Honeyman Cipher Solutions LLC v. LogMeIn Inc

I. Executive Summary and Procedural Information

• Parties & Counsel:
  • Plaintiff: Honeyman Cipher Solutions LLC (Delaware)
  • Defendant: LogMeIn, Inc. (Delaware)
  • Plaintiff’s Counsel: Stamoulis & Associates LLC; Rabicoff Law LLC
• Case Identification: 1:19-cv-01545, D. Del., 08/19/2019
• Venue Allegations: Plaintiff alleges venue is proper in the District of Delaware because Defendant is incorporated in Delaware, has committed alleged acts of infringement in the district, and has an established place of business there.
• Core Dispute: Plaintiff alleges that Defendant’s Android and iOS mobile applications infringe a patent related to securely distributing cryptographic keys to a trusted application on a remote system.
• Technical Context: The technology concerns digital rights management (DRM) and secure software operation, specifically a method for ensuring that only a validated, unmodified application can access a decryption key needed to use encrypted content.
• Key Procedural History: The complaint states that Plaintiff Honeyman Cipher Solutions LLC is the assignee of the patent-in-suit, possessing all rights to enforce it. No other prior litigation, licensing, or administrative proceedings are mentioned.

Case Timeline

II. Technology and Patent(s)-in-Suit Analysis

U.S. Patent No. 5,991,399 - “Method for securely distributing a conditional use private key to a trusted entity on a remote system,” issued November 23, 1999

The Invention Explained

• Problem Addressed: The patent addresses the challenge of protecting digital content on "fundamentally insecure" open computing platforms like personal computers (PCs), where both hardware and software can be easily modified ('399 Patent, col. 1:12-24). Specifically, it seeks to prevent malicious users from "hacking" software players (e.g., for DVDs) to extract pre-loaded decryption keys and make unauthorized copies of content ('399 Patent, col. 2:50-59).
• The Patented Solution: The invention discloses a system where a decryption key is not permanently stored on the user's device but is delivered dynamically and securely from a server. A server generates a temporary asymmetric key pair and builds an "executable tamper resistant key module" that contains the private key ('399 Patent, col. 3:9-15). This module is sent to the client's "trusted player" application. The module first verifies the integrity of the trusted player before using the private key to decrypt the necessary content keys, preventing a modified or unauthorized application from gaining access ('399 Patent, Fig. 2; col. 4:5-7). The key is thus conditional, tied to a specific, validated software instance.
• Technical Importance: This approach represented a shift from static, embedded digital rights management (DRM) keys to a dynamic, server-controlled system designed to enhance security on open platforms where software is vulnerable to inspection and modification ('399 Patent, col. 2:60-68).

Key Claims at a Glance

• The complaint asserts independent claim 1 and dependent claims 2, 9-11, and 34 (Compl. ¶11).
• Independent Claim 1 recites a method with the following essential elements:
  • generating an asymmetric key pair having a public key and a private key;
  • encrypting predetermined data with the generated public key; and
  • building an executable tamper resistant key module identified for a selected program, the executable tamper resistant key module including the generated private key and the encrypted predetermined data.

III. The Accused Instrumentality

Product Identification

• The complaint identifies "at least LogMeIn's Android and iOS Mobile Apps" as the "Exemplary LogMeIn Products" (Compl. ¶11).

Functionality and Market Context

• The complaint does not describe the specific functionality of the accused LogMeIn mobile applications. It alleges that these products "practice the technology claimed by the '399 Patent" and "satisfy all elements of the Exemplary '399 Patent Claims," incorporating by reference claim charts from an "Exhibit 2" that was not filed with the complaint (Compl. ¶12-13). As such, the complaint does not provide sufficient detail for an independent analysis of the accused products' technical operation or market context.

IV. Analysis of Infringement Allegations

The complaint alleges direct infringement of at least claim 1 of the '399 Patent but does not provide specific factual allegations or claim charts in the body of the document itself (Compl. ¶11-13). It states that infringement charts are contained in an un-provided Exhibit 2 (Compl. ¶12). Therefore, a detailed claim chart summary cannot be constructed from the provided documents. The core narrative theory is that the accused mobile apps perform a method of secure key distribution that maps onto the elements of the asserted claims (Compl. ¶12).

No probative visual evidence provided in complaint.

• Identified Points of Contention: Based on the patent's claims and the general nature of the accused technology (mobile applications), the infringement analysis may present several questions:
  • Technical Questions: What evidence demonstrates that the accused LogMeIn apps perform the specific, ordered steps of Claim 1? For instance, does the accused functionality involve the dynamic "generating" of a new asymmetric key pair for a given session and "building" a distinct software module containing the private key, as opposed to using other secure communication protocols like standard TLS/SSL handshakes with pre-existing certificates?
  • Scope Questions: Can the security mechanisms within a modern mobile application be said to constitute an "executable tamper resistant key module" as the term is described and defined within the context of the '399 patent? The resolution of this question will depend heavily on claim construction.

V. Key Claim Terms for Construction

• The Term: "executable tamper resistant key module"
• Context and Importance: This term appears in the dispositive final element of independent claim 1 and represents the core of the patented solution. The infringement case will likely depend on whether the security architecture of the accused LogMeIn apps can be properly characterized as containing such a "module." Practitioners may focus on this term because its definition could either confine the claim scope to the specific 1990s-era architecture disclosed or allow it to read on a broader range of modern secure software components.
• Intrinsic Evidence for Interpretation:
  • Evidence for a Broader Interpretation: The claim language itself does not specify the internal workings of the module, only that it is "executable," "tamper resistant," and "includ[es] the generated private key" ('399 Patent, col. 12:58-61). A party might argue this language covers any executed code that has anti-tampering features and handles a private key.
  • Evidence for a Narrower Interpretation: The specification provides a highly detailed description of how the module is constructed and what makes it "tamper resistant." This includes combining an "integrity verification kernel (IVK)" with a "key compiler" and a "tamper resistant compiler" to create obfuscated, self-modifying, and self-checking code ('399 Patent, col. 5:16-24; col. 6:5-14; Fig. 5). A party could argue these detailed descriptions limit the scope of the term to a module built using this specific architecture, which verifies a "partner module" and runs in a "hidden" execution mode ('399 Patent, col. 5:31-41; col. 5:64-6:1).

VI. Other Allegations

• Indirect Infringement: The prayer for relief seeks a judgment that Defendant has contributorily infringed and/or induced infringement ('Prayer for Relief' ¶B). However, the body of the complaint lacks any specific factual allegations to support the elements of either claim, such as knowledge of the patent or specific acts of encouragement. The infringement count is titled "Direct Infringement" (Compl. ¶11).
• Willful Infringement: The complaint does not explicitly allege willful infringement. It does, however, request that the case be declared "exceptional" under 35 U.S.C. § 285 to permit an award of attorneys' fees ('Prayer for Relief' ¶D.i).

VII. Analyst’s Conclusion: Key Questions for the Case

The resolution of this dispute will likely hinge on the answers to two central questions:

1. A core issue will be one of definitional scope: Will the term "executable tamper resistant key module", which is rooted in a specific 1990s software architecture involving "IVKs" and "key compilers," be construed broadly enough to encompass the security protocols used in modern mobile applications?

2. A key evidentiary question will be one of technical operation: What evidence will Plaintiff introduce to demonstrate that the accused LogMeIn apps perform the specific claimed method—dynamically generating a key pair and building a discrete, executable module containing the private key for delivery to the client—as opposed to employing a different, albeit also secure, method for establishing a trusted communication channel?