DCT
1:23-cv-00019
DataCloud Tech LLC v. Datto Inc
I. Executive Summary and Procedural Information
- Parties & Counsel:
- Plaintiff: DataCloud Technologies, LLC (Georgia)
- Defendant: Datto, Inc. (Delaware)
- Plaintiff’s Counsel: Stamoulis & Weinblatt LLC; Rozier Hardt McDonough PLLC
- Case Identification: 1:23-cv-00019, D. Del., 01/06/2023
- Venue Allegations: Venue is alleged to be proper in the District of Delaware because the Defendant is incorporated in Delaware.
- Core Dispute: Plaintiff alleges that Defendant’s data protection, website infrastructure, and remote management platforms infringe four patents related to operating system-level process management, anonymous network communication, and cross-platform task scheduling.
- Technical Context: The technologies at issue concern foundational methods for managing computer processes and network traffic, which are central to modern cloud-based business continuity, data protection, and managed IT services.
- Key Procedural History: U.S. Patent No. 6,560,613 was the subject of an Inter Partes Review (IPR2021-00361), which resulted in the cancellation of claims 1, 2, 5, 7, 14, and 17. The asserted claim in this litigation, Claim 8, was not cancelled in that proceeding. U.S. Patent No. 8,762,498 was the subject of an ex parte reexamination that concluded after the filing of this complaint and resulted in the cancellation of all claims, including the asserted Claim 1. The '613 and '499 patents were also subject to minor Certificates of Correction.
Case Timeline
| Date | Event |
|---|---|
| 2000-02-08 | Priority Date for U.S. Patent No. 6,560,613 |
| 2000-04-04 | Priority Date for U.S. Patent Nos. 7,209,959 and 8,762,498 |
| 2000-04-25 | Priority Date for U.S. Patent No. 8,156,499 |
| 2003-05-06 | Issue Date for U.S. Patent No. 6,560,613 |
| 2003-08-26 | Certificate of Correction for U.S. Patent No. 6,560,613 |
| 2007-04-24 | Issue Date for U.S. Patent No. 7,209,959 |
| 2012-04-10 | Issue Date for U.S. Patent No. 8,156,499 |
| 2012-09-25 | Certificate of Correction for U.S. Patent No. 8,156,499 |
| 2013-06-20 | Defendant Datto, Inc. incorporated |
| 2014-06-24 | Issue Date for U.S. Patent No. 8,762,498 |
| 2020-12-22 | IPR Filed against U.S. Patent No. 6,560,613 |
| 2022-10-05 | IPR Certificate Issued for U.S. Patent No. 6,560,613 |
| 2023-01-06 | Complaint Filing Date |
| 2024-07-12 | Reexamination Certificate Issued for U.S. Patent No. 8,762,498 |
II. Technology and Patent(s)-in-Suit Analysis
U.S. Patent No. 6,560,613 - Disambiguating File Descriptors
- Issued: May 6, 2003
The Invention Explained
- Problem Addressed: The patent describes a problem in operating systems like UNIX where different types of system resources—such as files on a hard disk and network communication channels—are both accessed using a generic pointer called a "file descriptor." This makes it difficult to selectively control access; for example, to prevent a program from writing to the disk while still allowing it to communicate over the network, because the same system calls (e.g., "write") are used for both (’613 Patent, col. 2:25-62).
- The Patented Solution: The invention proposes a method to distinguish between these different resource types. The system intercepts the initial calls that create a file descriptor and stores an "indicator" in a table, flagging whether the descriptor is for a disk file, a network socket, etc. Subsequently, when a generic access call is made, a "system call wrapper" can check this indicator table to determine the resource type and apply specific rules, such as allowing or denying the operation based on policy (’613 Patent, Abstract; col. 3:55-4:4). This architecture is illustrated in the patent’s Figure 1.
- Technical Importance: This technique enables more granular, policy-based security and control within an operating system, allowing for the differential treatment of processes based on the type of resources they attempt to access (’613 Patent, col. 3:15-36).
Key Claims at a Glance
- The complaint asserts at least independent Claim 8 (Compl. ¶22).
- The essential elements of Claim 8 are:
- A method for intercepting system calls that establish a file stored on media.
- Storing an indicator in a table to mark the resulting file descriptor as being associated with a file stored on media.
