DCT

1:24-cv-00978

DataCloud Tech LLC v. SonicWall Inc

Log In

I. Executive Summary and Procedural Information

  • Parties & Counsel:
  • Case Identification: 1:24-cv-00978, D. Del., 08/26/2024
  • Venue Allegations: Plaintiff alleges venue is proper in the District of Delaware because Defendant is a Delaware corporation and has significant ties to and presence in the state.
  • Core Dispute: Plaintiff alleges that Defendant’s networking products and services, including virtual appliances, mobile applications, and security firewalls, infringe five patents related to network data management, communication, and security.
  • Technical Context: The patents-in-suit relate to foundational technologies in network operations, including methods for managing system-level file access, organizing user data, and enabling anonymous or secure network communications.
  • Key Procedural History: The complaint notes that Certificates of Correction have been issued for four of the five asserted patents. Public records indicate that one of the asserted patents, U.S. Patent No. 6,560,613, was the subject of an Inter Partes Review (IPR2021-00361), which concluded on October 5, 2022, with the cancellation of claims 1, 2, 5, 7, 14, and 17. The claim asserted in this litigation, Claim 12, was not part of the IPR cancellation decision.

Case Timeline

Date Event
2000-01-28 Priority Date for U.S. Patent No. 6,651,063
2000-02-08 Priority Date for U.S. Patent No. 6,560,613
2000-04-04 Priority Date for U.S. Patent Nos. 7,209,959 and 8,370,457
2002-03-29 Priority Date for U.S. Patent No. 7,398,298
2003-05-06 U.S. Patent No. 6,560,613 Issued
2003-11-18 U.S. Patent No. 6,651,063 Issued
2007-04-24 U.S. Patent No. 7,209,959 Issued
2008-07-08 U.S. Patent No. 7,398,298 Issued
2013-02-05 U.S. Patent No. 8,370,457 Issued
2020-04-11 Alleged availability of SonicWall NS Series virtual appliance
2022-05-20 Alleged availability of SonicWall Network Security Manager
2022-10-05 IPR Certificate Issued for U.S. Patent No. 6,560,613
2024-08-26 Complaint Filed

II. Technology and Patent(s)-in-Suit Analysis

U.S. Patent No. 6,560,613 - "Disambiguating File Descriptors," Issued May 6, 2003

The Invention Explained

  • Problem Addressed: In certain operating systems like UNIX, different types of resources, such as files stored on a hard disk and network communication sockets, are accessed through a common mechanism known as a "file descriptor." The patent states that the system calls using these descriptors often cannot distinguish between resource types, which complicates efforts to apply selective security policies (e.g., allowing network access while restricting disk access for a program) (ʼ613 Patent, col. 2:27-37).
  • The Patented Solution: The invention proposes a system that intercepts system calls when file descriptors are created. It then stores an "indicator" in a dedicated table to identify the type of resource (e.g., file on media, communication channel) associated with that descriptor ('613 Patent, Abstract; Fig. 3). When other system calls attempt to use a file descriptor, a "system call wrapper" can first check this indicator table to determine the resource type and then decide whether to permit the operation, block it, or execute alternative code, enabling more granular control ('613 Patent, col. 5:30-50).
  • Technical Importance: This method provided a mechanism to enhance the security and functionality of an operating system by differentiating between resource types at the system call level, without requiring modification of the core operating system kernel ('613 Patent, col. 2:8-12).

Key Claims at a Glance

  • The complaint asserts at least independent Claim 8 (via dependent Claim 12).
  • The essential elements of independent Claim 8 are:
    • intercepting system calls that establish a file stored on media;
    • storing at least one indicator that a file descriptor established by an intercepted system call is associated with a file stored on media, wherein storing an indicator further comprises storing the indicator in a table; and
    • examining at least one stored indicator to determine with what file type a file descriptor is associated.
  • The complaint reserves the right to assert additional claims (Compl. ¶26).

