DCT
1:22-cv-00912
ThreatModeler Software Inc v. IriusRisk Inc
Key Events
Amended Complaint
I. Executive Summary and Procedural Information
- Parties & Counsel:
- Plaintiff: ThreatModeler Software Inc. (Delaware)
- Defendant: IriusRisk, Inc. (Delaware) and IriusRisk, S.L. (Spain)
- Plaintiff’s Counsel: Buchanan Ingersoll & Rooney PC; Rimon P.C.
- Case Identification: 1:22-cv-00912, D. Del., 05/23/2025
- Venue Allegations: Venue is based on Defendant IriusRisk, Inc. being a Delaware corporation and both defendants allegedly conducting business in Delaware, including offering for sale and selling the accused products to Delaware-based customers.
- Core Dispute: Plaintiff alleges that Defendant’s threat modeling software platform infringes a patent related to the automated generation of threat models from third-party files that describe a system's architecture.
- Technical Context: The technology lies within the cybersecurity field of automated threat modeling, a practice intended to improve security efficiency within modern software development lifecycles (DevSecOps).
- Key Procedural History: This Third Amended Complaint follows a significant proceeding at the U.S. Patent and Trademark Office. The complaint states that in an Inter Partes Review (IPR2023-00656), the Patent Trial and Appeal Board (PTAB) issued a final written decision concluding that none of the claims of the patent-in-suit were invalid. This decision may create a statutory estoppel, potentially limiting the invalidity arguments Defendant can raise in this litigation.
Case Timeline
| Date | Event |
|---|---|
| 2017-05-17 | U.S. Patent No. 10,713,366 Priority Date |
| 2019-08-15 | U.S. Patent No. 10,713,366 Application Filing Date |
| 2020-07-14 | U.S. Patent No. 10,713,366 Issue Date |
| 2022-06-17 | Defendant allegedly adds "Infrastructure as Code" feature |
| 2024-10-02 | PTAB Final Written Decision issued in IPR2023-00656 |
| 2025-05-23 | Third Amended Complaint Filing Date |
II. Technology and Patent(s)-in-Suit Analysis
U.S. Patent No. 10,713,366 - *"Systems and methods for automated threat model generation from third party diagram files"*
- Patent Identification: U.S. Patent No. 10,713,366, titled "Systems and methods for automated threat model generation from third party diagram files," issued July 14, 2020.
The Invention Explained
- Problem Addressed: The patent family describes traditional threat modeling methodologies as resource-intensive, reliant on security subject-matter experts, and difficult to scale, particularly within agile software development environments. These methods often fail to adequately account for interactions between applications or the use of shared components (U.S. Patent No. 10,699,008, col. 2:11-36).
- The Patented Solution: The invention automates threat model generation by importing a preexisting "data file" from a third-party software program (e.g., a Microsoft Visio diagram file) that describes a system or application architecture. The system uses "mapping files" to correlate the components identified in the imported file with a database of known threat model components and their associated threats. It then generates and displays a new threat model and a threat report based on these correlations (’366 Patent, Abstract; col. 36:48-61).
- Technical Importance: This automation allows threat modeling to be integrated more efficiently and earlier in the software development lifecycle, a concept often referred to as "shifting left," and extends its applicability to complex cloud-based environments (Compl. ¶31, ¶34).
Key Claims at a Glance
- The complaint asserts independent claims 1 (a method), 8 (a system), and 16 (a system), along with several dependent claims (2, 4, 7, 9, 11, 13, 17, and 20) (Compl. ¶35).
- The essential elements of independent claim 1 include:
- Providing databases of threat model components and threats, and one or more "mapping files" that correlate those components with components from a third-party application.
- In response to user input, reading a "data file" generated by the third-party application.
- Determining the correlated threat model components for the components found in the data file, as defined by the mapping files.
- Displaying a relational diagram using visual representations of the correlated threat model components.
- Generating and displaying a threat report showing the threats associated with the components in the newly generated model.
III. The Accused Instrumentality
Product Identification
The accused instrumentalities are "IriusRisk's Threat Modeler Platform including its Infrastructure as a Code (IaC) functionality, further including its interoperability with Amazon Web Services (AWS) and Hashicorp Terriform, and its Open Threat Model" (Compl. ¶5).
Functionality and Market Context
The complaint alleges the Accused Products are direct competitors to the Plaintiff's offerings in the threat modeling market (Compl. ¶41). A key accused feature is the platform's "Infrastructure as a Code (IaC)" functionality. According to allegations quoting the Defendant's website, this feature allows the IriusRisk platform to "automatically generate a data flow diagram and even the entire threat model" by processing an IaC file that "already describes a significant part of your architecture" (Compl. ¶41). This functionality is alleged to be substantially similar to the patented invention (Compl. ¶41).