- Examining the stored indicator to determine the file type associated with a file descriptor.
- The complaint alleges infringement of "one or more claims," reserving the right to assert others (Compl. ¶23).
U.S. Patent No. 7,209,959 - Apparatus, System, And Method For Communicating To A Network Through A Virtual Domain Providing Anonymity To A Client Communicating On The Network
- Issued: April 24, 2007
The Invention Explained
- Problem Addressed: The patent identifies the privacy risks of internet browsing, where a user's IP address can be logged and tracked by websites, leading to unwanted solicitations and monitoring. The patent notes that conventional proxy servers merely substitute one persistent identity for another, which does not solve the underlying tracking problem (’959 Patent, col. 2:1-29).
- The Patented Solution: The invention discloses a three-component architecture—a "deceiver," a "controller," and a "forwarder"—that work in concert to anonymize a client's network session. A client's request is intercepted by the deceiver, which consults the controller to find the true destination and a suitable forwarder. The controller then directs the client to communicate with the forwarder, which transparently relays traffic between the client and the destination. In this arrangement, the destination website only sees the IP address of the forwarder, not the client, and the client is "deceived" into communicating with the forwarder, believing it to be the destination website (’959 Patent, Abstract; col. 2:35-48).
- Technical Importance: This system provides a dynamic, session-specific method for creating anonymous communication channels, isolating both the client and the destination server from direct contact or awareness of each other (’959 Patent, col. 2:49-59).
Key Claims at a Glance
- The complaint asserts at least independent Claim 1 (Compl. ¶33).
- The essential elements of Claim 1 are:
- A method that, in response to a client request, sets up a forwarding session using a "forwarder" placed between the client and a destination server.
- The forwarder transfers packets, and the session is implemented so that neither the client nor the destination server is aware of the forwarder's employment.
- A "controller" communicates with the forwarder and a domain name server (DNS) to resolve the destination's name.
- A "deceiver" receives the initial client request and initiates the controller's query to the DNS.
- The forwarding session is initiated in response to the controller receiving the answer from the DNS.
- The complaint alleges infringement of "one or more claims," reserving the right to assert others (Compl. ¶34).
U.S. Patent No. 8,156,499 - Methods, Systems And Articles Of Manufacture For Scheduling Execution Of Programs On Computers Having Different Operating Systems
- Issued: April 10, 2012 (Compl. ¶1)
- Technology Synopsis: The patent addresses the challenge of coordinating automated tasks across a distributed network of computers that run different, incompatible operating systems (e.g., Windows and Unix) (’499 Patent, col. 1:13-41). The invention describes a centralized scheduling computer that uses a "master schedule" to direct remote computers to execute specific programs, receive execution results (e.g., "success" or "fail"), and conditionally trigger subsequent tasks on other computers based on those results (’499 Patent, Abstract).
- Asserted Claims: At least Claim 1 (Compl. ¶44).
- Accused Features: Datto's Remote Monitoring and Management (RMM) platform is accused of infringing. The complaint alleges the RMM platform schedules a first program on a first computer (e.g., a Windows PC), receives a result, and, in response, schedules a second program on a second computer (e.g., a Linux-based "Job Server") with a different operating system (Compl. ¶45).
U.S. Patent No. 8,762,498 - Apparatus, System, And Method For Communicating To A Network Through A Virtual Domain
- Issued: June 24, 2014 (Compl. ¶1)
- Technology Synopsis: This patent, related to the ’959 patent, describes a system to enhance network privacy by using "virtual namespaces." The invention focuses on a "controller device" that receives a request for a destination within a virtual namespace, determines the corresponding destination IP address, establishes a correlation between that destination IP and a "forwarder" IP, and instructs the forwarder to route the traffic (’498 Patent, Abstract). The stated problem is to mitigate privacy threats from online tracking (’498 Patent, col. 1:5-14).
- Asserted Claims: At least Claim 1 (Compl. ¶56).
- Accused Features: Datto's Website Infrastructure is accused of infringement. The complaint alleges that a controller (e.g., a router) determines a destination IP address based on a virtual namespace destination (e.g., "www.datto.com"), correlates it with a forwarder IP, and instructs the forwarder to route the request data (Compl. ¶56).
