In Re Enhanced Security Research, LLC , 739 F.3d 1347 ( 2014 )

  United States Court of Appeals
for the Federal Circuit
______________________
IN RE ENHANCED SECURITY RESEARCH, LLC
______________________
2013-1114
______________________
Appeal from the United States Patent and Trademark
Office, Patent Trial and Appeal Board, in Reexamination
No. 90/010,849.
______________________
Decided: January 13, 2014
______________________
MARTIN M. ZOLTICK and R. DANNY HUNTINGTOWN,
Rothwell, Figg, Ernst & Manbeck, P.C., of Washington,
DC, argued for appellant. With them on the brief were
NANCY J. LINCK, DEREK F. DAHLGREN and MICHAEL V.
BATTAGLIA.
MEREDITH H. SCHOENFELD, Associate Solicitor, Office
of the Solicitor, United States Patent and Trademark
Office, of Alexandria, Virginia, argued for appellee. With
her on the brief were NATHAN K. KELLEY, Deputy Solici-
tor, and FARHEENA Y. RASHEED, Associate Solicitor.
______________________
Before DYK, O’MALLEY, and TARANTO, Circuit Judges.
Opinion for the court filed by Circuit Judge DYK.
Dissenting opinion filed by Circuit Judge O’MALLEY.
2                     IN RE ENHANCED SECURITY RESEARCH, LLC
DYK, Circuit Judge.
Enhanced Security Research, LLC (“ESR”) appeals
from the decision of the Board of Patent Appeals and
Interferences (“Board”), now the Patent Trial and Appeal
Board, in an ex parte reexamination of 

 (“the ’236 patent”). The Board affirmed the
Patent and Trademark Office (“PTO”) examiner’s rejec-
tion of claims 1-5 and 7-19 as obvious. We affirm.
BACKGROUND
The ’236 patent, as amended, claims a computer secu-
rity device and method for preventing unauthorized
individuals from gaining access to a local computer net-
work. The patent specification describes an “intelligent
network security device” (“INSD”) that is capable of
balancing the desire for network security against the need
for network accessibility. ’236 patent col. 3 l. 47. The
INSD protects a local network by: (1) monitoring the data
packets flowing into and out of the network in order to
detect suspicious patterns of communications; (2) assign-
ing weighted values to any threatening activity it detects;
and (3) blocking communications based on their assigned
weight using a firewall.
Claim 1 of the amended ’236 patent reads:
In a computer system connected to an external
communications medium, a security device com-
prising:
a programmable firewall device interposed
between the computer system and the exter-
nal communications medium;
a controller device configured within the
computer system such that said controller de-
vice can access all communications into and
out of the computer system; and
IN RE ENHANCED SECURITY RESEARCH, LLC                    3
a communications device for communi-
cating instructions from said controller device
to said firewall device for controlling said
firewall device; wherein
said controller device is configured to op-
erate generally continuously and repeat-
edly to:
(i)     examine, in essentially real time,
communications incoming to the
computer system;
(ii)    analyze, in essentially real time,
communications to detect if the
communications contain patterns of
activity indicative of an attempted
security breach;
(iii)   assign a weight to the attempted
security breach if an attempted se-
curity breach is detected; and
(iv)    continuously control the firewall
during the operation of the comput-
er system to block communications
between the computer system and
the external communications medi-
um, based on the weight assigned to
the attempted security breach,
when an attempted security breach
is detected.
JA 9622-23. Thus, claim 1 pertains to a security device
that provides protection to a local area network (“LAN”)
by monitoring communications, analyzing whether they
represent attempted security breaches, assigning weights
to any detected breach attempts, and, finally, command-
ing the firewall to block attempted breaches based on
their assigned weight.
4                   IN RE ENHANCED SECURITY RESEARCH, LLC
Claims 2-5 and 7-11 are dependent on claim 1. 1
Amended claims 8 and 9 relate to the blocking process.
Claim 8 states:
the controller controls the firewall to block the
communication between the computer system and
the external communication medium for a prede-
termined period according to the weight assigned
to the attempted security breach.

 claim 8 (emphasis added). Claim 9 presents a slight
variation on claim 8: after the controller assigns a weight
to the attempted breach, “the controller controls the
firewall to block communications between a selected
portion of the computer system and the external communi-
cations medium according to the weight assigned to the
perceived attempted security breach.” 

 claim 9 (empha-
sis added). Thus, under these dependent claims, the INSD
has limited blocking capabilities: the INSD can only
command the firewall to undertake a certain, predeter-
mined response.
Next, independent claim 12 covers the method portion
of the ’236 patent. According to amended claim 12, this
method comprises
1    In claim 2, the computer system is a LAN. In
claim 3, the external communications medium is the
Internet. In claim 4, the LAN is operating as an Ethernet
network. In claim 5, the controller device examines com-
munications entering the computer system for “code
known to be associated with attempted security breach-
es.” In claim 7, the communications device is a serial data
communications link. In claim 10, “the controller is a
general purpose computer,” and in claim 11, the controller
and the firewall are “physically distinct computerized
units.”
IN RE ENHANCED SECURITY RESEARCH, LLC                     5
monitoring, in essentially real time, communi-
cations between the local area network and the
wide area network;
determining, over time, if the communications
between the local area network and the wide area
network contain patterns of activity indicative of
an attempted security breach;
classifying by assigning a weight to the at-
tempted security breach if an attempted security
breach is detected; and
generally simultaneously controlling a firewall
to selectively block communications between the
local area network and the wide area network de-
pending upon the weighted classification assigned
to the attempted security breach.

 claim 12. Under some of the dependent claims, the
method entails classifying and assigning a weight to an
attempted security breach depending on: (1) “the im-
portance of a portion of the local area network which the
attempted security breach attempts to access,” 

 claim
15 (emphasis added); (2) “the number of attempts made in
the course of the attempted security breach,” 

 claim 16
(emphasis added); or (3) “the relative sophistication of the
attempted security breach,” 

 claim 17 (emphasis add-
ed).
A third party requested reexamination of the original
patent, and, among other documents, two potential pieces
of prior art were before the PTO: the manual of a software
product called NetStalker (“NetStalker” or the “Manual”)
and a scholarly article authored by G.E. Liepins and H.S.
Vaccaro (“Liepins”). Similar to the ’236 patent, the
NetStalker software protects a LAN from attempted
security breaches. The Manual describes how the product
functions and teaches the user how to install the software
and tailor it to his needs. Through these descriptions, the
6                   IN RE ENHANCED SECURITY RESEARCH, LLC
Manual discloses a dynamic security device that provides
protection to a LAN by monitoring the incoming and
outgoing communications, identifying attempted security
breaches, and then automatically blocking any unauthor-
ized access attempts. As discussed below, ESR contends
that the Manual is not prior art.
Liepins is a scholarly article that describes a comput-
er system, called Wisdom and Sense (“W&S”), that is
capable of detecting anomalous network activity. Liepins
first recognizes that the identification of activity patterns
not previously known to be associated with misuse is
intrinsically difficult to systematize. Liepins also notes
that “just checking” historical data regarding misuse
patterns is not sufficient. To solve this problem, Liepins
teaches a framework that can detect newly identified
anomalous activity by automatically generating, weigh-
ing, and applying a “forest” of decision rules. Using stored
data to identify patterns associated with unauthorized
access, W&S generates rules that are capable of parsing
new anomalous activity from acceptable activity. 2
2    Liepins explains that
[f]or any test field (subject to the pruning condi-
tions and sufficient number of observations) rules
are generated with all possible combinations of
the other fields in the conditional side. Thus, rules
will be formed that predict port on the basis of any
combination of user, time-of-day, and day-of-week
(individually or in combination); time-of-day on
the basis of the other fields; and so forth. In this
way, W&S can be thought to extrapolate the
available information of what value combinations
can be expected to be common and which are unu-
sual: For each field individually, the correspond-
ing tree of the W&S rule forest effectively
partitions the space of possible transactions into
IN RE ENHANCED SECURITY RESEARCH, LLC                  7
Through this mechanism, the W&S system protects a
LAN without shutting down all network activity. ESR
does not dispute the prior art status of Liepins.
During reexamination, the examiner rejected claims
1-19 as obvious in light of various prior art references.
The examiner also rejected ESR’s arguments that the
Manual did not qualify as publically-available prior art.
The applicant then amended the ’236 patent claims and
appealed to the Board. 3 The Board affirmed the rejection
of amended claims 1-5 and 7-19.
ESR timely appealed to this court, and we have juris-
diction pursuant to 

