DCT

2:23-cv-00233

Touchpoint Projection Innovations LLC v. Cdnetworks Co Ltd

Log In
Key Events
Complaint
complaint

I. Executive Summary and Procedural Information

  • Parties & Counsel:
  • Case Identification: 2:23-cv-00233, E.D. Tex., 05/26/2023
  • Venue Allegations: Venue is asserted on the basis that the defendant is a foreign corporation not resident in the United States and may therefore be sued in any judicial district.
  • Core Dispute: Plaintiff alleges that Defendant’s content delivery network (CDN) and Denial-of-Service (DoS) protection services infringe a patent related to a network gateway that inspects and acts upon specific data from incoming network traffic.
  • Technical Context: The technology addresses the security of large-scale computer networks by analyzing low-level data within network traffic to identify and mitigate malicious activity, such as DoS attacks, which are a significant threat to internet-based services.
  • Key Procedural History: The complaint alleges that Defendant has had actual notice of the patent and its infringing activities since at least March 5, 2023, a fact that may be relevant to the plaintiff's claims for willful infringement.

Case Timeline

Date Event
2009-09-04 U.S. Patent No. 8,265,089 Priority Date
2012-09-11 U.S. Patent No. 8,265,089 Issue Date
2023-03-05 Alleged Date of Defendant’s Notice of Patent
2023-05-26 Complaint Filing Date

II. Technology and Patent(s)-in-Suit Analysis

U.S. Patent No. 8,265,089 - NETWORK GATEWAY WITH ENHANCED REQUESTING

The patent is referred to as the “'089 Patent” and was issued on September 11, 2012.

The Invention Explained

  • Problem Addressed: The patent describes that in conventional networking, when a large, aggregated data packet (a "Multiple Packet Data Unit" or MPDU) travels from a connection-based network (e.g., a Wide Area Network or WAN) to a connectionless network (e.g., a Local Area Network or LAN), the gateway that manages this transition typically discards the MPDU’s header information after disaggregating it into smaller, individual packets (Compl. ¶23; ’089 Patent, col. 4:1-10). This discarded low-level protocol data is therefore lost and cannot be used for analysis or security functions (Compl. ¶26; ’089 Patent, col. 8:55-60).
  • The Patented Solution: The invention proposes a gateway that, in parallel with the normal de-encapsulation process, captures and dissects this otherwise discarded low-level network protocol data from the incoming MPDU header (’089 Patent, Fig. 2). This "selected network protocol data" is then analyzed by applying one or more rules to detect potential threats or anomalies, such as a DoS attack (Compl. ¶31, ¶36). Based on the analysis, the gateway can perform a "responsive reaction," such as blocking, regulating, or alerting, before the constituent data packets are sent to the receiver network (Compl. ¶34; ’089 Patent, col. 12:9-14).
  • Technical Importance: The complaint asserts that this method provides a more efficient way to counter DoS attacks by using data already present in the network traffic that was conventionally discarded, thereby avoiding the performance degradation associated with prior art solutions like centralized "scrubbing centers" (Compl. ¶44, ¶53).

Key Claims at a Glance

  • The complaint asserts independent claims 1 (system), 7 (gateway computer), and 20 (method), as well as dependent claim 10 (Compl. ¶75, ¶76, ¶82).
  • Independent Claim 1 (System):
    • A computer communication network system comprising a source computer, an MPDU aggregating module, a connection-based network, a gateway, a receiver-side connectionless network, and a receiver computer.
    • The gateway is structured to receive a first MPDU, disaggregate it into smaller data units (DUs), and selectively communicate a first DU.
    • Crucially, the gateway is also structured to collect "selected network protocol data from the first MPDU," where this data includes information "not included in any of the plurality of DUs."
    • The gateway then applies a "first rule" to this collected data and makes a "responsive reaction" based on the rule's application.
  • Independent Claim 7 (Gateway Computer):
    • A gateway computer with a non-transient software storage device.
    • The software includes a "gateway module" (to receive and disaggregate an MPDU) and an "enhanced requesting module."
    • The "enhanced requesting module" is structured to perform the key functions: collect the "selected network protocol data...not included in any of the plurality of DUs," apply a "first rule," and "selectively make a responsive reaction."

III. The Accused Instrumentality

Product Identification

The complaint names Defendant’s "Accused Gateway" and "Accused Services," which include the "Flood Shield" and "Application Shield" Denial-of-Service (DoS) protection services (Compl. ¶65, ¶67).

Functionality and Market Context

  • The accused services are described as "cloud-based" software modules operating on Defendant’s global Points-of-Presence (PoPs), which function as gateways for internet traffic (Compl. ¶66-67). These gateways allegedly "monitor, inspect, and/or analyze incoming internet traffic" for security risks like "suspicious packets" by using network protocol data such as IP addresses and HTTP headers (Compl. ¶67-68). A diagram in the complaint illustrates this "Scrubbing On Edge" functionality, showing traffic inspection occurring at the "Nearest PoP Access" point (Compl. p. 23, Fig.).
  • When a potential DoS attack is detected, the accused system allegedly diverts the traffic to one of Defendant's "Scrubbing Centers" for "cleaning" (Compl. ¶69, p. 25). The complaint alleges Defendant operates a large network of over 2,800 global PoPs, situating the accused functionality at the edge of the internet (Compl. ¶62).

