DCT
1:22-cv-01644
DataCloud Tech LLC v. A10 Networks Inc
I. Executive Summary and Procedural Information
- Parties & Counsel:
- Plaintiff: DataCloud Technologies, LLC (Georgia)
- Defendant: A10 Networks, Inc. (Delaware)
- Plaintiff’s Counsel: Stamoulis & Weinblatt LLC; Rozier Hardt McDonough PLLC
- Case Identification: 1:22-cv-01644, D. Del., 12/29/2022
- Venue Allegations: Plaintiff alleges venue is proper in the District of Delaware because A10 Networks is registered to do business in the state, has transacted business in the district, and has committed alleged acts of infringement there.
- Core Dispute: Plaintiff alleges that Defendant’s network management products and infrastructure infringe four patents related to methods for synchronizing files and for providing anonymous network communication through virtual domains.
- Technical Context: The patents address two distinct areas of network technology: ensuring data consistency across distributed systems and masking user identity during network communications for privacy and security.
- Key Procedural History: The complaint alleges that Plaintiff’s licensing agent sent Defendant a letter on December 16, 2020, which identified the patents-in-suit. This event is cited as establishing pre-suit knowledge for the purpose of willfulness allegations.
Case Timeline
| Date | Event |
|---|---|
| 2000-04-04 | Earliest Priority Date for U.S. Patents 7,209,959; 8,370,457; and 8,762,498 |
| 2002-10-04 | Earliest Priority Date for U.S. Patent 7,139,780 |
| 2006-11-21 | U.S. Patent No. 7,139,780 Issued |
| 2007-04-24 | U.S. Patent No. 7,209,959 Issued |
| 2013-02-05 | U.S. Patent No. 8,370,457 Issued |
| 2013-12-06 | Defendant A10 Networks, Inc. organized and existing under Delaware law |
| 2014-06-24 | U.S. Patent No. 8,762,498 Issued |
| 2020-12-16 | Plaintiff’s licensing agent allegedly sent Defendant a "Licensing Letter" identifying the patents-in-suit |
| 2022-12-29 | Complaint Filed |
II. Technology and Patent(s)-in-Suit Analysis
U.S. Patent No. 7,139,780 - "System And Method For Synchronizing Files In Multiple Nodes"
- Patent Identification: U.S. Patent No. 7,139,780, issued November 21, 2006.
The Invention Explained
- Problem Addressed: In large enterprises with multiple branch offices, ensuring that all copies of a shared file across different local area networks (LANs) are consistent is challenging. Performing synchronization for every file change across all nodes can create excessive, and often unnecessary, network traffic (Compl. ¶23; ’780 Patent, col. 1:29-52).
- The Patented Solution: The patent describes a system with a central node and multiple local nodes. Each local node uses a "proxy" to intercept file access requests. Instead of constantly synchronizing, the proxy checks against a central database only when a file is accessed to see if a newer version exists. If a local file is outdated, the latest version is downloaded from the central node on-demand. If a local file is updated, the change is uploaded to the central node for other nodes to access later (’780 Patent, Abstract; col. 2:21-38). The system architecture is depicted in the patent's Figure 1.
- Technical Importance: This on-demand approach to synchronization aims to reduce network load by avoiding preemptive updates to nodes that may not need the latest file version immediately (’780 Patent, col. 1:53-61).
Key Claims at a Glance
- The complaint asserts at least independent claim 1 (Compl. ¶22).
- Claim 1 is a method for synchronizing files, comprising the steps of:
- storing one copy of each shared file in local file servers.
- creating a first table in local databases to store information on the local file copies.
- creating a second table in a central database to record all update information for files across all local servers.
- updating a copy of a file in one local file server.
- adding a new item of update information to the second (central) table.
- downloading the updated file from the local server and uploading it to a central file server as the latest edition.
- determining if another local file server’s copy needs to be updated.
- downloading the latest edition from the central file server to the other local server if an update is needed.
- The complaint does not explicitly reserve the right to assert other claims, but states infringement of "one or more claims" (Compl. ¶21).
U.S. Patent No. 7,209,959 - "Apparatus, System, And Method For Communicating To A Network Through A Virtual Domain Providing Anonymity To A Client Communicating On The Network"
- Patent Identification: U.S. Patent No. 7,209,959, issued April 24, 2007.
