DCT

4:25-cv-06259

Valtrus Innovations Ltd v. Cloudflare Inc

Log In
Key Events
Amended Complaint

I. Executive Summary and Procedural Information

  • Parties & Counsel:
    • Plaintiff: Valtrus Innovations Ltd. and Key Patent Innovations Limited (Republic of Ireland)
    • Defendant: Cloudflare, Inc. (Delaware)
    • Plaintiff’s Counsel: Irell & Manella LLP
  • Case Identification: Valtrus Innovations Ltd. v. Cloudflare, Inc., 5:25-cv-06259, N.D. Cal., 08/20/2025
  • Venue Allegations: Venue is alleged to be proper in the Northern District of California because Defendant maintains its corporate headquarters and multiple regular and established places of business in the district, and has committed acts of alleged infringement there.
  • Core Dispute: Plaintiffs allege that Defendant’s server infrastructure, which utilizes specific AMD processors, infringes two patents related to computer system resource access control and hardware-based utilization metering.
  • Technical Context: The dispute centers on processor-level security architectures and performance monitoring hardware, technologies fundamental to the operation of modern cloud computing and data center infrastructure.
  • Key Procedural History: The complaint alleges that Plaintiffs sent Defendant a notice letter on December 22, 2023, regarding other patents in their portfolio and stating an intent to "bring additional patents" to Defendant's attention, which Plaintiffs now assert as a basis for pre-suit knowledge supporting willful infringement.

Case Timeline

Date Event
2002-07-23 ’809 Patent Priority Date
2004-08-03 ’539 Patent Priority Date
2004-11-09 ’809 Patent Issue Date
2011-04-19 ’539 Patent Issue Date
2023-12-22 Plaintiffs sent notice letter to Defendant regarding other patents
2025-08-20 Complaint Filing Date

II. Technology and Patent(s)-in-Suit Analysis

U.S. Patent No. 7,930,539 - "Computer system resource access control," issued April 19, 2011 (’539 Patent)

The Invention Explained

  • Problem Addressed: In conventional computer architectures, a poorly designed or malicious program can modify critical system resources, potentially causing the operating system or other applications to crash. While privilege levels offer some protection, they may be insufficient to prevent software with the highest privilege (e.g., the operating system kernel) from accessing and corrupting certain fundamental resources. (’539 Patent, col. 1:21-46).
  • The Patented Solution: The patent describes a resource access control method that introduces a "protected mode of operation." When the computer system is in this mode, access to designated "protected resources" is denied to all software programs, regardless of their privilege level. When the system is not in protected mode, access is governed by the traditional privilege-level hierarchy. This creates a hardware-enforced barrier that can wall off critical configuration data even from the most trusted software. (’539 Patent, Abstract; col. 2:48-59).
  • Technical Importance: This approach provides a mechanism for creating highly secure, partitioned computing environments where the foundational rules of a partition cannot be altered by the software running within it, including its operating system. (’539 Patent, col. 7:15-29).

Key Claims at a Glance

  • The complaint asserts at least independent claim 1. (Compl. ¶15).
  • Claim 1 Elements:
    • Receiving a request from a software program to access a specified one of a plurality of resources.
    • Determining whether the specified resource is a protected resource.
    • If it is a protected resource, then:
      • Denying the request if the computer system is operating in a protected mode of operation, regardless of the software program's access rights.
      • Processing the request based on the software program's access rights if the computer system is not operating in the protected mode.
  • The complaint does not explicitly reserve the right to assert dependent claims.

U.S. Patent No. 6,816,809 - "Hardware based utilization metering," issued November 9, 2004 (’809 Patent)

The Invention Explained

  • Problem Addressed: Accurately metering processor usage for billing in pay-per-use systems is challenging, especially in partitioned hardware running multiple, isolated operating systems. Software-based metering agents may not be installable, can fail due to network issues, or may be incompatible across different operating systems, leading to inaccurate data. (Compl. ¶40; ’809 Patent, col. 1:19-45).
  • The Patented Solution: The patent proposes a hardware-based device to solve this problem. The device includes a hardware "state indicator" coupled to the CPU to determine if it is in a "first state" (e.g., a busy state). A hardware counter, receiving input from both the state indicator and a system clock, generates a value indicative of the time the CPU spends in that state. This hardware-level data can then be provided by a "data usage provider," creating an OS-agnostic and reliable utilization metric. (’809 Patent, Abstract; col. 4:1-13).
  • Technical Importance: The invention enables reliable and accurate processor usage billing for partitioned servers and early cloud computing models, where customers are charged only for the actual computing capacity they consume. (Compl. ¶39; ’809 Patent, col. 2:45-50).

