DCT

3:24-cv-01609

UMBRA Tech Ltd Uk v. VMware Inc

Log In
Key Events
Complaint

I. Executive Summary and Procedural Information

  • Parties & Counsel:
  • Case Identification: 1:23-cv-00904, W.D. Tex., 08/02/2023
  • Venue Allegations: Venue is alleged to be proper in the Western District of Texas because Defendant VMware, Inc. maintains a regular and established place of business in Austin, Texas, and has allegedly committed acts of infringement in the district.
  • Core Dispute: Plaintiff alleges that Defendant’s network virtualization and software-defined networking products infringe four patents related to secure network optimization, global virtual networks, and high-performance data transfer methods.
  • Technical Context: The technology at issue pertains to Software-Defined Wide Area Networking (SD-WAN) and Global Virtual Networks (GVNs), which aim to improve the security, speed, and reliability of network connections over standard internet infrastructure.
  • Key Procedural History: The complaint alleges that Defendant had pre-suit knowledge of the patented technology stemming from discussions between the parties occurring in or near May 2016, which may form the basis for its willful infringement claims.

Case Timeline

Date Event
2015-01-28 U.S. Patent No. 10,630,505 Priority Date
2015-04-07 U.S. Patent No. 10,574,482 Priority Date
2015-04-07 U.S. Patent No. 11,108,595 Priority Date
2016-04-26 U.S. Patent No. 11,146,632 Priority Date
2016-05-01 Alleged pre-suit knowledge of technology by Defendant (approx.)
2020-02-25 U.S. Patent No. 10,574,482 Issued
2020-04-21 U.S. Patent No. 10,630,505 Issued
2021-08-31 U.S. Patent No. 11,108,595 Issued
2021-10-12 U.S. Patent No. 11,146,632 Issued
2023-08-02 Complaint Filed

II. Technology and Patent(s)-in-Suit Analysis

U.S. Patent No. 10,574,482 - “MULTI-PERIMETER FIREWALL IN THE CLOUD”

  • Patent Identification: U.S. Patent No. 10,574,482, “MULTI-PERIMETER FIREWALL IN THE CLOUD,” issued February 25, 2020.

The Invention Explained

  • Problem Addressed: The patent’s background section describes the limitations of traditional firewalls, which are typically placed at the edge of a local network, and the inefficiencies that arise when routing all traffic from a remote branch through a central corporate gateway to access the internet (’482 Patent, col. 1:59-col. 2:12). This architecture can introduce significant latency and struggles to adapt to cloud-based environments (Compl. ¶15).
  • The Patented Solution: The invention proposes a system of distributed firewalls placed at multiple perimeters within a "global virtual network" (GVN) in the cloud (’482 Patent, Abstract). It discloses a first firewall performing stateful packet inspection (SPI) and a second firewall performing deep packet inspection (DPI), with the two firewalls being in communication to share threat information, thereby creating a more robust and flexible security architecture for virtualized networks (’482 Patent, col. 2:36-58).
  • Technical Importance: This approach increases the utility of firewalls by extending their functionality into the cloud, addressing network administrators' sensitivities regarding firewall placement and improving security for virtualized traffic (Compl. ¶15).

Key Claims at a Glance

  • The complaint asserts infringement of claims 1-9 (Compl. ¶29). Independent claim 1 is central to the allegations.
  • The essential elements of independent claim 1 include:
    • A network system comprising an egress ingress point device, a first access point server, a second access point server, and an endpoint device.
    • A first perimeter firewall in communication with the first access point server that performs stateful packet inspection.
    • A second perimeter firewall in communication with the second access point server that performs deep packet inspection.
  • The complaint reserves the right to amend its infringement contentions (Compl. ¶28).

U.S. Patent No. 10,630,505 - “SYSTEM AND METHOD FOR A GLOBAL VIRTUAL NETWORK”

  • Patent Identification: U.S. Patent No. 10,630,505, “SYSTEM AND METHOD FOR A GLOBAL VIRTUAL NETWORK,” issued April 21, 2020.

The Invention Explained

  • Problem Addressed: The patent identifies problems with long-distance network connectivity and throughput arising from distance, protocol limitations, peering issues, and interference (’505 Patent, col. 1:31-34; Compl. ¶16).
  • The Patented Solution: The invention describes a network system with a control server and multiple intermediate access point servers that establish a plurality of end-to-end tunnels between devices (’505 Patent, Claim 1). This architecture creates a "neutral third layer of a virtualized network" that allows traffic to be managed more effectively than if it were transiting the standard internet (’505 Patent, col. 34:1-11). The control server selects the optimal tunnel for communications based on information it receives from the access point servers (’505 Patent, Claim 1).
  • Technical Importance: The invention aims to increase versatility in managing network traffic and improve performance over long distances by creating an optimized virtual network overlay (Compl. ¶16).

