DCT

3:10-cv-00048

Fortinet Inc v. Trend Micro Inc

Log In
Key Events
Complaint

I. Executive Summary and Procedural Information

  • Parties & Counsel:
  • Case Name: Fortinet, Inc. v. Trend Micro Incorporated
  • Case Identification: 3:10-cv-00048, N.D. Cal., 01/06/2010
  • Venue Allegations: Venue is asserted based on the residence of both Plaintiff Fortinet and Defendant Trend Micro U.S. within the judicial district, and because a substantial part of the events giving rise to the claims occurred there.
  • Core Dispute: Plaintiff Fortinet seeks a declaratory judgment that its network security products do not infringe two of Defendant Trend Micro's patents related to gateway and email antivirus scanning, and that those patents are invalid and/or unenforceable.
  • Technical Context: The technology involves scanning network data traffic, such as file transfers and emails, at a network gateway or client device to detect and eliminate computer viruses before they can infect a protected network.
  • Key Procedural History: The complaint details a protracted dispute between the parties, beginning with litigation initiated by Trend Micro in 2004 over U.S. Patent No. 5,623,600 ('600 patent). That prior litigation included a U.S. International Trade Commission (ITC) investigation which resulted in a finding that some claims of the '600 patent were infringed but others were invalid. The parties subsequently entered into a license agreement in 2006, covering the '600 patent and related patents, including U.S. Patent No. 5,889,943 ('943 patent). A 2008 declaratory judgment action by Fortinet was dismissed after Trend Micro provided a covenant not to sue Fortinet, Inc. directly. Fortinet alleges this covenant is insufficient because Trend Micro continues to threaten Fortinet's partners and customers, which triggers Fortinet’s indemnification obligations and creates the basis for the present action.

Case Timeline

Date Event
1995-09-26 Priority Date for '600 Patent and '943 Patent
1997-04-22 '600 Patent Issued
1999-03-30 '943 Patent Issued
2004-05-05 Trend Micro sues Fortinet for infringement of '600 Patent
2004-06-08 ITC institutes investigation based on Trend Micro's complaint
2005-08-09 ITC issues limited exclusion order against Fortinet
2005-09-01 Fortinet releases redesigned products (approx. date)
2006-01-27 Fortinet and Trend Micro enter into Settlement and License Agreement
2008-11-26 Fortinet files prior declaratory judgment action (3:08-cv-05371)
2010-01-06 Current Complaint for Declaratory Judgment Filed

II. Technology and Patent(s)-in-Suit Analysis

U.S. Patent No. 5,623,600

  • Patent Identification: U.S. Patent No. 5,623,600, Virus Detection and Removal Apparatus for Computer Networks, issued April 22, 1997.

The Invention Explained

  • Problem Addressed: The patent's background section describes the shortcomings of existing virus detection methods in the context of networked computers. It notes that with the rise of the Internet, viruses could enter networks through file transfers and emails, bypassing traditional detection methods that focused on local disk drives, and that installing antivirus software on every computer was inefficient and degraded performance (’600 Patent, col. 2:12-29).
  • The Patented Solution: The invention proposes a system located at a network "gateway node" that acts as a checkpoint for all data entering or leaving the network. The system uses a "proxy server" to intercept data transfers (like FTP files or SMTP emails), temporarily store the file or message, scan it for viruses, and then either allow it to proceed if clean or take a pre-configured action (e.g., delete, quarantine) if a virus is found (’600 Patent, Abstract; col. 2:40-57).
  • Technical Importance: This gateway-centric approach provided a centralized, efficient method for scanning network traffic, addressing the emerging threat vector of the Internet without requiring software installation and maintenance on every individual computer in the network (’600 Patent, col. 2:30-38).

Key Claims at a Glance

The complaint seeks a declaratory judgment of non-infringement and invalidity of all claims of the '600 Patent. The prior ITC litigation involved independent claims 1 and 11, which are representative of the patent's scope.

