Taasera Licensing LLC v. Fortinet Inc

I. Executive Summary and Procedural Information

• Parties & Counsel:
  • Plaintiff: Taasera Licensing LLC (Texas)
  • Defendant: Fortinet Inc. (Delaware)
  • Plaintiff’s Counsel: Fabricant LLP; Truelove Law Firm, PLLC
• Case Identification: Taasera Licensing LLC v. Fortinet Inc., 2:22-cv-00415, E.D. Tex., 10/21/2022
• Venue Allegations: Plaintiff alleges venue is proper because Fortinet has a regular and established place of business in the Eastern District of Texas, transacts business involving the accused products in the district, and provides sales and technical support within the district.
• Core Dispute: Plaintiff alleges that Defendant’s FortiEDR and Fortiweb network security products infringe ten U.S. patents related to application attestation, dynamic URL encryption, and endpoint security compliance.
• Technical Context: The patents address various aspects of network and endpoint security, a critical technology domain focused on protecting computer systems and data from unauthorized access, breaches, and other cyber threats.
• Key Procedural History: The complaint notes that seven of the patents-in-suit were invented by IBM and three were developed by TaaSera, Inc., suggesting the asserted portfolio was aggregated from at least two distinct sources. No other significant procedural events are mentioned in the complaint.

Case Timeline

II. Technology and Patent(s)-in-Suit Analysis

U.S. Patent No. 8,327,441: “System and Method for Application Attestation” (Issued Dec. 4, 2012)

The Invention Explained

• Problem Addressed: The patent describes the challenge of verifying the security and integrity of software applications running in environments like data centers or cloud computing, where direct control and visibility are limited (’441 Patent, col. 1:15-24).
• The Patented Solution: The invention proposes a remote attestation service. A server receives two key pieces of information from a computer running an application: a "runtime execution context" (describing the application's attributes and components) and a "security context" (providing an analysis of those components). The server then analyzes this information to generate a report on the application's security risks, effectively "attesting" to its state of security (’441 Patent, Abstract; col. 7:46-51).
• Technical Importance: This approach provides a mechanism for third-party verification of application security at runtime, which is crucial for establishing trust in distributed or outsourced computing environments (’441 Patent, col. 6:44-51).

Key Claims at a Glance

• The complaint asserts independent claim 1 (Compl. ¶39).
• Essential elements of claim 1 include:
  • Receiving, by a remote attestation server, a runtime execution context indicating application attributes, where the attributes include executable file binaries and loaded components.
  • Receiving a security context with an execution analysis of those binaries and components.
  • Generating, by the server, a report on security risks based on the received contexts.
  • Sending, by the server, this report as an attestation result.

U.S. Patent No. 8,819,419: “Method and system for dynamic encryption of a URL” (Issued Aug. 26, 2014)

The Invention Explained

• Problem Addressed: The patent notes that standard internet URLs often expose the directory structure of a web server, which can provide hackers with information that opens the door to potential intrusions (’419 Patent, col. 3:9-15).
• The Patented Solution: The invention describes a method to dynamically encrypt URLs to hide this internal structure. The system receives a resource request, evaluates the URL to see if encryption is required, locates the resource if no encryption is needed, and determines if a return URL also needs to be encrypted before being sent back (’419 Patent, Abstract). This process protects the server's file structure from being revealed to outside users (’419 Patent, col. 4:10-18).
• Technical Importance: This method enhances web server security by obscuring internal file paths from external users, thereby reducing the "attack surface" available to potential intruders (’419 Patent, col. 4:52-59).

Key Claims at a Glance

• The complaint asserts independent claim 13 (Compl. ¶52).
• Essential elements of claim 13 (a computer program product) include:
  • Instructions for receiving a resource request containing a URL.
  • Instructions for evaluating the URL to determine if encryption is required.
  • Instructions for locating the requested resource when encryption is not required.
  • Instructions for determining if the requested resource is available.
  • Instructions for determining if a return URL requires encryption when the resource is available.
    The following patents are analyzed in capsule format due to the multi-patent nature of the complaint.

