DCT

1:24-cv-00344

Assurant Inc v. Intellectual Ventures I LLC

Log In

I. Executive Summary and Procedural Information

  • Parties & Counsel:
  • Case Identification: 1:24-cv-00344, D. Del., 03/15/2024
  • Venue Allegations: Venue is alleged to be proper in the District of Delaware because all three defendant entities were organized under the laws of the State of Delaware and reside in the district.
  • Core Dispute: Plaintiff seeks a declaratory judgment that its use of certain third-party software platforms does not infringe five patents owned by Defendants related to technologies including graduated authentication, distributed application management, secure networking, and parallel programming.
  • Technical Context: The patents-in-suit concern foundational technologies for modern enterprise software, including security protocols for financial transactions, virtualization and containerization management, and large-scale data processing.
  • Key Procedural History: The complaint details pre-suit communications initiated by Defendants, including emails and presentations that identified the patents-in-suit, accused specific software platforms used by Plaintiff of infringement, and asserted a "pressing need for a patent license agreement." The complaint also notes Defendants' history of litigating these patents against other companies in the financial services sector, which collectively form the basis for the actual case or controversy required for this declaratory judgment action.

Case Timeline

Date Event
2003-05-21 ’080 Patent Priority Date
2003-03-31 ’785 Patent Priority Date
2004-06-16 ’391 Patent Priority Date
2004-12-30 ’844 Patent Priority Date
2005-03-08 ’167 Patent Priority Date
2008-01-01 ’167 Patent Issue Date
2010-05-04 ’080 Patent Issue Date
2011-05-24 ’785 Patent Issue Date
2012-12-11 ’844 Patent Issue Date
2020-02-18 ’391 Patent Issue Date
2024-01-03 Defendants contact Plaintiff to initiate licensing dialogue
2024-01-12 Defendants send follow-up email to Plaintiff regarding "pressing need for a patent license"
2024-02-12 Defendants send licensing presentation to Plaintiff
2024-03-13 Defendants circulate a draft license agreement to Plaintiff
2024-03-15 Complaint Filing Date

II. Technology and Patent(s)-in-Suit Analysis

U.S. Patent No. 10,567,391 - "Graduated Authentication in an Identity Management System," issued February 18, 2020

The Invention Explained

  • Problem Addressed: The patent’s background section identifies a tension in identity management systems between the need for lightweight, low-friction logins for simple tasks and the requirement for high-overhead, secure channels for sensitive operations. The patent notes a need for a system that can offer "graduated security" to fit different contexts (’391 Patent, col. 1:43-50, col. 2:1-4).
  • The Patented Solution: The invention discloses a method and system where a requesting entity (a "membersite") can ask an identity provider (a "homesite") to authenticate a user at a specific security level. The security level is multi-dimensional, accounting for the strength of the authentication method (e.g., password vs. biometric), the security of the communication channel, and the "staleness" of a prior authentication. This allows the system to apply a security level appropriate to the requested transaction (’391 Patent, Abstract; col. 2:30-40).
  • Technical Importance: This approach allows for adaptive, risk-based authentication, aiming to reduce user friction for low-value interactions while enforcing stronger security for high-value transactions within a unified framework (Compl. ¶82).

Key Claims at a Glance

  • The complaint asserts non-infringement of the independent claims, with a specific focus on limitations found in claims such as independent method claim 1 (Compl. ¶81).
  • The essential elements of independent claim 1 include:
    • receiving a first request for user authentication as part of a first usage event, the request including information about a first type of transaction;
    • receiving a second request for user authentication as part of a second usage event, the request including information about a second type of transaction;
    • wherein the second type of transaction is different from the first type of transaction;
    • performing a transaction associated with the first request at a first transaction security level; and
    • performing a transaction associated with the second request at a second, different transaction security level.
  • The complaint does not explicitly reserve the right to assert dependent claims.

U.S. Patent No. 8,332,844 - "Root Image Caching and Indexing for Block-Level Distributed Application Management," issued December 11, 2012

The Invention Explained

  • Problem Addressed: The patent’s background describes the inefficiency of deploying and updating software for large computer clusters. Traditional methods either involve pre-creating numerous full copies of a master image, which wastes disk space, or creating them "on the fly," which consumes significant time and bandwidth (’844 Patent, col. 1:35-67).
  • The Patented Solution: The invention proposes a "branching store file system" that uses a single, read-only "root image" accessible by all compute nodes. Each node is then assigned a unique "leaf image" that stores only the data blocks that are new or changed relative to the root image. A filter logically merges the root and leaf images at the block level, presenting a complete, unique application environment to each node without storing redundant, unchanged data for each instance (’844 Patent, Abstract; col. 2:15-24).
  • Technical Importance: This block-level, copy-on-write architecture was designed to dramatically reduce storage overhead and accelerate the deployment ("bring-up time") of applications across large-scale computing environments.

