff,
v.
RSA SECURITY, INC., Defendant.

No. 2:01CV529.

United States District Court, E.D. Virginia, Norfolk Division.

April 4, 2002.

*772 Edward A. Pennington, Michael L. Spafford, John P. Moran, Joel M. Levi, Robert C. Bertin, Alicia A. Meros, Ponneh Aliabadi, Swidler, Berlin, Shereff, Friedman, LLP, Stephen E. Noona, Kaufman & Canoles, P.C., Norfolk, VA, for Plaintiff.

Steven M. Bauer, John J. Cotter, Richard S. Sanders, John D. Lanza, Richard Myrus, Charles F. Willson, Robert S. Blasi, Heidi M. Mitza, Nancy E. Maroney, Testa, Hurwitz & Thibeault, LLP, Boston, MA, Walter D. Kelley, Jr., Michael Anderson, Troutman, Sanders, Mays & Valentine, LLP, Norfolk, VA, for Defendant.

OPINION AND ORDER CLAIM CONSTRUCTION

REBECCA BEACH SMITH, District Judge.

This matter is before the court on a patent infringement claim in which plaintiff Digital Privacy, Inc. ("Digital Privacy") alleges that defendant RSA Security, Inc. ("RSA") infringes upon Digital Privacy's United States Patent Number 5,515,440 ("the '440 patent"), and United States Patent Number 5,610,981 ("the '981 patent"). Before the determination of whether there has been infringement, the court must construe the patent claims at issue to ascertain their meaning and scope as a matter of law. Markman v. Westview Instruments, 52 F.3d 967, 976 (Fed.Cir.1995) (en banc), aff'd, Markman v. Westview Instruments, 517 U.S. 370, 116 S.Ct. 1384, 134 L.Ed.2d 577 (1996). Digital Privacy submitted a Markman claim construction brief on March 12, 2002, to which RSA filed a response on March 18, 2002. RSA submitted a Markman brief on March 14, 2002, to which Digital Privacy filed a response on March 15, 2002. The parties presented evidence and argument in a three-day Markman hearing on March 19-21, 2002. The court has reviewed the claim language, specifications, and prosecution histories of the '440 patent and the '981 patent, together with all of the other evidence presented by the parties in their claim construction briefs and at the subsequent Markman hearing. The court *773 construes the '440 patent and the '981 patent as set forth below.

I. Background

The '440 patent and the '981 patent are related, share the same priority date, and trace their origin to a common parent patent application filed on June 4, 1992. The parent patent, United States Patent Number 5,327,497 ("the '497 patent"), which is titled "Preboot Protection of Unauthorized Use of Programs and Data With a Card Reader Interface," issued to Mooney, et al., on July 5, 1994. The '440 patent, which is also titled "Preboot Protection of Unauthorized Use of Programs and Data With a Card Reader Interface," issued on May 7, 1996, as a continuation of the '497 patent. The '981 patent, which is titled "Preboot Protection for a Data Security System with Anti-Intrusion Capability," issued March 11, 1997, as a continuation of the '497 patent. Both the '440 patent and the '981 patent provide that their terms shall not extend beyond the expiration date of the '497 patent. The '440 and '981 patents can be, and therefore are, discussed together.[1]

II. Discussion

A. Patent Infringement and Principles of Claim Construction

There are two steps in a patent infringement analysis. First, the court must analyze the asserted patent claims to determine the proper meaning and scope of the disputed claims. Markman, 52 F.3d at 976. This step is commonly referred to as "claim construction." Second, the court must compare the asserted claims against the allegedly infringing product based on the court's interpretation of the scope of the patent. Id.

The purpose of a patent is to apprise the public of what is protected by a particular patent. Markman, 517 U.S. at 373, 116 S.Ct. 1384. Therefore, while construing a patent, the court must look first to matters in the public record. Burke, Inc. v. Bruno Indep. Living Aids, Inc., 183 F.3d 1334, 1340 (Fed.Cir.1999). In ascertaining the scope of the patent, the court should primarily consider intrinsic sources, which are the sources available to the public: (1) the language of the claims, (2) the specification contained in the patent, and (3) the prosecution history. Vitronics Corp. v. Conceptronic, Inc., 90 F.3d 1576, 1582 (Fed.Cir.1996) ("Such intrinsic evidence is the most significant source of the legally operative meaning of disputed claim language."); Markman, 52 F.3d at 979. Claims are construed from the vantage point of what one of ordinary skill in the art would have understood the term to mean at the time of the invention. Id. at 986.

