DCT
4:25-cv-06807
PacSec3 LLC v. Alibaba Cloud US LLC
I. Executive Summary and Procedural Information
- Parties & Counsel:
- Plaintiff: PacSec3 LLC, LLC (Texas)
- Defendant: Alibaba Cloud US LLC and Alibaba.Com LLC (Delaware)
- Plaintiff’s Counsel: David J. Hoffman
- Case Identification: 1:25-cv-00678, S.D.N.Y., 07/31/2025
- Venue Allegations: Plaintiff alleges venue is proper in the Southern District of New York because Defendant maintains a "regular and established place of business" in the district and has committed acts of infringement there.
- Core Dispute: Plaintiff alleges that Defendant’s Alibaba Anti-DDoS service infringes a patent related to a system for defending against network-based packet flooding attacks.
- Technical Context: The technology at issue involves methods for mitigating Distributed Denial of Service (DDoS) attacks, a critical security function for maintaining the availability of online services and infrastructure.
- Key Procedural History: The complaint notes that Plaintiff and its predecessors-in-interest have entered into settlement licenses concerning its patents with other entities. Notably, the patent-in-suit, U.S. Patent No. 7,523,497, survived an ex parte reexamination where the asserted Claim 10 was confirmed as patentable, while other claims were cancelled. Plaintiff identifies itself as a non-practicing entity.
Case Timeline
| Date | Event |
|---|---|
| 2000-11-16 | '497 Patent Priority Date |
| 2009-04-21 | '497 Patent Issue Date |
| 2023-05-22 | Ex Parte Reexamination Certificate Issued for '497 Patent |
| 2025-07-31 | Complaint Filing Date |
II. Technology and Patent(s)-in-Suit Analysis
U.S. Patent No. 7,523,497 - "PACKET FLOODING DEFENSE SYSTEM"
- Patent Identification: U.S. Patent No. 7,523,497, "PACKET FLOODING DEFENSE SYSTEM," issued April 21, 2009 (’497 Patent).
The Invention Explained
- Problem Addressed: The patent addresses "packet flooding attacks" where an attacker overwhelms a victim's network bandwidth with useless data, rendering services slow or unavailable (’497 Patent, col. 2:6-11). A key challenge identified is that attackers can falsify the source address of malicious packets, which confounds defenses that rely on that information to identify and block the attacker (’497 Patent, col. 2:1-5).
- The Patented Solution: The invention proposes a distributed defense system where routers and the targeted site (the "victim") cooperate. Instead of relying on a packet's unreliable source address, the system traces the actual forwarding path the packet took through the network. This is achieved through "packet marks" provided by cooperating routers along the path (’497 Patent, col. 8:18-24). The victim site can then identify unwanted traffic and request that upstream routers limit the transmission rate of packets traversing that specific, verified path, thereby throttling the attack at a point closer to its origin (’497 Patent, Abstract).
- Technical Importance: This approach provided a conceptual framework for tracing and mitigating malicious traffic based on its verifiable network path rather than easily spoofed packet metadata.
Key Claims at a Glance
- The complaint asserts independent claim 10 (’497 Patent, col. 10:27-44; Compl. ¶15).
- The essential elements of method claim 10 include:
- Determining a path by which data packets arrive at a router via packet marks provided by other routers leading to a host computer.
- Classifying data packets received at the router based on their path.
- Associating a maximum acceptable transmission rate with each class of data packet.
- Allocating a transmission rate equal to or less than the maximum acceptable rate for "unwanted data packets."
- The complaint states its allegations are preliminary and subject to change (Compl. ¶22).
III. The Accused Instrumentality
Product Identification
The accused instrumentality is identified as "Alibaba Anti-DDoS and related components and products" (Compl. ¶16).
Functionality and Market Context
- The complaint describes the accused instrumentality as one or more "firewall systems" that Defendant offers for sale, sells, and manufactures (Compl. ¶15). It is alleged to be available to businesses and individuals throughout the United States (Compl. ¶20).