The Invention Explained
- Problem Addressed: Standard internet protocols (like HTTP) reveal user-identifying information such as IP addresses, which can lead to privacy threats like unwanted solicitations and tracking. Existing proxy solutions often just substitute one fixed identity for another, which does not provide true, session-specific anonymity (’959 Patent, col. 1:56-2:9).
- The Patented Solution: The invention proposes a three-component system to create temporary, anonymous communication sessions. A "deceiver" intercepts a client's initial request. It passes the request to a "controller," which resolves the true destination's IP address and selects an available "forwarder." The controller then tells the client's system that the forwarder's IP is the destination IP. All subsequent traffic is routed through this forwarder, which masks the client's real IP address from the destination server and vice versa, creating a temporary virtual domain for the session (’959 Patent, Abstract; col. 2:35-49). This architecture is shown in the patent's Figure 1.
- Technical Importance: This method provides a more dynamic and robust form of anonymity by creating ad-hoc, session-specific routing that isolates both the client and the destination server from direct contact (’959 Patent, col. 2:50-54).
Key Claims at a Glance
- The complaint asserts at least independent claim 1 (Compl. ¶35).
- Claim 1 is a method for network communication, comprising the steps of:
- in response to a client request, setting up a forwarding session between the client and a destination server.
- the session employing a "forwarder" disposed between the client and server to forward packets bilaterally.
- the forwarder transfers packets during the session.
- the session is implemented such that neither the client nor the destination server is aware of the forwarder's employment.
- employing a "controller" configured to communicate with the forwarder and a domain name server (DNS).
- the controller queries the DNS to resolve the destination website's name and initiates communication with the forwarder in response.
- employing a "deceiver" configured to communicate with the controller and the client.
- the deceiver receives the client's request and initiates the controller to query the DNS.
- initiating the forwarding session in response to the controller receiving the answer from the DNS and initiating communication with the forwarder.
- The complaint alleges infringement of "one or more claims" (Compl. ¶36).
U.S. Patent No. 8,370,457 - "Network Communication Through A Virtual Domain"
- Patent Identification: 8,370,457, issued February 5, 2013.
- Technology Synopsis: As a divisional of the application leading to the ’959 Patent, this patent shares the same core technology. It describes a system for anonymous network communication using a deceiver, controller, and forwarder to create a temporary, virtual communication channel that masks the identities of the client and destination server from each other (’457 Patent, Abstract).
- Asserted Claims: At least independent claim 9 is asserted (Compl. ¶42).
- Accused Features: The "A10 Thunder® Convergent Firewall (CFW)" is accused of infringement. The complaint alleges the CFW provides a method to establish a forwarding IP address based on pre-defined combinations of client and destination IP addresses set in its network filter, and then forwards data requests matching that filter via the forwarding IP address (Compl. ¶41, ¶43).
U.S. Patent No. 8,762,498 - "Apparatus, System, And Method For Communicating To A Network Through A Virtual Domain"
- Patent Identification: 8,762,498, issued June 24, 2014.
- Technology Synopsis: As part of the same patent family as the ’959 and ’457 patents, this patent also relates to anonymous communication through virtual domains. It focuses on a method where a controller determines a destination IP address based on a "virtual namespace" and establishes a correlation between that destination and a forwarder's IP address (’498 Patent, Abstract).
- Asserted Claims: At least independent claim 1 is asserted (Compl. ¶49).
- Accused Features: The "network infrastructure for A10 websites" is accused. The complaint alleges this infrastructure uses a controller (identified as a router) to determine a destination IP from a virtual name (e.g., a10networks.com), correlates it with a forwarder IP, and instructs the forwarder to route the request (Compl. ¶48, ¶50).
III. The Accused Instrumentality
Product Identification
The complaint names several accused instrumentalities:
- Thunder Device Manager (accused of infringing the ’780 Patent) (Compl. ¶21).
- A10 Networks websites (supported by A10's network infrastructure) (accused of infringing the ’959 and ’498 Patents) (Compl. ¶34, ¶48).
- A10 Thunder® Convergent Firewall (CFW) (accused of infringing the ’457 Patent) (Compl. ¶41).
Functionality and Market Context
- The Thunder Device Manager is alleged to be a system for managing A10 devices, including providing automatic firmware updates by synchronizing files between a central server and local devices (Compl. ¶23).
