DCT

2:24-cv-00065

Croga Innovations Ltd v. Cisco Systems Inc

Log In

I. Executive Summary and Procedural Information

  • Parties & Counsel:
  • Case Identification: 2:24-cv-00065, E.D. Tex., 02/01/2024
  • Venue Allegations: Plaintiff alleges venue is proper in the Eastern District of Texas because Defendant is registered to do business in Texas, has transacted business in the district, and maintains a regular and established place of business in Richardson, Texas, within the district.
  • Core Dispute: Plaintiff alleges that Defendant’s remote browser isolation products and certain Voice over Internet Protocol (VoIP) equipment infringe three patents related to network security through application isolation and dynamic adjustment of VoIP codecs.
  • Technical Context: The technologies at issue address cybersecurity threats from web browsing by isolating potentially malicious content, and network performance issues in VoIP systems by managing call quality under constrained bandwidth.
  • Key Procedural History: The complaint does not mention any prior litigation or administrative proceedings involving the asserted patents. Plaintiff alleges that it and its predecessors were not required to mark any products under 35 U.S.C. § 287, which may be relevant to the calculation of potential damages.

Case Timeline

Date Event
2005-11-10 ’368 Patent Priority Date
2010-06-15 ’368 Patent Issue Date
2011-01-27 ’780 Patent Priority Date
2017-09-28 ’601 Patent Priority Date
2020-03-24 ’780 Patent Issue Date
2022-01-11 ’601 Patent Issue Date
2024-02-01 Complaint Filing Date

II. Technology and Patent(s)-in-Suit Analysis

U.S. Patent No. 11,223,601 - Network isolation for collaboration software

The Invention Explained

  • Problem Addressed: The patent describes the risk that multi-user interactive software, such as collaboration or screen-sharing applications, can expose a host computer system to malware from an untrusted participant, potentially compromising the host and the local network it is connected to (U.S. Patent No. 11,223,601, col. 1:15-45).
  • The Patented Solution: The invention proposes isolating the collaboration software within a "sandboxed computing environment" on the host computer. This environment is segregated from the main "workspace" of the computer by an "internal isolation firewall." This architecture allows a user to interact with untrusted remote parties while preventing any malware encountered during the session from accessing or infecting the user's primary system files and applications (’601 Patent, Abstract; col. 3:5-20). The patent's figures depict this sandboxed environment as being contained within the same protected system as the user's main workspace (’601 Patent, Fig. 2).
  • Technical Importance: The technology aims to provide a layer of security that allows for open collaboration over networks without exposing the core assets of a computer or its enterprise network to threats introduced by external participants (’601 Patent, col. 4:10-34).

Key Claims at a Glance

  • The complaint asserts independent claim 1.
  • The essential elements of independent claim 1 include:
    • A system with a memory and a processor configured to implement a "workspace" and an "isolated computing environment" that both use the host operating system.
    • An "internal isolation firewall" to isolate the environment from the workspace.
    • A step of "authenticating" the isolated computing environment with an authentication device.
    • Sending data to an untrusted destination from a "multi-user interactive software application" via a "proxy device" after the environment has been authenticated.
  • The complaint reserves the right to assert additional claims in the future (Compl. ¶9).

U.S. Patent No. 10,601,780 - Internet isolation for avoiding internet security threats

The Invention Explained

  • Problem Addressed: The patent addresses the general problem of users unintentionally downloading malicious software while browsing the internet, which can compromise system efficiency and security, and lead to the theft of sensitive data (U.S. Patent No. 10,601,780, col. 1:24-42).
  • The Patented Solution: The invention describes a host computer that uses a hypervisor to run a separate "virtual guest system." All internet browsing occurs within this virtual guest system, which is firewalled off from the trusted host operating system. The guest system connects to the internet through a separate, isolated channel, such as a dedicated VPN. If the guest system becomes infected by malware, it has no access to the host's files or network resources and can be easily reset to a "pristine" copy, effectively neutralizing the threat (’780 Patent, Abstract; col. 3:29-49).
  • Technical Importance: This system creates a software-based equivalent of an "air gap," allowing a single computer to safely browse the untrusted internet while simultaneously being connected to a secure, trusted local area network (’780 Patent, col. 4:5-14).

Key Claims at a Glance

  • The complaint asserts independent claim 1.
  • The essential elements of independent claim 1 include:
    • A networked computer system comprising a network and at least one computer system.
    • The computer system comprises a "host system" and a "virtual system", separated by an "internal firewall".
    • A "host-based firewall" is configured to implement network isolation between the computer system and the network.
    • At least one external "device" (e.g., a network firewall or web proxy) also implements network isolation for untrusted destinations.
  • The complaint reserves the right to assert additional claims in the future (Compl. ¶19).

U.S. Patent No. 7,738,368 - Voice over internet protocol codec adjustment

  • Patent Identification: U.S. Patent No. 7,738,368, "Voice over internet protocol codec adjustment," issued June 15, 2010.
  • Technology Synopsis: The patent addresses poor call quality in VoIP systems caused by network congestion or limited bandwidth. The described solution involves VoIP telephones detecting call quality degradation (e.g., by monitoring dropped voice packets) and then automatically renegotiating the call to use a coder-decoder (codec) that requires less bandwidth. This allows the call to continue with slightly reduced audio fidelity rather than being dropped entirely (U.S. Patent No. 7,738,368, Abstract; col. 2:50-65).
  • Asserted Claims: The complaint asserts independent claim 1 (Compl. ¶30).
  • Accused Features: The accused products are Cisco's Unified Border Element (CUBE) version 14, particularly when used in combination with compatible Cisco VoIP telephones (Compl. ¶29).

