DCT

2:13-cv-00103

Alfonso Cioffi v. Google Inc

Log In

I. Executive Summary and Procedural Information

  • Parties & Counsel:
  • Case Identification: 2:13-cv-00103, E.D. Tex., 02/07/2013
  • Venue Allegations: Plaintiffs allege venue is proper because Google transacts business in the Eastern District of Texas and a substantial part of the events giving rise to the claims occurred in the district.
  • Core Dispute: Plaintiff alleges that Defendant’s Chrome web browser, ChromeOS, and associated hardware devices infringe four reissue patents related to protecting a computer system from malicious software using an isolated process architecture.
  • Technical Context: The technology concerns hardware and software architectures designed to "sandbox" or isolate network-facing computer processes to prevent malware from accessing and corrupting a computer's main operating system and user files.
  • Key Procedural History: The asserted patents are all reissues of U.S. Patent No. 7,484,247. The complaint states that Plaintiff Alfonso Cioffi wrote to Google on December 11, 2012, providing notice of U.S. Reissue Patents RE43,528 and RE43,529, a fact relevant to the willfulness allegations for those two patents.

Case Timeline

Date Event
2004-08-07 Earliest Priority Date for all Patents-in-Suit
2012-01-10 U.S. Reissue Patent RE43,103 Issues
2012-07-03 U.S. Reissue Patent RE43,500 Issues
2012-07-17 U.S. Reissue Patent RE43,528 Issues
2012-07-17 U.S. Reissue Patent RE43,529 Issues
2012-12-11 Plaintiff allegedly provides Google with notice of the ’528 and ’529 Patents
2013-02-07 Complaint Filing Date

II. Technology and Patent(s)-in-Suit Analysis

U.S. Reissue Patent No. RE43,103 E - "SYSTEM AND METHOD FOR PROTECTING A COMPUTER SYSTEM FROM MALICIOUS SOFTWARE"

  • Issued: January 10, 2012.

The Invention Explained

  • Problem Addressed: The patent describes the security vulnerability in computer systems where programs, including malicious software ("malware") downloaded from a network, run on the same processor and share the same memory as the main operating system and other trusted applications. This shared architecture creates a "key architectural flaw" that malware can exploit to infiltrate and compromise the entire computer system. (’103 Patent, col. 4:30-43, col. 6:1-9).
  • The Patented Solution: The invention proposes an architecture that isolates network-facing activities to protect the main computer system. The primary embodiment describes a system with two physically distinct processors (P1, P2) and two corresponding memory spaces (M1, M2). The second processor (P2) handles all network communication and executes potentially unsafe programs in its own memory (M2), but is architecturally configured to be "incapable of initiating access to the first memory space" (M1), where the main operating system and critical files reside. A video processor combines the visual output from both processors, creating a seamless experience for the user while maintaining hardware-level separation. (’103 Patent, Abstract; Fig. 1; col. 9:15-24).
  • Technical Importance: This approach provides a hardware-based "sandbox," which offers a more fundamental protection against malware than software-only solutions like antivirus scanners that rely on detecting known malware signatures. (’103 Patent, col. 6:46-54).

Key Claims at a Glance

The complaint does not identify specific asserted claims. For the purpose of this analysis, independent claim 21 is presented as a representative system claim.

  • A portable computer based system capable of executing instructions using a common operating system... comprising:
  • a first logical process capable of executing instructions... and further capable of accessing a first memory space, wherein the first memory space contains at least one critical file; and
  • at least one secure browser process capable of executing instructions... and further capable of accessing a second memory space;
  • the first logical process configured to: accept data entry from a computer user; initialize the at least one secure browser process; and pass data to the at least one secure browser process;
  • the at least one secure browser process configured to: execute instructions from a process potentially containing malware downloaded from the network... access data contained in the second memory space, wherein the process... is denied access to the first memory space;
  • wherein the portable computer based system is configured such that the at least one critical file residing on the first memory space is protected from corruption by the process potentially containing malware...

U.S. Reissue Patent No. RE43,500 E - "SYSTEM AND METHOD FOR PROTECTing A COMPUTER SYSTEM FROM MALICIOUS SOFTWARE"

  • Issued: July 3, 2012.

The Invention Explained

  • Problem Addressed: The technical problem described is identical to that in the ’103 Patent: the inherent security risks of computer architectures where network-facing programs and trusted system programs share the same processor and memory resources. (’500 Patent, col. 4:30-43).
  • The Patented Solution: The patented solution is also an isolated, dual-environment architecture designed to prevent malware from corrupting a host system, as described for the ’103 Patent. The primary embodiment again relies on a dual-processor, dual-memory hardware configuration to enforce this isolation. (’500 Patent, Abstract; Fig. 1; col. 9:39-51).
  • Technical Importance: This architecture provides a structural, rather than signature-based, defense against malware downloaded from a network. (’500 Patent, col. 6:45-54).

