DCT

2:18-cv-00382

Packet Intelligence LLC v. Nokia Solutions Networks US LLC

Log In

I. Executive Summary and Procedural Information

  • Parties & Counsel:
  • Case Identification: 2:18-cv-00382, E.D. Tex., 11/27/2018
  • Venue Allegations: Plaintiff alleges venue is proper in the Eastern District of Texas because Defendant maintains a regular and established place of business in Plano, Texas, from which it develops and/or sells the accused products.
  • Core Dispute: Plaintiff alleges that Defendant’s routers and switches equipped with the "Application Assurance" feature infringe five patents related to advanced network traffic processing and monitoring.
  • Technical Context: The technology involves deep packet inspection to classify network traffic into "conversational flows"—grouping all packets related to a single user application, even across multiple network connections—to enable more sophisticated network management.
  • Key Procedural History: The complaint notes that the patents-in-suit have a significant litigation history in the same district. Notably, a jury in a prior case found U.S. Patent Nos. 6,665,725, 6,839,751, and 6,954,789 to be valid and infringed by another party (NetScout Systems). The complaint also states that six petitions for inter partes review filed by defendants in prior litigations were denied institution by the Patent Trial and Appeal Board. Plaintiff alleges Defendant has been aware of the patents and this litigation history since at least December 2017.

Case Timeline

Date Event
1999-06-30 Earliest Priority Date for all five Asserted Patents
2003-11-18 U.S. Patent No. 6,651,099 Issues
2003-12-16 U.S. Patent No. 6,665,725 Issues
2004-08-03 U.S. Patent No. 6,771,646 Issues
2005-01-04 U.S. Patent No. 6,839,751 Issues
2005-10-11 U.S. Patent No. 6,954,789 Issues
2017-12-07 Date Plaintiff alleges Nokia was aware of Asserted Patents
2018-11-27 Complaint Filed

II. Technology and Patent(s)-in-Suit Analysis

U.S. Patent No. 6,651,099 - Method and Apparatus for Monitoring Traffic in a Network

Issued November 18, 2003

The Invention Explained

  • Problem Addressed: The patent’s background section explains that conventional network monitors classify traffic based on "connection flows," which only track packets transmitted over a single network connection (Compl. ¶25; ’099 Patent, col. 1:35-36). This approach is insufficient for modern applications (e.g., a VoIP call) that may establish multiple, separate connections for a single user activity, causing conventional monitors to incorrectly view them as unrelated events (Compl. ¶25).
  • The Patented Solution: The invention proposes a method to monitor "conversational flows," defined as the entire sequence of packets exchanged as a result of a specific user activity, regardless of the number of underlying connections (’099 Patent, col. 2:38-42). It accomplishes this by using a "parser subsystem" to examine packets, extract key identifying information to build a unique "flow signature," and then using a "lookup engine" to check a database of known flows to classify the packet and maintain the state of the conversation (Compl. ¶¶ 26-28; ’099 Patent, Abstract).
  • Technical Importance: This approach provided network operators a more accurate view of application-level network usage, enabling better quality-of-service management, bandwidth allocation, and security policy enforcement (Compl. ¶29).

Key Claims at a Glance

  • The complaint asserts at least independent claim 1 (Compl. ¶37).
  • Essential Elements of Claim 1:
    • A parser subsystem configured to examine a packet, extract selected portions, and form a function of those portions to identify a conversational flow.
    • A memory storing a flow-entry database for conversational flows.
    • A lookup engine to determine if an entry for the packet's conversational flow exists in the database.
    • A protocol/state identification mechanism.
    • A state processor to carry out state operations that further the process of identifying the application program associated with the flow.

