DCT
1:23-cv-00072
DataCloud Tech LLC v. Barracuda Networks Inc
I. Executive Summary and Procedural Information
- Parties & Counsel:
- Plaintiff: DataCloud Technologies, LLC (Georgia)
- Defendant: Barracuda Networks, Inc. (Delaware)
- Plaintiff’s Counsel: Stamoulis & Weinblatt, LLC; Rozier Hardt McDonough PLLC
- Case Identification: 1:23-cv-00072, D. Del., 04/14/2023
- Venue Allegations: Venue is based on Defendant's incorporation in the State of Delaware.
- Core Dispute: Plaintiff alleges that a wide range of Defendant’s networking, security, and data protection products infringe eight patents related to data management, network communication, file access control, and file synchronization.
- Technical Context: The technologies at issue concern foundational aspects of network security, data organization, and communication protocols commonly used in modern enterprise and consumer-facing network infrastructure.
- Key Procedural History: The complaint alleges Defendant was made aware of Plaintiff's patent portfolio via a letter from a licensing agent on November 4, 2020, and of infringement by certain products via a letter from counsel on February 12, 2021. U.S. Patent No. 6,560,613 was subject to an Inter Partes Review (IPR2021-00361), which resulted in the cancellation of claims 1, 2, 5, 7, 14, and 17. The complaint asserts claim 8 of this patent, which was not cancelled in the IPR.
Case Timeline
| Date | Event |
|---|---|
| 2000-01-28 | Priority Date for ’063 Patent |
| 2000-02-08 | Priority Date for ’613 Patent |
| 2000-04-04 | Priority Date for ’959 Patent |
| 2002-12-30 | Priority Date for ’780 Patent |
| 2003-11-18 | ’063 Patent Issued |
| 2003-05-06 | ’613 Patent Issued |
| 2004-11-17 | Barracuda Networks, Inc. incorporated |
| 2006-11-21 | ’780 Patent Issued |
| 2007-03-13 | Priority Date for ’457 Patent |
| 2007-03-23 | Priority Date for ’298 Patent |
| 2007-04-24 | ’959 Patent Issued |
| 2007-06-14 | Priority Date for ’723 Patent |
| 2008-07-08 | ’298 Patent Issued |
| 2012-12-31 | Priority Date for ’498 Patent |
| 2013-02-05 | ’457 Patent Issued |
| 2014-01-21 | ’723 Patent (Reissue) Issued |
| 2014-06-24 | ’498 Patent Issued |
| 2020-11-04 | Defendant allegedly made aware of patent portfolio |
| 2021-02-12 | Defendant allegedly made aware of infringement |
| 2023-04-14 | First Amended Complaint Filed |
II. Technology and Patent(s)-in-Suit Analysis
U.S. Patent No. 6,651,063 - “Data Organization And Management System And Method”
- Issued: November 18, 2003.
The Invention Explained
- Problem Addressed: The patent’s background section describes the difficulty businesses and consumers face in collecting and organizing information from disparate sources, such as product manuals, solicitations, and mail, noting that conventional storage methods like filing cabinets or decentralized computer systems are often inefficient (Compl. ¶20; ’063 Patent, col. 1:15-46).
- The Patented Solution: The invention proposes a system where "providers" of information send structured "information packs" to a recipient's centralized "User Data Repository" (’063 Patent, col. 2:1-11). These packs contain identifiers that allow for automatic categorization upon receipt, shifting the organizational burden from the recipient to the provider and allowing the recipient to apply further custom organizational rules (’063 Patent, Abstract; Fig. 1).
- Technical Importance: This system aimed to streamline information management by creating a structured framework for data exchange where the initial categorization is performed by the sender, simplifying storage and retrieval for the end-user (Compl. ¶20).
Key Claims at a Glance
- The complaint asserts at least Claim 4 (Compl. ¶25).
- Claim 4 is a method claim with essential elements including:
- Providing a method for storing and controlled access of data.
- Storing information in an "information pack" to which is associated: the address of a data repository, a category identifier, and a provider identifier.
- Sending the information pack to be stored in a custom location reserved for the specified category identifier.
- Assigning a "custom category identifier" to the information pack.
- Subsequently using the custom category identifier to identify other information packs that should be stored in the same location.
- Sending a "custom category signal to a processing station" associated with the user data repository.
U.S. Patent No. 8,370,457 - “Network Communication Through A Virtual Domain”
- Issued: February 5, 2013.
The Invention Explained
- Problem Addressed: The patent family addresses privacy threats on the internet, where a user's IP address and other identifying information can be recorded by web servers, leading to a loss of anonymity and unwanted tracking through mechanisms like "cookies" (’959 Patent, col. 1:56-2:6).
