DCT

2:18-cv-00270

Firenet Tech LLC v. Fujitsu Ltd

Log In
Key Events
Complaint

I. Executive Summary and Procedural Information

  • Parties & Counsel:
  • Case Identification: 2:18-cv-00270, E.D. Tex., 07/05/2018
  • Venue Allegations: Venue is alleged to be proper for Fujitsu Ltd. as a foreign corporation and for Fujitsu America, Inc. based on its regular and established place of business in the district, coupled with alleged acts of infringement committed there.
  • Core Dispute: Plaintiff alleges that Defendant’s networking products and security solutions infringe four patents related to providing a dedicated, secondary firewall for individual network-attached devices.
  • Technical Context: The technology concerns network security architectures that add a device-specific layer of protection inside a network's main perimeter firewall.
  • Key Procedural History: The complaint does not mention any prior litigation or licensing. However, a post-filing Inter Partes Review (IPR) proceeding (IPR2020-00471) was initiated against U.S. Patent No. 8,892,600. The resulting IPR Certificate, issued October 12, 2021, cancelled claims 1-17 and 19-23, which includes the asserted claim 8. This cancellation may render the infringement count on the '600 patent moot and could influence arguments regarding the validity of the related patents-in-suit.

Case Timeline

Date Event
1998-09-01 Priority Date for ’837, ’302, ’994, and ’600 Patents
2001-11-13 ’837 Patent Issued
2010-06-15 ’302 Patent Issued
2012-07-05 Alleged infringement activities commenced (on or before this date)
2012-11-06 ’994 Patent Issued
2014-11-18 ’600 Patent Issued
2018-07-05 Complaint Filing Date
2020-03-13 IPR Filed against ’600 Patent
2021-10-12 IPR Certificate Issued, cancelling asserted claim of the ’600 Patent

II. Technology and Patent(s)-in-Suit Analysis

U.S. Patent No. 6,317,837 - Internal Network Node With Dedicated Firewall, issued November 13, 2001

The Invention Explained

  • Problem Addressed: The patent describes a security risk in conventional corporate networks where a single "bastion firewall" protects the perimeter between the internal network (LAN) and an external network (the Internet). The patent states that once this bastion firewall is penetrated, an unauthorized user typically gains unrestricted access to all internal resources, including sensitive Network Attached Devices (NADs) like file servers or printers (’837 Patent, col. 1:33-50).
  • The Patented Solution: The invention proposes a "second layer of security" by implementing a dedicated firewall at the NAD or its server. This dedicated firewall inspects all access requests directed to its specific NAD, including those originating from within the supposedly "trusted" internal network. By wrapping a dedicated firewall around an individual device, the invention protects that device even if the main perimeter firewall is breached (’837 Patent, Abstract; col. 2:1-10; Fig. 1).
  • Technical Importance: This architecture introduced a more granular, device-centric security model within an internal network, challenging the prevailing reliance on perimeter-only defenses (’837 Patent, col. 1:50-63).

Key Claims at a Glance

  • The complaint asserts independent claim 37 (Compl. ¶18).
  • The essential elements of claim 37, a method, include:
    • In a network with internal/external nodes and a bastion firewall, determining for every request to a NAD whether it is authorized.
    • Providing access to the NAD when authorized.
    • Denying access to the NAD when not authorized.
    • The result is that the NAD is protected by a "dedicated NAD firewall" from unauthorized requests originating from intermediate, internal, and external network nodes.
  • The complaint does not explicitly reserve the right to assert other claims of the ’837 patent.