(a)(4)(A). We review
the Board’s legal determinations de novo, and its factual
complementary “rectangular” regions (of arbitrary
dimension) that suggest evidence for or against
the transaction being an anomaly (conditioned on
the available information in the other fields).
JA 400. Thus, W&S will detect unwanted communications
or activity through this forest of rules that parse the
anomalous activity from that which is authorized.
3   The applicant amended the ’236 patent claims in
response to the PTO’s Final Office Action. The examiner
allowed the applicant to appeal the amended claims,
rather than the claims she had actually rejected, reason-
ing that
[the] proposed amendments to claims 1, 8, 9, and
12 would place the application in better form for
appeal by materially reducing and simplifying the
issues for appeal by limiting all the claims to ones
requiring (1) assigning a weight or classifying by
assigning a weight to an attempted security
breach; and (2) blocking based on the assigned
weight or weighted classification.
JA 9401.
8                   IN RE ENHANCED SECURITY RESEARCH, LLC
findings for substantial evidence. In re Baxter Int’l, Inc.,

, 1361 (Fed. Cir. 2012).
DISCUSSION
I. Obviousness
A determination of obviousness under 

is a question of law based on underlying findings of fact.
Graham v. John Deere Co., 

, 17-18 (1966); In re
Baxter, 678 F.3d at 1361. The differences between the
claimed invention and the prior art as well as what a
reference actually teaches are questions of fact. In re
Baxter, 678 F.3d at 1361; Rapoport v. Dement, 

, 1060-61 (Fed. Cir. 2001).
With respect to obviousness, the critical issue is
whether the Manual in combination with Liepins teaches
a person of ordinary skill in the art how to assess the
severity of an attempted security breach and then block
that attempted breach based on its severity. (For the
purposes of this discussion, we assume that the Manual
constitutes valid prior art. This assumption is discussed
in Section II.)
As previously described, the amended ’236 patent
claims a device that examines the data entering and
exiting a LAN, assigns weights to any attempted security
breaches, and initiates predetermined responses depend-
ing on the assigned weights of the attempted breaches.
ESR argues that a combination of NetStalker and Liepins
does not disclose: (1) assigning a weight to an attempted
security breach; or (2) blocking incoming communications
based on that assigned weight. The Board found that, in
combination, these two pieces of prior art disclosed all of
the elements of the ’236 patent. Substantial evidence
supports this conclusion.
IN RE ENHANCED SECURITY RESEARCH, LLC                     9
NetStalker teaches: (1) assigning severity levels to
network transactions or events based on the number of
attempted intrusions; 4 (2) automatically blocking the
source of communications when those transactions meet
user-defined criteria; and (3) varying response type based
on the number of breach attempts. More specifically, the
software employs a system of filters to detect attempted
security breaches, referred to in the Manual as “misuse.”
The NetStalker filters correspond to various activities
that are associated with security breaches. The software
then uses a program known as the “Misuse Detector” to
“combine[] series of filters to ‘sieve’ the [network] data.”
JA 312. “Each filter reduces the total number of events
sent to the next filter,” and “[t]he result is a set of all
events that match the specified filters.” JA 312. If the
number of events meets a specified threshold, the
NetStalker software triggers an alarm. After a user has
defined the filters and configured the Misuse Detector, he
can “select one or more alarms and [] assign the parame-
ters for triggering the alarm.” JA 325. One of the alarm
options available to the user is “Shun,” which automati-
cally blocks the unwanted communication.
Although the NetStalker software was sold with a de-
fault set of filters, the product permits users to create
custom filters according to their specific security needs.
The filters can monitor a variety of parameters and can be
turned on or off at the discretion of the user. The
NetStalker software also enables its users to configure the
Misuse Detector, “to create custom detection configura-
4    The parties agree on this disclosure of the Manu-
al. See Reply Br. at 12 (the Manual “discloses that an
alarm is triggered when a count of the number of events
meets a threshold”); Resp. Br. at 8 (“The suspicious events
are tallied [by the NetStalker software], and when they
reach a threshold number an alarm is triggered.”).
10                  IN RE ENHANCED SECURITY RESEARCH, LLC
tions.” JA 312. In other words, the software allows users
to define what types of events (for example, an attempted
login for a particular source) will count for the purposes of
triggering an alarm. 5 The user can program the software
such that it recognizes the number of intrusions of a
particular type as more “severe” than others. Therefore,
the NetStalker software teaches responding to attempted
breaches based on user-defined criteria, i.e., creating a
causal connection between the user-defined parameters
and the subsequent alarm response, including the “Shun”
response. 6
What the Manual does not disclose is the automatic
assignment of different weights to different types of
attempted security breaches. Liepins fills this gap with its
5   The NetStalker software allows the user to set an
alarm that is triggered by the user-defined “severity” of a
particular event. This alarm parameter allows a user to
define the severity of particular event from 1 to 10.
6    The appellant’s brief inaccurately states that
“there is simply no disclosure [in the NetStalker Manual]
that [the] severity rating is used to trigger an alarm, must
less cause the software to block communications.” The
plain language of the Manual contradicts this statement.
The dissent also makes the puzzling suggestion that
the Board found that “NetStalker and Liepins do not
‘specifically teach[] using the assigned strength or severi-
ty level as a basis for blocking communications.’” Dissent
at 14 (quoting Appellee’s Br. at 1) (emphasis added). In
fact, the Board specifically found that
NetStalker discloses not only a user defined sever-
ity level of a security breach but also triggering an
alarm when a certain number of (security) events
are recognized and blocking communications
when the alarm is triggered.
JA 15.
IN RE ENHANCED SECURITY RESEARCH, LLC                    11
systematic rule-based framework that is capable of auto-
matically identifying exceptional network activity. As
previously discussed, the W&S system automatically
generates rules wherein activity that is indicative of an
attempted breach is more likely to fail a particular rule.
Each rule is assigned a weight such that “the
strengths . . . reflect the confidence that the rules flag
transactions that should be flagged, and don’t flag those
that shouldn’t.” JA 402. If a transaction fails a particular
rule, that failure will be assessed in combination with the
strength of the particular rule it failed. Thus, whether the
W&S system will flag a transaction as anomalous de-
pends on whether that transaction passed or failed a rule
as well as the weight of the rule itself.
The patent claims here assign weights to attempted
security breaches based on factors such as: (1) “the im-
portance of a portion of the local area network which the
attempted security breach attempts to access,” Amend-
ed ’236 patent claim 15 (emphasis added); (2) “the number
of attempts made in the course of the attempted security
breach,” 

 claim 16 (emphasis added); and (3) “the rela-
tive sophistication of the attempted security breach.” 

