Appomni Inc v. Recolabs Inc

I. Executive Summary and Procedural Information

• Parties & Counsel:
  • Plaintiff: AppOmni, Inc. (Delaware)
  • Defendant: RecoLabs Inc. d/b/a Reco a.k.a. Reco.ai (Delaware)
  • Plaintiff’s Counsel: Quinn Emanuel Urquhart & Sullivan, LLP
• Case Identification: 1:25-cv-00421, D. Del., 04/04/2025
• Venue Allegations: Venue is alleged to be proper in the District of Delaware because the Defendant, RecoLabs Inc., is a Delaware corporation and therefore resides in the state.
• Core Dispute: Plaintiff alleges that Defendant’s SaaS Security Posture Management (SSPM) platform infringes three patents related to systems for managing, auditing, and remediating security configurations across multiple Software-as-a-Service (SaaS) applications.
• Technical Context: The lawsuit concerns the field of SaaS Security Posture Management (SSPM), a technology domain focused on helping organizations manage the complex security risks arising from their use of numerous third-party cloud applications.
• Key Procedural History: The complaint alleges that Plaintiff provided Defendant with actual notice of the asserted patents via letters on December 16, 2024, and January 13, 2025, which may form the basis for its willful infringement allegations. The complaint also notes that U.S. Patent No. 11,870,783 is a continuation of the application that issued as U.S. Patent No. 11,044,256, indicating a shared technical disclosure between these two patents.

Case Timeline

Date	Event
2020-01-01	Defendant Reco founded (approximate)
2020-12-22	Priority Date for ’256 and ’783 Patents
2021-06-22	’256 Patent Issue Date
2021-07-26	Priority Date for ’393 Patent
2022-08-16	’393 Patent Issue Date
2024-01-09	’783 Patent Issue Date
2024-12-16	Plaintiff sends first notice letter to Defendant
2025-01-13	Plaintiff sends second notice letter to Defendant
2025-02-04	Defendant responds to notice letters
2025-04-04	Complaint Filing Date

II. Technology and Patent(s)-in-Suit Analysis

U.S. Patent No. 11,044,256 - “Classification Management”

The Invention Explained

• Problem Addressed: The patent’s background identifies the challenge of managing security in modern enterprises that rely on dozens or hundreds of different SaaS applications. This decentralized environment creates security challenges, including inconsistent configurations, compliance gaps, and "shadow IT," where maintaining consistent security policies is difficult. (’256 Patent, col. 1:4-11; Compl. ¶12-14).
• The Patented Solution: The invention is a "classification management" system that provides a centralized framework for security governance. An administrator can create a customized, hierarchical set of "classifications" (e.g., by business process or risk level). Elements from various SaaS platforms (such as data, configurations, or user permissions) are then mapped to these classifications, and a set of desired "prescribed security attributes" is defined for each mapping. (’256 Patent, Abstract; col. 2:28-42). The system then compares the actual, "configured security attributes" of users with the "prescribed" attributes defined in a policy and outputs any discrepancies, allowing for unified policy enforcement across disparate systems. (’256 Patent, Abstract; col. 6:1-12).
• Technical Importance: This approach creates an abstraction layer for security policy, allowing administrators to manage security based on business logic rather than platform-specific settings, thereby addressing the complexities of multi-cloud environments. (’256 Patent, col. 5:45-53).

Key Claims at a Glance

• Independent Claim 1 is asserted (Compl. ¶39).
• The essential elements of independent claim 1 include:
  • a processor configured to:
  • obtain, via a user interface, mappings of stored elements to a plurality of classifications, where the mappings include prescribed security attributes;
  • obtain, via the user interface, a policy that includes identifying information for a set of actors and a specified portion of the classifications;
  • compare a set of configured security attributes for the actors to the prescribed security attributes for the specified classifications; and
  • output information about any discrepancies.
• The complaint does not explicitly reserve the right to assert dependent claims.