A claim term should be given its ordinary meaning unless the specification or prosecution history indicate a different meaning or definition. Johnson Worldwide Assocs. v. Zebco Corp., 175 F.3d 985, 989 (Fed.Cir.1999) (stating there is a "heavy presumption in favor of the ordinary meaning of claim language"); Kegel Co. v. AMF Bowling, Inc., 127 F.3d 1420, 1427 (Fed.Cir.1997). The claims must be read "in view of the specification, of which they are a part." Markman, 52 F.3d at 979; see also 6 Ernest B. Libscomb III, Libscomb's Walker on Patents, § 21:40, at 393 (3d ed. 1987 & 2002 Supp.) ("Construction of words, terms, and phrases used in the claims should be according to the specification."). The specification is *774 "highly relevant to the claim construction analysis," Vitronics, 90 F.3d at 1582, because it contains "a written description of the invention ... in such full, clear, concise, and exact terms as to enable any person skilled in the art ... to make and use [the invention]." 35 U.S.C. § 112.

The claims must also be read in light of the prosecution history. The prosecution history is critically significant in determining the meaning of the claims, because it limits the interpretation by excluding any interpretation that was disclaimed during prosecution. Vitronics, 90 F.3d at 1582-83; Southwall Techs., Inc. v. Cardinal IG Co., 54 F.3d 1570, 1576 (Fed. Cir.1995). "In construing claims, the problem the inventor was attempting to solve, as discerned from the specification and the prosecution history, is a relevant consideration." CVI/Beta Ventures, Inc. v. Tura LP, 112 F.3d 1146, 1160 (Fed.Cir. 1997).

The court may also rely on extrinsic evidence, including expert and inventor testimony, dictionaries, and treatises, to explain the meaning of technical terms and terms of art that appear in the patent and prosecution history. Markman, 52 F.3d at 980. Expert testimony may be used to provide evidence of how those skilled in the art would interpret the claims. Id. at 979. The court has "complete discretion to adopt the expert legal opinion as its own, to find guidance from it, or to ignore it entirely, or even to exclude it." Id. at 983. Finally, while extrinsic evidence can help the court understand the patent, it cannot be used to contradict or vary the terms of the patent claims. Id. at 981; see also Vitronics, 90 F.3d at 1583 (allowing extrinsic evidence to alter the public record would make the right of the public to be on notice of the patent's limitations essentially meaningless).

A finding of noninfringement is required if the court finds the accused product is lacking at least one element of the disputed claims. North Am. Vaccine, Inc. v. Am. Cyanamid Co., 7 F.3d 1571, 1574 (Fed.Cir.1993). There can be no infringement as a matter of law if any claim limitation is missing from the accused device because it is "well settled that each element of a claim is material and essential, and that in order for a court to find infringement, the plaintiff must show the presence of every element or its substantial equivalent in the accused device." London v. Carson Pirie Scott & Co., 946 F.2d 1534, 1538-39 (Fed.Cir.1991) (quoting Lemelson v. United States, 752 F.2d 1538, 1551 (Fed.Cir.1985)).

B. The Claimed Invention of the '440 and '981 Patents

As previously mentioned, the '440 and '981 patents can be discussed together because they are related, share the same priority date, and are both a continuation of the '497 patent. The '440 patent, "Preboot Protection of Unauthorized Use of Programs and Data With a Card Reader Interface," and the '981 patent, "Preboot Protection for a Data Security System with Anti-Intrusion Capability," address fundamental problems associated with protecting sensitive data stored on a computer system. ('440 patent, 1:18-56; '981 patent, 1:20-2:17.) The patents identify a need in the art for a computer security system that (1) prohibits unauthorized access and (2) is not vulnerable to bypass. (Id.) The '440 and '981 patents describe and claim a specific method for preventing unauthorized users from accessing personal computers by controlling access to internal devices with a verification program. ('440 patent, 1:60-2:8; '981 patent, 2:21-29.) The security system described in the patents also provides for access by a security administrator and the physical and logical destruction of data in response to unauthorized *775 attempts to access the computer. ('440 patent, 2:9-32; '981 patent, 2:29-38.)