IV. Analysis of Infringement Allegations

’089 Patent Infringement Allegations

Claim Element (from Independent Claim 7) Alleged Infringing Functionality Complaint Citation Patent Citation
A gateway computer for use in a computer communication network system, the gateway computer comprising a non-transient software storage device with the following software encoded therein: a gateway module and an enhanced requesting module; Defendant's "Accused Gateway" computers located at its global Points-of-Presence (PoPs), which operate cybersecurity services like "Flood Shield." ¶65, ¶67 col. 11:12-14
the gateway module is structured...to receive a first MPDU from a connection-based network...to disaggregate the first MPDU into a plurality of smaller data units (DUs), and selectively communicate the first DU... The Accused Gateway receives internet packets (alleged to be MPDUs) via an edge router and disaggregates them into data units. It selectively communicates by transmitting or not transmitting the units based on rules. ¶75 col. 16:59-67
the enhanced requesting module is structured...to collect selected network protocol data from the first MPDU, with the selected network protocol data including at least some network protocol data included in the first MPDU and not included in any of the plurality of DUs... The Accused Gateway "collects network protocol data from the packet," such as IP addresses and HTTP headers, to monitor and inspect traffic. ¶68, ¶75 col. 18:1-10
the enhanced requesting module is further structured...to apply a first rule to the selected network protocol data collected by the enhanced requesting module; The Accused Gateway applies rules to the collected data to analyze traffic for "any security risks" or "unusual behaviors" indicative of a DoS attack. ¶67, ¶75 col. 18:11-14
the enhanced requesting module is further structured...to selectively make a responsive reaction based, at least in part, upon the application of the first rule... When a rule is met (e.g., a possible DoS attack is detected), the Accused Gateway makes a responsive reaction by transmitting or not transmitting data units, and by diverting traffic to a "Scrubbing Center." ¶69, ¶75 col. 18:15-21

Identified Points of Contention

  • Technical Question: The claim requires collecting protocol data from an MPDU that is "not included in any of the plurality of DUs" (i.e., data that is discarded). The complaint alleges the accused system uses "IP addresses and HTTP headers" for inspection (Compl. ¶68). A central question is whether this standard header information, which is typically part of the packet that gets forwarded, satisfies the claim element, or if the claim is limited to the specific type of discarded low-level header data (e.g., from a SONET frame) described in the patent's specification (’089 Patent, col. 10:7-10).
  • Scope Questions: The case may turn on whether the term "MPDU," which the patent describes in the context of connection-oriented protocols like SONET (’089 Patent, col. 10:28-34), can be construed to encompass the standard internet "packets" that the complaint alleges the accused system processes (Compl. ¶75). Similarly, it raises the question of whether diverting traffic to a separate "Scrubbing Center" (Compl. ¶69) constitutes a "responsive reaction" made by the "gateway" itself, as the patent's architecture appears to contemplate (’089 Patent, Fig. 2).

V. Key Claim Terms for Construction

  • The Term: "selected network protocol data...not included in any of the plurality of DUs"
  • Context and Importance: This term is the technological core of the asserted claims. The infringement analysis will depend entirely on whether the data collected by Defendant's system is of the type covered by this limitation—specifically, data that would otherwise be discarded upon de-encapsulation. Practitioners may focus on this term because the complaint's allegations of inspecting standard IP/HTTP headers (Compl. ¶68) may not align with the patent's description of dissecting otherwise-lost low-level MPDU header information.
  • Intrinsic Evidence for Interpretation:
    • Evidence for a Broader Interpretation: The patent defines "Network protocol data" broadly as "any data in a packet or MPDU that is extraneous to the payload" (’089 Patent, col. 16:18-20). Plaintiff may argue this supports a construction that is not limited to a specific protocol or layer.
    • Evidence for a Narrower Interpretation: The specification repeatedly emphasizes the novelty of using information that is "effectively discarded and lost" in conventional gateways (’089 Patent, col. 4:1-4, col. 8:58-60). The detailed description and Figure 6 specifically illustrate the dissection of "physical link layer" and "data link layer" data from an MPDU header, contrasting it with the high-level data in the constituent packets (’089 Patent, Fig. 6, col. 10:7-10). This may support a narrower construction limited to data that is structurally separate from the final data units and would be lost in a conventional system.

VI. Other Allegations

  • Indirect Infringement: The complaint alleges inducement of infringement, stating that Defendant aids its customers by supplying the Accused Services and "providing instructions to consumer end-users" on how to use them to practice the method of claim 20 (Compl. ¶83).
  • Willful Infringement: The willfulness claim is based on alleged pre-suit knowledge. The complaint asserts that Defendant had "actual notice of the '089 Patent" since at least March 5, 2023, and continued its allegedly infringing activities without change (Compl. ¶16, ¶78-79).

VII. Analyst’s Conclusion: Key Questions for the Case

  • A central issue will be one of technical operation: Does the accused system’s alleged inspection of standard IP/HTTP headers—data that is typically integral to a forwarded packet—meet the specific claim requirement of collecting protocol data that is “not included in” the resulting data units? Or is there a fundamental mismatch between the accused functionality and the patent’s teaching of dissecting otherwise-discarded, low-level header information?
  • The case will also likely turn on a question of definitional scope: Can the term “MPDU,” as described in the patent in the context of connection-oriented networking, be construed broadly enough to read on the generic internet “packets” the accused system allegedly processes? The resolution of this construction could prove dispositive for the infringement analysis.
  • Finally, a key evidentiary question will be whether Plaintiff can prove that the alleged "responsive reaction"—diverting traffic to a separate "Scrubbing Center"—is an action performed by the claimed "gateway" itself, or if it represents a hand-off to a distinct system outside the scope of the patent's claims.