DataCloud Tech LLC v. Palo Alto Networks Inc

I. Executive Summary and Procedural Information

• Parties & Counsel:
  • Plaintiff: DataCloud Technologies, LLC (Georgia)
  • Defendant: Palo Alto Networks, Inc. (Delaware)
  • Plaintiff’s Counsel: Rozier Hardt McDonough PLLC
• Case Identification: 2:24-cv-00482, E.D. Tex., 07/02/2024
• Venue Allegations: Plaintiff alleges venue is proper in the Eastern District of Texas based on Defendant maintaining a regular and established place of business in Plano, Texas, and having committed acts of infringement within the district.
• Core Dispute: Plaintiff alleges that Defendant’s virtualized firewalls, network infrastructure, administrative tools, and other software solutions infringe six patents related to network data management, communication security, remote access, and cross-platform program scheduling.
• Technical Context: The patents-in-suit relate to foundational concepts in network security, data organization, and remote administration, technologies that are central to the enterprise cybersecurity market.
• Key Procedural History: The complaint alleges that Defendant was notified of Plaintiff's patent portfolio, including the asserted patents, by letter on December 8, 2022, a fact that may be relevant to allegations of willful infringement. An inter partes review of U.S. Patent No. 6,560,613 resulted in the cancellation of several claims, though not the specific dependent claim asserted in this complaint.

Case Timeline

Date	Event
2000-01-28	Earliest Priority Date (’063 Patent)
2000-02-08	Earliest Priority Date (’613 Patent)
2000-04-04	Earliest Priority Date (’959 and ’457 Patents)
2000-04-25	Earliest Priority Date (’499 Patent)
2002-03-29	Earliest Priority Date (’298 Patent)
2003-05-06	’613 Patent Issued
2003-11-18	’063 Patent Issued
2007-04-24	’959 Patent Issued
2008-07-08	’298 Patent Issued
2012-04-10	’499 Patent Issued
2013-02-05	’457 Patent Issued
2022-12-08	Defendant allegedly informed of patent portfolio
2024-07-02	Complaint Filing Date

II. Technology and Patent(s)-in-Suit Analysis

U.S. Patent No. 6,560,613 - “Disambiguating File Descriptors”

• Issued: May 6, 2003

The Invention Explained

• Problem Addressed: The patent’s background section describes a shortcoming in operating systems like UNIX, where the same system calls are used to access different types of file-like objects, such as files stored on physical media (e.g., a hard disk) and communication channels (e.g., network sockets) (ʼ613 Patent, col. 2:26-34, 53-58). This makes it difficult to selectively intercept system calls for security or customization purposes for only one type of object without unintentionally affecting the other (ʼ613 Patent, col. 3:9-25).
• The Patented Solution: The invention proposes a method to distinguish between these different file types at the operating system level. It intercepts system calls that create a file descriptor for a specific file type and stores an "indicator" in a table that associates the descriptor with that type. Subsequently, when any process attempts to access a file via a descriptor, a "system call wrapper" can first check the indicator table to determine the file's type and then decide whether to execute alternative code or allow the default system call to proceed. (’613 Patent, Abstract; col. 4:1-6). Figure 3 illustrates the process for a file stored on media. (’613 Patent, Fig. 3).
• Technical Importance: This technique allowed for more granular control over operating system behavior, enabling enhanced security policies and customized functionality in server environments where processes might need to be restricted from accessing certain types of resources. (Compl. ¶22).

Key Claims at a Glance

• The complaint asserts at least dependent Claim 12, which relies on independent method Claim 8. (’613 Patent, col. 16:5-24; Compl. ¶27).
• Independent Claim 8 includes the following essential elements:
  • A method for disambiguating file descriptors.
  • Intercepting system calls that establish a file stored on media.
  • Storing at least one indicator that a file descriptor established by an intercepted system call is associated with a file stored on media, with the indicator being stored in a table.
  • Examining at least one stored indicator to determine with what file type a file descriptor is associated.

U.S. Patent No. 6,651,063 - “Data Organization And Management System And Method”

• Issued: November 18, 2003

The Invention Explained

• Problem Addressed: The patent addresses the problem of information overload for consumers and businesses, who lack efficient, centralized systems for organizing product manuals, warranties, and other updates. Existing methods require users to manually create categories and file information, which is cumbersome and often neglected. (’063 Patent, col. 1:16-44).
• The Patented Solution: The invention describes a system where an information "provider" sends an "information pack" to a recipient's "user data repository." The information pack is pre-tagged with a "category identifier," allowing it to be automatically filed in a pre-defined location. The user can then create a "custom location" and, through a feedback mechanism, instruct the system (or provider) to automatically route future information packs from the same provider to that new custom location. (’063 Patent, Abstract; col. 4:7-24).
• Technical Importance: This system shifts the initial burden of data organization from the recipient to the provider, aiming to streamline information management for end-users. (Compl. ¶33).