Digital Privacy has accused RSA of infringing claims 1-2 of the '440 patent and claims 1-4 of the '981 patent. However, claim 2 of the '440 patent is dependant on claim 1 of the '440 patent, and claims 2-4 of the '981 patent are dependent on claim 1 of the '981 patent. Thus, the court's analysis is limited to the disputed term "boot program," which appears in claim 1 of the '440 patent and claim 1 of the '981 patent.[2]

Claim 1 of the '440 patent provides:

A method for controlling access to a computer having a central processing unit (CPU), the CPU executing a boot program to initialize the computer, the method comprising the steps of: following power-up clear or reset of the CPU,
interrupting execution of the boot program; and loading a verification program from a nonvolatile dedicated memory;
upon attempted access by a user,
executing the verification program to determine whether the user is authorized to access the computer:
if the user is authorized, completing execution of the boot program and providing access to the computer; and if the user is not authorized, denying the user access to the computer.

('440 patent, 7:46-63.) (Emphasis added.)

Claim 1 of the '981 patent provides:
A method of operating a computer having a central processing unit, the central processing unit executing a boot program to initialize the computer, the method comprising the steps of:
a) prior to completion of the boot program, acquiring control of the central processing unit;
b) loading a verification program;
c) upon attempted access by a user, verifying that the user is authorized using the verification program; and
d) controlling access to the computer by monitoring system calls.

('981 Patent, 17:62-18:5.) (Emphasis added.) The language critical to this dispute has been emphasized. Because the same disputed term "boot program" is used in claim 1 of the '440 patent and claim 1 of the '981 patent, the court will discuss the term as it is used in both patents. Given that the '440 and '981 patents are related, share the same priority date, and are both a continuation of the '497 patent, the disputed term must have a consistent meaning across both patents. See Elkay Mfg. Co. v. Ebco Mfg. Co., 192 F.3d 973, 979-80 (Fed.Cir.1999).

C. Construction of "Boot Program" in the '440 and '981 Patents

Claim 1 of the '440 patent indicates that the security method of controlling access to the computer must "interrupt[] execution of the boot program," and only if the user is authorized does the computer complete execution of the boot program. Similarly, claim 1 of the '981 patent indicates that the security authorization must occur "prior to completion of the boot program." The patents give no special meaning to the term "boot program," and the term does not appear anywhere else in the specification of either patent.

Digital Privacy submits that "boot program" simply equates to "boot process," or the series of programs involved in the process of booting a computer from a power off or reset state to a state at which the user interface is presented. Digital Privacy contends a verification program interrupts *776 the boot program if it occurs at any point from power off until the user has complete access to the computer after the operating system is fully loaded and executed. (Digital Privacy's Markman Br., at 6.)

RSA argues the term "boot program" is a term of art that ordinarily has the specific, narrow meaning of "a short computer program that is permanently resident or easily loaded into a computer and whose execution brings a larger program, such as 1) an operating system or 2) its loader, into memory." (RSA's Markman Br., at 15-16.) RSA contends that outside the context of the patents at issue, the term of art "boot program" can refer to either the BIOS[3] boot program, whose execution loads the boot loader program into memory, or the boot loader program, which is loaded from the boot record and loads the operating system. In the context of the technology description in the patents, however, RSA submits "boot program" can only refer to the BIOS boot program.

After careful review of the intrinsic evidence presented in the claims, specifications, and prosecution histories of the '440 and '981 patents, the court construes the disputed term "boot program" to mean the BIOS boot program. The patented invention is a means of providing the maximum level of computer security against unauthorized users, which is accomplished by prohibiting access, and even power, to any peripheral or internal device of the computer system until after a user has been authorized to have access to that peripheral or internal device by a verification program.

As further discussed below, the intrinsic evidence clearly indicates that the central processing unit (CPU) does not turn on power to any peripheral or internal device until after the verification program has verified the authenticity of a user. Given that the verification program must interrupt the boot program ('440 patent), or occur prior to completion of the boot program ('981 patent), and given that the computer peripherals do not have power until after the verification program is complete, the "boot program" in the patents must be complete prior to any step in the boot process that requires power to a computer peripheral. Because the hard drive is one of the peripheral devices that lacks power before the successful completion of the verification program, and because the operating system is loaded and executed from the hard drive,[4] the "boot program" in the patents must be completed before the operating system is loaded and executed from the hard drive.