III. The Accused Instrumentality
Product Identification
- The complaint identifies three accused instrumentalities: Datto Siris with Virtualization, Datto Website Infrastructure, and the Datto RMM Platform (Compl. ¶14).
Functionality and Market Context
- Datto Siris with Virtualization: This product line is presented as an all-in-one data protection and business continuity solution (Compl. p. 3). The complaint alleges that its use of KVM (Kernel-based Virtual Machine) for virtualization involves "shadowed I/O system call routines" that perform the functions claimed in the ’613 patent (Compl. ¶23). A screenshot in the complaint shows the Datto Siris 4 and 4X Series physical appliances (Compl. p. 3).
- Datto Website Infrastructure: This refers to the collection of servers, routers, and firewalls that operate Datto's public-facing websites (e.g., "www.datto.com", "cloud.datto.com"). The complaint alleges these standard networking components function together as the specialized "deceiver-controller-forwarder" architecture claimed in the ’959 and ’498 patents to manage network traffic (Compl. ¶¶34, 56).
- Datto RMM Platform: This is described as a "secure, cloud-based platform which enables MSPs to remotely secure, monitor, manage, and support endpoints" (Compl. p. 4). The infringement allegation centers on its ability to schedule a task on one computer, receive a result, and then schedule a follow-on task on a different computer that may have a different operating system (Compl. ¶45). The complaint includes a screenshot of the RMM software dashboard, depicting a tool for modern Managed Service Providers (MSPs) (Compl. p. 4).
IV. Analysis of Infringement Allegations
U.S. Patent No. 6,560,613 Infringement Allegations
| Claim Element (from Independent Claim 8) | Alleged Infringing Functionality | Complaint Citation | Patent Citation |
|---|---|---|---|
| intercepting system calls that establish a file stored on media; | Datto's Siris provides a method for disambiguating file descriptors by intercepting the system calls that store files on media. | ¶23 | col. 5:16-24 |
| storing at least one indicator that a file descriptor established by an intercepted system call is associated with a file stored on media, wherein storing an indicator...further comprises storing the indicator in a table; | The system stores one or more file type indicators (e.g., reference to images) for each file descriptor in a table. | ¶23 | col. 4:10-24 |
| and examining at least one stored indicator to determine with what file type a file descriptor is associated. | The system determines the file type by reviewing the stored file type indicators. | ¶23 | col. 5:36-43 |
Identified Points of Contention
- Technical Question: What evidence does the complaint provide that the KVM virtualization technology in Datto Siris performs infringement via the specific mechanism of an "indicator table" as claimed, rather than using other known I/O virtualization or shadowing techniques that achieve a similar result through a different process?
- Scope Question: Does the general process of I/O shadowing in a virtual machine (as alleged for Siris) meet the specific claim limitation of intercepting system calls that "establish a file stored on media" for the purpose of "disambiguating file descriptors," or is the function of KVM fundamentally different from the problem the patent claims to solve?
U.S. Patent No. 7,209,959 Infringement Allegations
| Claim Element (from Independent Claim 1) | Alleged Infringing Functionality | Complaint Citation | Patent Citation |
|---|---|---|---|
| in response to a request by a client to initiate communication with a destination website; | A client sends a request (e.g., "Client Hello") to initiate communication with a Datto website. | ¶34 | col. 5:48-51 |
| setting up a forwarding session between the client and a destination server...employing a forwarder...to forward packets...; | A forwarding session is set up using a forwarder (e.g., front-end server switch) to handle packets between the client and the destination WWW server. | ¶34 | col. 6:11-19 |
| ...wherein the forwarding session is set up and implemented such that neither the client or the destination server is aware of the employment of the forwarder; | The session is allegedly set up such that neither party is aware of the forwarder, with the complaint asserting the WWW server has a direct TCP connection. | ¶34 | col. 2:35-42 |
| employing a controller configured to communicate with the forwarder and a domain name server, wherein the controller queries the domain name server...; | A controller (e.g., a firewall) communicates with the forwarder (server switch) and a DNS, querying the DNS to resolve the destination website name. | ¶34 | col. 6:53-61 |
| employing a deceiver configured to communicate with the controller and the client, wherein the deceiver receives the request by the client...; | A deceiver (e.g., a router) receives the client's request and communicates with the controller. | ¶34 | col. 6:62-65 |
| in response to the controller receiving the answer from the domain name server and initiating communication with the forwarder, initiating the forwarding session. | The forwarding session is initiated after the controller gets the DNS response and communicates with the forwarder. | ¶34 | col. 7:1-4 |
Identified Points of Contention
- Technical Question: The complaint maps the claimed "deceiver," "controller," and "forwarder" elements to generic networking components (router, firewall, server switch) (Compl. ¶34). A key question is whether these general-purpose devices, as part of a standard web hosting architecture, actually perform the specific, coordinated functions and communications described in the patent's purpose-built anonymity system.