Multi-Patent Capsule: U.S. Patent No. 8,955,038

• Patent Identification: U.S. Patent No. 8,955,038, "Methods and Systems for Controlling Access to Computing Resources Based on Known Security Vulnerabilities," issued Feb. 10, 2015.
• Technology Synopsis: This patent describes a system for managing endpoint security based on compliance with predefined policies (’038 Patent, Abstract). A remote computing system provides a user interface to configure policies, which are monitored by software agents on an endpoint; the remote system then determines the endpoint's compliance state and can initiate actions accordingly (Compl. ¶¶26, 67).
• Asserted Claims: Claim 23 (Compl. ¶67).
• Accused Features: Fortinet's FortiEDR product, specifically its threat classification and remediation features (Compl. ¶67).

Multi-Patent Capsule: U.S. Patent No. 8,990,948

• Patent Identification: U.S. Patent No. 8,990,948, "Systems and Methods for Orchestrating Runtime Operational Integrity," issued Mar. 24, 2015.
• Technology Synopsis: The invention relates to providing real-time operational integrity for an application by monitoring various inputs like network dialogs and system operations (’948 Patent, Abstract). The system generates behavior-based events, correlates them to classify threats, and displays the application's integrity status on an administrative console (Compl. ¶¶27, 84).
• Asserted Claims: Claim 1 (Compl. ¶84).
• Accused Features: Fortinet's FortiEDR product, particularly its application behavioral analysis feature (Compl. ¶84).

Multi-Patent Capsule: U.S. Patent No. 9,092,616

• Patent Identification: U.S. Patent No. 9,092,616, "Systems and Methods for Threat Identification and Remediation," issued Jul. 28, 2015.
• Technology Synopsis: This patent describes a method for providing runtime operational integrity of a system using a trust orchestration server that communicates with an endpoint trust agent (’616 Patent, Abstract). The server receives a "dynamic context" from the endpoint, analyzes it along with third-party assessments, correlates events, and generates a system integrity profile (Compl. ¶¶28, 99).
• Asserted Claims: Claim 1 (Compl. ¶99).
• Accused Features: Fortinet's FortiEDR product, particularly its behavioral analysis feature (Compl. ¶99).

Multi-Patent Capsule: U.S. Patent No. 9,118,634

• Patent Identification: U.S. Patent No. 9,118,634, "Dynamic encryption of a universal resource locator," issued Aug. 25, 2015.
• Technology Synopsis: This patent, related to the ’419 Patent, describes a method for restricting network access by dynamically encrypting URLs (’634 Patent, Abstract). It involves a computer receiving a resource request, evaluating the URL to determine if encryption is needed, locating the resource, and determining if a return URL requires encryption (Compl. ¶¶29, 117).
• Asserted Claims: Claim 1 (Compl. ¶117).
• Accused Features: Fortinet's Fortiweb product, specifically its URL Encryption feature (Compl. ¶117).

Multi-Patent Capsule: U.S. Patent No. 9,608,997

• Patent Identification: U.S. Patent No. 9,608,997, "Methods and Systems for Controlling Access to Computing Resources Based on Known Security Vulnerabilities," issued Mar. 28, 2017.
• Technology Synopsis: Related to the ’038 Patent, this invention describes controlling an endpoint's operation remotely based on security policies (’997 Patent, Abstract). A remote system manages policies, configures software services on the endpoint to monitor operating conditions, receives status information, determines a compliance state, and initiates actions to ensure compliance (Compl. ¶¶30, 132).
• Asserted Claims: Claim 21 (Compl. ¶132).
• Accused Features: Fortinet's FortiEDR product, particularly its threat classification and remediation features (Compl. ¶132).

Multi-Patent Capsule: U.S. Patent No. 9,628,453

• Patent Identification: U.S. Patent No. 9,628,453, "Dynamic encryption of a universal resource locator," issued Apr. 18, 2017.
• Technology Synopsis: This patent, part of the same family as the ’419 and ’634 Patents, details a method for restricting access to network information by using dynamic URL encryption (’453 Patent, Abstract). The method includes receiving a URL request, determining if the resource is available, locating it, and determining if the original or return URL requires encryption (Compl. ¶¶31, 150).
• Asserted Claims: Claim 13 (Compl. ¶149).
• Accused Features: Fortinet's Fortiweb product and its URL Encryption feature (Compl. ¶150).

