DCT
3:22-cv-07181
Clark v. DocuSign Inc
Key Events
Complaint
I. Executive Summary and Procedural Information
- Parties & Counsel:
- Plaintiff: Paul C. Clark (Maryland)
- Defendant: DocuSign, Inc. (Delaware)
- Plaintiff’s Counsel: Cahn & Samuels, LLP
- Case Identification: 3:22-cv-07181, N.D. Cal., 04/12/2021
- Venue Allegations: The complaint asserts that venue is proper in the District of Columbia, alleging Defendant conducts regular business, has customers, maintains a place of business, and solicits employees in that district.
- Core Dispute: Plaintiff alleges that Defendant’s electronic signature products and services infringe three patents related to methods and systems for securing communications between different network domains.
- Technical Context: The technology addresses security vulnerabilities in online transactions by creating a protected channel for data moving between a public-facing server and a secure, back-end application server.
- Key Procedural History: The complaint notes that the plaintiff, Dr. Clark, was previously retained by DocuSign as an expert witness in a separate patent litigation. The complaint also alleges that Dr. Clark notified DocuSign’s patent counsel of the patents-in-suit and the need for a license in October 2019, forming the basis for the willfulness allegation.
Case Timeline
| Date | Event |
|---|---|
| 2000-05-09 | Earliest Priority Date ('066, '957, '214 Patents) |
| 2014-04-08 | U.S. Patent No. 8,695,066 Issues |
| 2016-07-12 | U.S. Patent No. 9,391,957 Issues |
| 2018-11-13 | U.S. Patent No. 10,129,214 Issues |
| 2019-10-01 | Alleged Notice of Infringement Sent to DocuSign (approx. date) |
| 2021-04-12 | Complaint Filed |
II. Technology and Patent(s)-in-Suit Analysis
U.S. Patent No. 8,695,066 - “System and Method for Secure Communication Between Domains,” issued April 8, 2014
The Invention Explained
- Problem Addressed: The patent’s background identifies a security gap in conventional systems like SSL, which protect data between a user's browser and a web server but often leave traffic unprotected between that web server and the back-end application server residing on a more secure, trusted network (Compl. Ex. B, col. 1:15-39). This exposes sensitive data during high-value business-to-business (B2B) and business-to-consumer (B2C) transactions (Compl. Ex. B, col. 1:21-25).
- The Patented Solution: The invention proposes a method using two "logical units" as a secure gateway. A "first logical unit," facing the public network, receives user data, adds security services (e.g., encryption, digital signatures), and translates it to a target protocol. It then sends the "enhanced" data across the network to a "second logical unit" inside the trusted domain. This second unit reverses the process—it "de-enhances" the data, filters it, authorizes the transaction, and passes the clean data to the application server, all without requiring modification to the application itself (Compl. Ex. B, Abstract; col. 2:5-18). The architectural diagram in Figure 2 illustrates this flow, contrasting it with the prior art (Compl. Ex. B, Fig. 2).
- Technical Importance: This architecture allowed for the addition of high-assurance security services, such as authentication and non-repudiation, to existing network applications without altering their core code (Compl. Ex. B, col. 2:60-65).
Key Claims at a Glance
- The complaint asserts independent claim 1 (Compl. ¶13).
- The essential elements of claim 1 include:
- In a first logical unit: periodically calculating timestamps/hashes; transmitting a web form to a user; receiving data from the user; "enhancing" the data with security services; "translating" the data to a target protocol; and transmitting it across a public network.
- In a second logical unit: "de-enhancing" the data; filtering it to block unauthorized transmissions; authorizing the data; and transmitting it to an application.
- The method adds these security services "without apparent modification of the application."
U.S. Patent No. 9,391,957 - “System and Method for Secure Communication Between Domains,” issued July 12, 2016
The Invention Explained
- Problem Addressed: The patent, a continuation of the '066 Patent, addresses the same security vulnerabilities in communications between untrusted and trusted network domains (Compl. Ex. C, col. 1:15-39).
- The Patented Solution: The method described is nearly identical to that of the '066 Patent, involving a two-part process of enhancing, translating, transmitting, de-enhancing, and authorizing data. A key distinction in the asserted claim is the added requirement that the "first logical unit" resides on a "first physical platform" and the "second logical unit" resides on a "second logical platform," explicitly claiming a physically distributed architecture (Compl. Ex. C, col. 14:24-35). This reinforces the concept of a secure boundary between the two operational domains (Compl. Ex. C, Fig. 2).
- Technical Importance: This invention provides a method for securing transactions across different physical systems, which is a common architecture for separating public-facing services from internal, protected resources (Compl. Ex. C, col. 2:60-65).
Key Claims at a Glance
- The complaint asserts at least independent claim 2 (Compl. ¶27).
- The essential elements of claim 2 are substantially the same as claim 1 of the '066 Patent, with the additional limitations that:
- the first logical unit resides on a "first physical platform."
- the second logical unit resides on a "second logical platform."
