UMBRA Tech Ltd Uk v. Fortinet Inc

I. Executive Summary and Procedural Information

• Parties & Counsel:
  • Plaintiff: UMBRA Technologies Ltd. (UK) (British Virgin Islands) & UMBRA Technologies (US) Inc. (Delaware)
  • Defendant: Fortinet, Inc. (Delaware)
  • Plaintiff’s Counsel: Devlin Law Firm LLC
• Case Identification: 2:25-cv-00329, E.D. Tex., 04/02/2025
• Venue Allegations: Plaintiff alleges venue is proper in the Eastern District of Texas because Defendant Fortinet maintains multiple regular and established places of business in the district, including facilities in Plano and Frisco, Texas.
• Core Dispute: Plaintiff alleges that Defendant’s network virtualization and security products infringe five patents related to secure network optimization, multi-perimeter firewalls, and advanced routing in global virtual networks.
• Technical Context: The technology concerns software-defined wide-area networking (SD-WAN) and cloud-based security, which aim to improve the performance, security, and efficiency of large, geographically distributed computer networks.
• Key Procedural History: The complaint notes that U.S. Patent No. 10,574,482 was previously asserted against VMware, Inc. (dismissed) and is currently asserted against Cisco Systems, Inc. (stayed) and Juniper Networks, Inc. (pending). A petition for Inter Partes Review of the ’482 patent, filed by Cisco, was denied institution by the Patent Trial and Appeal Board. U.S. Patent Nos. 11,799,687 and 12,160,328 are also asserted in the pending Juniper case.

Case Timeline

Date	Event
2014-12-08	’105 Patent Priority Date
2015-04-07	’482, ’256, ’687, ’328 Patents Priority Date
2020-02-25	’482 Patent Issued
2020-05-19	’256 Patent Issued
2022-11-15	’105 Patent Issued
2023-10-24	’687 Patent Issued
2024-12-03	’328 Patent Issued
2025-02-18	Defendant waived service in related UMBRA v. Juniper case
2025-04-02	Complaint Filing Date

II. Technology and Patent(s)-in-Suit Analysis

U.S. Patent No. 10,574,482: “MULTI-PERIMETER FIREWALL IN THE CLOUD” (issued Feb. 25, 2020)

The Invention Explained

• Problem Addressed: The patent’s background section states that a firewall has "traditionally been placed at the edge between one network such as a local area network (LAN) and another network such as an uplink to a broader network," a placement that is limiting for modern cloud-based or virtualized networks (Compl. ¶14; ’482 Patent, col. 5:60-65).
• The Patented Solution: The invention proposes a distributed, multi-perimeter firewall system within a virtual network. The system comprises multiple firewalls associated with different network access points that can communicate and exchange threat information, such as heuristic patterns or signatures of known threats, potentially via a central control server (’482 Patent, col. 2:50-58, Abstract). This allows for coordinated threat response and the use of different inspection techniques (e.g., stateful vs. deep-packet) at different perimeters.
• Technical Importance: This approach seeks to improve security in decentralized network architectures like SD-WAN by moving firewall functions into the cloud, enabling scalable, collaborative threat detection that is not tied to a single physical network boundary (Compl. ¶11-12).

Key Claims at a Glance

• The complaint does not identify specific claims asserted against the accused products, instead referencing an analysis in an unprovided exhibit (Compl. ¶27). For illustrative purposes, independent claim 1 is analyzed below.
• Claim 1 of the ’482 patent recites essential elements including:
  • An egress ingress point device, first and second access point servers, and an endpoint device forming a network system.
  • A first perimeter firewall performing stateful packet inspection (SPI) to prevent traffic from passing from the first to the second access point server.
  • A second perimeter firewall performing deep packet inspection (DPI) to prevent traffic from passing from the second access point server to the endpoint device.
  • A specific requirement that the DPI is performed on a "cloned copy of traffic" that flows through the second perimeter firewall.
• The complaint reserves the right to amend its infringement contentions (Compl. ¶27).

U.S. Patent No. 10,659,256: “SYSTEM AND METHOD FOR VIRTUAL INTERFACES AND ADVANCED SMART ROUTING IN A GLOBAL VIRTUAL NETWORK” (issued May 19, 2020)

The Invention Explained

• Problem Addressed: The patent describes a lack of control over data routes across the public internet, as traffic paths rely on the policies of various "middle players on the internet" that carry the traffic, which can lead to poor performance (Compl. ¶15; ’256 Patent, col. 2:23-26).
• The Patented Solution: The invention introduces the use of "virtual interfaces" (VIFs) that serve as logical "hook points" for multiple network tunnels (’256 Patent, col. 1:20-23). An endpoint device and an access point server each use a VIF as a logical access point for tunnels between them. This architecture allows for advanced or "smart" routing decisions to be made at the VIF level, improving quality of service and network performance in a global virtual network (GVN) (’256 Patent, Abstract; Compl. ¶15).
• Technical Importance: This VIF-based architecture provides a more flexible and intelligent way to manage traffic in an SD-WAN environment, moving beyond simple point-to-point tunnels to a system that can dynamically manage multiple paths to optimize performance (Compl. ¶11).

Key Claims at a Glance

• The complaint does not identify specific claims asserted against the accused products, instead referencing an analysis in an unprovided exhibit (Compl. ¶34). For illustrative purposes, independent claim 1 is analyzed below.
• Claim 1 of the ’256 patent recites essential elements including:
  • An endpoint device comprising a tunnel manager and a first virtual interface.
  • An access point server comprising at least one tunnel listener and a second virtual interface.
  • One or more communication paths or tunnels connecting the tunnel manager and the tunnel listener.
  • The first and second virtual interfaces provide a logical point of access to the tunnels.
• The complaint reserves the right to amend its infringement contentions (Compl. ¶34).