U.S. Patent No. 11,870,783 - “Classification Management”

The Invention Explained

• Problem Addressed: As a continuation of the '256 Patent’s application, the '783 Patent addresses the same problem of managing complex and fragmented security policies across numerous enterprise SaaS platforms. (’783 Patent, col. 1:4-11).
• The Patented Solution: This patent claims a system that, upon receiving an "indication to perform an audit," executes a policy-based check. The policy links actors to classifications, which comprise mappings between elements and "prescribed security attributes." The audit involves comparing the "obtained security attributes" of the actors with the "prescribed security attributes" from the policy and outputting discrepancies. (’783 Patent, Abstract; col. 6:24-44). The core mechanism is similar to the '256 Patent but is framed around the execution of a discrete "audit."
• Technical Importance: The invention enables proactive, on-demand, or periodic security audits that are governed by a unified, business-centric policy framework rather than disparate, platform-specific tools. (’783 Patent, col. 6:24-44).

Key Claims at a Glance

• Independent Claim 1 is asserted (Compl. ¶52).
• The essential elements of independent claim 1 include:
  • a processor configured to:
  • receive an indication to perform an audit corresponding to a policy, where the policy links actors to classifications, and classifications comprise mappings between elements and prescribed security attributes;
  • perform the audit, which comprises comparing obtained security attributes of the actors to the prescribed security attributes; and
  • output information about any discrepancies.
• The complaint does not explicitly reserve the right to assert dependent claims.

U.S. Patent No. 11,418,393 - “Remediation of Detected Configuration Violations”

Technology Synopsis

This patent focuses on the step after a security violation is detected. It describes a system that not only detects a violation by comparing an actual configuration at a data source server against prescribed security attributes but also provides a "remediation corresponding to the violation" and stores an audit log of the remediation event. (’393 Patent, Abstract; Compl. ¶27). The invention aims to automate or facilitate the entire lifecycle of a security issue, from detection to resolution. (’393 Patent, col. 4:38-51).

Asserted Claims

Independent Claim 1 (Compl. ¶65).

Accused Features

The complaint alleges that Reco’s SSPM platform infringes by detecting violations, providing remediations, and storing audit logs. (Compl. ¶4, ¶27, ¶65).

III. The Accused Instrumentality

Product Identification

• Defendant’s "SaaS security posture management platform and services," referred to as the "Accused Products." (Compl. ¶4).

Functionality and Market Context

• The complaint alleges the Accused Products are designed for "continuously monitoring and managing enterprise SaaS security" (Compl. ¶3). Functionality is said to include implementing security policies, monitoring for deviations, and establishing data-access rules through a unified interface (Compl. ¶3). The complaint cites Defendant's own marketing materials describing features for "posture-management," "app-discovery-governance," "data-exposure-management," and "shadow-app-discovery" as evidence of the product's functionality (Compl. ¶35). Plaintiff positions the Accused Products as direct competitors in the SSPM market (Compl. ¶4-5).

IV. Analysis of Infringement Allegations

The complaint references preliminary claim charts in Exhibits D, E, and F, but these exhibits were not provided with the complaint. The infringement theory for each lead patent is summarized below based on the complaint's narrative allegations.

• ’256 Patent Infringement Allegations
  The complaint alleges that the Accused Products infringe at least claim 1 of the ’256 Patent by performing each of the claimed steps (Compl. ¶39-40). The infringement theory is that the Defendant's platform obtains mappings of SaaS elements to classifications with prescribed security rules, obtains policies linking users to those classifications, compares users' actual configured permissions against the prescribed rules, and outputs any found discrepancies (Compl. ¶24, ¶39).

• ’783 Patent Infringement Allegations
  The complaint alleges that the Accused Products infringe at least claim 1 of the ’783 Patent by performing a security audit (Compl. ¶52-53). The theory posits that the Defendant’s platform receives an indication to run a check (the "audit") based on a policy. The platform then allegedly compares the actual security attributes of users against the prescribed attributes defined in the policy's associated classifications and outputs the results (Compl. ¶25, ¶52).

