DCT

5:25-cv-06259

Valtrus Innovations Ltd v. Cloudflare Inc

Log In
Key Events
Amended Complaint

I. Executive Summary and Procedural Information

  • Parties & Counsel:
  • Case Identification: 5:25-cv-06259, N.D. Cal., 08/20/2025
  • Venue Allegations: Venue is alleged to be proper as Defendant maintains its corporate headquarters and multiple regular and established places of business, including a data center, in the Northern District of California, where it also allegedly commits acts of infringement.
  • Core Dispute: Plaintiff alleges that Defendant’s server infrastructure, which utilizes AMD EPYC processors, infringes patents related to processor-level security controls and hardware-based CPU utilization metering.
  • Technical Context: The patents relate to fundamental aspects of modern server architecture: securing protected system resources from even privileged software and accurately measuring processor workload in complex, partitioned environments.
  • Key Procedural History: The complaint alleges that Plaintiff sent a notice letter to Defendant on December 22, 2023, regarding infringement of other patents in its portfolio and stating an intent to "bring additional patents... to [Cloudflare's] attention as appropriate." During the prosecution of one of the patents-in-suit, the applicant distinguished the invention from the prior art by emphasizing that it was a hardware-based method, in contrast to "software implementations."

Case Timeline

Date Event
2002-07-23 ’809 Patent Priority Date
2004-08-03 ’539 Patent Priority Date
2004-11-09 ’809 Patent Issue Date
2011-04-19 ’539 Patent Issue Date
2023-12-22 Plaintiff sent notice letter to Defendant regarding other patents
2025-08-20 Complaint Filing Date

II. Technology and Patent(s)-in-Suit Analysis

U.S. Patent No. 7,930,539 - "Computer system resource access control", Issued April 19, 2011

The Invention Explained

  • Problem Addressed: The patent describes a problem in computer systems where even access control mechanisms using different "privilege levels" for software may be insufficient to protect all system resources. A poorly designed or malicious program, even if not the operating system, could potentially access and modify critical resources, causing the system to malfunction or crash (’539 Patent, col. 1:21-45).
  • The Patented Solution: The invention proposes a hardware-level access control method that operates independently of traditional software privilege levels. The system first determines if a requested resource is designated as "protected." If it is, the system then checks if it is operating in a "protected mode." In this mode, access to protected resources is denied to all software programs, regardless of their privilege level. If the system is not in the protected mode, access is then evaluated using conventional privilege-based rules (’539 Patent, Abstract; col. 2:48-58). This creates a hardware-enforced barrier to critical resources that can be enabled or disabled as a distinct operational mode.
  • Technical Importance: This approach provides a mechanism to create a secure hardware partition or sandbox, protecting critical configuration data or hardware functions from being altered by any software, including a potentially compromised operating system (’539 Patent, col. 1:46-49).

Key Claims at a Glance

  • The complaint asserts at least independent claim 1 (Compl. ¶17).
  • The essential elements of claim 1 include:
    • Receiving a request from a software program to access a specified resource.
    • Determining whether the specified resource is a protected resource.
    • If it is a protected resource, then:
      • Denying the request if the computer system is operating in a protected mode of operation, regardless of access rights associated with the software program.
      • Processing the request based on the access rights if the computer system is not operating in the protected mode.
  • The complaint does not explicitly reserve the right to assert dependent claims.

U.S. Patent No. 6,816,809 - "Hardware based utilization metering", Issued November 9, 2004

The Invention Explained

  • Problem Addressed: The patent addresses the challenges of accurately metering CPU usage in "pay-per-use" computing environments, particularly in systems with partitioned hardware running multiple, isolated operating systems. Traditional software-based metering agents are difficult to implement because the operating systems are separated by design, network connectivity between them may be unavailable, and agents must be developed for each specific OS (’809 Patent, col. 1:20-44; Compl. ¶40).
  • The Patented Solution: The invention discloses a hardware device for metering CPU utilization that is independent of the operating system. The device includes a "state indicator" coupled to the CPU to determine if it is in a "busy" state, a "counter" that receives input from the state indicator and a system clock to measure the time spent in that busy state, and a "data usage provider" that can maintain a non-volatile record of the counter's value (’809 Patent, Abstract; col. 4:1-13). By moving the metering function into dedicated hardware, the system can obtain an accurate usage measurement without relying on inter-OS communication or software agents.
  • Technical Importance: This hardware-centric solution provides a reliable and OS-agnostic method for billing and resource management in increasingly complex, multi-tenant server environments, a foundational concept for modern cloud computing infrastructure (’809 Patent, col. 2:45-50).

