DCT
1:25-cv-00678
PacSec3 LLC v. Alibaba Cloud US LLC
Key Events
Amended Complaint
I. Executive Summary and Procedural Information
- Parties & Counsel:
- Plaintiff: PacSec3, LLC (Texas)
- Defendant: Alibaba Cloud US LLC and Alibaba.Com LLC (Delaware)
- Plaintiff’s Counsel: David J. Hoffman
- Case Identification: 1:25-cv-00678, S.D.N.Y., 07/31/2025
- Venue Allegations: Plaintiff alleges venue is proper in the Southern District of New York because Defendant maintains a regular and established place of business in the district.
- Core Dispute: Plaintiff alleges that Defendant’s Anti-DDoS products and services infringe a patent related to a distributed defense system against network packet flooding attacks.
- Technical Context: The dispute centers on technology for mitigating distributed denial-of-service (DDoS) attacks, a critical area of network security focused on maintaining the availability of online services against overwhelming malicious traffic.
- Key Procedural History: The patent-in-suit underwent an ex parte reexamination, which concluded with the cancellation of several claims but confirmed the patentability of asserted claim 10. The complaint also discloses that Plaintiff has entered into settlement licenses with other entities in prior disputes, but alleges these licenses did not require the production of a patented article and did not include admissions of infringement.
Case Timeline
| Date | Event |
|---|---|
| 2000-11-16 | ’497 Patent Priority Date |
| 2009-04-21 | ’497 Patent Issue Date |
| 2023-05-22 | ’497 Patent Reexamination Certificate Issue Date |
| 2025-07-31 | Complaint Filing Date |
II. Technology and Patent(s)-in-Suit Analysis
U.S. Patent No. 7,523,497 - "PACKET FLOODING DEFENSE SYSTEM"
The Invention Explained
- Problem Addressed: The patent describes the problem of "packet flooding attacks" where an attacker consumes a victim's network bandwidth with useless data, rendering the service slow or unavailable for legitimate users. A key challenge identified is that attackers can falsify source addresses, which confounds defenses that rely on that information to identify and block malicious traffic (’497 Patent, col. 2:6-14, col. 2:1-5).
- The Patented Solution: The invention proposes a distributed defense system where the victim site and cooperating network routers work together. The system is designed to trace the forwarding path of packets using "attacker-independent" information, allowing the victim to identify the routes through which unwanted data is arriving. The victim can then request that upstream routers limit the transmission rate of packets originating from those specific paths, thereby mitigating the attack without relying on easily spoofed source addresses (’497 Patent, Abstract; col. 2:30-41).
- Technical Importance: The described approach sought to provide a more robust defense against denial-of-service attacks by shifting the basis of detection from attacker-controlled information (like the source address) to network-verifiable information (the packet's path) (’497 Patent, col. 4:3-5).
Key Claims at a Glance
- The complaint asserts independent method claim 10 (’497 Patent, col. 10:27-46; Compl. ¶15).
- The essential elements of independent claim 10 are:
- Determining a path by which data packets arrive at a router via packet marks provided by other routers leading to a host computer.
- Classifying data packets received at the router by the determined path.
- Associating a maximum acceptable transmission rate with each class of data packet.
- Allocating a transmission rate for unwanted data packets that is equal to or less than the associated maximum acceptable transmission rate.
- The complaint does not explicitly reserve the right to assert dependent claims.
III. The Accused Instrumentality
Product Identification
- The accused instrumentality is identified as "Alibaba Anti-DDoS and related components and products" (Compl. ¶16).
Functionality and Market Context
- The complaint does not provide specific details on the technical operation or features of the Alibaba Anti-DDoS product. It alleges that Defendant offers for sale, sells, and manufactures "one or more firewall systems that infringes" the ’497 Patent (Compl. ¶15). The complaint alleges the accused instrumentality is available to businesses and individuals throughout the United States (Compl. ¶20).