Key Claims at a Glance

• The complaint asserts at least dependent Claim 4, which relies on independent system Claim 1. (Compl. ¶38).
• Independent Claim 1 includes the following essential elements:
  • Means for users to provide a user destination address to information providers.
  • Categorizing means for providers to associate an information pack with a category identifier and a provider identifier.
  • Means for the provider to send the information pack to a user's data repository.
• The complaint explicitly reserves the right to assert other claims.

U.S. Patent No. 7,209,959 - “Apparatus, System, And Method For Communicating To A Network Through A Virtual Domain Providing Anonymity To A Client Communicating On The Network”

• Issued: April 24, 2007
• Technology Synopsis: The patent describes a system to anonymize a client’s network communications by routing traffic through an intermediary "forwarder." A "controller" manages the session, providing the client with the forwarder's IP address instead of the true destination's IP address, such that neither the client nor the destination server is aware of the other's true identity. (’959 Patent, Abstract).
• Asserted Claims: At least Claim 1 (Compl. ¶48).
• Accused Features: The complaint accuses Palo Alto Networks’ systems for supporting multiple domain names on the same website infrastructure, alleging that a firewall acts as the claimed "controller" and a front-end server switch acts as the "forwarder" to manage and anonymize traffic between a client and a destination server (Compl. ¶¶47-48).

U.S. Patent No. 7,398,298 - “Remote Access And Retrieval Of Electronic Files”

• Issued: July 8, 2008
• Technology Synopsis: The patent discloses a system for remotely managing data directory structures via a computing application on a server. The system uses a "profile data store" that contains information on user permissions, which is queried to determine which directory structures a participating user is authorized to access and modify. (’298 Patent, Abstract).
• Asserted Claims: At least Claim 13 (Compl. ¶58).
• Accused Features: The complaint accuses Palo Alto Networks’ web-based tools for creating and configuring user accounts. It alleges that the "Firewall Administrator Account dashboard" functions as the claimed "management computing application" and a secure database serves as the "profile data store" for managing user roles and permissions. (Compl. ¶¶57-58).

U.S. Patent No. 8,156,499 - “Methods, Systems And Articles Of Manufacture For Scheduling Execution Of Programs On Computers Having Different Operating Systems”

• Issued: April 10, 2012
• Technology Synopsis: The patent addresses scheduling tasks in a distributed system with heterogeneous operating systems. A central "scheduling computer" directs a first computer to execute a program, receives a result, and if the result meets a specified criterion, it schedules a second program to execute on a second computer that has a different operating system. (’499 Patent, Abstract).
• Asserted Claims: At least Claim 1 (Compl. ¶68).
• Accused Features: The complaint accuses Palo Alto Networks’ web-based scheduler for firewall software updates. It alleges that the "Strata Cloud Manager" acts as the "scheduling computer" that, upon determining an update is needed on a first device, schedules the update process on a second computer or device. (Compl. ¶¶67-68).

U.S. Patent No. 8,370,457 - “Network Communication Through A Virtual Domain”

• Issued: February 5, 2013
• Technology Synopsis: The technology involves a network gateway that establishes a "forwarding internet protocol (IP) address" for a predefined combination of a client IP and destination IP. When the gateway identifies a data request matching this combination, it forwards the request using the specially established forwarding address, a method related to Network Address Translation (NAT). (’457 Patent, Abstract).
• Asserted Claims: At least Claim 9 (Compl. ¶78).
• Accused Features: The complaint accuses "Palo Alto firewalls solutions," specifically alleging that their advanced firewall settings that translate source IP addresses for traffic going to a destination IP subnet perform the claimed method (Compl. ¶¶77-78).

III. The Accused Instrumentality

Product Identification

• The complaint names several categories of accused products and services: "VM-Series gateways," the "Palo Alto Networks Android app," "Palo Alto Networks website infrastructure," "Palo Alto configuration tools," the "Palo Alto update scheduler," and "Palo Alto firewalls solutions" (Compl. ¶18).

Functionality and Market Context

• The accused instrumentalities collectively represent Defendant's enterprise network security platform. The complaint specifically identifies the VM-Series Virtualized Next-Generation Firewalls as products that serve as an "internet gateway to protect web-facing applications from known and unknown threats" (Compl. p. 7). This visual, from a product datasheet, describes the use of the VM-Series in an IBM Cloud deployment (Compl. p. 7). Other accused functionalities include the KVM virtualization technology underlying the firewalls, an Android application, web-based administrator tools for user and role management, a scheduler for software updates, and advanced firewall settings for routing and address translation (Compl. ¶¶28, 37, 47, 57, 67, 78). The complaint alleges these products are used for networking solutions and security (Compl. ¶17).