- The A10 network infrastructure is described as the system that supports A10's own websites. The complaint alleges this infrastructure uses components like front-end server switches, firewalls, and routers to manage traffic in a way that infringes the '959 and '498 patents (Compl. ¶36, ¶50).
- The A10 Thunder® CFW is a firewall product alleged to use network service filters to establish and forward traffic based on pre-defined source and destination IP address combinations (Compl. ¶43).
- The complaint alleges that the provision and sale of these products and services are a source of revenue and a business focus for the Defendant (Compl. ¶27).
- No probative visual evidence provided in complaint.
IV. Analysis of Infringement Allegations
’780 Patent Infringement Allegations
| Claim Element (from Independent Claim 1) | Alleged Infringing Functionality | Complaint Citation | Patent Citation |
|---|---|---|---|
| (a) storing one copy of each file that is shared between the local nodes; | Storing one copy of each file (e.g., an update) shared between the local nodes (e.g., the systems comprising the devices/device network). | ¶23 | col. 2:24-28 |
| (b) creating a first table in each of the local databases to store information on copies of files... | Creating a first table in local databases to store information on file copies in the respective local device. | ¶23 | col. 2:50-53 |
| (c) creating a second table in the central database to record all update information on copies of files... | Creating a second table in the central database to record all update information on copies of files in all devices. | ¶23 | col. 2:53-56 |
| (d) updating a copy of a file in one of the local file servers; | Updating a copy of a file in one of the devices (e.g., using a schedule from Device Manager). | ¶23 | col. 2:56-57 |
| (e) adding a new item of update information on the file in the second table; | Adding a new item of update information on the file in the second table. | ¶23 | col. 2:57-58 |
| (f) downloading the updated copy... from said one of the local file servers, and uploading... to the central file server... | Downloading the updated copy (e.g., firmware) from one local file server and uploading it to the central file server. | ¶23 | col. 2:59-63 |
| (g) determining whether a required copy of the file in another of the local file servers needs to be updated; and | Determining whether a required copy of the file in another of the local file servers needs to be updated. | ¶23 | col. 2:63-65 |
| (h) downloading the latest edition of the file from the central file server to update said another... | Downloading the latest edition of the file from the central file server to update the other local file servers if needed. | ¶23 | col. 2:65-col. 3:2 |
Identified Points of Contention (’780 Patent)
- Scope Question: Does the term "file," as used in the context of general file sharing in the patent, read on the specific "firmware" updates allegedly managed by the accused product?
- Technical Question: The complaint alleges the accused product performs the steps of the claim but provides little detail on the underlying mechanism. A key question will be whether the Thunder Device Manager actually uses the claimed two-table database structure (one local, one central) and proxy-based, on-demand checking, or if it uses a different, more conventional push-update or scheduled-update methodology.
’959 Patent Infringement Allegations
| Claim Element (from Independent Claim 1) | Alleged Infringing Functionality | Complaint Citation | Patent Citation |
|---|---|---|---|
| ...setting up a forwarding session... employing a forwarder disposed between the client and the destination server... | The forwarding session employs a "front-end server switch" as the forwarder, disposed between the client and the destination server to handle bilateral communications. | ¶36 | col. 8:50-58 |
| ...neither the client or the destination server is aware of the employment of the forwarder; | The session is set up so neither client nor destination server is aware of the forwarder (e.g., the WWW server has a direct TCP connection with a client address, masking the forwarder). | ¶36 | col. 8:59-62 |
| ...employing a controller configured to communicate with the forwarder and a domain name server... | A "firewall" acts as the controller, communicating with the "front-end server switch" (forwarder) and a DNS. | ¶36 | col. 8:62-64 |
| ...the controller queries the domain name server to resolve the name of the destination website... and initiates communication... | The controller (firewall) queries the DNS to resolve the website name and initiates communication with the forwarder (front-end server switch) in response to the DNS answer. | ¶36 | col. 8:64-col. 9:1 |
| ...employing a deceiver configured to communicate with the controller and the client... | A "router" acts as the deceiver, configured to communicate with the controller (firewall) and the client (internet device). | ¶36 | col. 9:3-5 |
| ...the deceiver receives the request by the client... and initiates the controller to query the domain name server... | The deceiver (router) receives the client's request and initiates the controller to query the DNS to resolve the name of the destination website. | ¶36 | col. 9:5-9 |
Identified Points of Contention (’959 Patent)
- Architectural Mismatch: The complaint maps the patent's specialized components ("deceiver," "controller," "forwarder") onto generic network hardware ("router," "firewall," "switch"). A central dispute will be whether these standard devices perform the specific, coordinated, and novel functions required by the claims, or if this represents a fundamental architectural mismatch.
