First Horizon Bank v. Intellectual Ventures Management LLC

I. Executive Summary and Procedural Information

• Parties & Counsel:
  • Plaintiff: First Horizon Bank (Tennessee)
  • Defendant: Intellectual Ventures Management, LLC (Washington); Intellectual Ventures I LLC (Delaware); Intellectual Ventures II LLC (Delaware); Callahan Cellular L.L.C. (Delaware); and OL Security Limited Liability Company (Delaware)
  • Plaintiff’s Counsel: Baker, Donelson, Bearman, Caldwell & Berkowitz, P.C.
• Case Identification: 2:25-cv-02956, W.D. Tenn., 10/16/2025
• Venue Allegations: Plaintiff alleges venue is proper because Defendants are subject to personal jurisdiction in the district, have directed licensing and enforcement activities into Tennessee, and a substantial part of the events giving rise to the action, including communications threatening litigation, occurred in the district.
• Core Dispute: Plaintiff seeks a declaratory judgment that its use of various technologies integral to its banking operations does not infringe five U.S. patents asserted by Defendants.
• Technical Context: The patents-in-suit relate to foundational technologies in modern IT infrastructure, including secure virtual networking, distributed data management for containerization, asynchronous messaging, graduated user authentication, and point-of-sale device functionality.
• Key Procedural History: The complaint details a prolonged history of licensing negotiations, beginning with communications in 2014 that included the execution of multiple confidentiality agreements. Licensing discussions were reinitiated by Defendants in late 2023, culminating in a September 2024 letter that specifically accused certain of Plaintiff’s technology platforms of infringing the patents-in-suit. The complaint also notes that inter partes review (IPR) proceedings for three of the patents-in-suit (’785, ’844, and ’722) were terminated by the Patent Trial and Appeal Board (PTAB).

Case Timeline

Date	Event
2001-12-14	U.S. Patent No. 8,407,722 Priority Date
2003-03-31	U.S. Patent No. 7,949,785 Priority Date
2004-06-15	U.S. Patent No. 7,464,862 Priority Date
2004-06-16	U.S. Patent No. 10,567,391 Priority Date
2004-12-30	U.S. Patent No. 8,332,844 Priority Date
2008-12-16	U.S. Patent No. 7,464,862 Issued
2011-05-24	U.S. Patent No. 7,949,785 Issued
2012-12-11	U.S. Patent No. 8,332,844 Issued
2013-03-26	U.S. Patent No. 8,407,722 Issued
2014-02-28	Parties execute "Mutual Confidentiality Agreement"
2020-02-18	U.S. Patent No. 10,567,391 Issued
2023-11-17	Defendants reinitiate licensing communications with Plaintiff
2024-09-23	Defendants send letter alleging specific infringement of patents-in-suit
2025-10-16	Complaint for Declaratory Judgment Filed

II. Technology and Patent(s)-in-Suit Analysis

U.S. Patent No. 7,949,785 - Secure Virtual Community Network System, issued May 24, 2011

The Invention Explained

• Problem Addressed: The patent describes the difficulty of enabling secure communication between computing devices located on different networks, particularly when they are separated by firewalls or Network Address Translation (NAT) devices, which can block inbound connections and obscure a device's true address (Compl. ¶ 163; ’785 Patent, col. 2:1-44).
• The Patented Solution: The invention proposes a "private virtual dynamic network" that creates a separate "virtual address realm." This system uses a central manager to register member devices and assign them unique virtual IP addresses. Specialized "route directors" then help route traffic between members, allowing them to communicate as if they were on the same private network, regardless of their physical network location or the presence of firewalls (’785 Patent, Abstract; col. 10:10-24).
• Technical Importance: The technology aimed to simplify the creation of secure, peer-to-peer networks over the public internet, a foundational challenge for enterprise collaboration, remote access, and distributed systems in the early 2000s (’785 Patent, col. 1:25-31).

Key Claims at a Glance

• The complaint identifies independent claims 1, 30, 38, 48, 62, and 75, with specific non-infringement arguments focused on claim 30 (Compl. ¶¶ 161, 163).
• The essential elements of independent claim 30 (a virtual network manager) include:
  • a network interface for data communication
  • a memory and a processor to implement a register module
  • the register module configured to register devices in a virtual network
  • the register module further configured to distribute a virtual network address to a device when the device is registered
  • a DNS server configured to receive a DNS request from a first device and return network and address information for a second device (’785 Patent, col. 42:29-52).

U.S. Patent No. 8,332,844 - Root Image Caching and Indexing for Block-Level Distributed Application Management, issued December 11, 2012

The Invention Explained

• Problem Addressed: In large-scale computing clusters, deploying and updating software environments across hundreds of "compute nodes" is inefficient. Creating a full copy of a master "boot image" for each node is slow and consumes significant network bandwidth, while pre-creating clones wastes disk space (’844 Patent, col. 1:12-2:4).
• The Patented Solution: The invention describes a block-level storage system using a read-only "root image" (containing the base operating system and applications) and a separate, writable "leaf image" for each compute node. The leaf image stores only the data blocks that are new or changed by that specific node relative to the root image. This allows unique computing environments to be created "on the fly" without copying the entire root image, significantly speeding up deployment and simplifying updates (’844 Patent, Abstract; col. 2:15-28). The system also caches frequently accessed blocks from the root image to improve performance.
• Technical Importance: This "copy-on-write" or "delta-based" image management is a core concept in modern virtualization and containerization technologies, enabling the rapid and efficient provisioning of isolated application environments in data centers (’844 Patent, col. 2:49-67).

