DCT

3:24-cv-02146

PacSec3 LLC v. Radware Inc

Log In
Key Events
Complaint
complaint

I. Executive Summary and Procedural Information

  • Parties & Counsel:
  • Case Identification: 5:24-cv-02146, N.D. Cal., 04/10/2024
  • Venue Allegations: Venue is alleged to be proper in the Northern District of California because Defendant maintains a regular and established place of business in the district and has committed the alleged acts of infringement there.
  • Core Dispute: Plaintiff alleges that Defendant’s firewall and related security systems infringe a patent related to defending against data packet flood attacks.
  • Technical Context: The technology relates to network security systems designed to mitigate denial-of-service (DoS) attacks by identifying and rate-limiting unwanted data packets based on their network path rather than solely on their source address.
  • Key Procedural History: The patent-in-suit, a continuation of an earlier patent, was the subject of an ex parte reexamination proceeding. In a certificate issued in 2023, the U.S. Patent and Trademark Office cancelled several claims but confirmed the patentability of the two claims asserted in this complaint, claims 7 and 10. This history may influence arguments regarding the patent’s validity.

Case Timeline

Date Event
2000-11-16 '497 Patent Priority Date
2009-04-21 '497 Patent Issue Date
2023-05-22 '497 Patent Reexamination Certificate Issued
2024-04-10 Complaint Filing Date

II. Technology and Patent(s)-in-Suit Analysis

U.S. Patent No. 7,523,497 - “PACKET FLOODING DEFENSE SYSTEM”

  • Issued: April 21, 2009

The Invention Explained

  • Problem Addressed: The patent seeks to solve the problem of "packet flooding attacks," a type of denial-of-service attack where a malicious actor overwhelms a victim’s network bandwidth with useless data ('497 Patent, col. 2:7-11). The patent notes that a key difficulty in defending against such attacks is that the attacker can falsify the source address of the data packets, making it difficult to identify and block the malicious traffic without affecting legitimate users ('497 Patent, col. 2:3-6).
  • The Patented Solution: The invention describes a distributed defense system where routers and end-point computers ("sites") cooperate to trace and mitigate attacks. The system relies on routers to provide "attacker-independent information" about the path a packet has traveled through the network ('497 Patent, col. 3:62-4:5). A victim computer or firewall can use this path information to identify the specific network route delivering unwanted traffic and then request that an upstream router limit the rate of data being forwarded from that specific path, thereby neutralizing the attack closer to its source ('497 Patent, Abstract; col. 3:2-12).
  • Technical Importance: This approach represented a shift from defenses that rely on potentially spoofed packet header information (like source IP addresses) to a defense based on the verifiable forwarding path of the packets themselves ('497 Patent, col. 3:62-65).

Key Claims at a Glance

  • The complaint asserts independent method claims 7 and 10 ('Compl. ¶14).
  • Claim 7 (asserted against a host computer):
    • Determining a path by which data packets arrive at a host computer via packet marks provided by routers leading to the host computer;
    • Classifying received data packets into "wanted" and "unwanted" packets by path;
    • Associating a maximum acceptable processing rate with each class of data packet; and
    • Allocating a processing rate for the unwanted data packets that is less than or equal to the maximum acceptable rate.
  • Claim 10 (asserted against a router):
    • Determining a path by which data packets arrive at a router via packet marks provided by other routers;
    • Classifying received data packets by path;
    • Associating a maximum acceptable transmission rate with each class of data packet; and
    • Allocating a transmission rate for unwanted packets that is equal to or less than the maximum acceptable rate.
  • The complaint notes that Plaintiff reserves the right to amend its allegations based on discovery ('Compl. p. 4, n.1).

III. The Accused Instrumentality

Product Identification

The complaint identifies the accused instrumentalities as "one or more firewall systems" sold by Radware, specifically naming "Behavioral DoS, and related services" ('Compl. ¶14, ¶16).

Functionality and Market Context

The complaint alleges these products are used for defense against data packet flood attacks ('Compl. ¶13). It asserts that Radware manufactures, uses, sells, and offers these products for sale throughout the United States ('Compl. ¶14, ¶2). The complaint does not provide specific technical details about the operational mechanisms of the accused products beyond these general descriptions.

