DCT

8:10-cv-00220

Prism Tech v. Adobe Systems Inc

Log In

I. Executive Summary and Procedural Information

  • Parties & Counsel:
  • Case Identification: 8:10-cv-00220, D. Neb., 07/10/2012
  • Venue Allegations: Venue is alleged based on each Defendant conducting business, providing services to customers, and committing acts of patent infringement within the District of Nebraska.
  • Core Dispute: Plaintiff alleges that Defendants’ various software products, including security and design software, infringe a patent related to methods and systems for controlling access to protected computer resources over an IP network.
  • Technical Context: The technology concerns secure user authentication for accessing services over untrusted networks like the internet, a foundational element of e-commerce and secure enterprise software.
  • Key Procedural History: The complaint notes that a Certificate of Correction for the patent-in-suit was issued on September 8, 2009. It also alleges that Defendant Symantec had pre-suit knowledge of the patent since at least 2008, when the patent was cited during the prosecution of a patent application filed by Symantec.

Case Timeline

Date Event
1997-06-11 ’288 Patent Priority Date
2007-10-30 ’288 Patent Issue Date
c. 2008 Alleged Symantec pre-suit knowledge of ’288 Patent
2009-09-08 ’288 Patent Certificate of Correction Issued
2012-07-10 Complaint Filing Date

II. Technology and Patent(s)-in-Suit Analysis

U.S. Patent No. 7,290,288 - "METHOD AND SYSTEM FOR CONTROLLING ACCESS, BY AN AUTHENTICATION SERVER, TO PROTECTED COMPUTER RESOURCES PROVIDED VIA AN INTERNET PROTOCOL NETWORK"

  • Patent Identification: U.S. Patent No. 7,290,288, "METHOD AND SYSTEM FOR CONTROLLING ACCESS, BY AN AUTHENTICATION SERVER, TO PROTECTED COMPUTER RESOURCES PROVIDED VIA AN INTERNET PROTOCOL NETWORK," issued October 30, 2007.

The Invention Explained

  • Problem Addressed: The patent describes the challenge of securing transactions and access to computer resources over untrusted public networks like the internet. It notes that traditional username and password systems are vulnerable and insufficient for robust authentication, authorization, and transaction tracking needed for commercial applications (’288 Patent, col. 1:28-35).
  • The Patented Solution: The invention proposes a distributed architecture to solve this problem. It separates the server providing the protected resource (the "access server") from a dedicated, trusted "authentication server" (or "clearinghouse" in some embodiments). When a user on a client computer requests access, the access server forwards the request and the user's digital identification to the authentication server. This separate server then authenticates the user's identity and, if successful, authorizes the access server to grant the user access to the requested resources (’288 Patent, Abstract; Fig. 1).
  • Technical Importance: This architectural separation of authentication services from application services was a method to create a more scalable and secure environment for the growing field of internet-based commerce and remote access. (’288 Patent, col. 4:5-13).

Key Claims at a Glance

  • The complaint does not specify which claims are asserted, alleging infringement of the ’288 Patent generally (Compl. ¶¶13-17). The following analysis focuses on representative independent system claim 117.
  • The essential elements of independent claim 117 include:
    • A system for controlling access to protected resources over an IP network.
    • At least one "authentication server" with a database for storing identity data.
    • At least one "client computer device" that requests access and has an "access key" used to derive a "digital identification".
    • The client computer is adapted to forward the "digital identification" to at least one "access server".
    • The "access server" is adapted to forward the received "digital identification".
    • The "authentication server" is adapted to authenticate the identity data and the "digital identification".
    • The "authentication server" is adapted to authorize access to the resources.
    • The "access server" is adapted to permit access upon successful authentication and authorization from the "authentication server".
  • The complaint does not explicitly reserve the right to assert dependent claims, though such a right is typically implied in general allegations.

III. The Accused Instrumentality

  • Product Identification: The accused instrumentalities are various software products from the five defendants, including Adobe Acrobat, Autodesk AutoCAD, McAfee AntiVirus Plus, Symantec Norton AntiVirus, and Trend Micro Internet Security products (Compl. ¶¶13-17).
  • Functionality and Market Context: The complaint alleges these products are or are part of "authentication systems and methods for controlling access to protected computer resources" (Compl. ¶¶13-17). The complaint does not provide specific technical details regarding how the authentication features of these products operate. The allegations broadly cover products in the creative software, computer-aided design, and cybersecurity markets.