Key Claims at a Glance

• The complaint identifies independent claims 1, 7, 14, 19, and 23, with specific non-infringement arguments focused on claim 7 (Compl. ¶¶ 179, 181).
• The essential elements of independent claim 7 (a method for providing data) include:
  • storing blocks of a root image
  • storing leaf images for respective compute nodes
  • said leaf images including only additional data blocks not previously contained in said root image and changes made by respective compute nodes to the blocks of the root image
  • caching blocks of the root image that have been accessed
  • merging the blocks of the root image, leaf image, and cache to create a cohesive application environment (’844 Patent, col. 11:31-41).

U.S. Patent No. 8,407,722 - Asynchronous Messaging Using a Node Specialization Architecture in the Dynamic Routing Network, issued March 26, 2013

• Technology Synopsis: The patent addresses the problem of efficiently distributing real-time data updates (e.g., stock quotes, sports scores) to a large number of clients viewing "live objects" on web pages (’722 Patent, col. 2:28-34). The solution is a routing network with specialized nodes (gateways, client proxies) that uses a registration system to selectively forward update messages only to the clients that have subscribed to specific live objects, avoiding the need to broadcast updates to all clients (’722 Patent, Abstract).
• Asserted Claims: Claim 14 is asserted in the complaint (Compl. ¶ 194).
• Accused Features: Plaintiff's use of "Kafka," a distributed event streaming platform, is accused of infringement (Compl. ¶ 194).

U.S. Patent No. 10,567,391 - Graduated Authentication in an Identity Management System, issued February 18, 2020

• Technology Synopsis: The patent describes a system to solve the problem of "one-size-fits-all" security by allowing for different levels of user authentication based on the sensitivity of a transaction (’391 Patent, col. 1:43-51). It proposes a "graduated security" model where a requesting website ("membersite") can ask a user's identity provider ("homesite") to perform authentication at a specific level, which could be based on factors like the strength of the authentication method, the security of the communication channel, or how recently the user was authenticated (’391 Patent, Abstract).
• Asserted Claims: Claim 18 is asserted in the complaint (Compl. ¶ 206).
• Accused Features: Plaintiff's use of "Secure Payment Processing" via third-party "Clover®" branded software that employs the 3-D Secure protocol is accused of infringement (Compl. ¶ 206).

U.S. Patent No. 7,464,862 - Apparatus & Method for POS Processing, issued December 16, 2008

• Technology Synopsis: The patent addresses limitations in point-of-sale (POS) terminals, such as limited storage and complex configuration processes (’862 Patent, col. 2:28-67). The invention is an apparatus, such as a portable non-volatile memory device (e.g., USB drive), containing software and data that can be connected to a POS device to extend its functionality, provide for offline transaction processing, or act as a physical "key" to unlock or lock the device (’862 Patent, Abstract).
• Asserted Claims: Claim 1 is asserted in the complaint (Compl. ¶ 218).
• Accused Features: Plaintiff's use of "Point-of-Sale Systems" provided by third-party "Clover®" is accused of infringement (Compl. ¶ 218).

III. The Accused Instrumentality

Product Identification

• The complaint identifies several third-party technologies and systems used by First Horizon as the accused instrumentalities: Kubernetes, Docker, Apache Kafka, and the Clover® platform for Secure Payment Processing and Point-of-Sale systems (Compl. ¶¶ 161, 179, 194, 206, 218).

Functionality and Market Context

• The complaint describes Kubernetes as an open-source platform for managing containerized applications across a cluster of servers, where applications run in logical units called "Pods" (Compl. ¶¶ 165, 167-168).
• Docker is identified as a containerization platform where applications are packaged into read-only, layered "images" and run as "containers," which add a top writable layer (Compl. ¶¶ 183-184). The complaint includes a diagram illustrating the evolution from traditional server deployments to virtualized and container-based deployments (Compl. ¶ 165, p. 52).
• Apache Kafka is described as a system that sends data in the form of "events" or "records" (Compl. ¶ 199).
• The Clover® platform is accused in two contexts: first, for its use of the 3-D Secure protocol, which provides for different authentication workflows for a single transaction based on risk; and second, as a point-of-sale system (Compl. ¶¶ 206, 218, 221).
• These technologies are presented as integral to First Horizon's daily operations, including cloud computing, networking, security, and digital payments (Compl. ¶ 110). They represent widely adopted, foundational components of modern enterprise IT infrastructure.