Key Claims at a Glance

  • The complaint asserts infringement of claim 1 (Compl. ¶42).
  • The essential elements of independent claim 1 include:
    • A network system comprising a first device, a second device, a plurality of intermediate access point servers, and a control server.
    • The plurality of intermediate access point servers form a plurality of end-to-end tunnels connecting the first and second devices.
    • The control server receives information from at least one access point server.
    • The control server selects one of the plurality of end-to-end tunnels for communication based on the received information.
  • The complaint reserves the right to amend its infringement contentions (Compl. ¶41).

U.S. Patent No. 11,108,595 - “SYSTEMS AND METHODS FOR PROVIDING A GLOBAL VIRTUAL NETWORK (GVN)”

  • Patent Identification: U.S. Patent No. 11,108,595, “SYSTEMS AND METHODS FOR PROVIDING A GLOBAL VIRTUAL NETWORK (GVN),” issued August 31, 2021.
  • Technology Synopsis: The complaint alleges this invention resolves technical problems related to building a data tunnel in a network by developing and transmitting an ordered list of available servers (’595 Patent, col. 11:15-20). The system prioritizes servers based on expected performance and other device-specific contextual information to increase network efficiency and effectiveness (Compl. ¶17).
  • Asserted Claims: Claim 1 (Compl. ¶55).
  • Accused Features: The complaint alleges that VMware’s network virtualization products, including VMware SD-WAN, utilize the patented inventions (Compl. ¶53).

U.S. Patent No. 11,146,632 - “DATA BEACON PULSER(S) POWERED BY INFORMATION SLINGSHOT”

  • Patent Identification: U.S. Patent No. 11,146,632, “DATA BEACON PULSER(S) POWERED BY INFORMATION SLINGSHOT,” issued October 12, 2021.
  • Technology Synopsis: This invention addresses inefficiencies of standard internet protocols (TCP/IP, UDP/IP) over long distances (’632 Patent, col. 6:20-32). It discloses a "data beacon" system with two nodes, each having a parallel file system, where one node writes data directly to the other's file system, which allegedly offers superior speed and reliability compared to conventional protocols (Compl. ¶18).
  • Asserted Claims: Claims 1 and 7 (Compl. ¶68).
  • Accused Features: The complaint alleges that VMware’s network virtualization products infringe by incorporating the patented data transfer technology (Compl. ¶66).

III. The Accused Instrumentality

Product Identification

  • The accused instrumentalities are Defendant’s network virtualization products and services, including but not limited to VMware SD-WAN, VMware NSX software-defined data center, VMware vSphere, and VMware Horizon (Compl. ¶27).

Functionality and Market Context

  • The complaint alleges these products are used to implement "virtualized network architectures" for customers (Compl. ¶14). These systems are designed to create and manage software-defined networks that overlay traditional internet infrastructure, a market in which the complaint asserts the patents-in-suit have significant commercial value (Compl. ¶14). No probative visual evidence provided in complaint.

IV. Analysis of Infringement Allegations

The complaint references preliminary infringement charts as Exhibits 5, 6, 7, and 8, but these exhibits were not filed with the complaint. The narrative infringement theories are summarized below.

’482 Patent Infringement Allegations

The complaint alleges that the Accused Instrumentalities, such as VMware SD-WAN, create a multi-perimeter firewall system in a virtualized network, thereby infringing claims 1-9 of the ’482 patent (Compl. ¶¶27, 29). The core theory appears to be that VMware's distributed security features, when deployed in a cloud environment, map onto the claimed system of a first firewall performing stateful inspection and a second, communicating firewall performing deep packet inspection.

’505 Patent Infringement Allegations

The complaint alleges that the Accused Instrumentalities infringe claim 1 of the ’505 patent by operating as a global virtual network (Compl. ¶¶40, 42). The infringement theory suggests that VMware’s system, likely with its SD-WAN Orchestrator, functions as the claimed "control server" that manages a plurality of "intermediate access point servers" (e.g., VMware SD-WAN Edges or Gateways) to select an optimal end-to-end tunnel for network traffic.