Key Claims at a Glance

  • The complaint alleges non-infringement of the independent claims, including system claim 1 (Compl. ¶93).
  • The essential elements of independent claim 1 include:
    • a first storage unit configured to store blocks of a root image;
    • a plurality of second storage units configured to store leaf images for respective compute nodes;
    • said leaf images including only additional data blocks not previously contained in said root image and changes made by respective compute nodes to the blocks of said root image;
    • wherein said leaf images do not include blocks of said root image that are unchanged; and
    • a cache configured to cache blocks of said root image previously accessed by a compute node.
  • The complaint does not explicitly reserve the right to assert dependent claims.

U.S. Patent No. 7,314,167 - "Method and Apparatus for Providing Secure Identification, Verification and Authorization," issued January 1, 2008

  • Technology Synopsis: The patent describes a system for conducting secure transactions using a portable apparatus. The invention involves the apparatus capturing an image, such as a barcode, that contains embedded transaction information, verifying the user via input like a PIN, and then generating an output, such as a digital signature or authentication code, to securely authorize the transaction (’167 Patent, Abstract). The system is intended to provide a more secure and efficient means for authentication in applications like e-commerce and system access (’167 Patent, col. 1:11-21).
  • Asserted Claims: The complaint notes an allegation of infringement of at least Claim 43 (Compl. ¶44).
  • Accused Features: Defendants have accused the Zelle® platform of infringing the ’167 Patent (Compl. ¶44, ¶106).

U.S. Patent No. 7,949,785 - "Secure Virtual Community Network System," issued May 24, 2011

  • Technology Synopsis: The patent addresses the creation of secure communication networks that span different physical networks, including public networks and private networks behind firewalls or Network Address Translation (NAT) devices. The solution is a "private virtual dynamic network" that provides a separate "virtual address realm," allowing member devices to communicate as if they were on the same local private network, with a central network manager handling registration and routing (’785 Patent, Abstract; col. 2:32-37).
  • Asserted Claims: The complaint notes an allegation of infringement of at least Claim 30 (Compl. ¶44).
  • Accused Features: Defendants have accused the Kubernetes platform of infringing the ’785 Patent (Compl. ¶44, ¶115).

U.S. Patent No. 7,712,080 - "Systems and methods for parallel distributed programming," issued May 4, 2010

  • Technology Synopsis: The patent aims to simplify the development of parallel distributed programs. It discloses a method of "distributed sequential computing" where a computing program can be transformed into a parallel program by "spawning at least one child distributed sequential computing program" when an "intermediate condition" occurs. This allows the parent and child programs to run concurrently to perform parallel operations, with the child's computation depending on an "intermediate result" from the parent (’080 Patent, Abstract; col. 11:1-29).
  • Asserted Claims: The complaint refers to limitations from "Each independent claim" without specifying a number (Compl. ¶136).
  • Accused Features: Defendants have accused the Apache Hadoop platform of infringing the ’080 Patent (Compl. ¶48, ¶133).

III. The Accused Instrumentality

Product Identification

  • The accused instrumentalities are third-party software platforms: 3DSecure2, Docker, Zelle®, Kubernetes, and Apache Hadoop (Compl. ¶¶44, 47-48).

Functionality and Market Context

  • The complaint identifies these platforms as integral technologies for modern enterprise and financial services operations (Compl. ¶41, ¶47).
  • 3DSecure2: A security protocol for authenticating online card payments. It can approve a transaction "without the need to interact with the cardholder" or "require additional authentication if the risk is high," providing multiple authentication methods for a single transaction (Compl. ¶82-83).
  • Docker: A software platform for developing and running applications in isolated environments called containers. Its architecture consists of "images," which are read-only templates, and "containers," which are runnable instances of an image. A container includes read-only image layers and a "top writable layer" where changes are stored (Compl. ¶¶95-97). The complaint includes a diagram from Docker's documentation illustrating this layered architecture (Compl. p. 17).
  • Kubernetes: An open-source platform for managing and automating containerized applications. It operates on a "cluster" of machines ("nodes") that run "Pods," which are the smallest deployable units of computing and consist of one or more containers (Compl. ¶¶120, 122-123). The complaint includes a screenshot from the Kubernetes website describing a "Pod" as a logical group of containers (Compl. p. 23).
  • Apache Hadoop: A framework for distributed processing of large data sets using the MapReduce programming model. A MapReduce job "splits the input data-set into independent chunks which are processed by the map tasks in a completely parallel manner" (Compl. ¶138-139).
  • The complaint does not provide sufficient detail for analysis of the Zelle platform's functionality (Compl. ¶106).

IV. Analysis of Infringement Allegations

U.S. Patent No. 10,567,391 Infringement Allegations

Claim Element (from Independent Claim 1) Alleged Infringing Functionality Complaint Citation Patent Citation
receiving...information about a first type of transaction...and...a second type of transaction, wherein the second type of transaction is different from the first type of transaction The 3DSecure2 system provides for multiple authentication methods related to a single transaction. ¶83 col. 24:14-26
performing...at least one transaction associated with the first request at a first transaction security level...[and]...at least one transaction associated with the second request at a second transaction security level The 3DSecure2 system applies different authentication levels based on the assessed risk of a single transaction, not for two different transactions. ¶82-83 col. 24:27-40

Identified Points of Contention

  • Scope Questions: A primary question for the court will be whether the claim term "different...type of transaction" can be construed to mean different "authentication methods or risk levels" applied to a single commercial event, as the 3DSecure2 system allegedly does, or if it requires two distinct commercial events (e.g., a purchase and a funds transfer) (Compl. ¶81, ¶83).
  • Technical Questions: What evidence does the complaint provide that the 3DSecure2 system only ever applies these varied authentication methods to a single transaction, rather than being capable of authenticating different types of transactions as claimed? (Compl. ¶83).