IV. Analysis of Infringement Allegations
’366 Patent Infringement Allegations
The complaint references and incorporates an infringement claim chart (Exhibit B) that was not attached to the publicly filed document (Compl. ¶46). The narrative allegations suggest an infringement theory centered on the Accused Products' Infrastructure as a Code (IaC) functionality. The complaint alleges that this functionality practices the steps of the asserted method claims and embodies the components of the asserted system claims.
The core of the infringement theory appears to be that the Defendant's platform receives a third-party data file (an IaC file from sources like AWS or Terraform), reads that file to identify architectural components, uses an internal mechanism to correlate those components with its own library of threats, and automatically generates a threat model and associated reports (Compl. ¶5, ¶41). This process is alleged to map directly onto the elements of the asserted claims of the ’366 Patent.
No probative visual evidence provided in complaint.
Identified Points of Contention:
- Scope Questions: A primary question may be whether Infrastructure as a Code (IaC) files, which are machine-readable text files defining infrastructure, fall within the scope of the claimed "data file generated by the third party software application." The patent's specification frequently uses visual "diagram files" like Microsoft Visio as its primary example, which could raise questions about the intended scope of the claims.
- Technical Questions: A key factual question may be how the accused IriusRisk platform technically operates. The analysis may focus on what evidence the complaint provides that the accused platform utilizes a "mapping file" or an equivalent structure to perform the correlation required by the claims, versus another method of processing IaC files that may fall outside the claim scope.
V. Key Claim Terms for Construction
The Term: "data file generated by the third party software application"
- Context and Importance: This term is central to the infringement analysis. The case may turn on whether Infrastructure as a Code (IaC) files, which are foundational to the accused functionality, meet this definition. Practitioners may focus on this term because the patent's examples differ from the format of the files allegedly used by the accused product.
- Intrinsic Evidence for Interpretation:
- Evidence for a Broader Interpretation: Claim 1 uses the general term "data file." The specification provides a non-limiting list of importable file types that includes not only visual diagram formats but also data-interchange formats like "an XML file" and "a JSON file" (’366 Patent, col. 36:53-57). This language may support an interpretation that covers text-based, code-like files such as IaC files.
- Evidence for a Narrower Interpretation: The patent's title refers to "third party diagram files." The specification's main embodiment describes importing a "VISIO diagram file on which the user has previously diagrammed a system" (’366 Patent, col. 36:58-61). This emphasis on visual diagrams could support an argument for a narrower construction limited to files that represent a human-drawn diagram.
The Term: "mapping files"
- Context and Importance: Proving infringement requires showing that the accused system uses "mapping files" to correlate external components with internal threat data. The definition of this term will dictate what type of evidence is required.
- Intrinsic Evidence for Interpretation:
- Evidence for a Broader Interpretation: The claims define the term functionally as "correlating the threat model components with visual diagram components of a third party software application" (’366 Patent, cl. 1). This functional language may support a broad construction that covers any software module, database table, or lookup mechanism that performs the specified correlation task.
- Evidence for a Narrower Interpretation: The specification provides specific examples of "mapping files" as comma-separated value (CSV) tables that explicitly link a component name to an internal value and identifier (’366 Patent, Figs. 28-29; col. 37:13-17). This could support a narrower construction requiring a distinct, table-like data structure, rather than a more integrated software logic.
VI. Other Allegations
- Indirect Infringement: The complaint alleges both induced and contributory infringement. Inducement is based on allegations that Defendant provides the Accused Products with the specific intent to encourage infringement through promotional, educational, and tutorial materials (Compl. ¶49). Contributory infringement is based on allegations that the Accused Products are a material part of the invention, are especially adapted for infringement, and have no substantial non-infringing uses (Compl. ¶50).
- Willful Infringement: The complaint alleges willful infringement based on both pre- and post-suit knowledge. It alleges constructive notice via Plaintiff's patent marking website (Compl. ¶40) and actual notice based on Defendant's alleged monitoring of a competitor's patent announcements and the service of the original complaint in the lawsuit (Compl. ¶41-42, ¶52).
VII. Analyst’s Conclusion: Key Questions for the Case
- A core issue will be one of definitional scope: can the claimed "data file generated by the third party software application," which the patent exemplifies with visual diagram formats like Visio, be construed to cover the machine-readable Infrastructure as a Code (IaC) files processed by the accused system?
- A second central issue will be the procedural posture: following the PTAB's final written decision in IPR2023-00656, which concluded that none of the patent's claims were invalid, how will the resulting estoppel narrow the Defendant's available defenses and focus the litigation almost exclusively on the technical questions of infringement?