Key Claims at a Glance

  • The complaint asserts at least method claims 13 and 14. (Compl. ¶46, ¶61).
  • Claim 13 Elements (Independent):
    • Determining when any of a plurality of processors is busy.
    • Providing a busy indication to a counter associated with a busy processor.
    • Receiving at the counter a measure of computer system time.
    • Incrementing a counter value in the counter based on the provided busy indication and an amount of computer system time that the processor is determined to be busy.
    • Maintaining the counter value.
  • The complaint does not explicitly reserve the right to assert other dependent claims.

III. The Accused Instrumentality

Product Identification

  • The Accused Products are Cloudflare's server-based offerings, including its SSE and SASE platform, application security services, and network services like Cloudflare One and Zero Trust. The infringement allegations focus on the functionality of the AMD EPYC processors (specifically the 7642 "Gen X," 7713 "Gen 11," and 9684X "Gen 12" models) used in the servers that run these services. (Compl. ¶16, ¶19, ¶47).

Functionality and Market Context

  • The complaint alleges that the accused AMD EPYC processors incorporate an ARM-based "AMD Secure Processor," which uses ARM TrustZone technology. This technology creates a "Normal world" (non-secure) and a "Secure world" for processing, with a "Secure Monitor" controlling transitions between them. (Compl. ¶19, ¶23). The complaint presents a diagram from an AMD presentation describing this as a "Dedicated Security Subsystem" that provides a "Hardware root of trust." (Compl. p. 5).
  • The complaint also alleges these processors contain hardware-based "performance-monitoring counters" (PMCs), including the MPERF (Max Performance Frequency Clock Count) and APERF (Actual Performance Frequency Clock Count) registers. These counters are alleged to measure processor activity by counting clock cycles only when a processor core is in the active "C0 state." (Compl. ¶52, ¶58). These features are alleged to be used for measuring processor utilization. (Compl. ¶50).

IV. Analysis of Infringement Allegations

’539 Patent Infringement Allegations

Claim Element (from Independent Claim 1) Alleged Infringing Functionality Complaint Citation Patent Citation
receiving a request from a software program to access a specified one of the plurality of resources A software program, such as a TrustZone API driver in the "Normal world," requests access to a resource like secure application code. ¶21 col. 2:50-51
determining whether the specified one of the plurality of resources is a protected resource The ARM-based AMD Secure Processor determines that a resource, such as code intended to run in the "Secure world," is a protected resource. ¶23 col. 2:51-53
if the specified one of the plurality of resources is a protected resource, ... denying the request if the computer system is operating in a protected mode of operation If a specific configuration bit (SCR.SCD) is set to 1, this allegedly places the system in a "protected mode." In this mode, the Secure Monitor Call (SMC) instruction needed to enter the Secure world is disabled, thus denying the request. ¶27 col. 2:54-56
processing the request based on the access rights associated with the software program if the computer system is not operating in the protected mode of operation If the SCR.SCD bit is set to 0 (not in "protected mode"), the SMC instruction is enabled, and the request to access the secure resource is processed based on applicable access rights. ¶29 col. 2:56-59

’809 Patent Infringement Allegations

Claim Element (from Independent Claim 13) Alleged Infringing Functionality Complaint Citation Patent Citation
determining when any of the plurality of processors is busy The AMD EPYC processor determines that a processor core is "busy" when it is in the ACPI defined C0 state, meaning it is executing instructions. ¶52 col. 2:63-65
providing a busy indication to a counter associated with a busy processor The processor core being in the C0 state acts as a "busy indication" that enables the APERF and MPERF performance counters to increment. ¶54 col. 3:1-2
receiving at the counter a measure of computer system time The APERF counter receives the core clock as a pulse train, which is a measure of computer system time. ¶56 col. 4:1-4
incrementing a counter value...based on the provided busy indication and an amount of computer system time that the processor is determined to be busy The APERF counter increments in proportion to the number of core clock cycles that occur while the core is in the busy C0 state. ¶58 col. 3:2-5
maintaining the counter value The APERF and MPERF counters are read/write registers that preserve their values for access by software, thereby maintaining the counter value. ¶60 col. 3:5-6