U.S. Patent No. 7,739,302 - Network Attached Device With Dedicated Firewall Security, issued June 15, 2010

The Invention Explained

  • Problem Addressed: The patent addresses the same problem as its parent '837 patent: a single bastion firewall is an insufficient security model because once it is bypassed, internal NADs are left vulnerable to unauthorized access from within the LAN (’302 Patent, col. 1:45-61).
  • The Patented Solution: The invention describes a network arrangement where a "NAD server" is positioned between a network client and the NAD itself. The NAD server contains instructions to receive access requests, examine the data packet header for information like source/destination IP addresses and route, filter the packet based on IP address, and then determine if the request is authorized. Access is granted only upon authorization, providing protection "in addition to any protection afforded by a firewall" (’302 Patent, Abstract; col. 2:10-40).
  • Technical Importance: This patent provides a more detailed implementation of the dedicated security concept, focusing on the specific software-driven filtering tasks performed by a NAD server to protect an associated device (’302 Patent, col. 2:10-25).

Key Claims at a Glance

  • The complaint asserts independent claim 1 (Compl. ¶25).
  • The essential elements of claim 1, a network arrangement, include:
    • A network client and a NAD on the same network.
    • A NAD server disposed between the client and the NAD, configured to communicate with the NAD.
    • The NAD server receives an access request and has instructions to determine if the packet header contains source IP, destination IP, and route information.
    • The NAD is configured to filter the packet based on an IP address in the header.
    • The NAD server determines if the request is authorized and provides access only if authorized, affording protection "in addition to any protection afforded by a firewall."
  • The complaint does not explicitly reserve the right to assert other claims of the ’302 patent.

U.S. Patent No. 8,306,994 - Network Attached Device With Dedicated Firewall Security, issued November 6, 2012

  • Technology Synopsis: This patent discloses a method where a NAD server on an internal network processes requests for a NAD device that is only accessible via that server. The NAD server uses its own firewall to filter requests based on the IP header of the incoming data packet, thereby deciding whether to authorize or deny access (’994 Patent, Abstract).
  • Asserted Claims: Independent method claim 10 is asserted (Compl. ¶32).
  • Accused Features: The complaint alleges that Fujitsu's NS Appliance infringes by acting as a NAD server that processes requests for Application or Database Servers (NADs) and uses its firewall functionality to filter those requests based on IP headers to authorize or block access (Compl. ¶32).

U.S. Patent No. 8,892,600 - Network Attached Device With Dedicated Firewall Security, issued November 18, 2014

  • Technology Synopsis: This patent describes a computer-implemented method where a first computing device (e.g., a firewall) on an internal network receives data packets, some of which originate from an external network. The device examines packets for an IP address associated with an attached, but otherwise isolated, second computing device (the NAD), filters the packets to authorize access, and then reformulates the packets for communication to the isolated device (’600 Patent, Abstract).
  • Asserted Claims: Independent method claim 8 is asserted (Compl. ¶39).
  • Accused Features: The complaint alleges Fujitsu's NS Appliance infringes by receiving data packets, examining them for the IP address of an attached Application or Database Server, using its "Access Control functionality" to filter and authorize requests, and then reformulating the packets for communication to that server (Compl. ¶39, ¶41).

III. The Accused Instrumentality

Product Identification

  • The "Accused Products" are identified as a range of Fujitsu networking products and services, including PRIMERGY servers, ETERNUS storage equipment, and network security solutions such as the NS Appliance and NS Options, in hardware, dedicated, and cloud implementations (Compl. ¶17).

Functionality and Market Context

  • The complaint alleges that the Accused Products are used to build a "Fujitsu Network" where a device like the Fujitsu NS Appliance functions as an intermediate node or server managing access to other nodes, such as Application Servers or Database Servers (which are alleged to be the "NADs") (Compl. ¶18, ¶25).
  • The core accused functionality is an "Access Control function" that allegedly determines for each packet whether a request for access to a NAD is authorized. This determination is allegedly based on inspecting packet headers. Based on this determination, the Accused Products are alleged to provide or deny network access to the NAD (Compl. ¶18, ¶25, ¶32). No probative visual evidence provided in complaint.