IV. Analysis of Infringement Allegations

’613 Patent Infringement Allegations

Claim Element (from Independent Claim 8)	Alleged Infringing Functionality	Complaint Citation	Patent Citation
intercepting system calls that establish a file stored on media;	KVM virtualization technology employs disambiguation of file descriptors (files/sockets/pipes) that are used in shadowed I/O system call routines by intercepting them.	¶28	col. 5:17-21
storing at least one indicator that a file descriptor established by an intercepted system call is associated with a file stored on media...in a table; and	The process stores related indicators (e.g., reference to images).	¶28	col. 4:1-6
examining at least one stored indicator to determine with what file type a file descriptor is associated.	The process examines those stored indicators to determine the associated file type.	¶28	col. 5:31-35

• Identified Points of Contention:
  • Scope Questions: Claim 8 requires "intercepting system calls that establish a file stored on media." The patent specification consistently distinguishes files "stored on media" from "communication channels" (e.g., sockets). A central question may be whether the accused KVM technology, which allegedly intercepts I/O calls for "files/sockets/pipes," meets this specific limitation, or if the claim is limited to traditional files on disk. The assertion of dependent Claim 12, which introduces "communication channel," further complicates the scope of the base claim.
  • Technical Questions: The complaint alleges that KVM technology stores "related indicators" and examines them to determine file type. A key factual question will be what evidence supports that these actions correspond to the claimed method of storing and examining indicators in a table specifically to disambiguate file types for selective system call interception.

’063 Patent Infringement Allegations

The complaint does not provide sufficient detail to map the functionality of the accused Palo Alto Networks Android app to the specific elements of the asserted claims. Paragraph 38 largely recites the language of Claim 4 without identifying corresponding features of the accused product.

• Identified Points of Contention:
  • Evidentiary Questions: The complaint offers no factual allegations describing how the accused Android app functions. The primary issue will be whether Plaintiff can produce any evidence that the app performs the complex method of Claim 4, which includes creating user data repositories, managing information packs with provider and category identifiers, and enabling custom categorization with feedback to a central processing station.
  • Technical Questions: It raises the question of whether the fundamental purpose of the accused app (identified by its URL as GlobalProtect, a security/VPN client) aligns with the patent’s description of a "data organization and management system." The asserted infringement theory may rest on a fundamental mismatch in the nature of the technologies.

V. Key Claim Terms for Construction

’613 Patent

• The Term: "file stored on media"
• Context and Importance: This term appears in the first step of independent claim 8. Its construction is critical because the accused technology allegedly manages a broader set of file-like objects, including network sockets and pipes. If the term is construed narrowly, it may not read on the full scope of the accused functionality.
• Intrinsic Evidence for Interpretation:
  • Evidence for a Broader Interpretation: The patent states a general goal of allowing "any process to disambiguate file descriptors" (’613 Patent, col. 5:24-25), which could suggest the specific examples are not limiting.
  • Evidence for a Narrower Interpretation: The specification explicitly and repeatedly contrasts a "file descriptor that is associated with a file stored on media (e.g. hard disk, optical disk, random access memory)" with a "file descriptor that is associated with a communication channel" (’613 Patent, col. 2:30-34). This provides strong support for a construction where the two are distinct and mutually exclusive categories.

’063 Patent

• The Term: "information pack"
• Context and Importance: This term is the central object that is stored, categorized, and managed by the claimed system. Whether any data transmission performed by the accused Android app constitutes an "information pack" will be a dispositive issue for infringement.
• Intrinsic Evidence for Interpretation:
  • Evidence for a Broader Interpretation: The term could be argued to cover any structured data object that contains content along with metadata for routing and identification.
  • Evidence for a Narrower Interpretation: The patent’s detailed description and figures define an "information pack" as containing "Static Information," "Dynamic Information," a "Category Identifier," and a "Provider Identifier" (e.g., ’063 Patent, Fig. 1, item 18). The examples provided, such as prescription drug information and car warranty manuals, suggest a specific type of structured consumer or business information, not merely any network data packet.

VI. Other Allegations

• Indirect Infringement: The complaint makes a passing reference to inducement in its jurisdictional allegations (Compl. ¶12) but does not plead specific facts in the infringement counts to support a claim for indirect infringement, such as alleging that Defendant's user manuals instruct customers to perform the claimed methods.
• Willful Infringement: The complaint alleges that Defendant had pre-suit knowledge of the asserted patents as of a letter dated December 8, 2022 (Compl. ¶19). This allegation forms the basis for a potential claim of willful infringement.

VII. Analyst’s Conclusion: Key Questions for the Case

• A central issue will be one of evidentiary sufficiency and pleading specificity: For several asserted patents, particularly the ’063 patent, the complaint recites claim language without providing corresponding factual allegations about how the accused products operate. This raises a key threshold question of whether infringement has been plausibly alleged or if the allegations are merely conclusory.
• A second core issue will be one of definitional scope: The case may turn on whether terms from patents filed over two decades ago—such as "file stored on media" (’613 Patent) or an "information pack" for organizing consumer data (’063 Patent)—can be construed to encompass the integrated functions of modern, sophisticated network security and virtualization platforms.
• A third key question will be one of technological congruence: The infringement theories appear to map patent claims for discrete, specific functions (e.g., disambiguating file types, scheduling cross-OS tasks) onto broad, multi-functional enterprise security products. A critical inquiry will be whether the accused products actually perform the specific, claimed methods or if there is a fundamental mismatch between the patented inventions and the real-world operation of the accused platform.