- The Patented Solution: The invention describes a three-part system (deceiver, controller, forwarder) that establishes an anonymous communication session. A client's request to a destination server is intercepted and rerouted through a "forwarder," which substitutes its own IP address for the client's IP address, thereby masking the client's identity from the destination server (’457 Patent, Abstract; Fig. 1).
- Technical Importance: This architecture provides a method for anonymizing network traffic at the protocol level, offering a potentially more robust privacy solution than application-level proxies by creating a temporary, virtualized communication channel (Compl. ¶31).
Key Claims at a Glance
- The complaint asserts at least Claim 9 (Compl. ¶36).
- Claim 9 is a method claim with essential elements including:
- Establishing a forwarding internet protocol (IP) address for a pre-defined combination of a client IP address and a destination IP address.
- Identifying, in a data request received from the client IP address, the pre-defined combination.
- In response to identifying the pre-defined combination, forwarding the data request via the forwarding IP address to the destination IP address.
U.S. Patent No. 8,762,498 - “Apparatus, System, And Method For Communicating To A Network Through A Virtual Domain”
- Issued: June 24, 2014.
- Technology Synopsis: Continuing the technology family of the ’457 Patent, this invention describes a method for anonymizing network activity. A controller device determines a destination IP address from virtual names based on request data and instructs a forwarder device to send the data, establishing an anonymous communication channel (Compl. ¶42; ’498 Patent, Abstract).
- Asserted Claims: At least Claim 1 is asserted (Compl. ¶47).
- Accused Features: The complaint alleges that Barracuda websites using Transport Layer Security (TLS) infringe by providing a method of determining a destination IP address based on a virtual namespace and instructing a forwarder to send request data (Compl. ¶46, ¶48).
U.S. Reissued Patent No. RE44,723 - “Regulating File Access Rates According To File Type”
- Issued: January 21, 2014.
- Technology Synopsis: This patent describes a method to improve network systems by controlling access to file resources to prevent attacks such as Denial of Service (DoS). The method involves intercepting system calls that attempt to access a file, determining an associated access rate corresponding to the file's type, and regulating the process to access the file at that determined rate (Compl. ¶53, ¶59; ’723 Patent, Abstract).
- Asserted Claims: At least Claim 1 is asserted (Compl. ¶58).
- Accused Features: The complaint alleges that Barracuda Firewalls with Rate Control functionality infringe by employing a method to regulate file access rates based on file type to limit resource access and prevent DoS attacks (Compl. ¶57, ¶59).
U.S. Patent No. 6,560,613 - “Disambiguating File Descriptors”
- Issued: May 6, 2003.
- Technology Synopsis: The patent addresses the inability of some operating systems to distinguish between different types of files (e.g., a file on a hard disk versus a network communication socket), as both may be accessed via a generic "file descriptor." The invention provides a method to disambiguate these file descriptors by intercepting system calls, storing a "file type indicator" for each descriptor in a table, and then examining that table to determine the associated file type (’613 Patent, Abstract; Compl. ¶64).
- Asserted Claims: At least Claim 8 is asserted (Compl. ¶69).
- Accused Features: The complaint alleges that Barracuda's Siris with Virtualization products, which use Kernel-based Virtual Machine (KVM), infringe by employing a method of disambiguating file descriptors (e.g., files, sockets, pipes) by intercepting system calls and examining stored indicators to determine the associated file type (Compl. ¶68, ¶70).
U.S. Patent No. 7,398,298 - “Remote Access And Retrieval Of Electronic Files”
- Issued: July 8, 2008.
- Technology Synopsis: This invention describes a system for remotely controlling data directory structures over a network. The system includes a server with a management application and a profile data store that contains information on user permissions, allowing participating users with different roles (e.g., administrator, user) to query and modify directory structures to which they have access (’298 Patent, Abstract; Compl. ¶75).
- Asserted Claims: At least Claim 13 is asserted (Compl. ¶80).
- Accused Features: The complaint alleges that the Barracuda Email Security Gateway and Email Gateway Defense products infringe by providing a method for remotely controlling directory structures (e.g., user permissions and access to functions) via an administrative dashboard that queries a profile data store based on user roles (Compl. ¶79, ¶81).
U.S. Patent No. 7,139,780 - “System And Method For Synchronizing Files In Multiple Nodes”
- Issued: November 21, 2006.
- Technology Synopsis: The patent discloses a method for synchronizing files between a central node and multiple local nodes in a network. The system uses a first table at each local node to track local file versions and a second table at the central node to record update information for all files, coordinating downloads and uploads to ensure all nodes have the latest file editions (’780 Patent, Abstract; Compl. ¶86).
- Asserted Claims: At least Claim 1 is asserted (Compl. ¶91).