Identified Points of Contention

  • Scope Questions: A central question for the ’539 Patent will be whether the ARM TrustZone architecture, which segregates a system into "Normal" and "Secure" worlds, can be properly characterized as implementing a singular "protected mode of operation" as claimed. Similarly, for the ’809 Patent, a dispute may arise over whether general-purpose hardware performance counters (PMCs) fall within the scope of a "hardware based utilization metering device," a term the patent repeatedly links to pay-per-use billing.
  • Technical Questions: What evidence does the complaint provide that setting the SCR.SCD bit in the accused processors functions as a system-wide "protected mode" that denies access to a class of "protected resources," as opposed to merely altering the behavior of the SMC instruction for transitioning between security worlds? For the ’809 Patent, the complaint alleges the APERF/MPERF counters can be used to measure utilization (Compl. ¶50), but raises the question of whether their primary function of calculating effective frequency is equivalent to the "metering" function described in the patent.

V. Key Claim Terms for Construction

’539 Patent

  • The Term: "protected mode of operation"
  • Context and Importance: The entire infringement theory for the ’539 Patent hinges on mapping the accused processor's state when the SCR.SCD bit is set to this claimed "mode." Practitioners may focus on this term because its definition will determine if the ARM TrustZone security model falls within the patent's scope.
  • Intrinsic Evidence for Interpretation:
    • Evidence for a Broader Interpretation: The claims define the mode functionally: a mode where a request is denied "regardless of access rights associated with the software program including software programs having a most-privileged level." (’539 Patent, cl. 1). This functional language could be argued to encompass any hardware state that achieves this outcome.
    • Evidence for a Narrower Interpretation: The specification describes the mode as one in which "all software programs ... are denied access to the protected resources." (’539 Patent, col. 3:39-43). This could suggest a global, system-wide state, which may be narrower than the accused functionality tied to the availability of the Secure Monitor Call instruction.

’809 Patent

  • The Term: "hardware based utilization metering device"
  • Context and Importance: This term from the preamble of claim 1 (though claim 13 is a method claim, its context is derived from the device claims and specification) is critical to defining the invention's purpose. The dispute will likely center on whether a general-purpose processor component designed for performance monitoring (like the accused PMCs) is properly considered a "metering device."
  • Intrinsic Evidence for Interpretation:
    • Evidence for a Broader Interpretation: The patent's abstract describes a structural combination: "a state indicator," "a counter," and "a system clock." One could argue that any hardware structure meeting these structural descriptions, like the accused PMC system, infringes regardless of its intended commercial purpose. (’809 Patent, Abstract).
    • Evidence for a Narrower Interpretation: The patent is titled "Hardware based utilization metering" and its background section explicitly frames the invention as a solution for "pay-per-use systems" and "billing." (’809 Patent, col. 1:5-8). A defendant may argue that the term should be limited to hardware specifically designed or used for this commercial metering application, not for general performance analysis.

VI. Other Allegations

  • Indirect Infringement: The complaint alleges that Cloudflare induces infringement of both patents by selling and offering for sale the Accused Products with the intent to "encourage and facilitate infringing uses of those products." (Compl. ¶31, ¶65).
  • Willful Infringement: The complaint alleges willful infringement of both patents based on pre-suit knowledge. The basis for this knowledge is a December 22, 2023 notice letter from Valtrus to Cloudflare, which allegedly identified infringement of "other patents" in Valtrus's portfolio and stated that Valtrus would "bring additional patents ... to [Cloudflare's] attention as appropriate." (Compl. ¶30, ¶34, ¶64, ¶68).

VII. Analyst’s Conclusion: Key Questions for the Case

  • A core issue will be one of architectural mapping: does the accused ARM TrustZone architecture, with its dual "Normal" and "Secure" worlds, constitute the same invention as the claimed system that switches into and out of a single "protected mode of operation," or is this an attempt to apply the patent's language to a technologically distinct security model?
  • A key evidentiary question will be one of functional purpose: can general-purpose hardware components for performance monitoring, such as the accused APERF/MPERF counters, be legally defined as a "hardware based utilization metering device" under the ’809 patent, whose specification is focused on the specific commercial problem of pay-per-use billing?
  • A central legal question for willfulness and damages will be whether a general notice letter, which mentions a patent portfolio and a potential for future assertions without naming the specific patents-in-suit, is sufficient to establish the "knowledge of the patent and infringement" required to support a claim of willful infringement.