claim 17 (emphasis added). Liepins similarly discloses a
system of assessing how threatening a particular network
event is based on a system of weighted rules. Nothing in
the amended ’236 patent claims suggests that ESR’s
method of assigning weights is any more sophisticated
than that of Liepins. The broad language of claim 12 and
its dependent claims fails to specify any teachings that
would be nonobvious in light of the combination of the
Manual and Liepins.
Finally, ESR argues that the Board “failed to address
the limitations contained in dependent claims 9, 15, and
17.” Appellant’s Br. at 47. As the PTO points out on
appeal, ESR waived this argument when it failed to
separately argue these claims. As this court explained in
In re Lovin, 

 (Fed. Cir. 2011), the Board
12                  IN RE ENHANCED SECURITY RESEARCH, LLC
may reasonably interpret 37 C.F.R § 41.37, the rule
governing the briefing requirements in ex parte appeals,
“to require applicants to articulate more substantive
arguments if they wish for individual claims to be treated
separately.” Id. at 1356. ESR asserts that it separately
argued claims 9, 15, and 17 when it quoted the claims in
its appeal brief and stated that these limitations did not
appear in the prior art. Lovin specifically held that this
type of argument was insufficient, stating that “a mere
recitation of the claim elements and a naked assertion
that the corresponding elements were not found in the
prior art” is insufficient under Rule 41.37. Id. at 1357.
Here, ESR did not argue the dependent claims under
separate subheadings as Rule 41.37 (2012)7 required.
Instead, ESR grouped the dependent claims with their
independent claims. ESR only referenced dependent
claims 9, 15, and 17 as examples of “additional limitations
which are neither taught nor suggested by [the prior art].”
JA 9615; see also JA 9616. The Board found that ESR did
not provide sufficient additional arguments in support of
the dependent claims. Under Lovin, we conclude that the
Board has not erred in using its discretion to interpret
Rule 41.37 to require ESR to provide distinct substantive
grounds if it wished to obtain separate consideration of
claims 9, 15, and 17 by the Board. Thus, we hold that ESR
has waived its arguments with respect to these claims.
In short, the features of the amended ’236 patent
claims were disclosed by the combination of the Manual
and Liepins. ESR does not contest that a person of ordi-
nary skill in the art would have been motivated to com-
bine Liepins and NetStalker. Graham also instructs
courts to consider the secondary indicia of non-
obviousness, such as “commercial success, long felt but
7  These provisions have since been amended. See 37
C.F.R § 41.37 (2013).
IN RE ENHANCED SECURITY RESEARCH, LLC                      13
unsolved needs, failure of others, etc.” Graham, 

. However, ESR does not reference any secondary
considerations. We therefore conclude that the Board did
not err in finding the claims obvious.
II. The NetStalker Manual as Prior Art
We have so far proceeded on the assumption that
NetStalker constitutes a valid prior art reference. Howev-
er, ESR contends that the Board erred in treating the
Manual as prior art. Whether a document qualifies as a
“printed publication” that is “available to the public” for
the purposes of 

(a)(1) is a question of law
based on underlying findings of fact. See In re Hall, 

, 899 (Fed. Cir. 1986). Under 

(a)(1), prior art encompasses any matter that “was
patented, described in a printed publication, or in public
use, on sale, or otherwise available to the public before
the effective filing date of the claimed invention.” This
court has interpreted § 102 broadly, explaining that even
relatively obscure documents qualify as prior art so long
as the public has a means of accessing them. See, e.g.,
Hall, 

.
Our leading case on public accessibility is In re Hall,

 (Fed. Cir. 1986). In Hall we concluded that
“a single cataloged thesis in one university library” consti-
tutes “sufficient accessibility to those interested in the art
exercising reasonable diligence.” 

. Thereafter, in
Constant v. Advanced Micro-Devices, Inc., we explained
that “[a]ccessibility goes to the issue of whether interested
members of the relevant public could obtain the infor-
mation if they wanted to.” 

, 1569 (Fed. Cir.
1988). Therefore, “[i]f accessibility is proved, there is no
requirement to show that particular members of the
public actually received the information.” 

In this case, the title page of the Manual contains an
inscription dating it to May 1996. ESR, however, chal-
lenges the Manual’s claimed date of priority, arguing that
14                  IN RE ENHANCED SECURITY RESEARCH, LLC
the version of the Manual that the examiner relied on
may not have been available in May 1996 and that there
are indications that this version was a draft rather than a
final document available to the public. However, Stephen
Smaha, the Chief Executive Officer of the company that
produces the NetStalker software, filed a declaration
(“Smaha Declaration”) with the PTO averring that the
version of the Manual before the examiner was available
in May 1996. Smaha explained that “[m]embers of the
public showing an interest in buying or licensing the
NetStalker product could have obtained a copy of the
manual by contacting Haystack or Network Systems
Corporation and requesting one,” and, indeed, “[t]he
NetStalker product was sold to or installed for approxi-
mately a dozen customers.” JA 9705 (footnote omitted). In
view of the Manual’s inscription date, the Smaha Declara-
tion, and evidence of NetStalker advertisements pub-
lished in 1995, we conclude that substantial evidence
supports the Board’s finding that the Manual constituted
publically-available prior art under § 102(a)(1).
ESR also argues that the Manual should not be con-
sidered in the circumstances of this case because it was
missing pages. To support this proposition, ESR relies on
Panduit Corp. v. Dennison Manufacturing Co., wherein
this court explained that prior art “must be considered in
its entirety, i.e., as a whole, including portions that would
lead away from the invention in suit.” 

,
1568 (Fed. Cir. 1987). ESR contends that because the
Manual was missing pages, it “cannot be considered as a
whole” and therefore “should not be considered at all.”
Appellant’s Br. at 26.
Panduit did not involve a situation similar to the
missing pages at issue here. In Panduit, we reversed a
district court’s determination that a patent was obvious in
light of the prior art. Panduit, 

. We
explained that this reversal was necessary because the
district court “treated no claim, nor the entire prior art,
IN RE ENHANCED SECURITY RESEARCH, LLC                    15
nor any prior patent ‘as a whole,’ but [instead] selected
bits and pieces from prior patents that might be modified
to fit its legally incorrect interpretation of each claim as
consisting of one word.” Panduit, 

. Thus,
Panduit explains that § 103 does not permit a court to
stitch together an obviousness finding from discrete
portions of prior art references without considering the
references as a whole. That is not what occurred here.
In addition to Panduit, ESR urges that the Manual of
Patent Examining Procedures (“MPEP”) supports its
argument. To the contrary, the MPEP contemplates
partial submissions of prior art documents. The primary
regulation governing reexamination, 

,
permits parties to submit partial prior art references:
under § 1.510(b)(3), a requester is only required to submit
the “pertinent parts” of any non-English translation.
Commenting on § 1.510(b)(3), § 2214 of the MPEP ex-
plains that § 1.510(b)(3) requires the requester to submit
“a translation of each non-English document (or a transla-
tion of at least the portion(s) relied upon).” Similarly,
§ 2218 of the MPEP, the very section of the MPEP that
ESR argues supports its argument, only requires the
submission of the “pertinent parts” of a non-English
translation.
Section 1.105 of the PTO regulations permits an ex-
aminer to request more information from a patentee 8 in
8    

 permits the examiner to request
such information from:
(1) Each inventor named in the application; (2)
Each attorney or agent who prepares or prose-
cutes the application; and (3) Every other person
who is substantively involved in the preparation
or prosecution of the application and who is asso-
ciated with the inventor, the applicant, an assign-
16                  IN RE ENHANCED SECURITY RESEARCH, LLC
the course of reexamination if such information is neces-
sary “to properly examine or treat the matter.” 