Multi-Patent Capsule: U.S. Patent No. 9,860,251

• Patent Identification: U.S. Patent No. 9,860,251, "Dynamic encryption of a universal resource locator," issued Jan. 2, 2018.
• Technology Synopsis: Also in the URL encryption patent family, this invention covers a computer program product for restricting network access (’251 Patent, Abstract). It includes instructions for receiving a URL request, determining resource availability, locating the resource, and then determining if encryption is required, calculating an encrypted value, and sending it (Compl. ¶¶32, 165).
• Asserted Claims: Claim 7 (Compl. ¶164).
• Accused Features: Fortinet's Fortiweb product and its URL Encryption feature (Compl. ¶165).

Multi-Patent Capsule: U.S. Patent No. 9,923,918

• Patent Identification: U.S. Patent No. 9,923,918, "Methods and Systems for Controlling Access to Computing Resources Based on Known Security Vulnerabilities," issued Mar. 20, 2018.
• Technology Synopsis: This patent, related to the ’038 and ’997 Patents, describes a system for remotely controlling an endpoint's operation (’918 Patent, Abstract). The system uses a remote user interface to configure policies, uses software services on the endpoint to gather status and user information, determines a compliance state, and authorizes network access in response (Compl. ¶¶33, 179).
• Asserted Claims: Claim 17 (Compl. ¶179).
• Accused Features: Fortinet's FortiEDR product, specifically its behavioral analysis, classification, and authorization features (Compl. ¶179).

III. The Accused Instrumentality

• Product Identification: The complaint identifies two accused product lines: Fortinet FortiEDR and Fortinet Fortiweb (Compl. ¶34).
• Functionality and Market Context:
  • FortiEDR: The complaint alleges this product provides "Real-Time Breach and Ransomware Protection" for computer endpoints (Compl. ¶¶39-40). Its accused functionality involves discovering and controlling applications at runtime by receiving "process attributes, context information, and processes behavior information for detected threats" (Compl. ¶41). A promotional diagram included in the complaint outlines a process of pre-infection prevention and post-infection detection, response, and remediation (Compl. p. 11). The system is alleged to send alerts and log information for each detected threat (Compl. ¶42).
  • Fortiweb: This product is described as a web application firewall that performs URL encryption to "prevent users from forceful browsing" and ensure the "internal directory structure of the web application is not revealed to users" (Compl. ¶¶53, 54, p. 16). The complaint alleges it receives request URLs, evaluates them to determine if encryption is required, and, if a resource is not found, returns a 404 error code (Compl. ¶¶54-56). A screenshot from the Fortiweb administration guide illustrates the configuration of a URL encryption rule (Compl. p. 16).

IV. Analysis of Infringement Allegations

U.S. Patent No. 8,327,441 Infringement Allegations

• Identified Points of Contention:
  • Scope Questions: A central question may be whether the alleged "process attributes, context information, and processes behavior information" (Compl. ¶41) satisfy the claim requirement of a "runtime execution context" that comprises "one or more executable file binaries" (Claim 1). The defendant may argue that receiving metadata about an executable is distinct from receiving the binary file itself, potentially creating a scope mismatch between the claim language and the accused functionality.
  • Technical Questions: What evidence does the complaint provide that FortiEDR's security analysis, which generates alerts for "detected threats," constitutes the "execution analysis of the one or more executable file binaries" required by the claim? The analysis will likely focus on the technical specifics of how FortiEDR's analysis is performed versus what is described and claimed in the patent.