Key Claims at a Glance

  • The complaint asserts at least independent claim 13 and dependent claim 14 (Compl. ¶¶46, 61).
  • The essential elements of claim 13 include:
    • Determining when any of a plurality of processors is busy.
    • Providing a busy indication to a counter associated with a busy processor.
    • Receiving at the counter a measure of computer system time.
    • Incrementing a counter value based on the busy indication and the amount of computer system time the processor is determined to be busy.
    • Maintaining the counter value.
  • The complaint also asserts at least claim 14, which adds the limitation of reinitializing the counter value from the maintained value when the processor is powered on (Compl. ¶61).

III. The Accused Instrumentality

Product Identification

The accused instrumentalities are Cloudflare's product offerings, including its SSE and SASE platforms, application security and performance services, and network services like Cloudflare One and Zero Trust (Compl. ¶16).

Functionality and Market Context

The complaint alleges these services operate on a network of servers that utilize various models of AMD EPYC processors, such as the EPYC 7642, 7713, and 9684X (Compl. ¶¶16, 19, 47). The infringement allegations are not directed at the high-level services offered by Cloudflare, but rather at the underlying functionality of the AMD EPYC processors within its servers. Specifically, the complaint focuses on the processors' use of an ARM-based AMD Secure Processor for managing secure and non-secure states, and hardware performance monitoring counters for tracking processor activity (Compl. ¶¶19, 52).

IV. Analysis of Infringement Allegations

’539 Patent Infringement Allegations

Claim Element (from Independent Claim 1) Alleged Infringing Functionality Complaint Citation Patent Citation
receiving a request from a software program to access a specified one of the plurality of resources A software program, such as a TrustZone API driver in the "Normal (non-secure) world," running on the ARM-based AMD Secure Processor requests access to a resource. ¶21 col. 2:49-51
determining whether the specified one of the plurality of resources is a protected resource The AMD Secure Processor, also known as the Platform Security coprocessor (PSP), determines whether a requested resource, such as secure application code, is a protected resource residing in the "Secure world." ¶23 col. 2:51-52
if the computer system is operating in a protected mode of operation, then denying the request regardless of access rights associated with the software program including software programs having a most-privileged level When a processor core is in a protected mode, defined by setting the Secure Configuration Register's SCD bit to 1, entry to the Secure state via a Secure Monitor Call (SMC) is disabled. This denies the request to access the secure resource. The complaint provides a diagram from ARM documentation illustrating how a Secure Monitor Call is used to switch between normal and secure worlds (Compl. p. 8, Figure 21-1). ¶27 col. 2:53-56
processing the request based on the access rights associated with the software program if the computer system is not operating in the protected mode of operation When a processor core is not in the protected mode, defined by the SCR.SCD bit being set to 0, the Secure Monitor Call is enabled, and the request is processed based on associated access rights. ¶29 col. 2:56-58
  • Identified Points of Contention:
    • Scope Questions: The infringement theory hinges on whether setting a single bit ("SCR.SCD") in a processor's configuration register, which disables one specific type of instruction (the Secure Monitor Call), constitutes a system-level "protected mode of operation" as described in the patent. The analysis may raise the question of whether the claimed "mode" implies a broader set of system-wide restrictions than the specific hardware feature identified in the complaint.

’809 Patent Infringement Allegations

Claim Element (from Independent Claim 13) Alleged Infringing Functionality Complaint Citation Patent Citation
determining when any of the plurality of processors is busy AMD EPYC processor cores determine they are busy when operating in the C0 state, which is defined as the state for executing instructions. The complaint includes a descriptive exhibit from an AMD manual stating that certain performance counters operate only in the C0 state (Compl. p. 15). ¶52 col. 8:19-20
providing a busy indication to a counter associated with a busy processor The processor core being in the C0 state provides the "busy indication" that controls when associated performance counters will increment. ¶54 col. 8:21-22
receiving at the counter a measure of computer system time The Actual Performance Frequency Clock Count (APERF) counter receives the core clock signal as a pulse train, which is a measure of computer system time. ¶56 col. 8:23-24
incrementing a counter value in the counter based on the provided busy indication and an amount of computer system time that the processor is determined to be busy Hardware increments the APERF counter in proportion to the number of core clock cycles that occur while the core is in the busy (C0) state. ¶58 col. 8:25-29
maintaining the counter value The APERF and MPERF performance counters are implemented as read/write registers, which preserve their values for access by software. The complaint includes diagrams of the APERF and MPERF registers to support this allegation (Compl. p. 17, Figures 17-5, 17-6). ¶60 col. 8:30
  • Identified Points of Contention:
    • Technical Questions: A central question may be whether general-purpose hardware features for performance monitoring, such as the APERF and MPERF counters, function as the claimed "hardware based utilization metering device." The patent's specification and prosecution history, which emphasize a solution to a pay-per-use billing problem, may be contrasted with the general performance-tuning purpose of the accused counters.