Key Claims at a Glance

The complaint does not identify specific asserted claims. For the purpose of this analysis, independent claim 21 is presented as a representative system claim.

  • A portable computing and communication device capable of executing instructions using a common operating system, comprising:
  • a network interface device configured to exchange data across a network...;
  • an intelligent cellular telephone capability with a secure web browser including a first web browser process and a second web browser process;
  • at least a first memory space and a second memory space, the first memory space containing at least one system file; and
  • at least one electronic data processor... configured to execute the first web browser process... wherein the first web browser process is capable of accessing data contained in the first memory space and is further capable of initializing the second web browser process;
  • the at least one electronic data processor further configured to execute the second web browser process... wherein the second web browser process is capable of accessing data contained in the second memory space...

U.S. Reissue Patent No. RE43,528 E - "SYSTEM AND METHOD FOR PROTECTING A COMPUTER SYSTEM FROM MALICIOUS SOFTWARE"

  • Issued: July 17, 2012.
  • Technology Synopsis: The ’528 Patent discloses the same core technology as the ’103 and ’500 patents, focusing on a system architecture that isolates network-facing processes in a protected environment to prevent malware from accessing and corrupting the main computer system. The claims of this patent, such as method claim 1, describe the operational steps of executing instructions within the two separate logical processes. (’528 Patent, Abstract; col. 17:42-61).
  • Asserted Claims: The complaint does not specify which claims are asserted.
  • Accused Features: The complaint accuses the "Chrome Products," including the Chrome browser, ChromeOS devices, and Nexus devices, of infringing one or more claims of the patent. (Compl. ¶22).

U.S. Reissue Patent No. RE43,529 E - "SYSTEM AND METHOD FOR PROTECTING A COMPUTER SYSTEM FROM MALICIOUS SOFTWARE"

  • Issued: July 17, 2012.
  • Technology Synopsis: The ’529 Patent also discloses the same fundamental technology of using a dual-environment architecture to protect a computer system from network-borne malware. The claims in this patent, such as system claim 21, are directed toward a "portable computer" and describe the functions of the two isolated processes in the context of a secure web browser. (’529 Patent, Abstract; col. 19:19-44).
  • Asserted Claims: The complaint does not specify which claims are asserted.
  • Accused Features: The complaint accuses the "Chrome Products," including the Chrome browser, ChromeOS devices, and Nexus devices, of infringing one or more claims of the patent. (Compl. ¶25).

III. The Accused Instrumentality

Product Identification

  • The complaint identifies two overlapping sets of accused products:
    • "Chrome Products": Google Chrome browser, Google Chrome for Android, Chromebooks, Chromeboxes, and Nexus 4, 7, and 10 devices. (Compl. ¶16).
    • "Chrome Mobile Products": Google Chrome for Android and Nexus 4, 7, and 10 devices. (Compl. ¶19).

Functionality and Market Context

  • The complaint does not provide specific technical details about the operation of the accused products' security architecture. It alleges that these products are sold by Google and incorporate methodologies that practice the subject matter claimed in the patents-in-suit. (Compl. ¶16, ¶19).
  • The complaint further alleges that a significant portion of Google's revenue derives from the use of these technologies. (Compl. ¶9).
  • No probative visual evidence provided in complaint.

IV. Analysis of Infringement Allegations

The complaint makes general allegations of infringement without mapping specific product features to claim elements. The following charts summarize the infringement theory for a representative claim from each of the lead patents based on the complaint's broad assertions.

RE43,103 E Infringement Allegations

Claim Element (from Independent Claim 21) Alleged Infringing Functionality Complaint Citation Patent Citation
A portable computer based system... comprising: a first logical process... and... at least one secure browser process... The complaint alleges the "Chrome Products" constitute or implement such a system. It does not provide further technical detail. ¶16 col. 20:20-30
the first logical process configured to: accept data entry from a computer user; initialize the at least one secure browser process; and pass data to the at least one secure browser process; The complaint alleges the "Chrome Products" perform these functions but does not specify the technical mechanism. ¶16 col. 20:31-36
the at least one secure browser process configured to: execute instructions from a process potentially containing malware downloaded from the network... The complaint alleges the "Chrome Products" perform this function but does not specify the technical mechanism. ¶16 col. 20:37-40
access data contained in the second memory space, wherein the process potentially containing malware is capable of accessing the second memory space but is denied access to the first memory space; The complaint alleges the "Chrome Products" implement this access denial but does not specify the technical mechanism. ¶16 col. 9:20-24
wherein... the at least one critical file residing on the first memory space is protected from corruption by the process potentially containing malware... The complaint alleges the "Chrome Products" provide this protection but does not specify the technical mechanism. ¶16 col. 6:46-54