Under Digital Privacy's construction of "boot program," the verification program can occur at any point during the "boot process." However, the "boot process" includes loading and executing the operating system from the hard drive, or another peripheral device such as a floppy drive. The patents indicate there is no power to any peripheral or internal devices until after the verification program has been successfully run. Therefore, "boot program" as it is used in the patents cannot include any action by, or access to, a peripheral or internal device, including the loading of the operating system from the hard drive.[5]

*777 The claims and specifications of the '440 and '981 patents support construing "boot program" to mean the BIOS boot program. Under a strict reading of the patents, the "boot program" cannot extend into the phase of the boot process in which the operating system is loaded from the hard drive. The patent makes clear the CPU does not turn on power to the hard drive, and hence the operating system cannot be loaded from the hard drive, until after the verification program. In the "Summary of the Invention," the '440 patent states that after the user is authorized by the verification program, "a power control circuit is used by the CPU to turn power on to computer peripherals the user has been authorized to use." ('440 patent, 1:66-2:8.) In the "Detailed Description" of the '440 patent, it states that after the verification program authorizes a user,

"the CPU uses power control circuit 119 to turn on power to the secure computer system peripherals that the user has been authorized to use. Such peripherals might include, but are not limited to, a floppy disk drive, a hard disk drive, serial port, parallel port, and internal modem depending on the configuration of the secure computer system."

('440 patent, 6:4-11; see also '440 patent, 4:23-30.)

Likewise, in the '981 patent, the "Summary of the Invention" explains that the verification program determines whether the user is authorized to use the computer. Then, once the user is authorized, the CPU specifies which peripherals the user is authorized to access. ('981 patent, 2:44-46). In other words, only after a user is verified, "the CPU is allowed to access all peripherals the user has been authorized to use." ('981 patent, 2:55-59.) These statements clearly indicate that a user does not have access to any peripherals until after authorization by the verification program. The detailed specifications confirm this understanding of boot program. (E.g., '981 patent, 4:55-63, 6:35-49).

The '981 patent explains the initialization of the secure computer system as follows. First, when the computer is initialized, such as by a power up, clear, or warm boot reset, the standard computer BIOS determines the system configuration. ('981 patent, 12:44-53.) Second, when the BIOS boot program attempts to load the boot loader program from the hard drive, the invention in the patent intercepts the attempted read of the boot loader program from the hard drive and directs it to a ROM[6] that simulates the hard drive. This ROM contains boot loader program code and the verification program. ('981 patent, 12:65-13:13.) In a computer not equipped with this security invention, the BIOS boot program is complete after the boot loader program has been loaded from the hard drive. The computer then begins the operating system load. However, in a computer equipped with this security invention, prior to completion of the boot program, i.e., before any loader program has been read from the hard drive, the verification program is loaded and run.

Third, and most important for the construction of "boot program" as it is used in claim 1, the '981 patent specifies that if all required steps of the verification program are successfully completed, "the CPU will *778 then boot from hard drive 113 in order to execute the disk operating system for secure computer 110." ('981 patent, 14:62-66). The patent unequivocally states that the operating system is loaded from the hard drive after the verification program is complete. This description confirms that the only boot program that can be interrupted in claim 1 of the invention is the BIOS boot program.

The prosecution histories of the patents also demonstrate that the "boot program" in the claims is less than the entire chain of programs required to bring the computer to a state where it can accept input from a user. In the initial application for the '497 patent, filed June 4, 1992, the applicants stated the computer peripherals were powered off until the user was authorized to use the secure computer. (Def. Ex. 4A, at P019423, P019431.) In an amendment to the '497 patent application, filed October 28, 1993, the applicants distinguished their invention from a prior art reference, the Dykes invention (United States Patent Number 4,797,928), by telling the Patent and Trademark Office Examiner that their invention differed from the Dykes invention because they use a CPU system boot ROM that "controls BIOS routines." (Def. Ex. 4G, at P019628.)

In the '440 patent prosecution, the applicants again stated that the CPU does not turn power on to any computer peripheral, including the hard drive, until after the verification program has run. (Def. Ex. 5A, at P019963, P019971.) In the '981 patent prosecution, the applicants indicated that a user cannot access any peripherals until after the user is authorized by the verification program. (Def. Ex. 7A, at P020281, P020282.) The applicants repeatedly refer to a "secure hard drive," which implies the invention keeps the hard drive secure until after the verification program authorizes a user. (E.g., Def. Ex. 7A, at P020287.) The applicants discuss how their invention simulates a hard drive during the BIOS boot program, and actually intercepts and redirects the BIOS boot program's attempted read of the boot loader program from the hard drive. (Def. Ex. 7A, at P020291, P020299.)