IV. Analysis of Infringement Allegations

’785 Patent Infringement Allegations

Claim Element (from Independent Claim 30)	Alleged Infringing Functionality (as denied by Plaintiff)	Complaint Citation	Patent Citation
...a register module configured to register devices in a virtual network...	The accused Kubernetes system does not register "devices." It registers "Pods," which are described as the "smallest deployable units of computing" and are not "devices" as contemplated by the patent.	¶¶ 170-172	col. 42:37-39

• Identified Points of Contention:
  • Scope Questions: A central point of contention may be the construction of the term "device". The analysis will question whether this term, used in the patent to describe network members, can be interpreted to cover a software construct like a Kubernetes "Pod", which the complaint characterizes as a logical host for application containers rather than a distinct network machine (Compl. ¶¶ 168, 171).

’844 Patent Infringement Allegations

Claim Element (from Independent Claim 7)	Alleged Infringing Functionality (as denied by Plaintiff)	Complaint Citation	Patent Citation
...said leaf images including only additional data blocks not previously contained in said root image and changes made by respective compute nodes to the blocks of the root image...	The accused Docker system's "container" architecture does not meet this limitation. A Docker container consists of a top writable layer plus underlying, unchanged read-only image layers, and therefore does not include "only" the additional and changed data blocks as required by the claim.	¶¶ 181, 186-187	col. 11:33-38

• Identified Points of Contention:
  • Technical Questions: The dispute raises the question of whether the accused Docker architecture is technically and structurally equivalent to the claimed invention. The complaint presents a diagram showing a Docker container's layered structure, with read-only image layers and a thin read/write layer on top, to argue it does not operate like the claimed "leaf image" (Compl. ¶ 185, p. 59). The core question is whether Docker's method of layering and copy-on-write functionality performs the same function, in the same way, to achieve the same result as the claimed system.

V. Key Claim Terms for Construction

For the ’785 Patent

• The Term: "device"
• Context and Importance: The plaintiff's non-infringement argument for the '785 Patent hinges on this term. The defendants allegedly map this term to Kubernetes "Pods." Practitioners may focus on this term because its construction will determine whether the patent's scope, which appears directed at network nodes like computers or virtual machines, can extend to modern, granular software constructs like containers and pods.
• Intrinsic Evidence for Interpretation:
  • Evidence for a Broader Interpretation: The patent abstract refers generally to "computing devices coupled to public networks or private networks," which could be argued to encompass any logical endpoint capable of network communication (’785 Patent, Abstract).
  • Evidence for a Narrower Interpretation: The detailed description repeatedly refers to "machines," "personal computers, servers or other computing devices," and discusses their physical network locations, suggesting the term refers to a physical or virtual machine, not a more abstract software component like a Pod (’785 Patent, col. 10:20-22).

For the ’844 Patent

• The Term: "leaf image" (specifically, the limitation that it includes "only" additions and changes)
• Context and Importance: This term is critical because the plaintiff argues that the accused Docker architecture does not have a structure that meets this definition. The non-infringement case relies on a narrow construction that excludes systems where unchanged base layers are part of the active container.
• Intrinsic Evidence for Interpretation:
  • Evidence for a Broader Interpretation: The patent's goal is to create a unique application environment for a node without copying a full root image (’844 Patent, col. 2:15-24). A party might argue that the Docker "container," as a whole, functions as the unique environment and that the claim language does not preclude the underlying technical implementation of using pointers to unchanged base layers.
  • Evidence for a Narrower Interpretation: The plain language of claim 7 requires "said leaf images including only additional data blocks not previously contained in said root image and changes made..." (’844 Patent, col. 11:33-38). The complaint's description and visual of Docker's architecture, which distinguishes between the read-only "Image Layers" and the "Container layer," may support an argument that the container itself is not a "leaf image" containing "only" changes (Compl. ¶ 185).

VI. Other Allegations

• Indirect Infringement: The complaint states that because there is no direct infringement of the patents-in-suit, there can be no indirect infringement (e.g., Compl. ¶¶ 174, 189). It notes that Defendants' pre-suit communications asserted both direct and indirect infringement but provides no further factual detail on the basis for those assertions (Compl. ¶ 126).

VII. Analyst’s Conclusion: Key Questions for the Case

1. A core issue will be one of definitional scope: can the term "device," rooted in the ’785 Patent’s description of distinct network machines, be construed to cover a "Pod", which the complaint characterizes as a logical, software-defined unit of computing within the accused Kubernetes architecture?
2. A key evidentiary question will be one of structural correspondence: does the accused Docker architecture, which utilizes a "top writable layer" over a stack of immutable "image layers," meet the specific structural requirement of a "leaf image" that contains "only" additions and changes, as narrowly defined in the claims of the ’844 Patent?
3. A broader theme may involve the temporal scope of patent claims: the case presents the fundamental question of whether patents filed in the early-to-mid 2000s, directed at then-emerging problems in networking and distributed computing, can be read to cover the specific implementations of modern, widely adopted open-source technologies that evolved over the subsequent decade to solve similar but not identical problems.