U.S. Patent No. 6,651,063 - "Data Organization And Management System And Method," Issued November 18, 2003

The Invention Explained

  • Problem Addressed: The patent's background section describes the difficulty that individuals and businesses face in managing the vast amount of product-related information they receive, such as user manuals, warranties, and service updates, which often leads to this information being lost or disorganized (ʼ063 Patent, col. 1:19-39).
  • The Patented Solution: The invention describes a system where an information "Provider" (e.g., a seller) sends a digital "information pack" to a recipient's "User Data Repository." This pack is pre-tagged with a category identifier, allowing it to be automatically filed in the correct location within the user's repository ('063 Patent, Abstract). The system further allows the user to create custom categories and provides a feedback mechanism for a "processing station" to learn these custom preferences, so that subsequent information from the same provider is automatically routed to the user's preferred custom location ('063 Patent, Fig. 1; col. 4:29-56).
  • Technical Importance: This technology aimed to shift the primary burden of data organization from the end-user to the information provider, creating a more automated and centralized system for managing the lifecycle of product information ('063 Patent, col. 2:5-11).

Key Claims at a Glance

  • The complaint asserts at least independent Claim 4.
  • The essential elements of independent method Claim 4 are:
    • storing information in an information pack and associating it with a user destination address and a provider identifier;
    • communicating the pack over a network to a user data repository and locating it in a pre-defined category location;
    • after communication, providing a process for the user to create a custom location for the information pack;
    • sending a signal reflecting this custom categorization to a processing station; and
    • having the processing station analyze subsequent information packs from the same provider to automatically place them in the user's designated custom location.
  • The complaint reserves the right to assert additional claims (Compl. ¶36).

U.S. Patent No. 7,209,959 - "Apparatus, System, And Method For Communicating To A Network Through A Virtual Domain Providing Anonymity To A Client Communicating On The Network," Issued April 24, 2007

  • Technology Synopsis: The patent addresses privacy concerns on the WWW by disclosing a system to anonymize a client's network activity (ʼ959 Patent, col. 2:1-7). The system uses a "deceiver," a "controller," and a "forwarder" to route a client's communication, such that the forwarder, not the client, appears to be the source of the traffic to the destination server, thereby cloaking the client's identity ('959 Patent, Abstract).
  • Asserted Claims: At least Claim 1 (Compl. ¶47).
  • Accused Features: The complaint accuses SonicWall's systems for "supporting multiple domain names on the same website infrastructure," alleging they use a "front-end server switch" as a forwarder and a "firewall" as a controller to achieve the claimed anonymous communication (Compl. ¶19, ¶47).

U.S. Patent No. 7,398,298 - "Remote Access And Retrieval Of Electronic Files," Issued July 8, 2008

  • Technology Synopsis: The patent describes a system for providing users with remote access to and control over data directory structures, addressing a need for more than simple data viewing or modification (ʼ298 Patent, col. 1:10-14, col. 2:15-24). The invention comprises a server-side application that processes user requests to manage remote directories, using a "profile data store" to handle user-specific permissions and configurations ('298 Patent, Abstract).
  • Asserted Claims: At least Claim 13 (Compl. ¶57).
  • Accused Features: The complaint targets the "SonicWall Network Security Manager," which allegedly provides a dashboard for remote user and role configuration (Compl. ¶19, ¶56). This functionality is accused of being a "remote data directory structure management computing application" that allows participating users to modify directory structures as claimed (Compl. ¶57).

U.S. Patent No. 8,370,457 - "Network Communication Through A Virtual Domain," Issued February 5, 2013

  • Technology Synopsis: This patent, related to the '959 patent, describes a method for creating a secure communication channel by establishing a "forwarding internet protocol (IP) address" that is specific to a "pre-defined combination" of a client IP address and a destination IP address (ʼ457 Patent, Abstract). When the system identifies a data request matching this pre-defined pair, it forwards the request via the special forwarding IP, effectively creating a private virtual link ('457 Patent, col. 8:9-12).
  • Asserted Claims: At least Claim 9 (Compl. ¶67).
  • Accused Features: The complaint accuses "SonicWall Network Security Firewalls" that use a static Network Address Translation (NAT) policy (Compl. ¶66). This NAT functionality is alleged to establish a "forwarding IP address" for a pre-defined combination of a client and destination IP address, thereby infringing the patent (Compl. ¶67).