  • Independent Claim 1 (System):
    • A system comprising memory, a communications unit, and a processing unit.
    • A "proxy server" for receiving data, scanning it for viruses, and controlling its transmission based on preset instructions and the presence of viruses.
    • A "daemon" for transferring data from the proxy server in response to control signals.
  • Independent Claim 11 (Method):
    • Receiving a mail message request at a server.
    • Determining if the mail message contains a virus by checking for "encoded portions," storing them, decoding them, and scanning the decoded portions.
    • Performing a preset action if a virus is found.
    • Sending the message if no virus is found.

U.S. Patent No. 5,889,943

  • Patent Identification: U.S. Patent No. 5,889,943, Apparatus and Method for Electronic Mail Virus Detection and Elimination, issued March 30, 1999.

The Invention Explained

  • Problem Addressed: As a continuation-in-part of the '600 patent, this patent addresses the spread of viruses through electronic mail systems, including mail that might not pass through a central network gateway (e.g., internal email). It also acknowledges the need for virus detection that can operate unobtrusively without requiring user intervention or consuming resources on the central mail server (’943 Patent, col. 2:54-65).
  • The Patented Solution: The invention describes an apparatus and method located on a "client node" (i.e., the end-user's computer). This apparatus includes a "polling module" that periodically checks the central mail server ("postal node") for new, unread messages. It then downloads the message data to the client node, analyzes it for viruses, and facilitates corrective action if an infection is found, all designed to happen in the background (’943 Patent, Abstract; col. 4:1-10).
  • Technical Importance: This client-side approach complements gateway-level security by providing protection against internal threats and offers a decentralized model for virus scanning that can operate independently of a specific network topology (’943 Patent, col. 3:1-6).

Key Claims at a Glance

The complaint seeks a declaratory judgment of non-infringement and invalidity of all claims of the '943 Patent. Independent claim 1 is representative.

  • Independent Claim 1 (Apparatus):
    • A "message detecting module" for detecting the presence of a message.
    • A "virus analyzing module," in communication with the detecting module, for determining whether data associated with the message contains a virus.

III. The Accused Instrumentality

Product Identification

The complaint identifies the accused products as Fortinet's "FortiGate, FortiMail, FortiCare (support service for FortiGate), FortiGuard (antivirus and other signature update services for FortiGate), and FortiWifi (wireless FortiGate)" product lines, which run on Fortinet's "FortiOS 4.0" operating system (Compl. ¶38).

Functionality and Market Context

The complaint describes these products generally as "multi-threat network security solutions" that provide antivirus and other security functions (Compl. ¶1, ¶38). The FortiGate products are network security appliances that function as firewalls at the network perimeter, while FortiMail products are secure email gateways. The complaint alleges that Fortinet is a direct competitor to Trend Micro in the network security market and conducts nearly all of its business through partners and affiliates who distribute and sell these products (Compl. ¶11, ¶23). The asserted need for indemnification of these partners is a central element of the complaint (Compl. ¶27, ¶28).

IV. Analysis of Infringement Allegations

As a complaint for declaratory judgment, Fortinet alleges non-infringement rather than infringement. The complaint does not provide a detailed, limitation-by-limitation analysis of why its products do not infringe, such as in a claim chart. Instead, it makes broad assertions that its products do not infringe any valid and enforceable claim of the '600 and '943 patents, either directly, indirectly, literally, or under the doctrine of equivalents (Compl. ¶¶ 73, 75, 80).

The core of the infringement dispute, as framed by the complaint, revolves around Fortinet's assertion that its products redesigned after the 2005 ITC ruling no longer practice the claimed inventions (Compl. ¶9). The complaint states that the currently accused products run on "FortiOS 4.0, a substantially different operating system" from the "FortiOS 2.8" at issue in the prior litigation (Compl. ¶12). A central technical question for the court will be to determine whether the operation of the current Fortinet products is technically distinct from the methods and systems claimed in the patents-in-suit.

No probative visual evidence provided in complaint.

Identified Points of Contention

  • Technical Questions: Does the architecture of Fortinet's FortiGate appliances, running FortiOS 4.0, constitute a "proxy server" that temporarily "stores" files before scanning, as required by claims of the '600 Patent? Do any of Fortinet's products, which are primarily gateway-focused, contain a client-side "polling module" that checks a mail server for unread messages as claimed in the '943 Patent?
  • Scope Questions: The complaint raises the question of whether its redesign is sufficient to take its products outside the scope of the patent claims as previously construed by the ITC.