- The complaint does not provide specific technical details about how the Alibaba Anti-DDoS service operates. No probative visual evidence provided in complaint.
IV. Analysis of Infringement Allegations
The complaint references a claim chart in "Exhibit B" that was not provided with the filed complaint (Compl. ¶16, ¶22). The infringement theory is therefore based on the narrative allegations. Plaintiff alleges that Defendant’s Alibaba Anti-DDoS service infringes claim 10 of the ’497 patent, either literally or under the doctrine of equivalents (Compl. ¶15). The complaint asserts that Defendant put the patented inventions into service and that its actions caused the claimed-invention embodiments to perform as a whole (Compl. ¶15). However, the complaint does not contain specific factual allegations that map the technical operations of the Alibaba Anti-DDoS service to the specific elements of claim 10.
Identified Points of Contention
- Technical Questions: A central question will be whether the Alibaba Anti-DDoS service technically performs the steps recited in claim 10. Discovery will need to establish if the accused service determines a packet's "path" through the use of "packet marks provided by routers," and whether it subsequently "allocates a transmission rate" for unwanted packets based on that path-derived classification. The complaint does not provide facts to support these technical assertions.
- Scope Questions: The dispute may turn on whether modern DDoS mitigation techniques, such as traffic analysis and routing to scrubbing centers, fall within the scope of the claim language written in the early 2000s. For instance, does inferring a traffic source via BGP flowspec or other network telemetry constitute determining a "path... via packet marks provided by routers"?
V. Key Claim Terms for Construction
The Term: "packet marks provided by routers"
Context and Importance
This term is foundational to the claimed invention, as it describes the mechanism for reliably determining a packet's path, which is the "attacker-independent information" the patent leverages (’497 Patent, col. 4:2-5). The construction of this term will be critical to determining whether the accused system's method for tracing traffic infringes.
Intrinsic Evidence for Interpretation
- Evidence for a Broader Interpretation: The specification describes the path as being determined "via packet marks provided by routers leading up to the victim" but does not specify a particular technology for creating or embedding these marks ('497 Patent, col. 3:63-65). A party could argue this leaves room for any data added to or associated with a packet by a router that serves to identify its path.
- Evidence for a Narrower Interpretation: The repeated use of the specific term "marks" throughout the patent may suggest a more limited scope, requiring an explicit piece of information added to packets for the purpose of path tracing, rather than inferring a path from ambient network data or general routing information. The claims consistently use this phrase, which may support an interpretation that a tangible "mark" is a required element ('497 Patent, col. 8:19, col. 9:3, col. 10:30).
VI. Other Allegations
Indirect Infringement
The prayer for relief seeks judgment for infringement by "inducing others to infringe by using and instructing to use Defendant's products" (Compl., Prayer ¶a). The complaint suggests this is based on Defendant's commercialization of the accused products, which allegedly causes the claimed methods to be performed (Compl. ¶15).
Willful Infringement
The complaint alleges that Defendant's infringement has been willful, but does not provide a specific factual basis for this assertion, such as pre-suit knowledge of the ’497 Patent (Compl. ¶17).
VII. Analyst’s Conclusion: Key Questions for the Case
- A core issue will be one of evidentiary proof: Can Plaintiff, through discovery, produce evidence that the Alibaba Anti-DDoS service technically operates using a mechanism equivalent to "packet marks provided by routers" to determine a traffic path and then allocates transmission rates based on that specific path information, as required by claim 10? The complaint currently lacks the factual allegations to support this infringement theory.
- A second key issue will be one of technical scope: Does the term "packet marks," as understood in the context of the ’497 patent, encompass the sophisticated traffic analysis and mitigation methods used by modern, cloud-based DDoS protection services, or is it limited to a more specific, legacy technology of explicitly marking packets as they traverse a network? The answer to this claim construction question may be dispositive.