IV. Analysis of Infringement Allegations

'837 Patent Infringement Allegations

Claim Element (from Independent Claim 37) Alleged Infringing Functionality Complaint Citation Patent Citation
A method of managing access to a network attached device (NAD) in a network arrangement including a first group of nodes defining an internal network and a second group of nodes defining an external network, the external network being connected in communication with the internal network by an intermediate node including a bastion firewall... A "Fujitsu Network" is described with internal nodes (Application/Database Servers) and external nodes (clients on the Internet). The internal and external networks are connected through an intermediate node with a bastion firewall, allegedly embodied by the Fujitsu NS Appliance. ¶18 col. 9:7-14
(a) determining for each and every request for network access to the NAD whether each request for network access to said NAD is authorized, The Accused Products, such as an NS Appliance, allegedly "determine for each and every request for network access to the NAD whether each request for network access to said NAD is authorized" by using, for example, an Access Control function. ¶18 col. 9:18-20
(b) providing network access to said NAD when a request is authorized, and (c) denying network access to said NAD when a request is not authorized, The Accused Products are alleged to "provide network access to said NAD when a request is authorized" and "deny network access to said NAD when a request is not authorized." ¶18 col. 9:21-24
whereby the NAD is protected by a dedicated NAD firewall at said NAD node from unauthorized network access requests originating at said intermediate and internal and external nodes of the network arrangement. The NAD (e.g., an Application Server) is allegedly protected by a "dedicated NAD firewall" embodied by an Accused Product. This protection is alleged to be against requests originating from intermediate (Web Server), internal (Application/Database Server), and external (Internet clients) nodes. ¶18 col. 9:25-30

'302 Patent Infringement Allegations

Claim Element (from Independent Claim 1) Alleged Infringing Functionality Complaint Citation Patent Citation
A network arrangement comprising: a network client and at least one network attached device (NAD) residing on a same network; a NAD server disposed between the network client and the NAD... The "Fujitsu Network" allegedly has a network client and a NAD (e.g., an Application Server) on the same LAN. A Fujitsu NS Appliance is allegedly "disposed between a client and the Application Server" and acts as the NAD server. ¶25 col. 9:11-15
...the NAD server being further configured to receive a request contained in a data packet for network access to the NAD, the NAD server including computer executable instructions that, upon execution, cause the NAD server to determine whether the header of a received data packet...includes at least one of an IP address of a network source, an IP address of a network destination, and a route of the data packet... The Fujitsu NS Appliance is allegedly configured to receive a request (e.g., a TCP/IP packet) and includes instructions that "process incoming packets to determine, among others, the presence of an IP Source Address field." ¶25, ¶25 col. 9:19-27
...the NAD being further configured to filter the data packet based at least on an IP address in a header of the data packet... The NAD (Application/Database Server) is allegedly configured to use access control functionality to filter data packets based on the IP Source Address field in the packet header. ¶25 col. 9:27-29
...upon execution, the computer executable instructions further cause the NAD server to determine whether the received request for network access to the NAD is authorized... and provide the network client with network access to the NAD only if the request for network access is authorized... The instructions allegedly cause the Fujitsu NS Appliance to reference Access Control functionality to determine if the request is authorized. Access is allegedly provided to the client and other network devices "only if the requests are authorized." ¶25 col. 9:30-34
...such that the NAD is protected from unauthorized access requests from the network client and other devices in a manner that is in addition to any protection afforded by a firewall. This protection is alleged to be "in addition to the protection afforded by a firewall," with the instructions on the Fujitsu NS Appliance providing access to the Application/Database server only if requests are authorized. ¶25 col. 9:35-39

Identified Points of Contention

  • Scope Questions: A central dispute may arise over the meaning of "dedicated NAD firewall" ('837 patent) and protection "in addition to any protection afforded by a firewall" ('302 patent). The case may turn on whether the accused "Access Control functionality" of a multi-purpose Fujitsu appliance constitutes the specific, separate, second layer of security described in the patents, or if it is merely a feature of a standard, unified network security system.
  • Technical Questions: The complaint alleges infringement by an "NS Appliance" that acts as both a "bastion firewall" (Compl. ¶18) and a "NAD server" (Compl. ¶25). A technical question for the court will be to determine if a single device can simultaneously embody both the pre-existing perimeter element that the invention sought to improve upon and the novel, internal element of the patented solution itself.