V. Key Claim Terms for Construction

’600 Patent Term: "proxy server" (Claim 1)

  • Context and Importance: The '600 patent’s system is centered on a "proxy server" that intercepts and scans traffic. The definition of this term is critical to determining infringement. Practitioners may focus on this term because Fortinet will likely argue its modern, flow-based inspection architecture is fundamentally different from the "store-and-forward" proxy server explicitly described in the patent.
  • Evidence for a Broader Interpretation: The specification describes the server's function broadly as "controlling file transfers" and sitting between a client and a server, which could support an interpretation covering any intermediary gateway device (’600 Patent, col. 4:62-65).
  • Evidence for a Narrower Interpretation: The patent’s flowcharts and detailed description explicitly show the proxy server temporarily storing the entire file at the gateway before analyzing it for viruses (e.g., '600 Patent, FIG. 6B, step 616: "Store file temporarily at gateway"; col. 7:52-56). This may support a narrower construction limited to systems that use such a store-and-forward mechanism.

’943 Patent Term: "polling module" (Claim 1 of the patent as corrected; referred to as a "message detecting module" in the original patent)

  • Context and Importance: The '943 patent claims a client-side apparatus featuring a "polling module" that checks a central mail server. Its construction is key to determining if any of Fortinet's primarily gateway-based products could be found to infringe.
  • Evidence for a Broader Interpretation: A party could argue that any automated function, even one managed by a central appliance on behalf of users, that checks for new mail constitutes a "polling module."
  • Evidence for a Narrower Interpretation: The specification repeatedly describes the apparatus as residing on the "client node" and its modules as being "local to the client node" (’943 Patent, col. 5:59-62; col. 15:10-12). The apparatus is described as emulating the polling routines of the local electronic mail program, which supports a construction limited to a software agent running on the end-user's machine, not a gateway appliance (’943 Patent, col. 18:5-8).

VI. Other Allegations

Indirect Infringement

Fortinet preemptively seeks a declaration that its products do not contribute to or induce infringement (Compl. ¶75). The underlying dispute stems from Trend Micro's alleged threats to sue Fortinet's partners and customers, who are the direct users of the accused products (Compl. ¶26). These facts would form the basis for a potential claim by Trend Micro that Fortinet induces infringement by providing its customers with products and instructions on how to use them in an allegedly infringing manner.

Willful Infringement

The complaint does not allege willfulness, as it is a declaratory judgment action. However, the extensive litigation history and the 2006 license agreement establish Fortinet’s pre-suit knowledge of the patents (Compl. ¶¶ 6-13). Should Trend Micro counterclaim for infringement, it would likely allege willfulness. Fortinet's potential defense would rely on its good-faith belief of non-infringement based on its product redesigns and its belief that the patents are invalid and/or unenforceable (Compl. ¶¶ 9, 39).

VII. Analyst’s Conclusion: Key Questions for the Case

  1. A Jurisdictional Question of Controversy: A primary threshold issue for the court is whether a "real and immediate" controversy exists between Fortinet and Trend Micro. Can Fortinet maintain this declaratory judgment action based on alleged threats to its customers and partners—triggering its indemnification duties—even after Trend Micro provided a covenant not to sue Fortinet, Inc. itself?
  2. A Technical Question of Redesign: A central factual question will be one of operational difference: do Fortinet's current products (running FortiOS 4.0) operate in a manner technically distinct from the claims? Specifically, does the accused gateway appliance avoid the "store-and-forward" proxy architecture of the '600 patent, and do any Fortinet products implement the client-side polling system claimed in the '943 patent?
  3. An Evidentiary Question of Unenforceability: A key issue for trial will be Fortinet's claim of inequitable conduct. Did the named inventor's prior work on allegedly similar Intel products constitute material prior art, and was the alleged failure to disclose this art to the PTO done with an intent to deceive, thereby rendering the patents unenforceable?