IV. Analysis of Infringement Allegations

The complaint makes broad allegations of infringement without providing a detailed mapping of accused product features to specific claim limitations. As such, a detailed claim-by-claim chart cannot be constructed from the complaint. The general theory of infringement is that the defendants' named software products are, or are part of, "authentication systems and methods for controlling access to protected computer resources" that practice the invention of the ’288 patent (Compl. ¶¶13-17).

  • Identified Points of Contention:
    • Architectural Questions: A primary point of contention may be whether the defendants' software, which may integrate authentication functions with other services, meets the claimed architectural requirements. For example, the case raises the question of whether a single server system performing both resource delivery and user validation can be considered to have the separate "access server" and "authentication server" recited in the claims, or if the claims require physically or logically distinct entities as depicted in the patent's figures (’288 Patent, Fig. 1, Fig. 26).
    • Technical Questions: The complaint's lack of technical specifics raises the question of what evidence exists to show the accused products perform the claimed sequence of operations. For instance, what evidence demonstrates that an accused system forwards a "digital identification" from an "access server" to a separate "authentication server" for verification, as opposed to using a more monolithic authentication process?

No probative visual evidence provided in complaint.

V. Key Claim Terms for Construction

  • The Term: "authentication server"

    • Context and Importance: This term is central to the patent's architecture. Its construction will determine whether the claims require a dedicated, separate server for authentication, or if the term can read on software modules that perform authentication within a larger, integrated system.
    • Intrinsic Evidence for a Broader Interpretation: The claims define the "authentication server" by its functions: storing identity data, authenticating, and authorizing (’288 Patent, col. 45:4-8, 20-27). A party could argue that any component performing these functions meets the definition, regardless of its physical or logical separation from other components.
    • Intrinsic Evidence for a Narrower Interpretation: The patent's specification and figures consistently depict the "authentication server" (or "clearinghouse") as a distinct entity from the "web server" or "secure transaction server" that provides the protected resource (’288 Patent, Fig. 1, Fig. 3, col. 2:21-48). This repeated depiction may support an interpretation that requires architectural separation between the entity that authenticates and the entity that grants access.

  • The Term: "access key"

    • Context and Importance: The definition of this term is critical for determining what constitutes the user's credential. The dispute may center on whether a simple password or software license key qualifies, or if a more specific form of credential is required.
    • Intrinsic Evidence for a Broader Interpretation: Claim 117 itself does not limit the form of the "access key", stating only that a "digital identification" is "derived from said access key" (’288 Patent, col. 45:10-12). This could be interpreted broadly to cover any secret from which an identifier is generated.
    • Intrinsic Evidence for a Narrower Interpretation: The detailed description provides numerous specific examples of access devices that hold the key, including hardware tokens, smart cards, and biometric readers (’288 Patent, Figs. 21-24; col. 19:28-44). A party could argue these specific, more secure embodiments inform the proper, narrower scope of the term, suggesting it requires more than just a software-based password.

VI. Other Allegations

  • Indirect Infringement: The prayer for relief includes a request for judgment on inducing and contributing to infringement (Compl. p. 6, ¶b). However, the body of the complaint contains no specific factual allegations to support the knowledge and intent elements required for such claims. The core allegations in paragraphs 13-17 focus on direct infringement.
  • Willful Infringement: Willfulness is alleged specifically against Defendant Symantec (Compl. ¶16). The complaint alleges a specific basis for pre-suit knowledge, stating that Symantec was aware of the ’288 Patent "at least from about 2008 when the '288 patent was cited in the prosecution of U.S. Patent Application No. 10/937,893," an application prosecuted by Symantec's counsel and listing Symantec employees as co-inventors (Compl. ¶16).

VII. Analyst’s Conclusion: Key Questions for the Case

  • A core issue will be one of architectural mapping: Can the plaintiff demonstrate that the accused software products, which may have integrated security features, embody the distributed architecture of a distinct "access server" and "authentication server" as recited in the claims, or will the court find a fundamental mismatch between the accused systems and the claimed invention?
  • A key evidentiary question will be whether the plaintiff can move beyond the complaint’s general allegations to provide concrete evidence showing that the accused products' authentication mechanisms perform the specific functions and multi-step communication protocols (e.g., forwarding a digital ID from one server to another for authentication) required by the patent.
  • For the claim against Symantec, a central question will be one of culpability: Does Symantec's alleged awareness of the ’288 patent, arising from its own patent prosecution activities, satisfy the high standard for willful infringement, requiring proof that Symantec acted despite an objectively high and known risk of infringing a valid patent?