In the October 2, 1995, Preliminary Amendment to the '981 patent, the applicants clarified claim 1, which had previously read "A method of operating a computer comprising the steps of: a) prior to boot, acquiring control of the CPU ..." to read instead "A method of operating a computer having a central processing unit, the central processing unit executing a boot program to initialize the computer, the method comprising the steps of: a) prior to completion of the boot program, acquiring control of the central processing unit [CPU] ...." (Def. Ex. 7B, at P020374.) (Emphasis in original.) This clarification indicates the inventors originally described their invention as a security measure occurring "prior to boot" of the computer.[7] Such a description stands in stark contrast to Digital Privacy's current proposed construction that the verification program can run at any point in the boot process.

For the reasons stated above, the intrinsic evidence makes clear the term "boot program" in claim 1 of the '440 patent and claim 1 of the '981 patent means the BIOS boot program. Even though the intrinsic evidence is unambiguous, the court notes that extrinsic evidence presented during the Markman hearing and in the Markman briefs is consistent with the court's construction of boot program.[8] The court *779 admitted extrinsic evidence to understand the language in which the patent is written and to give the court a familiarity with the terminology of the art to which the patent is addressed.[9]See Markman, 52 F.3d at 986. Although such extrinsic evidence supports the court's construction of the disputed term "boot program,"[10] it is not necessary to determine the meaning or scope of the term. See Pall Corp. v. Micron Separations, Inc., 66 F.3d 1211, 1216 (Fed.Cir.1995).

The court can look at extrinsic evidence to demonstrate the state of the prior art at the time of the invention. Markman, 52 F.3d at 980. RSA's expert witness, Dr. Paul C. Clark, explained some of the security concerns for personal computer owners in the early 1990s when plaintiff first applied for the patents. At that time, computers would always attempt to boot first from the floppy drive, and second from the hard drive. Therefore, unauthorized users could bypass security systems stored on the hard drive by booting from the floppy drive. In both the '440 patent and the '981 patent, Digital Privacy specifically stated that one of the problems in the computer security field that its invention addressed was the vulnerability to bypass. ('440 patent, 1:48-51; '981 patent, 2:9-11.) Digital Privacy's invention avoids the bypass problem because only authorized users can ever access the hard drive.

D. Comparing the Construed Claims to the Accused Device

RSA's allegedly infringing product is the SecurID Passage product. This *780 product is a software program a user can install on a computer using a Microsoft Windows operating system that enhances security. When the SecurID Passage product is loaded on a computer, the computer requires smart card authentication before a user can operate the computer. However, unlike the invention in Digital Privacy's patents, SecurID Passage is not loaded until after the BIOS boot program has completed. The SecurID Passage product replaces the standard Microsoft GINA,[11] "msgina.dll" with a reference to a dynamically-linked library file, "3-gina. dll," which is stored on the computer's hard drive during installation of the SecurID Passage software. The SecurID Passage product is an alternative to the standard Microsoft method of presenting user credentials to a computer with a Windows operating system. To access a computer equipped with the RSA product, a user inserts a smart card for authentication instead of typing credentials on the keyboard. The "3-gina.dll" file in the RSA product provides the computer with the functionality to access a smart card during the log-on process.

In other words, when the SecurID Passage product is loaded on a computer, the standard password log-on screen from Microsoft is replaced with a Passage log-on screen that requires a smart card and information from the user to authenticate the user.[12] The SecurID Passage product is loaded when the operating system is loaded, after the CPU has stopped executing the BIOS boot program.

Based on the court's claim construction, RSA is entitled to summary judgment of noninfringement. "A determination of literal infringement requires that each limitation in the asserted claims be present in the accused device." North Am. Vaccine, Inc., 7 F.3d at 1574. RSA's SecurID Passage product does not interrupt execution of the boot program (as the '440 patent requires) or acquire control of the CPU prior to completion of the boot program (as the '981 patent requires). Rather, it loads with the operating system, after the preboot sequence has terminated. As a matter of law, RSA's product does not infringe Digital Privacy's patents because at least one claim element is missing from the RSA's product. London, 946 F.2d at 1538-39.

III. Conclusion

As stated above, based on intrinsic evidence and in accord with extrinsic evidence, this court construes the term "boot program" to mean the BIOS boot program. Therefore, the factual question of infringement is resolved by the court's construction of the claims. See Markman, 52 F.3d at 989 (Mayer, J., concurring) ("to decide what the claims mean is nearly always to decide the case"). Accordingly, the court GRANTS RSA's Motion for Summary Judgment of Noninfringement. The court DENIES Digital Privacy's Motion for Summary Judgement of Infringement.[13]

The Clerk is DIRECTED to send a copy of this Opinion and Order to all counsel of record.