U.S. Patent No. 6,665,725 - Processing Protocol Specific Information in Packets Specified by a Protocol Description Language

Issued December 16, 2003

The Invention Explained

  • Problem Addressed: The patent addresses the challenge of creating network monitors that can adapt to the rapid proliferation of new network protocols without requiring fundamental redesign (’725 Patent, col. 4:1-4). Traditional monitors that specify fixed locations within a packet to find information are inflexible and difficult to update (’725 Patent, col. 3:63–col. 4:4).
  • The Patented Solution: The invention discloses a method where the rules for processing packets are defined in a high-level "protocol description language" (PDL) (’725 Patent, col. 4:48-56). These PDL files specify how to parse packet headers, what information to extract, and what state operations to perform for various protocols. The files are compiled into a data structure that the monitor uses to analyze traffic, allowing the monitor's capabilities to be extended by simply providing a new, compiled PDL file (’725 Patent, Abstract; col. 4:56-63).
  • Technical Importance: This design makes network monitoring systems highly extensible and adaptable, allowing them to keep pace with evolving network technologies and applications without requiring new hardware or low-level software changes.

Key Claims at a Glance

  • The complaint asserts at least independent claim 17 (Compl. ¶42).
  • Essential Elements of Claim 17:
    • Receiving a packet.
    • Receiving a set of protocol descriptions for protocols that may be used in the packet, where a description includes any child protocols and any protocol-specific operations to be performed.
    • Performing the protocol-specific operations on the packet as specified by the set of protocol descriptions.

U.S. Patent No. 6,771,646 - Associative Cache Structure for Lookups and Updates of Flow Records in a Network Monitor

Issued August 3, 2004

  • Technology Synopsis: This patent addresses the need for high-speed lookups in network monitoring. It describes a specific cache architecture using content addressable memories (CAMs) organized to implement a true least-recently-used (LRU) replacement policy, which is designed to maximize the hit rate for finding existing flow records in a high-traffic environment (’646 Patent, col. 2:38-54).
  • Asserted Claims: At least independent claim 7 is asserted (Compl. ¶47).
  • Accused Features: The complaint alleges infringement by the Accused Products' general manufacture, sale, and use, which inherently require high-speed lookup of network flows (Compl. ¶47).

U.S. Patent No. 6,839,751 - Re-Using Information from Data Transactions for Maintaining Statistics in Network Monitoring

Issued January 4, 2005

  • Technology Synopsis: This patent focuses on linking disjointed network transactions. It describes a method for using information learned from one exchange (e.g., a server announcing a service on a specific port) to identify and classify subsequent, otherwise unrelated exchanges (e.g., a client later using that service), a key element of identifying a "conversational flow" (’751 Patent, col. 2:1-12).
  • Asserted Claims: At least independent claim 17 is asserted (Compl. ¶52).
  • Accused Features: The "Application Assurance" feature is accused of infringing by its alleged capability to "correlate control and data flows belonging to the same application" (Compl. ¶32).

U.S. Patent No. 6,954,789 - Method and Apparatus for Monitoring Traffic in a Network

Issued October 11, 2005

  • Technology Synopsis: This patent appears to be related to the '099 patent, further detailing the method for monitoring "conversational flows." It describes parsing packets to build a unique "key" or "signature" and using that key to look up, classify, and update flow records in a database, thereby maintaining the state of the conversation (’789 Patent, Abstract).
  • Asserted Claims: At least independent claim 19 is asserted (Compl. ¶57).
  • Accused Features: The general operation of the "Application Assurance" feature is accused of infringing by identifying and monitoring application flows that may span multiple network connections (Compl. ¶¶ 31-32, 57).

III. The Accused Instrumentality

Product Identification

  • The accused instrumentalities are Nokia routers and Ethernet switches, including the 7705 Service Aggregation Router, 7450 Ethernet Service Switch, and 7750 Service Router, that run Nokia’s Service Router Operating System (“SR OS”) and include the "Application Assurance" feature (Compl. ¶30).

