DCT

1:21-cv-01007

Clark v. DocuSign Inc

Log In

I. Executive Summary and Procedural Information

  • Parties & Counsel:
  • Case Identification: 1:21-cv-01007, D.D.C., 05/11/2021
  • Venue Allegations: Plaintiff alleges venue is proper in the District of Columbia because Defendant conducts regular business, sells and offers for sale the accused products, and maintains one or more business locations in the district.
  • Core Dispute: Plaintiff alleges that Defendant’s electronic signature products and services infringe three patents related to methods and systems for securing data communications between different network domains.
  • Technical Context: The technology concerns providing enhanced security for data transactions that traverse both untrusted public networks and trusted private networks, a key challenge in online commerce and document management.
  • Key Procedural History: The complaint alleges that Plaintiff, Dr. Paul C. Clark, previously served as an expert witness for Defendant DocuSign in a separate patent litigation. It further alleges that Plaintiff notified DocuSign's patent counsel of the patents-in-suit and the need for a license in October 2019, forming the basis for the willfulness allegations.

Case Timeline

Date Event
2000-05-09 Priority Date for ’066, ’957, and ’214 Patents
2014-04-08 U.S. Patent No. 8,695,066 Issues
2016-07-12 U.S. Patent No. 9,391,957 Issues
2018-11-13 U.S. Patent No. 10,129,214 Issues
2019-10-01 DocuSign allegedly notified of patents (approx. date)
2021-05-11 First Amended Complaint Filed

II. Technology and Patent(s)-in-Suit Analysis

U.S. Patent No. 8,695,066 - "System and Method for Secure Communication Between Domains"

  • Patent Identification: U.S. Patent No. 8,695,066, "System and Method for Secure Communication Between Domains," issued April 8, 2014.
  • The Invention Explained:
    • Problem Addressed: The patent’s background describes the inadequacy of standard Secure Socket Layer (SSL) for high-value transactions, noting that SSL only protects data between a user's browser and a web server, but not between the web server and a separate, back-end application server, leaving data vulnerable within what is often an untrusted network segment ('066 Patent, col. 1:24-34).
    • The Patented Solution: The invention proposes a system using two distinct "logical units" to create an end-to-end secure channel. A first unit, operating in a first domain (e.g., the public internet), receives user data, "enhances" it with security services like encryption or digital signatures, and translates it to a common protocol. A second unit, in a second, trusted domain, receives the enhanced data, "de-enhances" it (e.g., decrypts, verifies), filters it through a firewall, and authorizes it before passing it to a protected application server ('066 Patent, Abstract; col. 2:5-18). This architecture is depicted in Figure 2 of the patent.
    • Technical Importance: This approach aimed to provide "high assurance security services" that protect data not only in transit over the public internet but also within the corporate network architecture, allowing applications to be secured without modifying the applications themselves ('066 Patent, col. 2:59-62).
  • Key Claims at a Glance:
    • The complaint asserts independent Claim 1 (Compl. ¶13).
    • Claim 1 is a method claim with the following essential elements:
      • In a first logical unit:
        • periodically calculating timestamps and hashes;
        • transmitting a web form to a user;
        • receiving data input from the user;
        • enhancing the data with security services;
        • translating the data from a first protocol to a target protocol;
        • transmitting the translated data across a public network.
      • In a second logical unit:
        • de-enhancing the translated data;
        • filtering the data to block unauthorized transmissions;
        • authorizing the filtered data;
        • transmitting the filtered data to a node in the second domain for an application.

U.S. Patent No. 9,391,957 - "System and Method for Secure Communication Between Domains"

  • Patent Identification: U.S. Patent No. 9,391,957, "System and Method for Secure Communication Between Domains," issued July 12, 2016.
  • The Invention Explained:
    • Problem Addressed: As a continuation of the application leading to the '066 Patent, the '957 Patent addresses the same problem: the security gaps left by conventional SSL, particularly the lack of protection for data traffic between a public-facing web server and a back-end application server ('957 Patent, col. 2:11-37).
    • The Patented Solution: The '957 Patent claims a similar method involving a first logical unit that enhances and transmits data and a second logical unit that de-enhances and authorizes it. The claims of the '957 Patent add specificity, for example, by reciting that the first and second logical units reside on distinct "physical platforms" ('957 Patent, col. 14:32-33, 42-43).
    • Technical Importance: The invention provides a framework for securing transactions across network boundaries, a persistent challenge for enterprises handling sensitive data ('957 Patent, col. 2:50-57).
  • Key Claims at a Glance:
    • The complaint asserts "at least claim 2" (Compl. ¶27). Independent Claim 2 is a method claim.
    • Claim 2 contains elements largely parallel to Claim 1 of the '066 Patent, but adds the limitations that:
      • The first logical unit resides on a "first physical platform."
      • The second logical unit resides on a "second logical platform."