. With respect to such requests, the MPEP explains
that “where the document is a bound text or a single
article over 50 pages, the requirement may be met by
providing copies of those pages that provide the particular
subject matter indicated in the requirement, or where
such subject matter is not indicated, the subject matter
found in applicant’s disclosure.” MPEP § 704.14(a)
¶ 7.122. The version of the Manual that the Board relied
on is over sixty pages long and appears to fall within this
provision. We conclude that the PTO’s own rules permit
the consideration of selected portions of prior art refer-
ences so long as the missing portions are not necessary to
fully understand the submitted portions. ESR cites no
authority for the proposition that the PTO is categorically
precluded from considering a reference if it is incomplete.
Indeed, ESR agrees that partial documents can be consid-
ered “[if] there is clear evidence the missing pages would
not impact those that are available.” Appellant’s Br. at 26.
We agree that missing pages may sometimes be nec-
essary for understanding a prior art reference. But noth-
ing in the Manual here suggests that the missing pages
were necessary to an understanding of the pertinent parts
of the reference. The Manual’s table of contents as well as
its page numbering suggest that it was missing three
additional pages in chapter five and seven pages in chap-
ter seven. Titled “Running NetStalker,” chapter five
describes “the steps required to use the pre-defined con-
figurations that are shipped with NetStalker and to start
the NetStalker processes.” JA 307. The available pages
teach how to determine the type of alarm the NetStalker
ee, or anyone to whom there is an obligation to as-
sign the application.

(c).
IN RE ENHANCED SECURITY RESEARCH, LLC                   17
security system triggers and the alarm parameters. One
of the alarm type is “Shun,” which automatically block
unwanted communications. The table of contents and the
list of figures indicate that the missing pages contained
an explanation of what a user should do before running
the NetStalker software, how to select a “scenario,” 9 how
to configure alarm overrides, and how to run the soft-
ware. 10 Nothing in the table of contents or the available
chapter five pages suggests that the missing content
contradicts the available portions of chapter five on which
the PTO relied or other parts of the Manual.
Chapter seven describes “how to manage and analyze
historical router event data,” JA 329, the log of communi-
cations that have entered and exited the local network. 11
This chapter details the NetStalker software’s ability to
9    Chapter one of the NetStalker manual describes a
number of possible scenarios involving attempted security
breaches. These scenarios include breach attempts from
bad hosts, IP spoofing, and false logins, among others.
Therefore, the missing page on how to “select a scenario”
most likely explains how to configure the software to
detect different types of breach attempts.
10  The table of contents states that the missing pag-
es are titled: “Running NetStalker,” “Before you run
NetStalker,” “To Select a Scenario,” “To Configure Alarm
Handler Overrides,” and “To Run NetStalker.” JA 271.
The missing figure in chapter five is titled: “Configure
Misuse Detector Window.” JA 273.
11  The missing pages in chapter seven are titled:
“Schedule Log Manager,” “Log Events Record Format &
Sample Data,” and “Analyzing Log Files.” JA 272. The
five missing figures are: “Schedule Log Manager Win-
dow,” “Schedule Crontab Entries window,” Event Data
Available Window,” Interactive Alarm Window,” and
“NetStalker window.” JA 273-74.
18                  IN RE ENHANCED SECURITY RESEARCH, LLC
save all router events and establish a “hierarchy of loca-
tions” for storing them. JA 330. Although ESR’s security
device must also manage historical data, the limitations
of the amended ’236 patent claims do not address the
management of historical data. 12 Therefore, this chapter
does not appear to be significant to the amended ’236
patent claims. 13
ESR claims that the missing sections were necessary
because they could: “(1) clarify the often cryptic disclosure
in the NetStalker Manual and thus alter its meaning; or
(2) disparage or teach away from application of the relied
upon teachings to the ʼ236 invention.” Appellant’s Br. at
29. However, ESR fails to point to anything in the Manual
that might support this conclusion. When the panel
pressed ESR at oral argument to explain how the missing
12 Instead, claim 5 simply states that “the controller
device examines communications incoming to the comput-
er system for code known to be associated with attempted
security breaches.” Amended ’236 patent claim 5. The
specification explains that “in order for the ‘look for
known patterns’ operation to be successful, the INSD
might require some knowledge of the configuration of the
LAN . . . . This data can be stored in the memory of the
INSD.” ’236 patent col. 6 ll. 57-61.
13  The examiner did cite chapter seven for the prop-
osition that “[a] threshold (factor . . . number of attempts)
may be applied to a misuse signature, as a second form of
analysis that also requires examination of a series of more
than one packet.” JA 9896. After stating this proposition,
the examiner wrote “See Chapter 7 which describes how
to manage and analyze historical (over time) router event
data.” JA 9896. This complete quotation reveals that the
examiner merely cited chapter seven to show that
NetStalker is capable of examining more than one packet.
The Board did not rely on chapter seven at all.
IN RE ENHANCED SECURITY RESEARCH, LLC                   19
pages might plausibly teach away from the ’236 invention,
ESR postulated that the missing pages “could have dis-
paraged the use of a user-defined security level to trigger
an alarm.” See Oral Argument at 6:36, available at
http://www.cafc.uscourts.gov/oral-argument-
recordings/13-1114/all. This scenario is both speculative
and highly implausible: a manual would not tell users
how they can utilize the product in a particular way, only
to then tell them not to do so. As the examiner explained,
“[w]hen the source is reviewed as a whole, there is no
evidence whatsoever that the missing pages detract in
any way from the NetStalker manual’s disclosures and
teachings.” JA 9157. 14 The Board reached a similar con-
clusion, and we agree.
14   Had the missing pages been necessary to a full
understanding of the software, the examiner, of course,
could not have relied on the Manual without securing the
missing pages. In Star Fruits S.N.C. v. United States, 

 (Fed. Cir. 2005), we held that the examiner
could request further information from the applicant, and

, see supra note 8, permits requests to
others associated with the applicant. However, the rele-
vant regulations do not provide a mechanism through
which the PTO may request further information from a
third party. This is clear from the history of the America
Invents Act’s new Third Party Preissuance Submission
procedure, codified at 

(e). The final report
of comments from the public notice period for the regula-
tions reveals that commenters were concerned by the
inability of examiners to request further information from
third party submitters. In response to this concern, the
PTO simply stated that
[a]n examiner cannot . . . request additional in-
formation from a party who makes a third-party
submission. The Office does not believe there is a
20                  IN RE ENHANCED SECURITY RESEARCH, LLC
III. Diligence
Finally, ESR argues that even if the ’236 patent would
have been obvious in light of NetStalker and Liepins,
NetStalker should not be considered invalidating prior art
because ESR conceived of the invention before the publi-
cation of the NetStalker Manual, and was diligent in
reducing it to practice. The Manual contains an inscrip-
tion that dates it to May 1996, and the ’236 patent is a
continuation in part of an application filed on October 7,
1996. Even if ESR had established a conception date
before May 1996 (earlier than the publication date of the
Manual), we find no error in the Board’s decision that
there was no showing of diligence in reducing the inven-
tion to practice.
Under 

, a party may file an oath or
declaration establishing that the invention described in
his rejected claims predates the reference on which the
rejection was based. Under § 1.131, the party may remove
need for a similar mechanism to require further
information from third-party submitters as the
third parties will be motivated to provide complete
submissions that would not likely require further
information.
Changes To Implement the Preissuance Submissions by
Third Parties Provision of the Leahy-Smith America
Invents Act, 

, 42,161 (July 17, 2012)
(to be codified at 37 C.F.R. pt. 1 and 41). Thus, in this
case, the examiner could not have requested the missing
pages from the third party submitter. This result seems
incongruous. While this case does not present an instance
in which the missing pages were necessary for examina-
tion, in the event that such an instance arises, it would be
useful for the PTO to provide a procedure through which
an examiner could request further information from the
third party requester.
IN RE ENHANCED SECURITY RESEARCH, LLC                  21
his invention from the purview of the prior art reference
by providing facts “in character and weight” that demon-
strate “conception of the invention prior to the effective
date of the reference coupled with due diligence.” 