- Accused Features: The complaint alleges that the backup and restore feature of Barracuda's Web Security Gateway infringes by providing a method to synchronize files (e.g., firmware updates) between a central node (e.g., Cloud Manager) and local nodes (e.g., Barracuda devices) using databases to manage versioning (Compl. ¶90, ¶92).
U.S. Patent No. 7,209,959 - “Apparatus, System, And Method For Communicating To A Network Through A Virtual Domain Providing Anonymity To A Client Communicating On The Network”
- Issued: April 24, 2007.
- Technology Synopsis: As part of the same family as the '457 and '498 patents, this invention describes a method for providing anonymous network communication. It employs a forwarder, a controller, and a deceiver to set up a forwarding session where neither the client nor the destination server is aware of the forwarder's role, thereby anonymizing the client's connection (’959 Patent, Abstract; Compl. ¶103).
- Asserted Claims: At least Claim 1 is asserted (Compl. ¶108).
- Accused Features: The complaint alleges that the Barracuda Networks Website infrastructure infringes by employing a method where a forwarder (e.g., a front-end server switch) is disposed between a client and a destination server to forward packets, with a controller (e.g., a firewall) managing the session (Compl. ¶107, ¶109).
III. The Accused Instrumentality
Product Identification
- The complaint names a broad set of "Accused Instrumentalities," including the Barracuda Android App, Barracuda Firewalls with NAT translation, Barracuda Firewalls with Rate Control, Barracuda websites using TLS, Barracuda's Siris with Virtualization (using KVM), Barracuda Email Security Gateway and Email Gateway Defense, Web Security Gateways, and the Barracuda Networks Website infrastructure (Compl. ¶16).
Functionality and Market Context
- For the ’063 Patent, the accused Barracuda Android App is alleged to provide a method for users to store and access data in a repository by uploading files. The complaint alleges these uploads constitute an "information pack" associated with identifiers for the user, a category (e.g., "data" directory), and the provider (Barracuda) (Compl. ¶26).
- For the ’457 Patent, the accused Barracuda Firewalls with NAT translation are alleged to use advanced firewall settings in the Cloud Firewall to establish a forwarding IP address for traffic based on a pre-defined combination of a client source IP address and a destination IP address (Compl. ¶37).
- The complaint alleges Defendant provides training and educational information for these products and operates the website www.barracuda.com to advertise and sell them (Compl. ¶15, ¶17). No probative visual evidence provided in complaint.
IV. Analysis of Infringement Allegations
’063 Patent Infringement Allegations
| Claim Element (from Independent Claim 4) | Alleged Infringing Functionality | Complaint Citation | Patent Citation |
|---|---|---|---|
| a method for storing and controlled access of data in a repository by storing information in an “information pack” | Defendant’s provision of the Barracuda Android App provides users a method for storing and controlled access of data in a repository by storing information (e.g., uploading to servers/saving image files). | ¶26 | col. 8:51-56 |
| to which is associated the address of one of a multiplicity of data repositories associated with at least one of the users... | The uploaded information is associated with the address of one of a multiplicity of data repositories associated with the users. | ¶26 | col. 6:12-16 |
| a category identifier... | The uploaded information is associated with a category identifier (e.g., “data” directory). | ¶26 | col. 6:25-26 |
| and a provider identifier... | The uploaded information is associated with a provider identifier (Barracuda). | ¶26 | col. 6:25-26 |
| said information pack is sent to and stored in the specified data repository and stored there in a custom location... | The information is sent to and stored in the specified data repository in a custom location (e.g., a file folder in the application is reserved for information). | ¶26 | col. 9:43-51 |
| a custom category identifier is assigned to the information pack... | A custom category identifier (e.g., the digital signature for the Android application) is assigned to the information pack. | ¶26 | col. 9:52-54 |
| said custom category identifier is subsequently used to identify other information packs that should be stored in the same location... | The custom category identifier is subsequently used to identify other information packs (e.g., updated versions of an APK from the same author) that should be stored in the same location. | ¶26 | col. 9:55-61 |
| by sending a custom category signal to a processing station uniquely associated with said user data repository. | This is achieved by sending a custom category signal to a processing station uniquely associated with the user data repository. | ¶26 | col. 10:2-10 |
Identified Points of Contention (’063 Patent)
- Scope Questions: A central question will be whether the general act of a user uploading a file to a server via an application can be mapped to the patent's structured "information pack" concept, which is described as containing specific identifiers.
- Technical Questions: What evidence does the complaint provide that a file's location in a "data" directory functions as the claimed "category identifier"? Further, what is the basis for alleging that an application's "digital signature" is used as a "custom category identifier" to subsequently route other information packs, as required by the claim?