IV. Analysis of Infringement Allegations

The complaint alleges that Radware’s firewall and "Behavioral DoS" products and services infringe claims 7 and 10 of the '497 Patent ('Compl. ¶14, ¶16). The complaint states that detailed support for its infringement allegations for claim 10 is provided in an attached Exhibit B claim chart ('Compl. ¶15, ¶23). However, as that exhibit was not included with the public filing, the specific factual basis for the infringement allegation is not detailed in the provided document. The narrative theory is that Radware's systems, and the use of those systems by its customers, practice all steps of the asserted method claims ('Compl. ¶14, ¶16).

No probative visual evidence provided in complaint.

V. Key Claim Terms for Construction

  • The Term: "packet marks provided by routers"

  • Context and Importance: This term is the central mechanism of the claimed invention for tracing a packet's journey. The outcome of the infringement analysis will depend heavily on whether the accused Radware system uses a technique that falls within the scope of this term. Practitioners may focus on this term because it distinguishes the invention from prior art systems that relied solely on sender-controlled information like a source IP address.

  • Intrinsic Evidence for Interpretation:

    • Evidence for a Broader Interpretation: The specification describes the goal as using "attacker-independent information about the path a packet takes" ('497 Patent, col. 3:65-col. 4:2). This could support an argument that any data reliably added by a router that allows for path reconstruction, regardless of its specific format, constitutes a "packet mark."
    • Evidence for a Narrower Interpretation: The patent describes a "cooperating neighborhood" of routers and sites working together ('497 Patent, col. 2:31-34). The description of allocating bandwidth "via packet marks provided by routers" ('497 Patent, col. 3:64-65) could support a narrower construction requiring an explicit marking system implemented for the specific purpose of this cooperative defense, rather than merely re-purposing incidental data that a router might add.

  • The Term: "path"

  • Context and Importance: The definition of "path" determines the scope of the tracing and classification steps. The claims state the path comprises "all routers in said network via which said packets are routed" ('497 Patent, col. 9:4-6; col. 10:32-34). The breadth of this "all routers" language will be a critical point of contention.

  • Intrinsic Evidence for Interpretation:

    • Evidence for a Broader Interpretation: The claim language itself ("all routers in said network") facially suggests a comprehensive, end-to-end route, providing a broad scope for this element.
    • Evidence for a Narrower Interpretation: The specification heavily emphasizes the concept of a "cooperating neighborhood" and associating packets with "places" within that neighborhood ('497 Patent, col. 2:31-41). A "place" is defined as "typically a particular interface from which a packet arrived at a cooperating router" ('497 Patent, col. 2:41-43). This context could be used to argue that "path" should be understood as the route within this defined neighborhood, not necessarily the entire internet route from the original source.

VI. Other Allegations

  • Indirect Infringement: The complaint pleads both induced and contributory infringement. Inducement is based on allegations that Radware "actively encouraged or instructed" its customers on how to use the accused products in an infringing manner ('Compl. ¶16). Contributory infringement is based on the allegation that the accused products have no "substantial noninfringing uses" ('Compl. ¶17).
  • Willful Infringement: Willfulness is alleged based on Defendant’s knowledge of the '497 Patent "from at least the filing date of the lawsuit" ('Compl. ¶16, ¶17). The complaint also makes general allegations of willfulness and states that Defendant "made no attempt to design around the claims" ('Compl. ¶18, ¶19).

VII. Analyst’s Conclusion: Key Questions for the Case

  • A primary evidentiary question will be one of technical operation: does Radware’s accused "Behavioral DoS" technology actually determine a packet’s origin using "packet marks provided by routers" as required by the claims, or does it rely on a different, potentially non-infringing method such as heuristic analysis of traffic patterns or traditional IP address filtering?
  • A central legal issue will be one of definitional scope: how will the court construe the term "path", and specifically the phrase "all routers in said network"? Whether this is interpreted to mean the entire internet route or a more limited route within a cooperative system will be critical to the infringement analysis.
  • A key strategic question will be the impact of the reexamination: how will the fact that asserted claims 7 and 10 were reviewed and confirmed by the PTO, while other claims were cancelled, influence the case? This history strengthens the claims' presumption of validity and may focus the dispute more intensely on questions of non-infringement and claim construction.