(b) (2012). 15 A party may prove due dili-
gence by showing his attorney’s efforts to achieve a con-
structive reduction to practice. Bey v. Kollonitsch, 

, 1026 (Fed. Cir. 1986).
In order to establish attorney diligence, ESR submit-
ted declarations from Peter M. Shipley, the inventor of
the ’236 patent (“Shipley Declaration”), and F. Eric Saun-
ders, the attorney who filed the ’236 patent application
(“Saunders Declaration”). In their declarations, Saunders
and Shipley described meetings and telephone calls that
took place from February 28, 1996 (when Shipley and
Saunders first met in person) to October 7, 1996 (when
the patent application of which the ’236 patent is a con-
tinuation was filed). ESR argues that these declarations
demonstrate the requisite attorney diligence during the
critical period.
The Board disagreed and found that ESR failed to
show that Saunders “‘worked diligently and continuously’
over the four month period preceding the filing date of
October 7, 1996.” JA 14. In making that determination,
the Board relied on Bey, where this court examined the
standard for attorney diligence in a patent interference
case. In Bey, we explained that “reasonable diligence can
be shown if it is established that the attorney worked
reasonably hard on the particular application in question
during the continuous critical period.” 

.
We emphasized that the attorney’s records should “show
15   These provisions have since been amended. See 

 (2013).
22                  IN RE ENHANCED SECURITY RESEARCH, LLC
the exact days when activity specific to [the patentee’s]
application occurred.” 

. 16
In this case, the critical period in which ESR must
demonstrate diligence spans from May 1996, when the
relevant version of the Manual became available, to
October 7, 1996, when Saunders filed Shipley’s patent
application. The record reveals that over the course of five
months, Saunders had a few conversations with Shipley,
conducted a prior art search, billed for under 30 hours of
work, and drafted the patent application. Citing Bey’s
emphasis on the importance of supplying specific dates of
activity when attempting to establish diligence, the Board
found that, apart from records showing work on “May 4,
6, and 20, and activity in July,” JA 13, ESR failed to
provide “records or other evidence showing the exact days
when activity specific to this application occurred.” JA 13.
Although § 1.131 did not require Saunders to work on
Shipley’s patent application without pause, we hold that
16 ESR not only argues that the Shipley and Saun-
ders Declarations demonstrate the requisite attorney
diligence, but also that the Board applied the wrong
standard when assessing the sufficiency of these declara-
tions. ESR contends that the Board applied a “clear and
convincing evidence” standard from certain interference
cases. See In re Eickmeyer, 

 (C.C.P.A. 1979);
Wetmore v. Quick, 

 (C.C.P.A. 1976); In re
Moore, 

 (CCPA 1971). But the Board did not
do so. It never articulated such a standard, and the sole
interference case it cited was Bey, which involved a pre-
ponderance of the evidence standard because the interfer-
ence in Bey was between two applications. Bey, 

. The Board did not cite interference cases
articulating a higher standard of proof for a junior party
seeking to antedate—and thus invalidate—a senior
party’s issued patent.
IN RE ENHANCED SECURITY RESEARCH, LLC                   23
substantial evidence supports the Board’s finding that
ESR failed to demonstrate the requisite attorney dili-
gence.
CONCLUSION
In sum, we hold that the examiner and Board proper-
ly treated the NetStalker Manual as publically-available
prior art and, having done so, correctly concluded that the
teachings of the Manual and Liepins render the amend-
ed ’236 patent claims at issue obvious under 

. We further hold that ESR has failed to demonstrate
the requisite attorney diligence under Rule 131, and,
therefore, the ’236 patent does not predate the publication
date of the Manual.
AFFIRMED
United States Court of Appeals
for the Federal Circuit
______________________
IN RE ENHANCED SECURITY RESEARCH, LLC
______________________
2013-1114
______________________
Appeal from the United States Patent and Trademark
Office, Patent Trial and Appeal Board in Reexamination
No. 90/010,849.
______________________
O’MALLEY, Circuit Judge, dissenting.
Because the Board of Patent Appeals and Interfer-
ences (“Board”), now the Patent Trial and Appeal Board,
erred in relying on a facially incomplete reference and
was not supported by substantial evidence in finding that
the same reference was publicly available as of the critical
date, I would reverse its decision. I cannot endorse allow-
ing the Board to strip Enhanced Security Research, LLC
(“ESR”) of its right to a validly issued patent on such a
suspect record. I, thus, respectfully dissent.
The Board relied on an incomplete reference—
Haystack Labs, Inc., NetStalkerTM, Installation and
User’s Guide, Version 1.0.2 (1996) (“NetStalker”)—a
reference which was missing all the even pages in one of
the two chapters to which the Board cited to support its
finding of obviousness, was missing entire sections of
other chapters, and bore indicia of being a draft docu-
ment. The reference was obtained from an interested
party—a paid expert for a party opposing ESR in litiga-
2                   IN RE ENHANCED SECURITY RESEARCH, LLC
tion, the same party who initiated the reexam of United
States Patent No. 6,119,236 (“’236 Patent”). That paid
expert, Stephen Smaha, was the only person who appar-
ently had access to the reference, could explain whether a
complete reference existed, could explain why, if so, the
reference was submitted in incomplete form, and could
explain what was in the missing portions of the reference.
While Smaha submitted a declaration in support of the
reference, he neither claimed that a more complete refer-
ence existed—at any time—explained why the reference
was submitted in its incomplete state, or explained what
the missing portions discussed. The government asserts
no positive theory allowing it to rely on such a reference,
arguing simply that it was ESR’s burden to prove a nega-
tive—i.e., that the pages of the manual to which it has
been denied access teach away from or undercut the
teachings in the pages Smaha and the requestor selective-
ly chose to provide to the Patent and Trademark Office
(“PTO”). The government is mistaken, as is the majority.
The PTO should have refused to rely on the NetStalker
manual as a reference, and should have refused to insti-
gate or maintain a reexamination on such grounds.
The Board compounded its error by finding that the
NetStalker Manual was publicly accessible by the critical
date, despite the omission of important details in the
supporting declaration.      The Smaha declaration was
telling more for what it failed to state than for what little
it actually did say with regard to accessibility. Given his
undisputed bias, the Board and majority should demand
precision with respect to such important facts, and not
rely on what appeared to be half-truths. If the manual
really was publicly accessible as of the critical date, it
would not have been difficult for Smaha to actually say so,
and to support his statements with verifiable facts.
IN RE ENHANCED SECURITY RESEARCH, LLC                    3
I. INCOMPLETENESS
The Board and the examiner relied on the facially in-
complete NetStalker reference to find the claims of
the ’236 Patent obvious. Specifically, the Board relied on
pages from chapters 5 and 6 of NetStalker. Chapter 6,
entitled “Configuring Misuse Detector,” appears to be
complete. But chapter 5, entitled “Running NetStalker,”
is woefully incomplete. The only pages present are 5-1, 5-
3, 5-5, and 5-7. The Board relies specifically on page 5-5,
despite the fact that the preceding and following pages
are both missing. The very instructions on which the
Board relied in chapter 5 are incomplete. While not cited
by the Board, chapter 7, entitled “Managing and Analyz-
ing Log Files,” contains only the first three pages of the
chapter; despite that fact, the examiner found it meaning-
ful to his analysis. The Board concluded that the portions
of NetStalker that are present “serve to disclose that
portion of NetStalker that presumably is relevant to the
patentability of the ’236 patent” and that ESR did “not
indicate[] that the portions of NetStalker provided are in
any way irrelevant to the patentability of the ’975 [sic]
patent.” Ex Parte Enhanced Sec. Research, L.L.C., No.
2012-008692, Reexamination No. 90/010,849, 