U.S. Patent No. 10,129,214 (Multi-Patent Capsule) - "System and Method for Secure Communication Between Domains"

  • Patent Identification: U.S. Patent No. 10,129,214, "System and Method for Secure Communication Between Domains," issued November 13, 2018.
  • Technology Synopsis: This patent, also in the same family, claims a system for secure communication between domains. The claims are directed to a system comprising first and second logical units that include "circuitry configured to" perform the security-enhancing and de-enhancing functions, respectively ('214 Patent, Abstract). The core technical concept of adding and removing security services at the boundaries of different network domains remains consistent with the earlier patents.
  • Asserted Claims: The complaint asserts independent Claim 1 (Compl. ¶40).
  • Accused Features: The complaint alleges that DocuSign's electronic signature product, as a computer system, comprises circuitry configured to perform the functions of the first and second logical units, including transmitting forms, receiving data, encrypting, decrypting, and authorizing transactions between different protocol environments (e.g., web and email) (Compl. ¶41-42).

III. The Accused Instrumentality

  • Product Identification: The complaint identifies "DocuSign's electronic signature product and service" and its "systems or methods for electronic signature and e-contracting" as the accused instrumentalities (Compl. ¶4, ¶13).
  • Functionality and Market Context: The complaint alleges the accused products perform electronic transactions over the internet, offering digital signatures with Public Key Infrastructure (PKI) (Compl. ¶14). The alleged functionality includes transmitting web-based forms to users, receiving data input such as signatures, using encryption to protect documents, and translating data between protocols (allegedly from a web protocol for submission to an email protocol for delivery) (Compl. ¶15-18). The system is also alleged to verify signatures, decrypt data, and perform user authorization before making data available to an application (Compl. ¶20-21). No probative visual evidence provided in complaint.

IV. Analysis of Infringement Allegations

’066 Patent Infringement Allegations

Claim Element (from Independent Claim 1) Alleged Infringing Functionality Complaint Citation Patent Citation
in a first logical unit: periodically calculating timestamps and hashes DocuSign's product performs transactions and offers digital signatures with PKI. ¶14 col. 11:10-14
transmitting a web form to a node of a first domain responsive to a request where the web form is displayed to a user DocuSign's service provides for transmitting a mobile or web-based form to and from a server. ¶15 col. 7:66-8:3
receiving data input to said web form by the user DocuSign's product receives data input from users, such as signatures and other data. ¶16 col. 8:4-5
enhancing the data by adding one or more security services DocuSign's product uses encryption to encrypt documents. ¶17 col. 4:29-35
translating the received data from a first network application level protocol to a target network application level protocol The product submits documents using a web protocol interface and delivers them using an email protocol interface. ¶18 col. 5:1-5
transmitting the translated data across a public network The product provides for data, signature, and text data transmission over public networks. ¶19 col. 4:16-19
in a second logical unit: de-enhancing the translated data The product verifies digital signatures and decrypts data. ¶20 col. 7:39-40
filtering the translated data to block unauthorized transmissions The product performs user authorization. ¶20 col. 7:32-34
authorizing the filtered data and transmitting the filtered data to a node of the second domain for use in an application The product performs user authentication and transmits the filtered data to a node of the second domain for use in an application. ¶21 col. 7:40-46

’957 Patent Infringement Allegations

Claim Element (from Independent Claim 2) Alleged Infringing Functionality Complaint Citation Patent Citation
in a first logical unit: periodically calculating timestamps and hashes DocuSign's product performs transactions and offers digital signatures with PKI. ¶28 col. 11:10-14
transmitting a web form to a node of a first domain... the first logical unit residing on a first physical platform DocuSign's service transmits a mobile or web-based form from a server. ¶29, ¶33 col. 13:30-34
receiving data input to said web form by the user DocuSign's product receives user input like signatures. ¶30 col. 8:4-5
enhancing the data by adding one or more security services DocuSign's product uses encryption to encrypt documents. ¶31 col. 4:29-35
translating the received data from a first network application level protocol to a target... protocol The product submits documents using a web protocol and delivers them using an email protocol. ¶32 col. 5:1-5
in a second logical unit: de-enhancing the translated data... the second logical unit residing on a second logical platform The product verifies digital signatures, decrypts data, and performs user authorization on more than one computer. ¶34, ¶35 col. 13:30-34
authorizing the filtered data and transmitting the filtered data to a node of the second domain DocuSign's product performs user authentication and transmits data for use in an application. ¶35 col. 7:40-46

