DCT
1:25-cv-00250
AttestWave LLC v. Citrix Systems Inc
I. Executive Summary and Procedural Information
- Parties & Counsel:
- Plaintiff: AttestWave LLC (Delaware)
- Defendant: Citrix Systems, Inc. (Delaware)
- Plaintiff’s Counsel: Garibian Law Offices, P.C.; Rabicoff Law LLC
- Case Identification: 1:25-cv-00250, D. Del., 03/05/2025
- Venue Allegations: Plaintiff alleges venue is proper in the District of Delaware because Defendant is incorporated in Delaware and maintains an established place of business in the District.
- Core Dispute: Plaintiff alleges that Defendant’s network products and services infringe a patent related to ensuring the integrity of software and data transmissions in a computer network.
- Technical Context: The patent addresses the problem of untrusted clients in computer networks by proposing a system to interlock program operations with the generation of verifiable security signals, enabling the creation of trusted communication flows.
- Key Procedural History: The complaint does not mention any prior litigation, inter partes review proceedings, or licensing history related to the patent-in-suit.
Case Timeline
| Date | Event |
|---|---|
| 2002-03-16 | '643 Patent Priority Date |
| 2002-08-14 | '643 Patent Application Filing Date |
| 2011-02-22 | '643 Patent Issue Date |
| 2025-03-05 | Complaint Filing Date |
II. Technology and Patent(s)-in-Suit Analysis
- Patent Identification: U.S. Patent No. 7,895,643, "Secure logic interlocking", issued February 22, 2011 (the “’643 Patent”).
U.S. Patent No. 7,895,643 - "Secure logic interlocking"
The Invention Explained
- Problem Addressed: The patent asserts that in standard TCP/IP networks, end-users have access to the software on their own machines, allowing them to potentially overuse resources or launch attacks. This means "users can 'control' the network rather than the network controlling the users." (’643 Patent, col. 2:35-38). Existing methods like firewalls are described as merely "reactive" to user misbehavior (’643 Patent, col. 2:50-53).
- The Patented Solution: The invention proposes a system to proactively validate that a client is running untampered software. It does this by "interlocking" a program's normal operational logic with a cryptographic function that generates an unpredictable signal, or "tag," which is attached to data packets (’643 Patent, col. 2:7-20). As depicted in the system architecture of Figure 1, a "Trusted Flow Generator" (TFG) on the client side generates these tagged packets, while a "Trusted Tag Checker" (TTC) at a network interface (e.g., a firewall) validates the tags (’643 Patent, Fig. 1). If a tag is valid, the network can trust that the client software is behaving correctly and can grant the communication flow premium service (’643 Patent, col. 5:36-46).
- Technical Importance: This technology provided a method for creating "trusted flows" of communication from potentially untrusted environments, enabling network operators to differentiate service levels and enhance security beyond purely reactive measures (’643 Patent, col. 2:63-66).
Key Claims at a Glance
- The complaint asserts infringement of "one or more claims" of the ’643 Patent without specifying them, instead referring to "Exemplary '643 Patent Claims" in a non-proffered exhibit (Compl. ¶11). Independent claim 1 is representative of the system claimed.
- Independent Claim 1 requires:
- An "integrated combination of computer software program" comprising a "software application logic module" and an "operation assurance logic module".
- The execution of this combination provides "combined computing functions" that include both the application's functionality and the "integrated concurrent generation of unique security tags".
- "Storage" for the program and a "controller" for its execution.
- The security tags are generated "only when the integrated software computer program is executed and has not been tampered with".
- An "associated operational checking logic" that validates the program's integrity based on the received "unique security tags".
- The complaint reserves the right to assert other claims, including by the doctrine of equivalents (Compl. ¶11).
III. The Accused Instrumentality
Product Identification
- The complaint does not identify any specific accused products or services by name. It refers generally to "Exemplary Defendant Products" that are identified in claim charts attached as Exhibit 2, which was not filed on the public docket (Compl. ¶11, ¶16).
Functionality and Market Context
- The complaint alleges that the accused products "practice the technology claimed by the '643 Patent" (Compl. ¶16). Defendant Citrix Systems, Inc. is a company that provides products and services in the fields of virtualization, cloud computing, and computer networking. The complaint provides no specific details about the functionality or market context of the accused products.
IV. Analysis of Infringement Allegations
The complaint incorporates infringement allegations by reference to claim charts in Exhibit 2, which are not available for analysis (Compl. ¶17). The following summary is based on the complaint's narrative allegations as they map to the elements of representative Claim 1.