• Identified Points of Contention:

  • Scope Questions: A primary question may be whether the Defendant's method for organizing security rules qualifies as the claimed "plurality of classifications" containing "prescribed security attributes." The litigation could focus on whether the Defendant's system uses a user-configurable, hierarchical structure as depicted in the patents or a different form of rule management that falls outside the claim scope.
  • Technical Questions: A key factual dispute may concern the specific "compare" step. The court may need to determine if the Accused Products perform the claimed comparison of a "set of configured security attributes" against a "set of prescribed security attributes," or if they employ a technically distinct method to evaluate security posture. For the ’783 Patent, the meaning of "receive an indication to perform an audit" will be critical and raises the question of whether continuous monitoring constitutes an "audit" or if the claim requires a discrete, initiated event.

No probative visual evidence provided in complaint.

V. Key Claim Terms for Construction

• The Term: "plurality of classifications" (from claim 1 of the '256 and '783 Patents)

  • Context and Importance: This term is the foundational organizational element of the patented system. Its construction will be critical to determining whether the Defendant's method of grouping or categorizing security assets and rules falls within the scope of the claims.
  • Intrinsic Evidence for Interpretation:
    • Evidence for a Broader Interpretation: The specification states that a classification can represent a "business process, business structure, organizational structure, geographical structure, industry standard, functional or security recommendations, or data labeling scheme." (’256 Patent, col. 2:38-42). This language may support an interpretation that covers any logical grouping of elements.
    • Evidence for a Narrower Interpretation: The specification repeatedly describes and illustrates the classifications as being part of a "customizable hierarchy (e.g., tree)" that a user can manipulate. (’256 Patent, col. 5:4-5; Fig. 9). This may support an argument that the term requires a user-configurable, hierarchical structure, not merely a flat set of tags or categories.

• The Term: "prescribed security attributes" (from claim 1 of the '256 and '783 Patents)

  • Context and Importance: This term defines the "golden standard" or desired state against which actual configurations are measured. Practitioners may focus on this term because its definition will determine whether the security benchmarks used by the Accused Products meet this claim limitation.
  • Intrinsic Evidence for Interpretation:
    • Evidence for a Broader Interpretation: The patent provides a broad list of examples, such as "permission type, an access type, setting value," and specific actions like "create, read, edit, delete." (’256 Patent, col. 3:15-28). This suggests the term could cover nearly any type of security setting or rule.
    • Evidence for a Narrower Interpretation: The specification describes a process where "the user submits a prescribed security attribute for each selected element." (’256 Patent, col. 3:7-10). This could support a narrower interpretation requiring the attributes to be user-defined and specifically associated with a mapping, rather than being, for example, globally-defined industry best practices.

VI. Other Allegations

• Indirect Infringement: The complaint alleges induced infringement, stating that the Defendant encourages its customers to infringe by providing "user guides, white papers, promotional literature or instructions." (Compl. ¶35, ¶43-44). It also pleads contributory infringement, alleging the Accused Products "are not staple articles of commerce or commodities suitable for substantial, non-infringing use" and are especially adapted for infringement (Compl. ¶36, ¶45).
• Willful Infringement: Willfulness is alleged based on the Defendant’s purported continued infringement after receiving actual notice of the asserted patents via letters dated December 16, 2024, and January 13, 2025 (Compl. ¶29, ¶32, ¶49, ¶62, ¶75).

VII. Analyst’s Conclusion: Key Questions for the Case

• A core issue will be one of definitional scope: Can the patents' "classification management" framework, which describes a specific user-driven process of creating hierarchical classifications and mapping elements to them, be construed to cover the architecture and functionality of the Defendant's SSPM platform? The outcome will likely depend on the construction of key terms like "plurality of classifications" and "prescribed security attributes."
• A key evidentiary question will be one of technical operation: Assuming the claims are construed in the Plaintiff's favor, what evidence can be produced to show that the Accused Products perform the specific sequence of steps recited in the claims, particularly the "comparison" of "configured" versus "prescribed" attributes? The case may turn on whether the Defendant's system achieves a similar security outcome through a fundamentally different technical implementation.
• For the '393 Patent, a central question will be one of functional scope: Does the Defendant's platform "provide a remediation" as claimed, or does it merely suggest corrective actions to a user? This will require the court to determine the degree of automation and action required to meet this more active claim limitation.