IV. Analysis of Infringement Allegations
The complaint references a claim chart attached as Exhibit B that purportedly details the infringement of claim 10 (Compl. ¶¶ 16, 22). However, this exhibit was not provided. The infringement theory is therefore based on the narrative allegations in the complaint, which state that Defendant's firewall systems practice the claimed method (Compl. ¶15). The complaint does not provide specific factual allegations mapping the features of the Alibaba Anti-DDoS product to the individual elements of claim 10.
No probative visual evidence provided in complaint.
- Identified Points of Contention: The lack of technical detail in the complaint suggests that discovery will be necessary to establish the core facts of infringement. Key questions may include:
- Evidentiary Questions: What evidence can Plaintiff provide to show that the Alibaba Anti-DDoS system determines a packet's path using "packet marks provided by routers," as the claim requires? How does the accused system "classify" packets "by path" and subsequently "allocate a transmission rate" for unwanted packets based on that classification?
- Scope Questions: Does the accused system's method for analyzing traffic and tracing attack origins meet the specific definition of determining a "path... via packet marks," or does it rely on a fundamentally different technical approach that may fall outside the scope of the claims?
V. Key Claim Terms for Construction
The Term: "packet marks provided by routers"
Context and Importance
This term is central to the invention's mechanism for tracing packet paths in a way that is independent of attacker-controlled information. The construction of this term will determine what kind of data or metadata added to or associated with a packet by a network device qualifies, which is critical for establishing infringement.
Intrinsic Evidence for Interpretation
- Evidence for a Broader Interpretation: The patent specification uses the term "packet marks" to describe the mechanism by which a path is determined but does not define a specific technical format for these marks, which may support an argument that any router-added data used to trace a packet's path meets the limitation (’497 Patent, col. 8:21-23).
- Evidence for a Narrower Interpretation: The patent’s objective is to use "attacker-independent information" derived from a "cooperating neighborhood" of routers (’497 Patent, col. 4:3-5, col. 2:32-34). This context may support an interpretation that "packet marks" must be a specific type of information added by routers participating in the claimed defense system for the explicit purpose of path tracing, as opposed to general routing or diagnostic information.
The Term: "classifying data packets... by path"
Context and Importance
This step defines the action taken based on the traced path. Its construction will determine whether the accused system must group packets primarily based on the route they took, or if using path as one of several factors in a broader security analysis is sufficient to infringe.
Intrinsic Evidence for Interpretation
- Evidence for a Broader Interpretation: An argument could be made that any system which uses the determined path as a criterion for sorting or grouping packets performs this step, even if other criteria are also used.
- Evidence for a Narrower Interpretation: The patent describes associating packets with "‘places’ in the cooperating neighborhood from which those packets are forwarded" to allocate service fairly (’497 Patent, col. 2:36-41). This could support a narrower construction requiring that the "classification" be a direct grouping based on the packet's origin point within the network to distinguish it from other forms of traffic analysis.
VI. Other Allegations
- Indirect Infringement: The prayer for relief requests judgment for inducement (Compl. p. 8, ¶a), but the body of the complaint does not allege specific facts, such as instructing users via documentation or marketing, to support this claim.
- Willful Infringement: The complaint alleges on "information and belief" that infringement has been willful (Compl. ¶17). It does not, however, plead any facts to support this allegation, such as Defendant’s pre-suit knowledge of the ’497 Patent.
VII. Analyst’s Conclusion: Key Questions for the Case
- A primary issue will be evidentiary: Can the plaintiff, through discovery, produce evidence that the accused Alibaba Anti-DDoS system performs the specific steps of claim 10? The complaint’s lack of factual detail regarding the accused product's operation places the burden on the plaintiff to substantiate its infringement theory.
- The case may also turn on a question of definitional scope: Can the term "packet marks provided by routers," which underpins the patent's path-tracing mechanism, be construed to cover the sophisticated traffic analysis and traceback techniques used in modern, large-scale DDoS mitigation platforms?
- A third question relates to procedural posture: How will the confirmation of asserted claim 10 during ex parte reexamination influence the case? While not immunizing the claim from invalidity challenges, its survival of a proceeding where it was reviewed in light of prior art may be a factor in settlement discussions and judicial analysis of its validity.