III. The Accused Instrumentality

Product Identification

The complaint identifies two main sets of accused instrumentalities:

  1. Cisco's Umbrella remote browser isolation (RBI) service, accused of infringing the ’601 and ’780 patents (Compl. ¶9, ¶19).
  2. Cisco's Unified Border Element (CUBE) version 14, when combined with compatible Cisco VoIP telephones, accused of infringing the ’368 patent (Compl. ¶29).

Functionality and Market Context

  • The complaint alleges that Cisco's Umbrella RBI product functions by redirecting a user's web browsing activity to a "cloud-based host" where web content is processed in an "isolated container" (Compl. ¶12, ¶22). The rendered content is then sent to the user's local browser, which is intended to protect the user's machine from malware and other web-based threats. The complaint references a Cisco blog post that describes how RBI protects users from online threats (Compl. ¶12, citing Ex. 3).
  • The complaint alleges that Cisco's CUBE product provides VoIP functionalities. It further alleges that Cisco provides instructions and documentation on how to configure and use these functionalities in a manner that infringes the ’368 Patent (Compl. ¶32). The complaint references a Cisco overview document for the CUBE product (Compl. ¶32, citing Ex. 9).

IV. Analysis of Infringement Allegations

The complaint does not provide sufficient detail for analysis of infringement allegations. The complaint alleges that claim charts demonstrating infringement were served with the complaint or will be provided later, but these charts are not attached to the filed document (Compl. ¶10, ¶20, ¶30).

V. Key Claim Terms for Construction

'601 Patent

  • The Term: "isolated computing environment that uses the host operating system"
  • Context and Importance: This term is central to the dispute because the accused Cisco RBI product is described as a "cloud-based host," whereas the patent's specification appears to describe an isolated environment located on the user's local computer. The resolution of whether a remote, cloud-based service can be considered an "isolated computing environment that uses the host operating system" will be critical to the infringement analysis.
  • Intrinsic Evidence for Interpretation:
    • Evidence for a Broader Interpretation: The claim language itself does not explicitly restrict the location of the "isolated computing environment" to the same physical machine as the "workspace". An argument could be made that "uses the host operating system" refers to a functional interaction rather than a structural one.
    • Evidence for a Narrower Interpretation: The specification repeatedly describes the environment as being on the "host computer system" and segregated from a "workspace" on that same system (’601 Patent, col. 10:1-10, col. 10:60-65). Figure 2 of the patent shows the "PROTECTED SYSTEM" (212) physically containing both the "workspace" (216) and the "sandboxed computing environment" (220), suggesting a local architecture.

'780 Patent

  • The Term: "a computer system comprising a host system and a virtual system"
  • Context and Importance: Similar to the '601 patent, this term's construction will likely focus on the architectural location of the systems. The accused RBI product is a cloud service, while the patent seems to describe a virtual system running locally on a host computer. Practitioners may focus on this term because the outcome will determine if the accused cloud architecture falls within the scope of the claims.
  • Intrinsic Evidence for Interpretation:
    • Evidence for a Broader Interpretation: The term "comprising" is inclusive, and one could argue that a "computer system" in a networked context could encompass both a local client and a remote cloud component working together.
    • Evidence for a Narrower Interpretation: The specification describes the use of a "hypervisor" to create the virtual environment on the host computer and refers to it as the "virtual guest system or guest OS" (’780 Patent, col. 8:3-13). Figure 1 clearly depicts the "Guest OS" (13) as a component inside the "Workstation or Laptop" (9), strongly suggesting a local virtual machine.

VI. Other Allegations

  • Indirect Infringement: The complaint alleges both induced and contributory infringement for all three patents. Inducement allegations are based on Cisco's alleged encouragement and instruction to its customers through user manuals, online documentation, marketing materials, and product demonstrations (Compl. ¶12, ¶22, ¶32). Contributory infringement is alleged on the basis that the accused products are especially made or adapted for infringement and are not staple articles of commerce suitable for non-infringing use (Compl. ¶13, ¶23, ¶33).
  • Willful Infringement: The complaint does not contain allegations of pre-suit knowledge of the patents. However, it alleges that Cisco has knowledge of the patents and their infringement "At least as of the filing and service of this complaint" (Compl. ¶12, ¶22, ¶32). This forms a basis for potential post-filing willful infringement and enhanced damages.

VII. Analyst’s Conclusion: Key Questions for the Case

  • A central issue for the ’601 and ’780 patents will be one of architectural scope: can claim terms like "isolated computing environment" and "virtual system", which the patent specifications appear to describe as local to a user's machine, be construed to cover the accused cloud-based architecture of Cisco's Remote Browser Isolation service?
  • A key question for the ’368 patent will be one of direct infringement: can Plaintiff show that Defendant Cisco makes, uses, or sells the entire claimed "system," which requires, among other things, a "VoIP service provider system," two separate LANs, and multiple VoIP telephones, or is there a dispositive mismatch between the asserted system claim and the accused CUBE product?
  • A significant evidentiary question will concern indirect infringement: what factual evidence, beyond the existence of product documentation, can Plaintiff present to demonstrate that Cisco possessed the specific intent required to induce its customers to infringe the asserted patents?