III. The Accused Instrumentality

Product Identification

  • The complaint names a suite of SonicWall products and services: the SonicWall NS Series virtual appliance for KVM, the SonicWall Android app, SonicWall systems for supporting multiple domain names, the SonicWall Network Security Manager, and SonicWall Network Security Firewalls (Compl. ¶19).

Functionality and Market Context

  • The complaint alleges that these products provide a range of networking, security, and data management solutions (Compl. ¶18).
    • The SonicWall NS Series is described as a virtual firewall available on platforms like KVM, providing features equivalent to a physical firewall (Compl. ¶27; Fig. 1). Figure 1 from the complaint presents marketing text stating the product delivers "the same features and functionality of the physical firewall to secure your virtual data centers" (Compl. p. 7).
    • The SonicWall Android app is a mobile client for connecting to SonicWall systems (Compl. ¶36).
    • The SonicWall Network Security Manager is alleged to be a management dashboard that allows administrators to configure user roles and permissions remotely (Compl. ¶56-57). Figure 3 of the complaint shows a user interface for managing users and assigning roles such as "SuperAdmin," "Admin," and "Operator" (Compl. p. 16).
    • The other accused instrumentalities are described as systems or functionalities, such as infrastructure for hosting multiple domains and firewalls with NAT policies (Compl. ¶46, ¶66). The complaint does not provide specific details on their market positioning.

IV. Analysis of Infringement Allegations

U.S. Patent No. 6,560,613 Infringement Allegations

Claim Element (from Independent Claim 8) Alleged Infringing Functionality Complaint Citation Patent Citation
intercepting system calls that establish a file stored on media; The SonicWall NS Series, through its use of KVM virtualization technology, allegedly employs "shadowed I/O system call routines" that intercept system calls. ¶27 col. 4:10-14
storing at least one indicator that a file descriptor established by an intercepted system call is associated with a file stored on media, wherein storing an indicator... further comprises storing the indicator in a table; and The accused product allegedly stores "related indicators (e.g., reference to images)" to determine the type of the associated file descriptor. ¶27 col. 4:18-22
examining at least one stored indicator to determine with what file type a file descriptor is associated. The accused product allegedly examines these stored indicators to determine the associated file type. ¶27 col. 5:34-40
  • Identified Points of Contention:
    • Technical Questions: A primary question will be evidentiary: what proof demonstrates that the "KVM virtualization technology" as implemented in the SonicWall NS Series performs the specific function of intercepting system calls and using a dedicated "indicator table" to disambiguate file descriptors as claimed? The complaint makes a specific technical assertion about "shadowed I/O system call routines" (Compl. ¶27), and the case may turn on whether discovery substantiates this specific mechanism.

U.S. Patent No. 6,651,063 Infringement Allegations

Claim Element (from Independent Claim 4) Alleged Infringing Functionality Complaint Citation Patent Citation
storing information to be provided in an information pack; associating with said information pack at least a user destination address... and a provider identifier; The SonicWall Android app is alleged to perform a method of providing information to users by storing information in an information pack and associating it with user and provider identifiers. ¶37 col. 6:22-35
communicating said information pack by means of a network to said user data repository...; locating said information pack in a location... reserved for information corresponding to a category...; The accused app allegedly communicates this information pack to a user data repository and places it in a location corresponding to a category identifier. ¶37 col. 7:1-9
further comprising... creating a custom location in said user data repository; placing said information pack in said custom location; associating a custom category identifier with said information pack; The app allegedly allows for the creation of a custom location and association of a custom category identifier with the information pack. ¶37 col. 9:8-13
sending a custom category signal to a processing station... said data processing means analyzing the provider identifier of subsequent... information packs, comparing... and... placing said one of the subsequent information packs in said custom location. A custom category signal is allegedly sent to a "processing station" which then analyzes subsequent information packs to automatically place them in the user's custom location. ¶37 col. 9:26-56
  • Identified Points of Contention:
    • Evidentiary Questions: The infringement allegations for the '063 patent in the complaint are highly conclusory and closely track the language of Claim 4 without providing specific, factual descriptions of how the SonicWall Android app performs these complex steps (Compl. ¶37). A key point of contention will be whether Plaintiff can produce evidence that the accused system contains a "processing station" that performs the claimed feedback loop of learning a user's custom categorization and then automatically filing subsequent data from the same provider based on that learned preference.