’457 Patent Infringement Allegations
| Claim Element (from Independent Claim 9) | Alleged Infringing Functionality | Complaint Citation | Patent Citation |
|---|---|---|---|
| establishing a forwarding internet protocol (IP) address for a pre-defined combination of a client IP address and a destination IP address | Barracuda Firewalls with NAT translation, through advanced firewall settings, establish a forwarding IP address (translated IP address) for a pre-defined combination of a client IP address (e.g., 10.10.XX.XX) and a destination IP address (e.g., 168.10.XX.XX). | ¶37 | col. 7:22-26 |
| identifying, in a data request received from the client IP address, the pre-defined combination | The firewall identifies, in a data request received from the client IP address, the pre-defined combination. | ¶37-38 | col. 7:27-30 |
| and in response to the identifying of the pre-defined combination, forwarding the data request via the forwarding IP address... | In response to identifying the pre-defined combination, the firewall forwards the data request from the client ("Host A") via the forwarding IP address (e.g., through commands configured to translate source addresses for all packets in a subnet) to the destination IP address ("Host B"). | ¶38 | col. 7:31-33 |
Identified Points of Contention (’457 Patent)
- Scope Questions: Does a standard Network Address Translation (NAT) rule, which translates addresses for a subnet or range, constitute the claimed "pre-defined combination of a client IP address and a destination IP address"? The patent's context is creating temporary, anonymous sessions, which may suggest a more specific and transient combination than a persistent firewall rule.
- Technical Questions: How does the accused firewall "identify" the "pre-defined combination" within a data request itself, as opposed to simply applying a pre-configured rule to all traffic that matches the rule's criteria? The claim language suggests an active identification step that may differ from the passive application of a NAT rule.
V. Key Claim Terms for Construction
For the ’063 Patent
- The Term: "information pack"
- Context and Importance: The infringement theory for the '063 patent hinges on whether a standard file upload from an Android app qualifies as an "information pack." The definition of this term is therefore central to determining if the accused product performs the claimed method.
- Intrinsic Evidence for Interpretation:
- Evidence for a Broader Interpretation: The specification states that the system allows "providers of information to send information to potentially interested parties" (col. 1:8-10), which could support a view that any such transmission of information falls within the scope.
- Evidence for a Narrower Interpretation: The abstract describes a system where "Providers send information to user data repositories," with associated identifiers allowing the recipient to "easily assess the nature of the information." Claim 4 itself requires the association of a repository address, a category identifier, and a provider identifier, suggesting a structured data object, not merely any file being uploaded.
For the ’457 Patent
- The Term: "pre-defined combination of a client IP address and a destination IP address"
- Context and Importance: This term is critical because the infringement allegation maps it onto standard NAT functionality. Practitioners may focus on whether this term requires a specific, one-to-one mapping for anonymization purposes, rather than the broader one-to-many or many-to-one mappings typical of NAT.
- Intrinsic Evidence for Interpretation:
- Evidence for a Broader Interpretation: The claim language itself does not explicitly limit the combination to a one-to-one mapping or require it to be temporary, which could support reading it on a persistent NAT rule.
- Evidence for a Narrower Interpretation: The patent's Summary of the Invention describes a system to "enable anonymous network activity" ('457 patent, col. 1:14-16). This context of providing anonymity may support a narrower construction where the "combination" is tied to a specific, anonymized session, distinguishing it from general-purpose network address translation.
VI. Other Allegations
- Indirect Infringement: The complaint alleges induced infringement of the ’780 Patent, asserting that Defendant encourages and instructs its customers to use the Barracuda Web Security Gateway's backup and restore feature in a manner that directly infringes, citing Defendant's support and sales activities (Compl. ¶94-95).
- Willful Infringement: Willfulness is alleged for the ’780 patent, based on pre-suit knowledge allegedly established by a letter sent on November 4, 2020 (Compl. ¶96, ¶113.D). The complaint also makes general allegations that Defendant was aware of the entire patent portfolio as of that date and aware of infringement as of February 12, 2021, which may form the basis for willfulness allegations across all asserted patents (Compl. ¶7-8).
VII. Analyst’s Conclusion: Key Questions for the Case
- A central issue will be one of technical mapping: Does the conventional functionality of the accused products (e.g., standard Network Address Translation in firewalls, user-initiated file uploads in a mobile application, role-based permissions in an email gateway) perform the specific, often multi-step, processes recited in the patents, or are the allegations based on a fundamental mismatch in technical operation?
- The case will also turn on claim construction and scope: Can terms rooted in the patents' specific disclosed purposes, such as "information pack" for structured data exchange or a "pre-defined combination" for creating anonymous sessions, be construed broadly enough to encompass the more generic, well-understood technologies implemented in the accused products?
- A key question for the litigation will be patent validity: Given the foundational nature of the accused technologies and the age of the asserted patents, the asserted claims will likely face significant validity challenges based on prior art, conventionality, and patentable subject matter, a possibility underscored by the successful IPR challenge that cancelled several claims of the asserted ’613 patent.