Functionality and Market Context

  • The complaint alleges that the Application Assurance feature provides network operators with detailed insight into network traffic by inspecting packets at layers 3 through 7 of the OSI model to identify the specific application associated with the packet (Compl. ¶31).
  • This feature is alleged to work by "correlat[ing] control and data flows belonging to the same application," thereby identifying a packet as part of a larger "conversational flow" (Compl. ¶32).
  • The complaint provides a screenshot from Nokia's "Adapter Guide" which states that Application Assurance can identify traffic flows using information from Layer 2 to Layer 7 and heuristic techniques (Compl. p. 11).
  • The identification process allegedly uses "Protocol Signatures," which combine pattern-matching and behavioral techniques, and "Application Filters," which are numbered rules that use protocol signatures and other criteria to define a specific application (Compl. ¶¶ 32-33). A screenshot from Nokia's documentation describes Protocol Signatures as being generated by Nokia and included with the software load (Compl. p. 12).

IV. Analysis of Infringement Allegations

U.S. Patent No. 6,651,099 Infringement Allegations

Claim Element (from Independent Claim 1) Alleged Infringing Functionality Complaint Citation Patent Citation
a parser subsystem... configured to examine the packet accepted by the buffer, extract selected portions of the accepted packet, and form a function of the selected portions sufficient to identify that the accepted packet is part of a conversational flow-sequence; The Application Assurance feature allegedly inspects incoming packets using a "Flow/Session Identification Engine" that employs "Protocol Signatures" and "Application Filters" to identify the protocols and application associated with the packet. The complaint provides a functional flowchart from Nokia's documentation showing this process (Compl. p. 14, Fig. 13). ¶¶31-35 col. 5:49-61
a memory storing a flow-entry database including a plurality of flow-entries for conversational flows encountered by the monitor; The functionality described in the complaint, specifically the process of determining if a "Flow [is] Already Identified," implies the existence of a memory for storing data about previously encountered flows (Compl. ¶35). ¶35 col. 6:2-5
a lookup engine connected to the parser subsystem and to the flow-entry database, and configured to determine... if there is an entry in the flow-entry database for the conversational flow sequence of the accepted packet; The flowchart in the complaint (Figure 13) shows a decision point labeled "Flow Already Identified?" which allegedly performs the function of a lookup engine to determine if an incoming packet belongs to a known flow (Compl. p. 14, Fig. 13). ¶35 col. 6:45-53
a state processor... configured to carry out any state operations specified... furthering the process of identifying which application program is associated with the conversational flow-sequence... The complaint alleges that the Accused Products "correlate control and data flows belonging to the same application," which suggests the maintenance of state to link related but separate network connections (Compl. ¶32). The patented technology is described as maintaining state to analyze conversational flows (Compl. ¶28). ¶¶32, 35 col. 7:1-12

U.S. Patent No. 6,665,725 Infringement Allegations

Claim Element (from Independent Claim 17) Alleged Infringing Functionality Complaint Citation Patent Citation
receiving a set of protocol descriptions for protocols that may be used in the packet, a protocol description for a particular protocol at a particular layer level including... any protocol specific operations to be performed on the packet for the particular protocol... The complaint alleges that Nokia generates and provides a set of "Protocol Signatures" with the "Application Assurance software load" (Compl. p. 12). These signatures, along with "Application Filters," allegedly define how to identify protocols and applications, and thus constitute the "protocol descriptions" that specify the operations to be performed (Compl. ¶¶ 32-33). ¶¶32-33 col. 4:48-56
performing the protocol specific operations on the packet specified by the set of protocol descriptions based on the base protocol of the packet and the children of the protocols used in the packet. The Accused Products allegedly use the provided "Protocol Signatures" and "Application Filters" within the "Flow/Session Identification Engine" to inspect packets and identify the application to which the packet belongs. The complaint includes a flowchart from Nokia's documentation illustrating this process of using these predefined rules to process incoming packets (Compl. p. 14, Fig. 13). ¶¶34-35 col. 4:56-63

Identified Points of Contention

  • Scope Questions: A central question may be whether the term "conversational flow," which the patents describe as an improvement over mere "connection flows" (Compl. ¶26), is coextensive with the functionality Nokia describes as "correlat[ing] control and data flows belonging to the same application" (Compl. ¶32). The litigation could explore whether there are material technical or functional differences between the patented concept and the accused implementation.
  • Technical Questions: What evidence does the complaint provide that Nokia's system of providing pre-compiled "Protocol Signatures" meets the "protocol description language" limitation of the ’725 Patent, which the patent specification describes as being compiled from high-level files? Additionally, for the ’099 Patent, the case may require a detailed comparison between the functions of the accused "Flow/Session Identification Engine" (Compl. ¶35) and the patent's claimed "parser subsystem" and "lookup engine."