, at *3 (B.P.A.I. Aug. 30, 2012) (“Enhanced Sec.”)
(emphasis added).
Though the Board did not find or even consider
whether the missing pages were unlikely to teach away
from or further clarify the provided pages, the majority
proceeds to make factual findings on those issues. The
majority finds it implausible that the missing pages of
NetStalker would contain evidence contrary to an obvi-
ousness finding and says it sees nothing in the submitted
portions to clearly indicate that the missing pages would
have been meaningful to the Board’s analysis. This is
speculation on the part of the majority, however. Specu-
lation cannot substitute for actual evidence that the
4                   IN RE ENHANCED SECURITY RESEARCH, LLC
missing pages are meaningless. Without those pages,
neither this court nor the Board can determine whether
the missing pages of NetStalker teach away from the
claimed invention. Nor can we clarify whether the miss-
ing pages would reveal that NetStalker is actually less
similar to the claimed invention than it might appear.
And, we are unable to determine whether the NetStalker
Manual was only an incomplete draft and, thus, not likely
to be publicly accessible. Where a reference is proffered
by an interested party with control over all information
relating to that reference, it is not too much to ask that
the proffer be complete in all material respects.
Though the majority disagrees, I believe the Board’s
analysis was legally insufficient because it was based only
on a consideration of the evidence supporting a finding of
obviousness, and did not consider the possibility of evi-
dence contrary to such a finding. In an obviousness
analysis, a reference must be considered “in its entirety,
i.e., as a whole, including portions that would lead away
from the invention in suit.” Panduit Corp. v. Dennison
Mfg. Co., 

, 1568 (Fed. Cir. 1987). While the
majority distinguishes Panduit on the ground that the
contrary evidence ignored was clearly in the record in
Panduit, I think that is a distinction without a meaning-
ful difference. There is no doubt that what was missing
from the reference here related to the operation of the
NetStalker product—or at least that version of it—and
related specifically to the disclosures in chapter 5 which
the Board found central to its obviousness analysis.
Whether the Board discounts evidence before it (what the
majority says are the Panduit circumstances) or turns a
blind eye to the existence of such evidence should not
make a difference; in either instance, the Board’s analysis
is flawed.
This does not mean that the PTO can never rely on a
reference that is incomplete. Considering an incomplete
IN RE ENHANCED SECURITY RESEARCH, LLC                      5
reference may be consistent with the obligation to consid-
er a reference “as a whole” when only an incomplete
reference is currently available and reliable evidence
about what is missing from the reference is provided. The
incomplete reference, in those circumstances, may be
deemed the entire existing or relevant reference. This
case does not fall into that category; the supporting decla-
ration provides no explanation for NetStalker’s incom-
pleteness, and never even addresses that incompleteness.
In fact, the Smaha declaration indicates that the version
of NetStalker provided “is a true and correct copy,” (J.A.
9705), which raises a question as to whether the manual
ever existed in final form. Similarly, considering an
incomplete reference may be consistent with the require-
ment to consider a reference “as a whole” when omitted
portions of a voluminous reference clearly are not relevant
because they are not directed to the field of the invention.
In such a case, the reference is “whole” at least in relevant
part. Again, this case is not that one; NetStalker’s miss-
ing pages are in the very sections relevant to the field of
the claimed invention. Thus, NetStalker cannot be con-
sidered by the Board “as a whole,” Panduit, 

, because it is facially incomplete in the relevant
portions and there is no explanation for that incomplete-
ness.
The government cites In re NTP, Inc., 

,
1296 (Fed. Cir. 2011) for the proposition that a patentee
“ha[s] the burden to prove that [a] document [i]s not
authentic.” Even assuming that a patentee by analogy
has the burden to show the relevance of missing portions
of a reference, NTP does not address relevance, and even
if it did, ESR met that burden because the missing pages
are from a chapter relevant to the field of the invention
and contain portions of the very instructions on which the
Board relied. Again, the pages on either side of the main
page cited by the Board are not there. When a patentee
does not have access to the missing pages, it can show
6                    IN RE ENHANCED SECURITY RESEARCH, LLC
little else, and this showing should be sufficient to render
those pages relevant to the content of the prior art and to
evidence potentially contrary to a conclusion of obvious-
ness.
While I agree that section 2218 of the Manual of Pa-
tent Examining Procedure (8th ed. Rev. 9, Aug. 2012) is
not dispositive, I believe it is consistent with a prohibition
against the Board and the examiner relying on a refer-
ence that is incomplete in relevant part with no explana-
tion of why that is so. Section 2218 requires that “a copy
of each patent or printed publication relied on or referred
to in the request, be filed with the request.” 

 It does
not indicate that a portion of a reference can be filed with
a request. Section 2218 also provides that “[i]f any of the
documents are not in the English language, an English
language translation of all necessary and pertinent parts
is also required.” 

 Thus, the entire non-English docu-
ment must be provided, which means that a patentee can
gain access to the entire document by having it translat-
ed, and even the required partial translation must be
sufficiently complete to include the relevant parts. No
language in section 2218 suggests that a reference that is
incomplete in relevant part can be submitted.
Given the potential impact of a Board decision on
reexamination, due process concerns arise when, as here,
a complete version of a reference is unavailable to a
patentee, but the PTO relies on it with no explanation
from the provider as to why it is incomplete. “[A] patent
is a property right protected by the Due Process
Clause . . . .” Abbott Labs. v. Cordis Corp., 

,
1327 (Fed. Cir. 2013). While due process considerations
frequently focus on notice and hearing, cf. 

, this
court has acknowledged that additional procedures may
be mandated by due process when the PTO acts. See 

. Beyond notice and an opportunity to be heard,
“what additional procedures are guaranteed by due pro-
IN RE ENHANCED SECURITY RESEARCH, LLC                        7
cess requires balancing the various interests at stake.”

 at 1328 (citing Mathews v. Eldridge, 

,
334-35 (1976)). While “excluding compulsory production
of testimony in inter partes reexamination proceedings
[did not] raise[] a serious constitutional problem” on the
facts of Abbott, 

 (internal quotation marks omitted), the
same cannot be said in this case.
In determining what due process requires, the court is
to consider three factors: “[f]irst, the private interest that
will be affected by the official action; second, the risk of an
erroneous deprivation of such interest through the proce-
dures used, and the probable value, if any, of additional or
substitute procedural safeguards; and finally, the Gov-
ernment’s interest, including the function involved and
the fiscal and administrative burdens that the additional
or substitute procedural requirement would entail.”
Mathews, 

. The second factor examines
“the fairness and reliability of the existing . . . proce-
dures.” 

.
First, the patentee has a significant interest in the re-
tention of its rights in a validly issued patent. This is
unlike the situation in Paltex Corp. v. Mossinghoff, 

 (Fed. Cir. 1985), in which this court concluded
that a regulation barring a patentee “from communicating
with the PTO during the three-month statutory period
during which the PTO is required to decide whether any
substantial new question of patentability is raised by a
reexamination request” was not inconsistent with due
process. 