U.S. Patent No. 8,332,844 Infringement Allegations

Claim Element (from Independent Claim 1) Alleged Infringing Functionality Complaint Citation Patent Citation
leaf images...including only additional data blocks not previously contained in said root image and changes made by respective compute nodes to the blocks of said root image A Docker container includes both image layers (analogous to the root image) and a container layer (the top writable layer). ¶97-98 col. 9:40-45
wherein said leaf images of respective compute nodes do not include blocks of said root image that are unchanged by respective compute nodes The complaint alleges that Docker containers do not satisfy the "only" limitation, as a running container is comprised of both the writable layer and the underlying unchanged image layers. ¶99 col. 9:46-49

Identified Points of Contention

  • Scope Questions: Does the term "leaf image" as used in the patent read on the entire operational Docker "container," which includes both the writable layer and the read-only layers, or does it read only on the "top writable layer" where changes are stored? (Compl. ¶100). The complaint's non-infringement theory relies on the former interpretation (Compl. ¶99).
  • Technical Questions: How does the functionality of Docker's architecture, as depicted in the complaint's visual evidence showing a "Thin R/W layer" stacked on "Image Layers (R/O)," map to the claim's requirement that the "leaf image" contain "only" new or changed data blocks? (Compl. p. 17, ¶99).

V. Key Claim Terms for Construction

U.S. Patent No. 10,567,391

  • The Term: "type of transaction"
  • Context and Importance: This term is central to the non-infringement argument for the ’391 patent. The plaintiff contends that the accused 3DSecure2 system provides different authentication methods for a "single transaction", not for two "different types of transactions" (Compl. ¶83). The construction will determine whether this distinction is legally significant.
  • Intrinsic Evidence for Interpretation:
    • Evidence for a Broader Interpretation: The specification discusses applying different security levels to requests from different kinds of websites (e.g., a news site versus a financial institution), suggesting a "type of transaction" could be defined by the nature of the data requested or the identity of the requesting party, not just the underlying commercial event (’391 Patent, col. 18:41-65).
    • Evidence for a Narrower Interpretation: Claim 1 links a "first type of transaction" to a "first usage event" and a "second type of transaction" to a "second usage event," which may support an interpretation requiring two separate and distinct events, rather than two security levels within a single event (’391 Patent, col. 24:14-26).

U.S. Patent No. 8,332,844

  • The Term: "leaf image"
  • Context and Importance: The plaintiff’s non-infringement argument hinges on the assertion that a Docker container is not a "leaf image" because it does not contain "only" new and changed data, as required by the claim (Compl. ¶99-100). The construction of this term will be critical to mapping the accused Docker architecture onto the claim language.
  • Intrinsic Evidence for Interpretation:
    • Evidence for a Broader Interpretation: The patent describes a filter that "merges the changes recorded on the leaf images with the root image," which could suggest that the "leaf image" is the distinct entity containing only the changes before it is logically combined with the root for operational purposes (’844 Patent, col. 2:19-22).
    • Evidence for a Narrower Interpretation: The claim language recites that the leaf image includes "only" the changed data blocks. Practitioners may focus on this term because, as the complaint argues and illustrates with a diagram, an operational Docker container is a composite structure that includes both the writable layer and the underlying, unchanged root layers (Compl. p. 17, ¶99).

VI. Other Allegations

  • Indirect Infringement: The complaint asserts that Assurant does not induce or contribute to infringement for any of the patents-in-suit, based on its position that no direct infringement occurs (Compl. ¶86, ¶102, ¶111, ¶129, ¶144).
  • Willful Infringement: The complaint does not contain allegations of willful infringement against Assurant. However, it details extensive pre-suit correspondence from IV, including emails and presentations identifying the patents-in-suit and accused products, which may form the basis for a future willfulness allegation by IV in a counterclaim (Compl. ¶¶39, 42, 44).

VII. Analyst’s Conclusion: Key Questions for the Case

  • A core issue will be one of "definitional scope": can technical terms from the patents, such as "leaf image" (’844 Patent) and "device" (’785 Patent), be construed to cover analogous but potentially distinct concepts in modern containerization platforms like Docker's composite "container" and Kubernetes' logical "Pods"?
  • Another central question will be one of "functional mismatch": for the ’391 Patent, does applying different "authentication methods" to a "single transaction" based on risk satisfy the claim requirement of handling two "different types of transactions"? Similarly for the ’080 Patent, does Hadoop's parallel processing of independent data chunks meet the claimed requirement of "spawning" a "child" program based on an "intermediate result" from a parent program?