Claim Chart Summary
| Claim Element (from Independent Claim 1) | Alleged Infringing Functionality | Complaint Citation | Patent Citation |
|---|---|---|---|
| an integrated combination of computer software program comprised of a software application logic module and an operation assurance logic module; | The complaint alleges the accused products are or contain software programs that combine application logic with operational assurance or security logic (Compl. ¶11, ¶16). | ¶11, ¶16 | col. 25:27-33 |
| wherein the software application logic module and the operational assurance logic module each provide a plurality of sub-procedures which operate as a combined plurality of sub-procedures that are executed to provide combined computing functions... | The complaint alleges the accused products execute combined functions where application and security sub-procedures operate together (Compl. ¶11, ¶16). | ¶11, ¶16 | col. 25:34-44 |
| ...comprised of the functionality of the respective software application module, and an integrated concurrent generation of unique security tags utilizing the functionality of the respective operational assurance logic module; | The complaint alleges the accused products perform their primary function while concurrently generating unique security tags. Figure 8 shows the patented generation of a "Security Tag Vector" (STV) during data packet processing. | ¶11, ¶16 | col. 15:35-42; Fig. 8 |
| wherein...the unique security tags which provide for validating that the software computer program as executed was not tampered with, are selectively generated...only when the integrated software computer program is executed and has not been tampered with; and | The complaint alleges the accused products generate these security tags to validate software integrity and only do so when the program is executed without tampering (Compl. ¶11, ¶16). | ¶11, ¶16 | col. 25:54-62 |
| an associated operational checking logic, for validating that the integrated software computer program as executed was not tampered with responsive to the unique security tags. | The complaint alleges the accused products include logic for checking the security tags to validate the integrity of the sending program. Figure 9 shows the patented "Trusted Tag Checker" (TTC) performing this validation. | ¶11, ¶16 | col. 16:5-9; Fig. 9 |
Identified Points of Contention
- Scope Questions: A central issue may be whether the term "integrated combination of computer software program", as used in the patent, requires a specific architectural design where modules are deliberately "interlocked" to be inseparable, as suggested by the specification (’643 Patent, col. 4:20-28; Fig. 12A). The question for the court will be whether this limitation can read on Defendant's products, which may achieve similar security goals through a different, more modular software architecture.
- Technical Questions: The claim requires "integrated concurrent generation" of security tags. A key technical question is what evidence the complaint provides that the accused products generate security signals as an inseparable part of the application's core logic, rather than as a separate, sequential security process that is merely called by the application. The patent's description of a "hidden program portion" that generates signals, as shown in Figure 4, suggests a tight coupling that may be a point of dispute (’643 Patent, Fig. 4).
V. Key Claim Terms for Construction
The Term: "integrated combination of computer software program"
- Context and Importance: This term appears at the start of claim 1 and defines the fundamental nature of the claimed invention. Its construction will be critical to determining infringement, as it addresses whether the patent covers any software with both application and security functions, or only software built with the specific "interlocking" architecture described in the patent.
- Intrinsic Evidence for Interpretation:
- Evidence for a Broader Interpretation: The claim language itself is general. The specification refers to processing "logic modules (programs and data) with known functionality and transforming them into a hidden program," which could be argued to cover a range of integration techniques (’643 Patent, Abstract).
- Evidence for a Narrower Interpretation: The specification repeatedly uses terms like "interlocking" and "inseparable" and describes specific transformation processes like "obfuscation" to create the claimed combination, suggesting the modules are not merely co-located but are structurally bound together in a way that is "hard to reverse engineer" (’643 Patent, col. 4:20-28, col. 6:45-53). Figure 12A explicitly depicts an "Obfuscator" that takes separate logic modules and creates a single "Obfuscated Program," which may support a narrower construction requiring such a transformation (’643 Patent, Fig. 12A).
The Term: "operational checking logic"
- Context and Importance: This term defines the network-side component (the TTC) that validates the security tags. Its scope determines what kind of firewall, router, or server function can meet this limitation. Practitioners may focus on this term because its construction will determine whether any generic tag-checking function infringes, or if the checker must be a specific counterpart to the generation logic.
- Intrinsic Evidence for Interpretation:
- Evidence for a Broader Interpretation: The term itself is generic and could be argued to cover any logic that checks a security tag for validity.
- Evidence for a Narrower Interpretation: The patent's abstract states, "Only elements that share the means for producing the security signals can check their validity." This suggests the checking logic is not generic but must have a corresponding, shared mechanism with the generator. The flowchart in Figure 9 shows the TTC performing its own computation and checking of the STV, rather than a simple lookup, implying it must contain a counterpart to the pseudo-random generator from the client side (’643 Patent, Fig. 9, element 913).
VI. Other Allegations
Indirect Infringement
- The complaint alleges induced infringement based on Defendant distributing "product literature and website materials" that instruct end users on how to use the accused products in a manner that allegedly infringes (Compl. ¶14). The claim is predicated on knowledge acquired "at least since being served by this Complaint" (Compl. ¶15).
Willful Infringement
- The complaint does not explicitly use the word "willful." However, it alleges that the filing of the lawsuit provides Defendant with "actual knowledge of infringement" and that Defendant's allegedly infringing activities have continued despite this knowledge (Compl. ¶13, ¶14). In its prayer for relief, Plaintiff requests that the case be declared "exceptional" under 35 U.S.C. § 285, which is a potential avenue for recovering attorney's fees, often associated with findings of willful infringement or litigation misconduct (Compl. p. 5, ¶ i).
VII. Analyst’s Conclusion: Key Questions for the Case
- A core issue will be one of architectural equivalence: can the claimed "integrated combination of computer software program", which the patent describes as being formed through a specific "interlocking" process to be inseparable and tamper-resistant, be construed to cover Defendant's accused products, which may employ different software architectures to achieve security and application functions?
- A key evidentiary question will be one of functional mapping: given the general nature of the allegations, the case will likely depend on whether discovery reveals evidence that the accused products perform the specific "integrated concurrent generation of unique security tags" as required by the claims, or if their security mechanisms operate in a way that is functionally and structurally distinct from the patented method.
- A central claim construction dispute will likely focus on definitional scope: does the term "operational checking logic" require a checker that shares a secret cryptographic mechanism with the signal generator, as suggested by the patent's abstract and figures, or can it be met by any system that performs a more generic validation of a security token?