. In that case, the property inter-
est was only “the temporary deprivation of full enjoyment
of patent rights, for the period needed to correct an erro-
neous determination to reexamine [the] patents.” 

. Here, the patentee is permanently, not temporarily,
deprived of its enjoyment of patent rights.
8                    IN RE ENHANCED SECURITY RESEARCH, LLC
Second, there is risk of an erroneous deprivation of
those rights when the provider of an incomplete document
is the one asking that a reexamination be instituted and
is involved in active litigation with the patent holder.
This is especially so where the only one with access to
both the reference and information about the reference is
a paid representative of that party. In such circumstanc-
es, minimal additional safeguards clearly are warranted.
Allowing the PTO to rely on a reference that is unavaila-
ble and incomplete without explanation threatens the
reliability and fairness of the proceedings.
The facts of this case illustrate the risk. Smaha,
whose declaration purports to support NetStalker’s use as
a reference, was the Chief Executive Officer and chairman
of the board of NetStalker’s authoring organization.
Smaha stated that he was “engaged as an expert by
Juniper Networks, Inc. . . . in connection with the litiga-
tion against [ESR],” although he further stated that he
had “no interest, personal or otherwise, in the outcome of
Juniper’s disputes with ESR.” J.A. 9704. A paid expert
for a party adverse to the patentee is not unqualifiedly
disinterested; saying he lacks an interest does not change
that fact. The provider of the NetStalker manual was in
the best position to provide it in its entirety or explain the
absence of the missing parts. ESR, on the other hand,
had no formal procedural mechanisms to obtain the
document or any further explanation from Smaha, and
ESR’s efforts to obtain that information informally were
rebuffed. When PTO procedures do not require the pro-
vider of a reference to provide a complete reference or at
least provide—under penalty for falsification—a state-
ment that the document is complete in all relevant parts,
that there is an explanation for any missing portions of
the document, or that a document is otherwise available
to the patentee, the incentive to mislead with partial
submissions is great. Basic fairness to patentees should
demand more.
IN RE ENHANCED SECURITY RESEARCH, LLC                     9
Again, this case is different from Paltex in which the
“risk of examiner error due to lack of information” is
related “only to the question ‘whether a substantial new
question of patentability . . . is raised’, 

,
not the answer to the question.” 

. Here,
the risk of error does relate to the “answer to the ques-
tion” of patent validity. While in Paltex the PTO’s “exper-
tise [wa]s a factor to be given weight in considering the
risk of error at this stage,” 

 (emphasis added), the
PTO’s expertise can only be applied to the information
provided to the examiner. When that information is
fundamentally incomplete at the resolution of the validity
inquiry, the benefit afforded by a “disinterested expert[]”
cannot cure the problem.
Third, the PTO need not adopt any new, complex evi-
dentiary procedures to cure this problem. The most
straightforward corrective action is for the examiner or
the Board to refuse to rely on a reference like the one
proffered here. There may be some inconvenience and
additional cost to the requester who would need to re-
submit the reexamination request, but there would be
none to the PTO. Requiring a complete document, an
explanation for incompleteness, or an indication of public
accessibility will strongly incentivize providers of refer-
ences to meet at least one of these requirements in the
first instance. The government’s burden from this addi-
tional procedure would be minimal.
The relative dearth of other protective procedures in a
reexamination reinforces the need to allow the patentee to
challenge the examiner’s and the Board’s reliance on a
reference that is unavailable and incomplete without
explanation. A patentee may not seek discovery or resort
to subpoenas to seek information in a reexamination. See
Abbott, 710 F.3d at 1328. The absence of vehicles for
discovery makes the ability of the patentee to challenge a
reference on completeness grounds all the more critical;
10                  IN RE ENHANCED SECURITY RESEARCH, LLC
otherwise the patentee would be defenseless against one
who chooses to provide only those portions of a reference
which undercut the validity of a patent. An interested
provider of a reference should not be able to use a refer-
ence as a sword, while failing to provide the portions of it
that may shield the patentee.
The due process balance also requires inquiry into the
extent to which “judicial-type procedures must be imposed
upon administrative action to assure fairness.” Mathews,

. Prohibiting the PTO from relying on
non-probative evidence is hardly an elaborate judicial
procedure and is certainly one that is necessary to assure
the fairness of the proceedings. The Supreme Court has
explained that “procedural due process rules are shaped
by the risk of error inherent in the truthfinding process as
applied to the generality of cases, not the rare exceptions.”
Mathews, 

. This does not bar finding a
due process violation in an individual case, however,
because “[a] fundamentally fair adjudication . . . is consti-
tutionally required in all cases, and not just in the large
majority.” Cushman v. Shinseki, 

, 1299-
1300 (Fed. Cir. 2009).
Due process requires “a fair hearing on the merits” of
a claim. Cushman, 

. In Cushman, the
initial determination of the veteran’s claim “was tainted
by the presence of an improperly altered document,” and
“[t]he source of the fundamental unfairness that tainted
the initial evaluation of Mr. Cushman’s claim was never
removed from any prior proceedings.” 

 “The presenta-
tion of improperly altered material evidence has been
found to constitute a due process violation in analogous
cases.” 

. When the procedures applied by the
PTO do not provide either this court or the patentee some
means to determine whether, or some assurance that, the
evidence on which the PTO relied was not improperly
IN RE ENHANCED SECURITY RESEARCH, LLC                      11
altered, those procedures cannot be consistent with due
process.
The majority and the government cite nothing that al-
lows the Board or the examiner to rely on an incomplete
reference. I believe the majority errs in concluding that
nothing prohibits the Board from relying on an incomplete
reference; due process and concepts of fundamental
fairness do. Accordingly, I would reverse the Board’s
obviousness finding because it is based on an unreliable
reference. 1
II. PUBLIC ACCESSIBILITY
The majority also errs in concluding that Smaha’s
declaration was sufficient to establish that the NetStalker
manual was accessible to the public before the critical
date.
Whether a reference is publicly accessible is a
question of fact that we review for substantial ev-
idence. A reference is publicly available if it was
disseminated or otherwise made available to the
extent that persons interested and ordinarily
skilled in the subject matter or art exercising rea-
sonable diligence, can locate it.
NTP, 

 (citation omitted) (internal quota-
tion marks omitted). “The proponent of the publication
bar must show that prior to the critical date the reference
was sufficiently accessible, at least to the public interest-
1  While the majority emphasizes the Board’s reli-
ance on the Liepins article, the parties agree that Liepins
provides only limited support for the Board’s obviousness
determination. Without the NetStalker Manual, there
would have been no obviousness finding.
12                   IN RE ENHANCED SECURITY RESEARCH, LLC
ed in the art . . . .” In re Hall, 

, 899 (Fed. Cir.
1986).
Smaha said, “This version of the NetStalker manual
was available in May 1996. Members of the public show-
ing an interest in buying or licensing the NetStalker
product could have obtained a copy of the manual by
contacting Haystack . . . and requesting one.” J.A. 9705.
Smaha also said, “NetStalker was advertised no later
than 1995.” 

