DCT
2:24-cv-00343
Touchpoint Projection Innovations LLC v. Cloudflare Inc
I. Executive Summary and Procedural Information
- Parties & Counsel:
- Plaintiff: Touchpoint Projections Innovations, LLC (Wyoming)
- Defendant: Cloudflare, Inc. (Texas)
- Plaintiff’s Counsel: Garteiser Honea, PLLC
- Case Identification: 2:24-cv-00343, E.D. Tex., 05/08/2024
- Venue Allegations: Plaintiff alleges venue is proper because Defendant has a headquarters in Austin, operates points-of-presence and edge computing sites within the district, and has numerous customers using the accused services within the district, such as in Plano, Texas.
- Core Dispute: Plaintiff alleges that Defendant’s cybersecurity and DDoS protection services infringe a patent related to a network gateway that analyzes specific network protocol data to detect and react to threats.
- Technical Context: The technology concerns network security, specifically methods for mitigating Denial-of-Service (DoS) attacks by inspecting incoming data traffic at a network gateway before it reaches a target server.
- Key Procedural History: The patent was assigned from the inventors to Everis, Inc., and subsequently from Everis, Inc. to Plaintiff Touchpoint. The complaint alleges that Defendant had actual notice of the patent and its infringement since at least March 5, 2023.
Case Timeline
| Date | Event |
|---|---|
| 2009-09-04 | '089 Patent Priority Date |
| 2012-09-11 | '089 Patent Issue Date |
| 2023-03-05 | Alleged date of Defendant's notice of '089 Patent |
| 2024-05-08 | Complaint Filing Date |
II. Technology and Patent(s)-in-Suit Analysis
U.S. Patent No. 8,265,089 - "NETWORK GATEWAY WITH ENHANCED REQUESTING"
- Patent Identification: U.S. Patent No. 8,265,089, "NETWORK GATEWAY WITH ENHANCED REQUESTING," issued September 11, 2012.
The Invention Explained
- Problem Addressed: The patent describes a problem in conventional networking where a gateway, translating traffic between a connection-based network (like a WAN) and a connectionless network (like a LAN), processes large, aggregated data packets called MPDUs (multiple packet data units) (’089 Patent, col. 1:31-55). In doing so, these conventional gateways discard the MPDU's low-level header information (e.g., physical and data link layer data) after disaggregating it into smaller packets, losing potentially valuable data for security analysis (’089 Patent, col. 4:1-9; Compl. ¶45). This makes it difficult to efficiently detect sophisticated threats like distributed denial-of-service (DDoS) attacks, as prior solutions such as "scrubbing centers" slowed down all traffic (Compl. ¶41).
- The Patented Solution: The invention proposes an enhanced gateway that, instead of discarding the MPDU header data, actively "collects" and analyzes it (’089 Patent, col. 10:45-51). The gateway uses an "information dissector sub-module" to extract this low-level protocol data, which is difficult to spoof, and an "analyzer sub-module" applies rules to this data to identify threats like DoS attacks (’089 Patent, Fig. 2; col. 11:35-40; Compl. ¶¶33, 45). Based on the analysis, the gateway can take a "responsive reaction," such as selectively blocking malicious packets, regulating traffic flow, or alerting an administrator (’089 Patent, col. 10:45-51; Compl. ¶31).
- Technical Importance: This approach provided a method to detect and mitigate malicious traffic, particularly DoS attacks, based on low-level network data that conventional systems ignored, enabling a more targeted response without the broad performance degradation of prior art methods (Compl. ¶¶37, 46).
Key Claims at a Glance
- The complaint asserts independent claims 1 (a system claim) and 20 (a method claim) (Compl. ¶¶62-63).
- Independent Claim 1 requires:
- A computer communication network system comprising a source computer, an MPDU aggregating module, a connection-based network, a gateway, a receiver-side connectionless network, and a receiver computer.
- The gateway is structured to receive a first MPDU from the connection-based network and disaggregate it into smaller data units (DUs).
- The gateway is structured to collect selected network protocol data from the MPDU, where this data is included in the MPDU but not in the subsequent DUs.
- The gateway is further structured to apply a first rule to the collected data.
- The gateway is further structured to selectively make a responsive reaction based on the application of the rule.
- The complaint does not explicitly reserve the right to assert dependent claims.
III. The Accused Instrumentality
Product Identification
- Product Identification: Defendant Cloudflare's cybersecurity services, including its Denial-of-Service (DoS) protection services (the "Accused Services") (Compl. ¶56).
Functionality and Market Context
- The complaint alleges that Cloudflare's services operate by connecting customer end-users to the internet through an "edge router (a gateway)" (Compl. ¶55). This gateway receives data packets (described as MPDUs) and manages traffic to mitigate DDoS attacks (Compl. ¶¶55, 57). The complaint alleges these services are used to protect websites from being overwhelmed by malicious traffic (Compl. ¶56).
- To establish market presence within the judicial district, the complaint includes a screenshot from the website trends.builtwith.com listing 197 customers in Plano, Texas, including cinemark.com and plano.gov, that allegedly use "Cloudflare Insights" (Compl. ¶7, Fig. 1). This screenshot from trends.builtwith.com shows a table of websites with their location, tech spend, and traffic volume (Compl. ¶7, Fig. 1).
IV. Analysis of Infringement Allegations
The complaint references an infringement claim chart in Exhibit 2, which was not publicly filed with the complaint (Compl. ¶61). The following table summarizes the infringement theory for Claim 1 based on the narrative allegations provided in the body of the complaint.
