DCT
5:25-cv-04833
Netskope Inc v. Kmizra LLC
I. Executive Summary and Procedural Information
- Parties & Counsel:
- Plaintiff: Netskope, Inc. (Delaware)
- Defendant: K.Mizra LLC (Delaware)
- Plaintiff’s Counsel: Perkins Coie LLP
- Case Identification: 5:25-cv-04833, N.D. Cal., 06/06/2025
- Venue Allegations: Plaintiff alleges venue is proper because Defendant is subject to personal jurisdiction in the district, a substantial part of the events occurred there (including the receipt of a threat letter), and Defendant has purposefully directed enforcement activities at companies in the district. The complaint also notes that the patent’s inventors reside in the district.
- Core Dispute: Plaintiff Netskope seeks a declaratory judgment that its Zero Trust Network Access products do not infringe Defendant K.Mizra's patent related to quarantining potentially infected computers from a protected network.
- Technical Context: The technology addresses network security by verifying the "cleanliness" of a computer attempting to connect to a network and restricting access if the device is deemed non-compliant or infected.
- Key Procedural History: The complaint alleges K.Mizra is a non-practicing entity that has previously sued at least six other companies for infringement of the patent-in-suit. This action was precipitated by a letter K.Mizra sent to Netskope on March 25, 2025, which allegedly accused Netskope's products of infringement and included a claim chart.
Case Timeline
| Date | Event |
|---|---|
| 2004-09-27 | ’705 Patent Priority Date |
| 2012-07-31 | ’705 Patent Issue Date |
| 2013-01-01 | Netskope Releases First Product (approx.) |
| 2025-03-25 | K.Mizra sends threat letter to Netskope |
| 2025-06-06 | Complaint for Declaratory Judgment Filed |
II. Technology and Patent(s)-in-Suit Analysis
- Patent Identification: U.S. Patent No. 8,234,705, "Contagion Isolation and Inoculation," issued July 31, 2012.
The Invention Explained
- Problem Addressed: The patent describes the security threat posed by mobile computers, such as laptops, which may connect to untrusted networks (e.g., public Wi-Fi), become infected with malware ("contagion"), and then spread that infection when they reconnect to a protected corporate network (’705 Patent, col. 1:13-34). The patent notes a need for a reliable method to prevent such a system from harming network resources upon connection (’705 Patent, col. 1:38-41).
- The Patented Solution: The invention proposes a system that determines if a connecting host computer must be quarantined. This involves contacting a "trusted computing base" within the host to receive a "valid digitally signed attestation of cleanliness" (’705 Patent, col. 19:62 - col. 20:4). If the host cannot provide this attestation, it is quarantined and given only limited network access, sufficient to connect to a "remediation host" to download necessary patches or software to resolve the insecure condition (’705 Patent, Abstract; col. 20:20-22).
- Technical Importance: The technology provides a framework for endpoint security verification, a critical component for managing network access in environments with mobile devices or "bring your own device" (BYOD) policies. (’705 Patent, col. 1:13-20).
Key Claims at a Glance
- The complaint seeks a declaratory judgment of non-infringement of the ’705 patent, specifically referencing claims 1, 12, and 19 (Compl. ¶35). The independent claims are:
- Independent Claim 1 (Method):
- Detecting an insecure condition on a first host attempting to connect to a protected network, which includes contacting a trusted computing base and determining if a response includes a "valid digitally signed attestation of cleanliness."
- The attestation must confirm the host is not "infested" or has a specific "patch or a patch level."
- If no valid attestation is received, quarantining the host by preventing it from sending data to other hosts on the network.
- Quarantining includes handling service requests (e.g., web or DNS) by serving a quarantine notification page or redirecting to a quarantine server.
- Permitting the quarantined host to communicate with a "remediation host."
- Independent Claim 12 (System):
- A processor configured to perform the steps of the method in claim 1.
- A memory coupled to the processor.
- Independent Claim 19 (Computer Program Product):
- A non-transitory computer-readable medium with instructions for performing the steps of the method in claim 1.
- The complaint does not explicitly reserve the right to assert dependent claims, as it is a declaratory judgment action filed by the accused infringer.
III. The Accused Instrumentality
Product Identification
- NetskopeOne Zero Trust Access (“ZTNA”) (Compl. ¶18).
Functionality and Market Context
- The complaint describes the accused product as part of a "comprehensive, homegrown computer security platform" that helps businesses secure applications and services, particularly in cloud environments (Compl. ¶12). The functionality at issue is "used during device identification and enrollment" (Compl. ¶35). Netskope is positioned as a market leader, recognized by industry analysts like IDC and Forrester and used by over 2,400 organizations, including more than 25 of the Fortune 100 (Compl. ¶¶14, 16). No probative visual evidence provided in complaint.
IV. Analysis of Infringement Allegations
The complaint seeks a declaratory judgment of non-infringement. Its central argument is that the Netskope ZTNA product does not meet a key limitation of the asserted claims. The complaint notes that K.Mizra's pre-suit letter included a claim chart for claim 19 (Compl. ¶21). The following table summarizes Netskope's non-infringement position with respect to that claim.