V. Key Claim Terms for Construction

For the ’099 Patent

  • The Term: "conversational flow"
  • Context and Importance: This term is central to the patent's asserted novelty over the prior art, which the complaint and patent frame as being limited to "connection flows" (Compl. ¶26; ’099 Patent, col. 2:35-37). The infringement analysis for all asserted patents will depend on whether the accused functionality of correlating application flows falls within the scope of this term.
  • Intrinsic Evidence for Interpretation:
    • Evidence for a Broader Interpretation: The specification defines the term broadly as "the sequence of packets that are exchanged in any direction as a result of an activity—for instance, the running of an application on a server as requested by a client" (’099 Patent, col. 2:38-42).
    • Evidence for a Narrower Interpretation: The background section provides specific examples of protocols that lead to "disjointed conversational exchanges," such as RPC, DCOM, and SAP (’099 Patent, col. 2:45-51). A defendant may argue that the term's scope should be understood in the context of these specific problems of linking multi-connection, client-server protocols.

For the ’725 Patent

  • The Term: "protocol description language"
  • Context and Importance: The flexibility of the patented system is derived from its use of this "language" to define packet processing rules. Practitioners may focus on this term because the infringement allegation hinges on whether Nokia's system of providing "Protocol Signatures" and "Application Filters" (Compl. ¶¶ 32-33) is equivalent to a system specified by a "protocol description language."
  • Intrinsic Evidence for Interpretation:
    • Evidence for a Broader Interpretation: The abstract describes the invention as providing "protocol descriptions in a high-level protocol description language, and compiling to the descriptions into a data structure" (’725 Patent, Abstract). This language does not explicitly require the end-user to perform the compilation.
    • Evidence for a Narrower Interpretation: The patent includes an extensive appendix with an example of a specific, text-based Protocol Definition Language (PDL) (’725 Patent, col. 43-70). A defendant could argue that this detailed example defines the term as requiring a human-readable, compilable language, rather than pre-compiled binary signatures delivered with a software load.

VI. Other Allegations

  • Indirect Infringement: The complaint alleges inducement of infringement across all five asserted patents. The basis for this allegation is that Defendant provides products with the infringing features and encourages their use by "providing instructions, technical support, and other support and encouragement for the use of such products, including at least the documents referenced above" (e.g., Compl. ¶38, ¶43).
  • Willful Infringement: The complaint alleges willful infringement based on pre-suit knowledge. It specifically alleges that Nokia has been aware of the Asserted Patents and their litigation history "since at least December 7, 2017," based on an email correspondence between the parties (Compl. ¶22, ¶40). The complaint further alleges that Defendant continued its infringement despite an "objectively high likelihood that its actions constitute infringement" (Compl. ¶40).

VII. Analyst’s Conclusion: Key Questions for the Case

  • A core issue will be one of definitional scope: can the term "conversational flow," rooted in the patent's specific examples of linking disjointed client-server protocols, be construed to cover the accused products' broader functionality of "correlat[ing] control and data flows belonging to the same application"?
  • A key technical question will be one of implementation equivalence: does Nokia's system of providing pre-compiled "Protocol Signatures" with its software load satisfy the "protocol description language" limitation of the ’725 patent, or is that term limited by the patent's specification to a user-accessible, compilable language?
  • A central evidentiary question for damages will be willfulness: given the patents' extensive litigation history, including prior verdicts of validity and infringement, what is the legal and factual significance of the complaint's specific allegation that Nokia had knowledge of the patents from a particular date pre-suit?