'089 Patent Infringement Allegations
| Claim Element (from Independent Claim 1) | Alleged Infringing Functionality | Complaint Citation | Patent Citation |
|---|---|---|---|
| a gateway is structured... to receive the first MPDU from the connection-based network | The Accused Instrumentalities receive packets from the internet through an edge router. | ¶62 | col. 15:58-60 |
| to disaggregate the first MPDU into a plurality of smaller data units (DUs) | The edge router... disaggregates each packet into data units. | ¶62 | col. 16:1-5 |
| to collect selected network protocol data from the first MPDU, with the selected network protocol data including at least some network protocol data included in the first MPDU and not included in any of the plurality of DUs | The edge router... collects network protocol data from the packet. | ¶62 | col. 11:24-30 |
| the gateway is further structured... to apply a first rule to the selected network protocol data that has been collected by the gateway | The data units that were contained in that packet [are transmitted or not transmitted] based upon the application of one or more rules to the network protocol data. | ¶62 | col. 11:5-10 |
| the gateway is further structured... to selectively make a responsive reaction based, at least in part, upon the application of the first rule applied by the gateway | The edge router... then transmits (or does not transmit) the data units that were contained in that packet based upon the application of one or more rules. | ¶62 | col. 10:48-51 |
- Identified Points of Contention:
- Scope Questions: A central dispute may be whether Cloudflare's "edge router" functions as the claimed "gateway," which the patent describes as performing specific MPDU dissection and analysis (’089 Patent, Fig. 2). The case may turn on whether the term "gateway" is interpreted broadly as any network-to-network interface or more narrowly as a device with the specific internal modules described in the patent.
- Technical Questions: The infringement allegation hinges on whether Cloudflare's system "collects" the specific type of data required by the claim: "network protocol data included in the first MPDU and not included in any of the plurality of DUs" (’089 Patent, col. 17:15-19). This points specifically to header information that is stripped during de-encapsulation. The key factual question is what specific data Cloudflare's DoS protection service analyzes and whether it corresponds to this claimed, otherwise-discarded data.
V. Key Claim Terms for Construction
The Term: "gateway"
Context and Importance: The complaint equates this term with Cloudflare's "edge router" (Compl. ¶¶55, 62). The definition of "gateway" will be critical to determine if the accused infrastructure falls within the scope of the claims. Practitioners may focus on this term because its construction will determine whether the patent reads on modern, distributed content delivery network (CDN) architectures or is limited to the more centralized gateway architecture depicted in the patent's figures.
Intrinsic Evidence for Interpretation:
- Evidence for a Broader Interpretation: The patent provides a broad definition: "a computer or set of computer related components structured, connected and/or programmed to pass network communications from one network to another network" (’089 Patent, col. 15:15-18).
- Evidence for a Narrower Interpretation: The specification consistently describes the gateway as containing specific internal components, such as a "gateway module 150" and an "enhanced requesting module 152," which in turn contain sub-modules like an "information dissector" and an "analyzer" (’089 Patent, Fig. 2; col. 11:31-37). This may support an argument that a "gateway" must possess this specific internal structure.
The Term: "collect selected network protocol data from the first MPDU, with the selected network protocol data including at least some network protocol data included in the first MPDU and not included in any of the plurality of DUs"
Context and Importance: This term captures the core technical contribution of the invention—analyzing data that is conventionally discarded. The infringement case depends on proving that Cloudflare's system performs this specific type of data collection and analysis.
Intrinsic Evidence for Interpretation:
- Evidence for a Broader Interpretation: The claim language itself does not specify which protocol layers must be collected, potentially allowing for any data from the MPDU header.
- Evidence for a Narrower Interpretation: The patent abstract and specification repeatedly emphasize the value of "low level network protocol data (that is, physical layer and/or data link layer) that would otherwise be discarded" (’089 Patent, Abstract; col. 1:63-2:2). This repeated emphasis on low-level data could be used to argue that the "selected network protocol data" is limited to this specific type of information, which is uniquely part of the MPDU header and not the constituent packets.
VI. Other Allegations
- Indirect Infringement: The complaint alleges inducement by "aiding and abetting consumer end-users to use the Accused Instrumentalities" and "providing instructions to consumer end-users for using those components" (Compl. ¶¶70-71). The specific facts alleged are that Cloudflare sells the services and provides the necessary components and instructions for their normal use, which allegedly constitutes direct infringement by the end-users (Compl. ¶¶69-70).
- Willful Infringement: Willfulness is alleged based on pre-suit knowledge of the patent since "at least March 5, 2023" (Compl. ¶17). The complaint further alleges that despite this knowledge, Defendant "has made no effort to alter its services or otherwise attempt to design around the claims... in order to avoid infringement" (Compl. ¶66).
VII. Analyst’s Conclusion: Key Questions for the Case
- A question of architectural equivalence: Does the architecture of Cloudflare’s distributed "edge router" network correspond to the claimed "gateway," or can Cloudflare distinguish its system as fundamentally different from the more centralized gateway structure described and depicted in the '089 patent?
- A key evidentiary question of technical operation: What specific data does Cloudflare's DDoS protection service actually analyze? The case will likely require a deep technical dive to determine if Cloudflare's system "collects" and uses the specific low-level MPDU header data that the patent identifies as its point of novelty, or if it relies on other, more conventional forms of traffic analysis.
- A question of claim scope: Will the term "collect selected network protocol data... not included in any of the plurality of DUs" be construed narrowly to mean only the specific low-level physical/data link layer information emphasized in the patent's specification, or more broadly to cover other types of header information, potentially altering the infringement analysis.