RE43,500 E Infringement Allegations

Claim Element (from Independent Claim 21) Alleged Infringing Functionality Complaint Citation Patent Citation
A portable computing and communication device... comprising: a network interface device... an intelligent cellular telephone capability with a secure web browser including a first web browser process and a second web browser process; The complaint alleges the "Chrome Mobile Products" constitute such a device. It does not provide further technical detail. ¶19 col. 20:20-29
at least one electronic data processor... configured to execute the first web browser process... wherein the first web browser process is capable of... initializing the second web browser process; The complaint alleges the processor(s) in the "Chrome Mobile Products" perform this function but does not specify the mechanism. ¶19 col. 20:38-45
the at least one electronic data processor further configured to execute the second web browser process... wherein the second web browser process is capable of accessing data contained in the second memory space... The complaint alleges the processor(s) in the "Chrome Mobile Products" perform this function but does not specify the mechanism. ¶19 col. 20:46-51
wherein the... device is configured such that the at least one system file residing on the first memory space is protected from corruption by a malware process... The complaint alleges the "Chrome Mobile Products" provide this protection but does not specify the mechanism. ¶19 col. 6:45-54

Identified Points of Contention

  • Scope Questions: The patents’ specifications heavily emphasize a hardware-based solution with two physically separate processors and memory spaces. The accused "Chrome" products, in contrast, implement process isolation primarily through software-based sandboxing on a single processor system. This raises the question of whether the claims, which recite distinct "logical processes," can be construed to cover a purely software-based architecture, or if their scope is limited by the specification's hardware-centric disclosure.
  • Technical Questions: The complaint provides no factual support or technical explanation for how the accused products meet key functional limitations. A central evidentiary question will be whether the software-based permissions model in Google's sandbox architecture performs the function of being "denied access to the first memory space" in the manner required by the claims.

V. Key Claim Terms for Construction

  • The Term: "a first logical process... and... at least one secure browser process" (from ’103 Patent, claim 21)

    • Context and Importance: The definition of these "processes" is critical. The case may turn on whether these terms require the distinct physical hardware components described in the patent's preferred embodiments (e.g., Fig. 1) or if they can read on software-defined processes created by an operating system on a single physical processor. Practitioners may focus on this term because the accused products use a software sandbox, whereas the patent specification's primary embodiment describes a dual-processor hardware architecture.
    • Intrinsic Evidence for Interpretation:
      • Evidence for a Broader Interpretation: The claim language itself uses the term "logical process" and requires only "at least one electronic data processor," which could suggest that software-based process isolation on a single CPU falls within the claim's scope. (’103 Patent, col. 20:23-28).
      • Evidence for a Narrower Interpretation: The specification's only detailed embodiment shows two physically separate processors, "first processor 120 (P1)" and "second processor 140 (P2)." The abstract likewise describes "a first electronic data processor" and "a second electronic data processor," which may be argued to limit the scope of the claims to a multi-processor hardware system. (’103 Patent, Abstract; Fig. 1; col. 9:9-13).

  • The Term: "denied access to the first memory space" (from ’103 Patent, claim 21)

    • Context and Importance: This term's construction is central to the infringement analysis. The dispute will likely involve whether this limitation requires a hardware-enforced inability for one process to address a region of memory, or if it can be satisfied by an operating system-level permission scheme that can, in theory, be altered or bypassed by software.
    • Intrinsic Evidence for Interpretation:
      • Evidence for a Broader Interpretation: The claim term itself does not specify the mechanism of denial, potentially allowing for either hardware or software enforcement.
      • Evidence for a Narrower Interpretation: The specification states the system is "configured such that P2 140 is incapable of initiating access to memory storage area M1 110." (’103 Patent, col. 9:21-23). The term "incapable," when read in the context of the dual-processor hardware embodiment, may suggest a fundamental, architectural inability rather than a revocable software-based permission.

VI. Other Allegations

  • Indirect Infringement: The complaint alleges both induced and contributory infringement for all four patents. The inducement theory is based on allegations that Google encourages and instructs users to use the Chrome products in an infringing manner. (Compl. ¶17, ¶20, ¶23, ¶26). Contributory infringement is alleged on the basis that the Chrome products are not staple articles of commerce suitable for substantial noninfringing use. (Id.).
  • Willful Infringement: Willfulness is alleged only for the ’528 and ’529 Patents. The allegation is based on pre-suit knowledge stemming from a letter Mr. Cioffi allegedly sent to Google on December 11, 2012, and Google's subsequent alleged infringement despite an "obvious objective risk." (Compl. ¶28).

VII. Analyst’s Conclusion: Key Questions for the Case

  • A core issue will be one of architectural scope: can the claims, which are described in a specification focused on a dual-physical-processor hardware architecture, be construed to cover the purely software-based sandboxing architecture implemented in the accused Google Chrome products?
  • A key claim construction question will be one of functional definition: does the limitation "denied access to the first memory space" require an immutable, hardware-enforced barrier, as suggested by the patent’s embodiments, or can it be met by the operating system-level permissions and software controls used in modern process sandboxing?