IT IS SO ORDERED.

NOTES

[1] Although the '497, '440, and '981 patents list the assignee as Integrated Technologies of America, Inc., the corporation amended its articles of incorporation in 1997 to reflect the new name Digital Privacy. There is no issue as to whether Digital Privacy is the rightful assignee of the patents in this case.

[2] Although the parties dispute other terms in claims 1-2 of the '440 patent and claims 1-4 of the '981 patent, the court does not address the additional terms because the construction of "boot program" is dispositive in this case.

[3] BIOS is an acronym for Basic Input/Output System.

[4] The operating system can also be loaded from other peripherals, such as a floppy disk drive or a CD-ROM drive. However, the CPU does not turn on power to any of the peripherals before the verification program authorizes the user.

[5] Furthermore, the court notes that claim 5 of the '981 patent specifies:

The method of claim 1, wherein the step of controlling access to the computer comprises the steps of:

monitoring and storing system calls made by the central processing unit while loading the verification program; and if the user is verified as an authorized user, booting the computer system; ...

Reading claims 1 and 5 together indicates that the computer system is booted after the boot program is interrupted to run the verification program. Boot program and booting the system are not used as equivalent concepts.

[6] ROM is an acronym for Read Only Memory.

[7] The titles of both patents use the description "Preboot Protection," which is a further indication that the invention was for a computer security system that prevented access before the computer was booted.

[8] RSA's expert stated at the hearing that both patents describe an interruption of the BIOS boot program's access to the hard drive. Deposition testimony of two of the named inventors supports the conclusion of RSA's expert. Mr. Joseph Kimlinger stated that the patented invention was to "inhibit" or "block" access to the hard drive. (Def. Ex. 53, at 121; see also id. at 80-84, 123-24.) Mr. David Mooney explained that "the way our patent worked was to—basically at power-on, we took control of the entire system prior to any operating system being loaded." (Def. Ex. 54, at 61.) Although both of Digital Privacy's experts stated at the Markman hearing that figure 7A of the '981 patent did not show an interruption of the BIOS boot program, that testimony contradicted the testimony each of the two experts had given in their depositions. Furthermore, at the Markman hearing, both Digital Privacy experts confirmed that there is no embodiment, example, or description in either patent that shows any access to the hard drive before the verification program is run.

[9] The court found RSA's expert, Dr. Paul Clark, to be quite credible, particularly as an expert on computer hardware and the computer security industry, and more credible than either of Digital Privacy's experts, Mr. Peter Bartoli and Mr. Thomas Beretvas. Mr. Bartoli described his expertise as more oriented to software than hardware, and more oriented to network security than physical security, even though he stated the patents are directed to hardware designers of physical security systems. Mr. Beretvas stated he is not an expert in personal computer operating systems or computer security issues and had never heard the term "boot program" or "preboot" prior to the case.

[10] For example, in the November 1, 1996, Business Summary of Integrated Technologies of America, Inc., the company touts itself as having the "only patented PRE-BOOT security system" that uses smart cards. This security product "controls BIOS; it is not controlled by BIOS!" (Def. Ex. 27, at P013787-88, P013790). The company also makes this claim in a December 1996 White Paper and a January 1997 White Paper (Def. Ex. 28, at P001.771-72; Def. Ex. 30, at P013958-60). The 1996 Business Summary claims an advantage over other computer security products because with Integrated Technologies's products "control of the system cannot be booted from the floppy drive or the hard drive" without the smart card verification. (Def. Ex. 27, at P013800.) As a final example, the Windows 95 user's guide to one of Digital Privacy's products claims "[w]e have the patent on pre-boot protection, meaning only [this product] can stop intruders before DOS or Windows is even loaded! They can't even get the system booted!" (Def. Ex. 29, at P016084.)

[11] GINA is an acronym for Graphical Interface and Authentication module.

[12] The expert testimony and reports of Digital Privacy's expert on infringement, Mr. Peter Bartoli, and RSA's expert, Dr. Paul Clark, comport with this description of the RSA SecurID Passage product. (Pl.Ex. 14, at 4-7; Def. Ex. 47, at 13, 23.)

[13] Based on the court's ruling on claim construction, the court does reach the issues in RSA's motion for summary judgment based on invalidity of the patents.