V. Key Claim Terms for Construction

  • '613 Patent

    • The Term: "indicator" (from Claim 8)
    • Context and Importance: The definition of "indicator" is fundamental to the invention. The infringement analysis will depend on whether the alleged "related indicators (e.g., reference to images)" (Compl. ¶27) in the accused KVM technology qualify as the claimed "indicator."
    • Intrinsic Evidence for a Broader Interpretation: The patent abstract describes the invention as maintaining an "indicator table containing indicators concerning file descriptors." This general language could support a construction where any piece of data that allows for disambiguation functions as an indicator.
    • Intrinsic Evidence for a Narrower Interpretation: The detailed description and figures repeatedly refer to an "indicator table" (e.g., item 127 in Fig. 3) that stores an indicator that a descriptor "is associated with" a specific file type, such as a file stored on media ('613 Patent, col. 12:2-6). This may suggest a more explicit flag or marker, rather than any inferential data.

  • '063 Patent

    • The Term: "processing station" (from Claim 4)
    • Context and Importance: This term is critical to the automated feedback loop that allows the system to learn a user's custom categories. The viability of the infringement claim may depend on whether any component of the SonicWall architecture can be identified as this "processing station." Practitioners may focus on this term because distributed cloud services often lack the single, discrete components depicted in patent diagrams.
    • Intrinsic Evidence for a Broader Interpretation: The claims state the processing station is "uniquely associated with said user data repository," which could be interpreted functionally to mean any software module or process that serves that repository, not necessarily a physically separate machine.
    • Intrinsic Evidence for a Narrower Interpretation: The patent diagrams (e.g., Fig. 1, item 30) depict the "Processing Station" as a distinct architectural block, separate from the "User Data Repository" (item 28). This could support an argument that the term requires a structurally distinct element that performs the claimed analysis and comparison functions.

VI. Other Allegations

  • Indirect Infringement: The complaint includes a general allegation of inducement and contributory infringement (Compl. ¶13). However, it does not plead specific facts, such as identifying user manuals or marketing materials that allegedly instruct customers to perform the claimed infringing steps.
  • Willful Infringement: The complaint does not include an explicit count for willful infringement or plead facts concerning pre-suit knowledge of the asserted patents. The prayer for relief requests an award of damages under 35 U.S.C. § 284 and a declaration of an exceptional case for attorneys' fees under § 285, but the factual basis for willfulness is not developed in the body of the complaint (Compl. ¶71).

VII. Analyst’s Conclusion: Key Questions for the Case

  • A central issue will be one of evidentiary sufficiency: Can the plaintiff produce discovery evidence that moves its infringement allegations beyond a conclusory recitation of claim language? Specifically for the '063 patent, does the SonicWall system actually implement the automated feedback loop involving a "processing station" that learns and applies user-defined categories, or is this a functional capability that does not exist in the accused product?
  • The case will also present a key question of technical equivalence: For the '959 and '457 patents, do common networking technologies like front-end server switching and Network Address Translation (NAT) perform the specific, multi-element functions required by the claims' "deceiver-controller-forwarder" or "forwarding IP address" architectures, or is there a fundamental mismatch in technical operation?
  • A significant procedural question will be the impact of the prior Inter Partes Review on the '613 patent. Although the asserted Claim 12 survived the IPR, the prior art and arguments successfully used to invalidate other claims will likely form the foundation of the defendant’s invalidity defense against the remaining claims, potentially raising questions about their patentability.