  • Identified Points of Contention:
    • Scope Questions: A central question for the '482 patent will be whether VMware's integrated security architecture can be separated into the distinct "first perimeter firewall" and "second perimeter firewall" required by claim 1, or if it constitutes a single, non-infringing system. For the '505 patent, a dispute may arise over whether VMware's SD-WAN Orchestrator meets the claim limitations of a "control server" that "selects one" specific tunnel for communication.
    • Technical Questions: The analysis for the '482 patent may turn on what evidence shows that distinct components within VMware's products perform the separate functions of stateful packet inspection and deep packet inspection and subsequently "share threat information" as the patent requires (’482 Patent, col. 2:51-58). For the '505 patent, a key question is what evidence demonstrates that VMware's system selects a single tunnel from a plurality based on information from access points, as opposed to using a different method like per-packet load balancing across multiple paths.

V. Key Claim Terms for Construction

’482 Patent: "first perimeter firewall" and "second perimeter firewall"

  • The Term: "first perimeter firewall" ... "second perimeter firewall" (appearing in claim 1).
  • Context and Importance: The construction of these terms is critical to determining whether VMware’s allegedly integrated security functions can be mapped onto the claimed two-firewall system. Practitioners may focus on these terms because the infringement case depends on Plaintiff's ability to identify two separate, communicating firewall structures within the accused products.
  • Intrinsic Evidence for Interpretation:
    • Evidence for a Broader Interpretation: The claims require the firewalls to be "in communication with" their respective access point servers, but do not strictly limit their physical or logical implementation, which may support an argument that logically distinct software modules within a single system could satisfy the limitations.
    • Evidence for a Narrower Interpretation: The claim recites two distinct elements ("a first perimeter firewall" and "a second perimeter firewall") and the specification describes them sharing threat information, which may suggest they are structurally or operationally separate components, not merely different functions of a monolithic system (’482 Patent, Claim 1; col. 2:51-58).

’505 Patent: "control server"

  • The Term: "control server" (appearing in claim 1).
  • Context and Importance: The definition of this term will be central to determining if VMware's SD-WAN Orchestrator, or a similar management component, meets the limitations of the asserted claim. Practitioners may focus on this term as Defendant may argue its distributed control plane architecture does not contain a single "control server" that performs the claimed functions.
  • Intrinsic Evidence for Interpretation:
    • Evidence for a Broader Interpretation: The claim requires the control server to "receive information" and "select" a tunnel, functional limitations that could potentially be performed by a distributed or cloud-based management plane rather than a single, standalone hardware server.
    • Evidence for a Narrower Interpretation: The patent consistently depicts the control server as a distinct architectural component (e.g., SRV_CNTRL 12-200 in FIG. 12 of the ’505 Patent). The claim language recites "a control server," singular, which may support an interpretation requiring a discrete entity.

VI. Other Allegations

  • Indirect Infringement: The complaint alleges induced infringement, stating that Defendant actively aids and abets infringement by distributing the accused products and providing materials and services that instruct partners and customers on their use (Compl. ¶¶31-32, 44-45). It also pleads contributory infringement, alleging the products are material components especially made for infringement and not suitable for substantial non-infringing use (Compl. ¶¶34, 47).
  • Willful Infringement: Willfulness is alleged based on Defendant’s purported knowledge of the patents-in-suit. This knowledge is claimed to stem from "in-person, telephonic and email discussions between representatives for VMware or its affiliates and UMBRA pertaining to UMBRA’s intellectual property... occurring in or near May 2016" (Compl. ¶¶30, 35, 43).

VII. Analyst’s Conclusion: Key Questions for the Case

  • A core issue will be one of architectural mapping: Can Plaintiff demonstrate that VMware’s integrated, software-defined products contain the specific, distinct components required by the patent claims, such as the "first" and "second" perimeter firewalls of the ’482 patent or the distinct "control server" of the ’505 patent? The case may depend on whether these claim elements can be construed to cover logically separate functions within a unified software architecture.
  • A key evidentiary question will concern pre-suit knowledge: What was the substance of the alleged May 2016 discussions between the parties, and did those discussions provide VMware with knowledge of the specific patents-in-suit (or their direct technological antecedents) sufficient to support a finding of willful infringement?
  • A central technical question will be one of functional operation: Does VMware’s dynamic path optimization perform the claimed function of "selecting one" tunnel for communication from a plurality, as required by the ’505 patent, or does it operate on a different technical principle, such as per-packet load balancing, that may fall outside the claim’s scope?