V. Key Claim Terms for Construction

The Term: "dedicated NAD firewall" ('837 Patent, claim 37)

  • Context and Importance: This term is the central feature of the '837 patent's claimed invention. The outcome of the infringement analysis for this patent will largely depend on whether the accused Fujitsu "Access Control functionality" is considered "dedicated." Practitioners may focus on this term because it distinguishes the invention from general-purpose firewalls.
  • Intrinsic Evidence for Interpretation:
    • Evidence for a Broader Interpretation: The specification suggests the firewall can be a software "component" and that it "wraps" around a NAD, which could support a logical, rather than physical, interpretation of dedication (’837 Patent, col. 3:7-13).
    • Evidence for a Narrower Interpretation: The background explicitly distinguishes the invention from non-dedicated "bastion firewalls," suggesting a higher standard for "dedicated" (’837 Patent, col. 1:41-45). Figure 1 depicts distinct firewall elements (117A, 117B, 117C) for each NAD, which may support an interpretation requiring a firewall that is functionally exclusive to protecting a specific NAD or group of NADs.

The Term: "in a manner that is in addition to any protection afforded by a firewall" ('302 Patent, claim 1)

  • Context and Importance: This phrase is critical for defining the required relationship between the claimed security and conventional firewalls. Infringement will depend on whether the accused functionality provides a truly additional and distinct layer of protection.
  • Intrinsic Evidence for Interpretation:
    • Evidence for a Broader Interpretation: A party could argue that any filtering that occurs on an internal network appliance, after a packet has already passed through a perimeter firewall, is necessarily "in addition to" the protection afforded by that first firewall.
    • Evidence for a Narrower Interpretation: The patent’s background emphasizes the need for a "second layer of security" to protect against threats that have already penetrated the bastion firewall (’302 Patent, col. 1:53-57). This context suggests the "additional" protection must be independent of, and functionally distinct from, the primary perimeter firewall, not merely another rule set within a single, distributed security system.

VI. Other Allegations

  • Indirect Infringement: For all four patents, the complaint alleges induced infringement under 35 U.S.C. § 271(b). The allegations are based on Fujitsu allegedly providing "instructions, manuals, and technical assistance" via its website, which purportedly direct and encourage customers to configure and use the Accused Products in an infringing manner (Compl. ¶19, 26, 33, 40).
  • Willful Infringement: Willfulness is alleged for all four patents. The basis for these allegations is Fujitsu's alleged knowledge of the patents "at least as of the date of this Complaint," establishing a claim for post-suit willful infringement (Compl. ¶22, 29, 36, 43).

VII. Analyst’s Conclusion: Key Questions for the Case

  • A core issue will be one of architectural scope: can the patents' claims to a "dedicated" firewall or a security layer "in addition to" a conventional firewall be construed to read on a general-purpose "Access Control" feature integrated within a multi-function network appliance, or is there a fundamental mismatch between the claimed two-layer security architecture and the allegedly infringing single-appliance solution?
  • A key procedural question will be the effect of the ’600 patent’s IPR cancellation: given that the single asserted claim of the '600 patent was cancelled after the complaint was filed, the court will have to address the viability of Count IV. Furthermore, the arguments and final written decision from that proceeding may be used to challenge the validity of the remaining asserted claims in the related patents under doctrines of collateral estoppel or persuasive authority.
  • A central evidentiary question will be one of inducement: to succeed on its indirect infringement claims, the plaintiff will need to present evidence, likely from the accused user manuals and technical guides, showing that Fujitsu specifically instructed its customers to configure their networks in a manner that satisfies every element of the asserted claims.