- Scope Question: Does Datto's public website infrastructure, designed for security and load balancing, meet the claim requirement that the system is implemented so that "neither the client or the destination server is aware of the employment of the forwarder"? The purpose and function of a standard web architecture may differ fundamentally from the anonymizing system described in the patent.
V. Key Claim Terms for Construction
Term from ’613 Patent, Claim 8: "file descriptor"
- Context and Importance: The invention's purpose is to "disambiguate" these descriptors. The complaint's theory hinges on equating the management of "files/sockets/pipes" in a KVM virtual environment with the patent's method (Compl. ¶23). The construction of this term will determine if the patent's scope can reach modern virtualization technologies.
- Intrinsic Evidence for a Broader Interpretation: The specification states that in operating systems like UNIX, "communication channels" and "hardware devices" are treated as files and accessed via file descriptors, supporting a definition that is not limited to pointers to data on a storage medium (’613 Patent, col. 2:45-54).
- Intrinsic Evidence for a Narrower Interpretation: Claim 8 itself recites a method of "intercepting system calls that establish a file stored on media" and storing an indicator that the descriptor "is associated with a file stored on media," which may be argued to limit the relevant meaning of "file descriptor" within this claim to those directly tied to physical storage (’613 Patent, col. 16:1-8).
Term from ’959 Patent, Claim 1: "deceiver"
- Context and Importance: This term defines a specific component in the patent's three-part architecture. The complaint alleges that a standard network "router" is a "deceiver" (Compl. ¶34). Practitioners may focus on this term because the infringement case depends on whether a generic network device can be mapped onto this specialized, named component.
- Intrinsic Evidence for a Broader Interpretation: The patent does not appear to limit the "deceiver" to a specific hardware or software implementation, describing it functionally as a component that "receives the request by the client...and initiates the controller to query the domain name server" (’959 Patent, col. 8:5-9). This may support an argument that any device performing this function qualifies.
- Intrinsic Evidence for a Narrower Interpretation: The patent's summary and background frame the invention as a system for providing anonymity by "isolating client activity" and "hiding" the client (’959 Patent, col. 2:8-19, col. 2:49-51). The term "deceiver" itself implies a specific function beyond standard routing. An argument may be made that a component must be part of such a purpose-built anonymity system to be a "deceiver" as contemplated by the patent.
VI. Other Allegations
- Indirect Infringement: The complaint does not contain specific factual allegations to support claims of induced or contributory infringement. The infringement counts are based on direct infringement by Defendant's making, using, or selling the accused instrumentalities (Compl. ¶¶ 21, 32, 43, 54).
- Willful Infringement: The complaint does not contain specific factual allegations to support a claim of willful infringement, such as pre-suit knowledge of the patents. It includes a boilerplate request for a declaration that the case is "exceptional" and an award of attorneys' fees under 35 U.S.C. § 285, but does not plead the factual predicate for such a finding (Compl. ¶60.C).
VII. Analyst’s Conclusion: Key Questions for the Case
- A core issue will be one of architectural mapping: can the specific, purpose-built "deceiver-controller-forwarder" architecture for providing anonymity, as claimed in the '959 and '498 patents, be read onto Datto's general-purpose web infrastructure, which consists of standard components like routers, firewalls, and load balancers?
- A key evidentiary question will be one of functional equivalence: does the accused software (Datto's KVM-based virtualization and its RMM platform) operate using the precise methods claimed in the '613 and '499 patents, or does it achieve similar high-level outcomes through fundamentally different technical means?
- A threshold question of patent enforceability will define the scope of the case: with all asserted claims of the '498 patent cancelled in a post-filing reexamination, can that count survive? Furthermore, how will the prior invalidation of several '613 patent claims in an IPR affect the court's view of the patent's validity and the scope of the surviving asserted claim?