 The Board and the majority both con-
clude that members of the public would have known of
NetStalker based on the advertisements as early as 1995
and would have received the manual upon request in May
1996. The first weakness in that conclusion is the sup-
posed connection between the product advertised in 1995
and the May 1996 Manual. Smaha says “[t]his version,”
of the manual was “available” in May 1996. The front
page of the manual indicates that it is “version 1.0.2.”
Nowhere does Smaha say that the 1.0.2 version of
NetStalker is what was advertised in 1995. Nor does
Smaha ever say that the version described in the manual
was ever advertised to the public. Pointedly, while Smaha
says members of the public interested in the NetStalker
product could have gotten the relevant manual upon
request, there is no indication that the public had any
information available to it which would have prompted
anyone to make such a request for that particular manu-
al. And, there is no evidence that version 1.0.2 of
NetStalker was ever manufactured or offered for sale.
Thus, not only is there no evidence that the version of
NetStalker discussed in the manual was ever advertised,
but there is no evidence—from the Smaha declaration or
otherwise—that any sales ever occurred prior to the
critical date, that the sales that did occur were of the
version of the product described in the reference, or that
any of those sales were accompanied by the relevant
manual. Smaha’s declaration was submitted by counsel.
IN RE ENHANCED SECURITY RESEARCH, LLC                    13
Had the gaps in his testimony been fillable—rather than
conveniently omitted—it is likely those gaps would have
been filled. The majority reads facts into the declaration
that are simply not there; the absence of those facts is not
harmless as the majority seems to believe, they are tell-
ing.
Perhaps most troubling is Smaha’s statement that the
reference submitted is a “true and correct copy” of the
manual which he said would have been made available to
members of the public in May 1996, if requested. It is
undisputed, however, that the submitted manual was
incomplete. And it is undisputed that the submitted
manual bore several indicia of a draft document: a cryptic
date legend on its cover, question marks in the index, and
the absence of the last ten pages of the final chapter. If
an incomplete and unfinished manual is the “true and
correct” version of the reference in existence in May 1996,
any claim that the public would have been given access to
it, or even would have known to request it, is even more
suspect.
It is worth noting, moreover, that Smaha filed his own
patent application—after the critical date of the ’236
patent—to similar technology, but did not list his own
manual as prior art. If we assume Smaha was not pur-
posely misleading the PTO with that filing, the failure to
cite the manual indicates that it was either an unfinished
draft document or never available to the public.
For all these reasons, I believe the Board’s finding
that the reference was publicly accessible before the
critical date is not supported by substantial evidence.
Smaha’s statements are sufficiently ambiguous to encom-
pass both scenarios in which the NetStalker manual
would have been publicly accessible and those in which it
would not have been so. The Board cannot conclude that
a reference was publicly accessible when no evidence
14                   IN RE ENHANCED SECURITY RESEARCH, LLC
provides sufficient specificity to support that conclusion.
The majority should not endorse its having done so.
III. OBVIOUSNESS
Because I believe the Board should never have
reached the question of obviousness on this record, I do
not analyze the majority’s obviousness analysis in detail.
I take issue, however, with the fact that the majority
bases its judgment on grounds that differ from those upon
which the Board relied. This Court may not stray from
the Board’s reasoning for purposes of supporting its
judgment. See SEC v. Chenery Corp., 

, 196
(1947) (“[A] reviewing court, in dealing with a determina-
tion or judgment which an administrative agency alone is
authorized to make, must judge the propriety of such
action solely by the grounds invoked by the agency.”);see
also, In re Applied Materials, Inc., 

, 1294
(Fed. Cir. 2012) (“The Board’s judgment must be reviewed
on the grounds upon which the Board actually relied.”).
Notably, the Board did not, as the majority states, find
that, “in combination, these two pieces of prior art
[NetStalker Manual and Liepins] disclosed all of the
elements of the ’236 patent.” Maj. at 8.
Instead, the Board found, and the government admits
that, NetStalker and Liepins do not “specifically teach[]
using the assigned strength or severity level as a basis for
blocking communications.” Appellee’s Br. 1. The Board
filled this gap by relying on what it characterized as
“ordinary creativity”:
NetStalker discloses not only a user defined sever-
ity level of a security breach but also triggering an
alarm when a certain number of (security) events
are recognized and blocking communications
when the alarm is triggered. Based on the
NetStalker reference, one of ordinary skill in the
IN RE ENHANCED SECURITY RESEARCH, LLC                      15
art would have known to characterize a security
breach based on level of severity (i.e., user defined
severity) and block communications based on
when a condition has been achieved (for example,
when a threshold number of security events have
been encountered).
Given NetStalker’s disclosure of blocking
communications when a threshold criteria is met
indicating a security breach and given that one of
ordinary skill in the art is a person of ordinary
creativity, not an automaton, one of skill in the
art would have understood the practice of blocking
communications when a security breach is detect-
ed, the security breach being of sufficient severity
as to exceed a threshold. NetStalker further dis-
closes that a severity level is assigned to security
breach events thus further indicating that block-
ing communications when a severity level of secu-
rity breach is identified would have been obvious
(as assigning severity levels to security breaches
were known to those of ordinary skill in the art),
or at least obvious to try, as a matter of ordinary
creativity and common sense.
Enhanced Sec., at *8 (citations omitted) (internal quota-
tion marks omitted).
As ESR argues, however, obviousness is not shown by
the mere fact that each of the elements “was, inde-
pendently, known in the prior art.” KSR Int’l Co. v.
Teleflex Inc., 

, 418 (2007). “Although com-
mon sense directs one to look with care at a patent appli-
cation that claims as innovation the combination of two
known devices according to their established functions, it
can be important to identify a reason that would have
prompted a person of ordinary skill in the relevant field to
combine the elements in the way the claimed new inven-
16                   IN RE ENHANCED SECURITY RESEARCH, LLC
tion does.” 

 (emphasis added). The Board identified no
such reason. Specifically, the Board identifies no “design
need or market pressure to solve a problem,” 

,
such that the new combination using severity as the basis
for blocking communication would have been “obvious to
try,” 

 And, the Board identifies no “problem” that one
of ordinary skill was trying to solve at the time of the
invention.
Apparently recognizing these gaps in the Board’s
analysis, the majority accepts the government’s sugges-
tion that it fill them with an alternative analysis. The
government argues that the undisclosed use of severity
assessments for blocking purposes is actually disclosed in
the NetStalker reference because “NetStalker itself
includes the idea of tailoring the response to the severity
of a threat, i.e., by only initiating action after a threshold
number of events has occurred.” Appellee’s Br. 20. The
Board expressly found this teaching missing in NetStalk-
er, however. I agree.
While the majority relies on the statement in
NetStalker that “you may want NetStalker to take an
automatic action (a ‘response’),” a “[r]esponse” is simply
another type of alarm that is listed in a “description of
supplied alarms.” NetStalker at 4-2, 4-4. It is described
as “[p]rovid[ing] a general purpose response to activities
taking place on the network [reserved for future use].” Id.
at 4-4 (final brackets in original). The pages referenced
by the Board also indicate that “[r]esponse” is “Reserved
for future use.” Id. at 5-5, 6-16. While the “User Defined”
alarms are also referred to as “responses,” the response
“can be as simple as sending a beep to the system console
or more complex such as logging the event in syslog.” Id.
at 4-5, 5-5, 6-16. None of this suggests that the response
is necessarily related to a shun alarm or that the response
would be triggered by the severity.
IN RE ENHANCED SECURITY RESEARCH, LLC                   17
Thus, not only does the majority violate the principles
described in Chenery governing review of administrative
agency determinations, but its independent obviousness
analysis seems inconsistent with the very reference upon
which the majority’s alternative analysis relies.
IV. CONCLUSION
For these reasons, I cannot join the majority in its
conclusions on the reliability of the NetStalker reference,
on public accessibility, or on the obviousness of the rele-
vant claims of the ’236 patent. I cannot join in depriving
a patentee of its patent rights on these grounds. I re-
spectfully dissent.