Identified Points of Contention

  • Architectural Questions: A primary question will be whether DocuSign's distributed cloud service architecture maps onto the "first logical unit" and "second logical unit" structure recited in the claims. The complaint's allegations are functional, leaving open the question of whether these functions are performed by components that meet the structural requirements of the claims, particularly the "physical platform" separation in the '957 Patent.
  • Technical Questions: The complaint's assertion that the accused product "periodically calculat[es] timestamps and hashes" may become a point of contention. The patent specification describes a specific pre-emptive process for hashing web forms to prevent replay attacks (e.g., '066 Patent, col. 11:10-14). It is a question for discovery whether DocuSign's security model includes this specific function or a non-infringing alternative.
  • Scope Questions: The meaning of "translating" between protocols will likely be disputed. The complaint alleges this is met by a workflow that uses a web protocol for submission and an email protocol for delivery. A court may need to determine if this multi-step process constitutes "translating... from a first network application level protocol to a target network application level protocol" as contemplated by the patent.

V. Key Claim Terms for Construction

  • The Term: "logical unit"

    • Context and Importance: This term defines the fundamental architecture of the invention. Infringement will depend on whether components of DocuSign's system can be identified that meet the definition of the "first" and "second" logical units.
    • Intrinsic Evidence for a Broader Interpretation: The specification provides a broad definition: "any device having data processing and transmission capabilities, e.g., computers, PDAs, smart cards, wireless phones and other intelligent devices" ('066 Patent, col. 3:29-32). This may support an argument that the term covers distinct software modules in a distributed system.
    • Intrinsic Evidence for a Narrower Interpretation: Embodiments describe specific, named components like a "Security Client," "Protocol Gateway," and "Cryptographic Gateway" ('066 Patent, Fig. 2; col. 4:21-65). This could support a narrower construction requiring physically or architecturally discrete components corresponding to these examples.

  • The Term: "periodically calculating timestamps and hashes"

    • Context and Importance: This is the first step of the asserted method claims. The complaint's allegation is conclusory, and the factual basis will be critical. Practitioners may focus on this term because its specific implementation could be a clear point of non-infringement.
    • Intrinsic Evidence for a Broader Interpretation: The claim language itself does not specify the frequency or purpose of the calculation, potentially allowing for any recurring timestamp and hash calculation in the system.
    • Intrinsic Evidence for a Narrower Interpretation: The specification details a very specific embodiment where a process calculates timestamps and hashes for a web form "on a continuous basis—e.g., once a minute" before the form is retrieved by a user, for the purpose of preventing replay attacks ('066 Patent, col. 11:10-14). This could support a much narrower construction requiring this specific pre-emptive security measure.

VI. Other Allegations

  • Indirect Infringement: The complaint does not plead a separate count for indirect infringement. The infringement allegations are for direct infringement under 35 U.S.C. § 271(a) (Compl. ¶ Prayer A, B, C).
  • Willful Infringement: The complaint alleges willful infringement based on DocuSign’s alleged knowledge of the patents since at least October 2019, when Plaintiff allegedly sent an email to DocuSign's then-patent counsel informing them of the patents (Compl. ¶22). The willfulness claim is further supported by the allegation that Plaintiff was previously retained by DocuSign as an expert witness in a related technology area, suggesting a heightened awareness (Compl. ¶3). The complaint alleges that despite this knowledge, DocuSign continued to infringe (Compl. ¶23, ¶36, ¶43).

VII. Analyst’s Conclusion: Key Questions for the Case

  • A core issue will be one of architectural mapping: Can the functional elements of DocuSign's modern, distributed cloud service be persuasively mapped onto the "first and second logical unit" architecture, which was conceived in the context of early 2000s client-server and firewall technology?
  • A key evidentiary question will be one of functional specificity: Will discovery show that the accused DocuSign service performs the highly specific function of "periodically calculating timestamps and hashes" for web forms prior to user interaction, as detailed in the patent specification, or does it employ different security mechanisms that fall outside the scope of this limitation?
  • The case presents a significant question regarding willfulness and notice, stemming from the unusual fact that the plaintiff is the defendant's former expert witness. The court will likely scrutinize the content and context of the alleged October 2019 notice to determine if it gave rise to a duty to investigate and whether DocuSign's subsequent conduct was objectively reckless.