U.S. Patent No. 8,819,419 Infringement Allegations

• Identified Points of Contention:
  • Functional Questions: The complaint alleges Fortiweb "encrypts all request URLs" (Compl. ¶57) but also evaluates URLs against an "exception list" (Compl. ¶55). A key question will be whether evaluating a URL against an exception list and then processing it without encryption constitutes "locating the requested resource... when encryption of the URL is not required," as the claim recites. The analysis may turn on whether the accused product performs a distinct locating step for unencrypted URLs or if it follows a single, unified process where non-encryption is merely a bypass.

V. Key Claim Terms for Construction

From U.S. Patent No. 8,327,441

• The Term: "runtime execution context ... compris[ing] one or more executable file binaries"
• Context and Importance: This term is critical because the infringement allegation hinges on whether the "process attributes, context information, and processes behavior information" collected by FortiEDR meet this definition. The construction will determine if collecting metadata about an application is equivalent to collecting the application's binary files as required by the claim.
• Intrinsic Evidence for Interpretation:
  • Evidence for a Broader Interpretation: The patent's abstract describes generating "attribute value assertions describing the examined runtime local execution," which could suggest that descriptive information, rather than the binaries themselves, is the focus of the context (’441 Patent, Abstract).
  • Evidence for a Narrower Interpretation: The claim language itself appears to define the term explicitly: "wherein the attributes comprise one or more executable file binaries of the application and loaded components of the application" (’441 Patent, col. 26:12-15). This suggests the context is not merely descriptive attributes, but must contain the actual binary files.

From U.S. Patent No. 8,819,419

• The Term: "instructions for locating the requested resource... when encryption of the URL is not required"
• Context and Importance: Practitioners may focus on this term because the complaint alleges Fortiweb both "encrypts all request URLs" and evaluates URLs against an "exception list." The dispute may center on whether the exception-based handling in Fortiweb qualifies as the separate locating step for non-encrypted URLs recited in the claim.
• Intrinsic Evidence for Interpretation:
  • Evidence for a Broader Interpretation: The patent specification describes a general process where a URL is evaluated, and if it is not to be encrypted, it is "passed to the system for locating the resource" (’419 Patent, Fig. 3, Blocks 53-54). This could support an interpretation where simply allowing an unencrypted URL to be processed by the server's standard resource location mechanism satisfies this element.
  • Evidence for a Narrower Interpretation: The claim recites two distinct instructions: one for "evaluating" the URL for encryption and a separate one for "locating" the resource when encryption is not required. This structure could support an argument that the claim requires two separate, sequential functional modules, which may differ from the integrated exception-list handling alleged in the accused product.

VI. Other Allegations

• Indirect Infringement: The complaint alleges inducement of infringement for all asserted patents. The allegations are based on Fortinet providing products to customers and end-users along with "demonstrations, training, instruction courses, instruction manuals, installation manuals, and customer service that instruct end-users to use the products in an infringing manner" (e.g., Compl. ¶¶43, 45). The complaint specifically notes that Fortinet encourages the installation of its "FortiEDR Collector software" on endpoint computers (Compl. ¶46).
• Willful Infringement: While the complaint does not include a separate count for willful infringement, it alleges that Defendant had knowledge of the patents "at least as of the date of this Complaint" (e.g., Compl. ¶44), which may form the basis for a claim of post-filing willful infringement. No allegations of pre-suit knowledge are made.

VII. Analyst’s Conclusion: Key Questions for the Case

• A core issue will be one of definitional scope: can the term "runtime execution context comprising... executable file binaries," as claimed in the '441 patent, be construed to cover the "process attributes" and "context information" allegedly collected by Fortinet's FortiEDR product, or is the collection of metadata fundamentally different from the collection of the binary files themselves?
• A key evidentiary question will be one of functional operation: does Fortiweb's URL evaluation against an "exception list" perform the distinct, claimed function of "locating the requested resource... when encryption of the URL is not required" as recited in the '419 patent family, or is there a technical mismatch between the claimed method and the product's actual operation?
• A central case management challenge will be portfolio complexity: the lawsuit asserts ten patents from at least four distinct patent families, with inventions originating from different entities (IBM and TaaSera), against two separate product lines (FortiEDR and Fortiweb). The parties and the court will need to address the significant technical and legal distinctions across this broad and varied asserted portfolio.