Multi-Patent Capsule: U.S. Patent No. 10,129,214
- Patent Identification: U.S. Patent No. 10,129,214, “System and Method for Secure Communication Between Domains,” issued November 13, 2018 (Compl. ¶38).
- Technology Synopsis: As a further continuation in the patent family, this patent claims a system rather than a method. It describes a system comprising a "first logical unit including circuitry" and a "second logical unit including circuitry" configured to perform the same core functions of enhancing, translating, transmitting, de-enhancing, filtering, and authorizing data between two domains to provide security without modifying the end application (Compl. Ex. D, Abstract; col. 2:5-18). The technical problem and solution mirror those of the parent patents but are framed in terms of a physical system with configured hardware.
- Asserted Claims: The complaint asserts independent claim 1 (Compl. ¶40).
- Accused Features: The complaint alleges that DocuSign's electronic signature product, as a whole, constitutes the infringing system. This includes its computer systems configured to produce digital signatures, transmit web-based forms, receive user data, encrypt documents, and perform authorization (Compl. ¶¶41-42).
III. The Accused Instrumentality
Product Identification
- The complaint identifies "DocuSign's electronic signature product and service" and its "systems or methods for electronic signature and e-contracting" as the accused instrumentalities (Compl. ¶¶4, 13). The complaint includes a screenshot of a LinkedIn job posting for a "Sr. Manager Business Development" position in Washington, D.C. to support its allegations regarding Defendant’s business presence (Compl. p. 3).
Functionality and Market Context
- The complaint alleges the accused product performs a sequence of functions that map to the patent claims. This includes: providing digital signatures with Public Key Infrastructure (PKI) (Compl. ¶14); transmitting web-based forms from a server to a user (Compl. ¶15); receiving user input such as signatures (Compl. ¶16); encrypting documents (Compl. ¶17); submitting documents via a web protocol and delivering them via an email protocol (Compl. ¶18); transmitting data over public networks (Compl. ¶19); and verifying signatures, decrypting data, and performing user authorization on the receiving end (Compl. ¶20).
- The complaint alleges the product provides "electronic signature products and services" to a customer base that includes customers in the District of Columbia (Compl. ¶4). The complaint does not provide further detail for analysis of the product's specific market positioning.
IV. Analysis of Infringement Allegations
'066 Patent Infringement Allegations
| Claim Element (from Independent Claim 1) | Alleged Infringing Functionality | Complaint Citation | Patent Citation |
|---|---|---|---|
| periodically calculating timestamps and hashes | DocuSign’s product "offers digital signatures with PKI." | ¶14 | col. 14:22-24 |
| transmitting a web form to a node of a first domain...where the web form is displayed to a user | DocuSign's product "provides for transmitting a mobile or web-based form to and from a server." | ¶15 | col. 14:9-11 |
| receiving data input to said web form by the user | DocuSign's product "receives data input by user, e.g., signatures and other data." | ¶16 | col. 14:12-12 |
| enhancing the data by adding one or more security services | DocuSign's product "uses encryption to encrypt documents." | ¶17 | col. 14:13-14 |
| translating the received data from a first network application level protocol to a target network application level protocol | DocuSign's product "submits documents to be signed using a web protocol interface and delivers such documents using an email protocol interface." | ¶18 | col. 14:15-18 |
| transmitting the translated data across a public network | DocuSign's product provides for data transmission "over public networks." | ¶19 | col. 14:19-19 |
| de-enhancing the translated data | DocuSign's product "verifies digital signatures and decrypts the data." | ¶20 | col. 14:20-21 |
| filtering the translated data to block unauthorized transmissions | DocuSign's product "performs user authorization." | ¶20 | col. 14:22-23 |
| authorizing the filtered data and transmitting the filtered data to a node of the second domain for use in an application | DocuSign's product "performs user authentication." | ¶21 | col. 14:24-29 |
'957 Patent Infringement Allegations
| Claim Element (from Independent Claim 2) | Alleged Infringing Functionality | Complaint Citation | Patent Citation |
|---|---|---|---|
| periodically calculating timestamps and hashes | DocuSign’s product "offers digital signatures with PKI." | ¶28 | col. 14:10-13 |
| transmitting a web form to a node of a first domain...where the web form is displayed to a user | DocuSign's product "provides for transmitting a mobile or web based form to and from a server." | ¶29 | col. 14:14-16 |
| receiving data input to said web form by the user | DocuSign's product "receives data input by user, e.g., signatures and other data." | ¶30 | col. 14:17-17 |
| enhancing the data by adding one or more security services | DocuSign's product "uses encryption to encrypt documents." | ¶31 | col. 14:18-19 |
| translating the received data from a first network application level protocol to a target network application level protocol | DocuSign's product "submits documents to be signed using a web protocol interface and delivers such documents using an email protocol interface." | ¶32 | col. 14:20-23 |
| transmitting the translated data across a public network, the first logical unit residing on a first physical platform | DocuSign's product provides for data transmission over public networks and "includes a server running on a computer." | ¶33 | col. 14:24-25 |
| de-enhancing the translated data...filtering the translated data...authorizing the filtered data | DocuSign's product offering "verifies digital signatures and decrypts the data and performs user authorization." | ¶34 | col. 14:26-29 |
| transmitting the filtered data...the second logical unit residing on a second logical platform | DocuSign's product offering "performs user authentication on more than one computer." | ¶35 | col. 14:30-35 |
- Identified Points of Contention:
- Scope Questions: A central dispute may arise over whether DocuSign's process of using a "web protocol" for submission and an "email protocol" for delivery constitutes "translating... from a first network application level protocol to a target network application level protocol" as the term is used in the patents (Compl. ¶18; '066 Patent, col. 14:15-18). Another question is whether the product's general security and authorization features meet the specific, ordered steps of "de-enhancing," "filtering," and "authorizing" as claimed (Compl. ¶20; '066 Patent, col. 14:20-26).