V. Key Claim Terms for Construction

For the ’539 Patent:

  • The Term: "protected mode of operation"
  • Context and Importance: This term is the lynchpin of the infringement allegation. The complaint equates this mode with a specific bit setting in an ARM processor register ("SCR.SCD=1"). The viability of the infringement case depends on whether this specific, narrow hardware state falls within the scope of the broader, more conceptual claim term.
  • Intrinsic Evidence for Interpretation:
    • Evidence for a Broader Interpretation: The patent specification describes the mode functionally as one in which "all software programs (including software programs having the most-privileged privilege level) are denied access to the protected resources" (’539 Patent, col. 3:38-41). Plaintiff may argue that any mechanism achieving this functional outcome, including the identified bit setting, meets the definition.
    • Evidence for a Narrower Interpretation: The patent consistently frames the mode as a comprehensive state of the "computer system" (’539 Patent, col. 2:53-58). Defendant may argue that a single bit controlling a single instruction type does not constitute a full system "mode," but is merely a configurable feature, and that the term implies a more fundamental operational state.

For the ’809 Patent:

  • The Term: "hardware based utilization metering device" (from claim 1) / "hardware based method for measuring processor utilization" (from claim 13)
  • Context and Importance: Practitioners may focus on this term because the accused instrumentality is a general-purpose processor with performance monitoring counters, not a purpose-built metering product. The dispute may turn on whether these general-purpose features can be considered a "metering device" as specified in the patent.
  • Intrinsic Evidence for Interpretation:
    • Evidence for a Broader Interpretation: The patent abstract describes the device as comprising a "state indicator," a "counter," and a "data usage provider." Plaintiff will likely argue that because the AMD EPYC processor contains hardware structures that allegedly perform these functions (C0 state as indicator, APERF as counter, and registers as data provider), it constitutes the claimed device.
    • Evidence for a Narrower Interpretation: The "Technical Field" and "Background" sections frame the invention exclusively in the context of "pay-per-use systems" and "billing" (’809 Patent, col. 1:5-8). The complaint itself notes that during prosecution, the applicant distinguished the invention as a hardware solution to a problem previously addressed by "software implementations" (Compl. ¶45). This context may support an interpretation that limits the claims to devices specifically designed or used for utilization metering, rather than general performance monitoring.

VI. Other Allegations

  • Indirect Infringement: The complaint alleges that Defendant induces infringement by selling the Accused Products with the intent to encourage and facilitate the infringing use of the claimed methods by those products (Compl. ¶¶31, 65).
  • Willful Infringement: The complaint alleges Defendant had pre-suit knowledge of the patents based on a December 22, 2023 notice letter. This letter allegedly informed Defendant of infringement of "other patents" in Plaintiff's portfolio and stated that Plaintiff would "bring additional patents...to [Cloudflare's] attention as appropriate" (Compl. ¶¶30, 64). The allegation of willfulness is based on Defendant's continued infringement after receiving this notice (Compl. ¶¶34, 68).

VII. Analyst’s Conclusion: Key Questions for the Case

  • A core issue will be one of definitional scope: Can the term "protected mode of operation," which the patent describes as a system-level state, be construed to cover the state of a single configuration bit ("SCR.SCD") in an ARM processor that controls the availability of one specific instruction?
  • A second key issue will be one of functional purpose and scope: Do the general-purpose performance monitoring counters (MPERF/APERF) found in modern processors constitute a "hardware based utilization metering device" within the meaning of the claims, especially given the patent's explicit focus on solving a pay-per-use billing problem and its prosecution history distinguishing over software-based methods?
  • Finally, a key evidentiary question for willfulness will be whether a notice letter that identifies a patent portfolio but not the specific patents-in-suit, while warning that more patents may be asserted later, is sufficient to establish the pre-suit knowledge required to sustain a claim for willful infringement.