AttestWave LLC v. Cortado Mobile Solutions GmbH

I. Executive Summary and Procedural Information

• Parties & Counsel:
  • Plaintiff: AttestWave LLC (Delaware)
  • Defendant: Cortado Mobile Solutions GmbH (Germany)
  • Plaintiff’s Counsel: Rabicoff Law LLC
• Case Identification: 2:24-cv-00928, E.D. Tex., 11/13/2024
• Venue Allegations: Plaintiff alleges venue is proper because Defendant has an established place of business in the Eastern District of Texas and has committed acts of infringement there.
• Core Dispute: Plaintiff alleges that Defendant’s mobile solutions products infringe a patent related to ensuring trusted software operation over a network by interlocking application logic with a cryptographic signaling mechanism.
• Technical Context: The technology addresses the challenge of verifying that software on a client machine is operating correctly and has not been tampered with, a key issue in network security, mobile device management, and preventing denial-of-service attacks.
• Key Procedural History: The complaint does not mention any prior litigation, inter partes review (IPR) proceedings, or licensing history related to the patent-in-suit.

Case Timeline

II. Technology and Patent(s)-in-Suit Analysis

U.S. Patent No. 7,895,643 - Secure logic interlocking

• Patent Identification: U.S. Patent No. 7,895,643, "Secure logic interlocking," issued February 22, 2011.

The Invention Explained

• Problem Addressed: In computer networks, it is difficult to ensure that software on an end-user's device is operating as intended and not misusing network resources, as users typically have access to and can modify the software on their own stations ('643 Patent, col. 2:30-38). This creates vulnerabilities to problems like denial-of-service attacks and circumvention of service agreements ('643 Patent, col. 1:16-22).
• The Patented Solution: The invention proposes a system that "interlocks" a primary software function (e.g., transmitting data packets) with a secondary, cryptographic function that generates an unpredictable signal ('643 Patent, col. 2:8-14). A separate network element, such as a firewall, acts as a checker; it has a copy of the signal generator and can verify the signal embedded in data packets. If the signal is valid, the checker can trust that the original software has not been tampered with and is operating according to its defined rules ('643 Patent, col. 2:14-19; Fig. 1). This creates a "trusted flow" of communication that can be given preferential treatment ('643 Patent, col. 2:64-66).
• Technical Importance: The technology provides a mechanism for a network to verify the integrity of a program running on a remote, untrusted machine, creating a basis for providing differentiated services or enhanced security. ('643 Patent, col. 5:36-41).

Key Claims at a Glance

The complaint does not specify which claims of the '643 Patent are asserted, stating only that Defendant infringes "one or more claims" (Compl. ¶11). Independent claim 1 is representative of the system claimed by the patent.

• Independent Claim 1:
  • An "integrated combination of computer software program" comprising a "software application logic module" and an "operation assurance logic module."
  • "storage for the integrated computer software program."
  • A "controller" for executing the integrated program.
  • Wherein, during execution, "unique security tags" are generated by the operation assurance logic module "only when the integrated software computer program is executed and has not been tampered with."
  • An "associated operational checking logic" for validating the unique security tags to confirm the program was not tampered with.

III. The Accused Instrumentality

Product Identification

• The complaint does not identify specific accused products in its main body. It refers to "Exemplary Defendant Products" that are purportedly identified in an "Exhibit 2" (Compl. ¶11, ¶16), but this exhibit was not filed with the complaint.

Functionality and Market Context

• The complaint does not provide sufficient detail for analysis of the accused instrumentality's functionality or market context. Defendant Cortado Mobile Solutions GmbH is a provider of enterprise mobility and mobile device management solutions (Compl. ¶3).

IV. Analysis of Infringement Allegations

The complaint’s infringement allegations are not detailed in the body of the document. Instead, the complaint incorporates by reference "claim charts of Exhibit 2," which was not provided (Compl. ¶17). The narrative infringement theory alleges that Defendant’s products "practice the technology claimed by the '643 Patent" and "satisfy all elements of the Exemplary '643 Patent Claims" (Compl. ¶16). The complaint alleges direct infringement through Defendant's own making, using, and selling of the products, as well as testing by its employees (Compl. ¶11-12).

No probative visual evidence provided in complaint.