- Technical Questions: The complaint alleges the "periodically calculating timestamps and hashes" limitation is met by DocuSign offering "digital signatures with PKI" (Compl. ¶14). A key technical question will be whether PKI-based signing is equivalent to the distinct, periodic calculation described in the patent specification, which is presented as a mechanism to prevent replay attacks (see '214 Patent, col. 12:50-54).
V. Key Claim Terms for Construction
The Term: "logical unit"
- Context and Importance: This term defines the fundamental building blocks of the invention. The claims require specific functions to be performed "in a first logical unit" and "in a second logical unit." The dispute will likely focus on whether DocuSign's software architecture contains components that map to these claimed units, particularly given the '957 Patent's requirement that they reside on separate "physical platforms."
- Intrinsic Evidence for Interpretation:
- Evidence for a Broader Interpretation: The specification provides a very broad definition: "any device having data processing and transmission capabilities... Logical units may be realized in circuitry, software or firmware that performs a particular function" ('066 Patent, col. 3:30-34). This could support an interpretation where the "units" are merely distinct software modules on one or more servers.
- Evidence for a Narrower Interpretation: The patent figures consistently depict the logical units as distinct architectural blocks separated by a firewall, suggesting a more structured and separated arrangement ('066 Patent, Fig. 2, items 20, 40). The explicit addition of "physical platform" language in the '957 Patent's claims further supports an interpretation requiring physical separation.
The Term: "translating the received data from a first network application level protocol to a target network application level protocol"
- Context and Importance: This limitation is critical to the plaintiff's infringement theory, which equates DocuSign's use of a "web protocol" and an "email protocol" with the claimed "translation" (Compl. ¶18). The viability of this allegation depends on the construed scope of "translating."
- Intrinsic Evidence for Interpretation:
- Evidence for a Broader Interpretation: The specification gives an example of converting "X.400 requests... to a target protocol... e.g., SMTP over IP" ('066 Patent, col. 5:1-4). Plaintiff may argue this shows an intent to cover any conversion between different types of application-layer protocols, such as from a web-based protocol (like HTTPS) to an email protocol (like SMTP).
- Evidence for a Narrower Interpretation: The specification explains that the purpose of translation is to encode the data into a "common transaction PDU," which "allows new protocols to be supported with little effort" ('066 Patent, col. 5:10-15). A defendant could argue that its system does not use a "common transaction PDU" and that the web submission and email delivery are simply two separate services, not a "translation" of a data object from one protocol to another.
VI. Other Allegations
- Indirect Infringement: The complaint does not plead a specific count for indirect (induced or contributory) infringement and focuses its allegations and prayer for relief on direct infringement (Compl. ¶¶13, 27, 40; Prayer for Relief).
- Willful Infringement: The complaint alleges that Defendant's infringement has been and continues to be willful (Compl. ¶1, 24, 37). The basis for this allegation is pre-suit knowledge stemming from an email Dr. Clark allegedly sent to DocuSign's patent counsel in October 2019, which identified the patents and asserted a need for a license (Compl. ¶22). The complaint alleges DocuSign continued its accused activities despite this notice (Compl. ¶23).
VII. Analyst’s Conclusion: Key Questions for the Case
- A core issue will be one of definitional scope: can the term "translating... from a first network application level protocol to a target network application level protocol" be construed to cover a workflow where a document is submitted via a web interface and subsequently delivered via an email system? Or does the patent require a more direct conversion of a single data transaction?
- A key evidentiary question will be one of functional mapping: what evidence will show that the accused DocuSign platform performs the specific, ordered steps of the claims, particularly the "periodically calculating timestamps and hashes" limitation, which the complaint supports with a general reference to "digital signatures with PKI"?
- The case presents a unique procedural and factual question: what legal or practical effect, if any, will arise from the plaintiff's prior role as a hired expert witness for the defendant in a separate patent case? This unusual background may be a factor in arguments related to willfulness or in settlement discussions.