- Technical Question: What evidence demonstrates that the accused "firewall" (controller) and "router" (deceiver) perform the claimed hand-off, where the deceiver initiates the controller to perform a DNS query on its behalf? This specific interaction is a core element of the patented solution.
V. Key Claim Terms for Construction
For the ’780 Patent
- The Term: "proxy"
- Context and Importance: The "proxy" is the active agent in the local node that intercepts requests and triggers the synchronization check. Its function is central to the patent's on-demand mechanism. Practitioners may focus on this term because the infringement allegation will depend on whether the Thunder Device Manager contains a component that performs this specific gatekeeping function.
- Intrinsic Evidence for Interpretation:
- Evidence for a Broader Interpretation: The claims do not define the specific form of the proxy, leaving its implementation open. Claim 1 is a method claim and does not require a specific "proxy" apparatus, only the performance of the claimed steps.
- Evidence for a Narrower Interpretation: The specification describes the proxy as a specific type of software module: "one of Dynamic Link Libraries (DLLs)" that is "called by its respective server application programs" to determine if files need updating (’780 Patent, col. 4:55-62). An argument could be made that the term is limited to such an intercepting software library.
For the ’959 Patent
- The Term: "deceiver"
- Context and Importance: The "deceiver" is the unique component that transparently intercepts the client's initial DNS request and reroutes it to the "controller" to initiate the anonymous session. Its definition is critical because the complaint maps this role to a standard "router," and the viability of the infringement claim depends on that mapping.
- Intrinsic Evidence for Interpretation:
- Evidence for a Broader Interpretation: The claims define the deceiver functionally as a component "configured to communicate with the controller and the client" and to "receive the request... and initiate the controller to query the domain name server" (’959 Patent, claim 1). An argument could be made that any device performing this function, regardless of its name, is a "deceiver."
- Evidence for a Narrower Interpretation: The summary of the invention distinguishes the deceiver from a "standard name server" and describes its unique function of allowing "the controller to supply the information" (’959 Patent, col. 2:40-43). This suggests the deceiver is not a conventional routing device but a specialized DNS-like application that performs a conditional hand-off, a function a standard router may not perform.
VI. Other Allegations
- Indirect Infringement: The complaint alleges A10 Networks induces infringement of the ’780 Patent by instructing customers on how to use the Thunder Device Manager through its "support and sales activities" and promotional materials (Compl. ¶26, ¶28). The complaint alleges customers' use of the product constitutes direct infringement (Compl. ¶24).
- Willful Infringement: Willfulness is alleged specifically for the ’780 Patent. The complaint bases this on A10 Networks' alleged "knowledge of the ’780 Patent as early as the date of its receipt of the Licensing Letter" on December 16, 2020, and its continued alleged infringement thereafter (Compl. ¶27). The prayer for relief specifically requests a finding of willful infringement for the ’780 Patent (Compl. ¶54.D).
VII. Analyst’s Conclusion: Key Questions for the Case
- A central issue will be one of architectural equivalence: Do the accused products, which are commercial-grade network management tools and infrastructure, actually implement the specific, multi-component architectures described in the patents? For the ’959 patent family, this raises the question of whether generic hardware like a "router" and "firewall" can be shown to perform the highly specialized and coordinated functions of the claimed "deceiver" and "controller."
- A second key question will be one of definitional scope: Can the patent terms be construed to cover the accused functionality? For the ’780 Patent, this involves determining if "synchronizing files" reads on the management of "firmware updates." For the ’959 family, it involves deciding if the term "deceiver" can encompass the functionality of a standard network router.
- Finally, a primary evidentiary question will be one of functional proof: The complaint maps claim language directly onto accused products with limited technical detail. The case will likely turn on whether the Plaintiff can produce concrete evidence that the accused products and infrastructure perform the specific, granular steps of the asserted claims, rather than merely achieving a similar high-level result through different technical means.