’705 Patent Infringement Allegations
| Claim Element (from Independent Claim 19) | Alleged Infringing Functionality | Complaint Citation | Patent Citation |
|---|---|---|---|
| computer instructions for: detecting an insecure condition on a first host...wherein detecting the insecure condition includes contacting a trusted computing base...receiving a response, and determining whether the response includes a valid digitally signed attestation of cleanliness... | The complaint alleges that Netskope's ZTNA is "used during device identification and enrollment" but "does not provide a 'digitally signed attestation of cleanliness.'" | ¶35 | col. 21:40 - col. 22:2 |
| ...wherein the valid digitally signed attestation of cleanliness includes at least one of an attestation that the trusted computing base has ascertained that the first host is not infested, and an attestation that the trusted computing base has ascertained the presence of a patch or a patch level associated with a software component on the first host; | The complaint’s denial that the ZTNA provides the required attestation implicitly covers this more detailed definition of the attestation. | ¶35 | col. 22:2-9 |
| when it is determined that the response does not include a valid digitally signed attestation of cleanliness, quarantining the first host... | As the complaint alleges the condition precedent (determining the response lacks a valid attestation) does not occur, it follows that this subsequent step is not performed as claimed. | ¶35 | col. 22:10-12 |
| ...permitting the first host to communicate with the remediation host. | The complaint makes a general denial of infringement for all claims, which would include this final step. | ¶35 | col. 22:50-52 |
- Identified Points of Contention:
- Scope Question: The primary dispute appears to center on the meaning of "valid digitally signed attestation of cleanliness." The case will question whether the device posture information collected by the Netskope ZTNA system during "device identification and enrollment" constitutes such an attestation as defined by the patent.
- Technical Question: A key factual question will be what, if any, cryptographically signed data regarding device health is generated or processed by the Netskope ZTNA system, and whether that data attests to the specific conditions required by the claims (i.e., not "infested" or having a certain "patch level").
V. Key Claim Terms for Construction
The Term: "valid digitally signed attestation of cleanliness"
Context and Importance: This term is the lynchpin of the dispute as described in the complaint. Netskope's primary argument for non-infringement is that its ZTNA product does not provide this feature (Compl. ¶35). The interpretation of this term—whether it requires a specific type of cryptographic signature from a specific type of hardware, or can be read more broadly—will likely determine the outcome of the infringement analysis.
Intrinsic Evidence for Interpretation:
- Evidence for a Broader Interpretation: A party could argue that the term itself is not explicitly defined in a glossary, and that any digitally signed message conveying a device's compliance with a security policy could meet the limitation.
- Evidence for a Narrower Interpretation: The claim itself specifies that the attestation must include confirmation that "the first host is not infested" or has a certain "patch...level" (’705 Patent, col. 22:2-9). The specification repeatedly links this function to a "trusted computing base" that can "digitally sign assertions about the cleanliness" (’705 Patent, col. 14:8-9) and gives specific examples of such technologies, like the "Paladium security initiative" and "TCG specifications" (’705 Patent, col. 14:1-5).
The Term: "trusted computing base"
Context and Importance: This term, recited in the asserted independent claims, identifies the entity that generates the "attestation." Its definition is critical because it sets the context for what kind of "attestation" the inventors contemplated. Practitioners may focus on this term because if it is construed narrowly to mean specific hardware modules (e.g., a TPM chip) that were not widely used or are not used in the accused system, it could provide a clear path to non-infringement.
Intrinsic Evidence for Interpretation:
- Evidence for a Broader Interpretation: A party might argue that a "trusted computing base" could be any software or hardware component that is considered trusted within the security architecture, not necessarily a specific piece of hardware.
- Evidence for a Narrower Interpretation: The specification explicitly grounds the term in the context of specific, contemporary technologies, stating, "An example of a trusted computing base within a computer is the Paladium security initiative under development by Microsoft and supported by Intel and American Micro Devices. Another example of a trusted computing base is described in various TCG specifications..." (’705 Patent, col. 14:1-5). This language suggests the inventors had a specific class of technology in mind.
VI. Other Allegations
- Indirect Infringement: The complaint includes a general denial of any indirect infringement, stating that "Netskope has not caused, directed, requested, or facilitated any such infringement, much less with specific intent to do so" and that its ZTNA product "has substantial uses that do not infringe any claim of the '705 Patent" (Compl. ¶36).
- Willful Infringement: As a declaratory judgment action, the complaint does not allege willfulness. However, it establishes a basis for K.Mizra's pre-suit knowledge of the alleged infringement through its reference to the March 25, 2025 letter, which could become relevant if K.Mizra files a counterclaim for infringement and alleges willfulness (Compl. ¶19).
VII. Analyst’s Conclusion: Key Questions for the Case
This declaratory judgment action appears poised to turn on the resolution of two central questions:
- A core issue will be one of definitional scope: How will the court construe the term "valid digitally signed attestation of cleanliness"? Will the construction be narrow, requiring a specific cryptographic process tied to a "trusted computing base" like a TCG-compliant hardware module, or can it be interpreted more broadly to encompass modern software-based device posture assessments common in ZTNA systems?
- A key evidentiary question will be one of technical implementation: Assuming the court adopts a construction, does the evidence show that Netskope's ZTNA product, during its "device identification and enrollment" process, actually performs the functions required by the construed claims? The complaint's direct denial sets up a clear factual battleground on this point.