• Identified Points of Contention: Lacking specific factual allegations or claim charts, any points of contention are speculative but would likely arise from the core technical requirements of the asserted claims.
  • Scope Questions: A central question will concern the scope of "integrated combination." The infringement analysis will likely depend on whether the defendant's software architecture, which may consist of distinct modules, constitutes the "interlocking" and "inseparable" combination described in the patent ('643 Patent, col. 4:22-24).
  • Technical Questions: A key factual dispute may be whether the accused products generate "unique security tags" that are functionally equivalent to the patent's cryptographically-generated, unpredictable signals ('643 Patent, Abstract). The analysis will question whether any identifiers used by the defendant's products serve the same integrity-verifying purpose as the claimed tags. Further, it raises the question of whether the accused system includes a corresponding "operational checking logic" to validate these specific tags.

V. Key Claim Terms for Construction

The complaint does not provide sufficient detail for a definitive analysis of claim construction disputes. However, based on the patent's technology, the following terms from independent claim 1 are likely to be critical.

• The Term: "integrated combination"

• Context and Importance: This term is foundational to the claim, defining the core structure of the allegedly inventive software. The patent's validity and the infringement analysis may hinge on whether this term requires a single, monolithic executable or if it can read on separate but functionally linked software modules. Practitioners may focus on this term because the patent repeatedly emphasizes "interlocking" components to make them "inseparable" ('643 Patent, col. 4:22-24).

• Intrinsic Evidence for Interpretation:

  • Evidence for a Broader Interpretation: The specification describes the invention as "processing logic modules... into a unique functionality" and "taking logic modules... and transforming them into a hidden program by integrating modules to execute together," which might suggest that the starting point is separate modules ('643 Patent, Abstract).
  • Evidence for a Narrower Interpretation: The specification states that a goal is to "combine[] many programs together so that they are inseparable" and uses the term "interlocking mechanism" ('643 Patent, col. 4:21-25). This language, along with descriptions of "obfuscation" and making software "unreadable and 'non-modifiable'" ('643 Patent, col. 3:39-41), could support a narrower construction requiring a single, tightly-bound software entity that is difficult to reverse engineer.

• The Term: "unique security tags"

• Context and Importance: The generation and validation of these tags is the primary mechanism for verifying software integrity. The dispute will likely center on what level of "uniqueness" and "security" is required.

• Intrinsic Evidence for Interpretation:

  • Evidence for a Broader Interpretation: The term "tag" is general, and the claims do not specify the exact cryptographic method. This could allow the term to cover a wide range of digital identifiers or signals.
  • Evidence for a Narrower Interpretation: The abstract describes generating "security signals, which are unpredictable by observers, such as a pseudo random sequence of security signals" ('643 Patent, Abstract). The specification further links the signals to a "cryptographic pseudo-random generator" ('643 Patent, col. 2:12-13). This suggests the tags must be more than just a simple identifier; they must be cryptographically generated and unpredictable to an outside party.

VI. Other Allegations

• Indirect Infringement: The complaint alleges induced infringement, stating that Defendant sells its products to customers and provides "product literature and website materials" that instruct end users on how to use the products in an infringing manner (Compl. ¶14-15).
• Willful Infringement: The complaint asserts that the filing of the complaint itself provides Defendant with "actual knowledge of infringement" (Compl. ¶13). It alleges that any continued infringement after service of the complaint is knowing, intentional, and willful (Compl. ¶15). No allegations of pre-suit knowledge are made.

VII. Analyst’s Conclusion: Key Questions for the Case

• An Evidentiary Question of Technical Operation: The complaint’s complete reliance on an unfiled exhibit means the primary question is whether Plaintiff can produce evidence that the accused mobile solutions products actually perform the functions recited in the patent. Specifically, does the accused software contain an "integrated" application and "operation assurance logic" that generates "unique security tags," and is there a corresponding component that checks these tags to verify software integrity?
• A Definitional Question of Claim Scope: Assuming Plaintiff can present some evidence of a tag-based security system, a core legal issue will be the construction of "integrated combination." The case may turn on whether this term requires a single, obfuscated, and inseparable software program as described in the patent's preferred embodiments, or if it can be construed more broadly to cover separate software components that communicate to perform a security function.