---

• Multi-Patent Capsule: U.S. Patent No. 11,503,105

  • Patent Identification: U.S. Patent No. 11,503,105, “SYSTEM AND METHOD FOR CONTENT RETRIEVAL FROM REMOTE NETWORK REGIONS,” issued Nov. 15, 2022.
  • Technology Synopsis: The patent addresses the problem of slow speeds and low bandwidth when retrieving content from remote server locations due to a lack of control over the network path (Compl. ¶16). The solution involves using a combination of "smart-routing and point to multi-point topology" to enable multiple, concurrent, and secure data streams from different regions (’105 Patent, col. 2:1-21).
  • Asserted Claims: The complaint does not specify which claims are asserted (Compl. ¶41).
  • Accused Features: The complaint accuses Fortinet products and services, identified in an unprovided exhibit, of infringing the patent (Compl. ¶40).

• Multi-Patent Capsule: U.S. Patent No. 11,799,687

  • Patent Identification: U.S. Patent No. 11,799,687, “SYSTEM AND METHOD FOR VIRTUAL INTERFACES AND ADVANCED SMART ROUTING IN A GLOBAL VIRTUAL NETWORK,” issued Oct. 24, 2023.
  • Technology Synopsis: The complaint states this patent is in the same family and has a matching specification as the ’256 Patent (Compl. ¶15). The technology, as described in Section II above, involves using VIFs as logical hook points for multiple network tunnels to enable advanced smart routing and improve network quality of service.
  • Asserted Claims: The complaint does not specify which claims are asserted (Compl. ¶48).
  • Accused Features: The complaint accuses Fortinet products and services, identified in an unprovided exhibit, of infringing the patent (Compl. ¶47).

• Multi-Patent Capsule: U.S. Patent No. 12,160,328

  • Patent Identification: U.S. Patent No. 12,160,328, “MULTI-PERIMETER FIREWALL IN THE CLOUD,” issued Dec. 3, 2024.
  • Technology Synopsis: The complaint states this patent is in the same family and has a matching specification as the ’482 Patent (Compl. ¶14). The technology, as described in Section II above, relates to a distributed, multi-perimeter firewall system for cloud/virtualized networks that allows for workload distribution and threat information sharing.
  • Asserted Claims: The complaint does not specify which claims are asserted (Compl. ¶55).
  • Accused Features: The complaint accuses Fortinet products and services, identified in an unprovided exhibit, of infringing the patent (Compl. ¶54).

III. The Accused Instrumentality

• Product Identification: The complaint generally identifies the accused instrumentalities as "Fortinet systems and methods, including one or more hardware and software products for network virtualization and related services" (Compl. ¶26, ¶33, ¶40, ¶47, ¶54). Specific products are allegedly identified in Exhibits 6-10, which were not filed with the complaint.
• Functionality and Market Context: The complaint alleges that Fortinet implements its products and services in "virtualized network architectures" that utilize the patented inventions to provide convenience and efficiency for its customers (Compl. ¶13). The allegations target technologies related to SD-WAN, virtual networks, and cloud-based security, suggesting the accused instrumentalities are part of Fortinet's Secure SD-WAN, FortiGate, or related network security and management platforms.
• No probative visual evidence provided in complaint.

IV. Analysis of Infringement Allegations

The complaint references claim chart exhibits for each patent-in-suit but these exhibits were not provided. The following analysis is based on the narrative infringement theories presented in the complaint.

• ’482 Patent Infringement Allegations (Prose Summary): The complaint alleges that Fortinet’s products directly infringe by implementing a "multi-perimeter firewall system in a cloud/virtualized network" (Compl. ¶14). The core of this allegation is that Fortinet’s network virtualization products distribute firewall functions across multiple points in a network and enable the sharing of threat information between them, thereby resolving the limitations of traditional, single-perimeter firewalls as described in the patent (Compl. ¶14).

• ’256 Patent Infringement Allegations (Prose Summary): The complaint alleges that Fortinet’s products infringe by operating a network system that connects devices via a "global virtual network" using virtual interfaces and advanced smart routing (Compl. ¶15). The narrative theory suggests that Fortinet's products use software-defined structures equivalent to the claimed "virtual interfaces (VIFs)" to act as "hook points for multiple network tunnels," which improves network performance and user experience by intelligently routing traffic (Compl. ¶15).

• Identified Points of Contention:

  • Scope Questions: A central question for the ’482 and ’328 patents may be whether Fortinet’s distributed security features constitute a “multi-perimeter firewall” as contemplated by the patent, and what level of communication is required to meet the element of sharing "threat information." For the ’256 and ’687 patents, a dispute may arise over whether the software constructs in Fortinet’s products for managing network tunnels function as a “virtual interface” that serves as a “logical point of access” in the manner claimed.
  • Technical Questions: For the ’482 patent, a key technical question is whether the accused products perform deep packet inspection on a “cloned copy of traffic,” as recited in claim 1. For the ’256 patent, the dispute may focus on whether Fortinet's routing decisions are merely based on general network conditions or if they are tied to a specific VIF structure that acts as a "hook point" for those decisions, as the patent describes.

V. Key Claim Terms for Construction

The complaint does not provide sufficient detail to analyze claim construction disputes for specifically asserted claims. However, based on the technology and representative claim 1 of the lead patents, the following terms may be central to the case.

For the ’482 Patent:

• The Term: "threat information"
• Context and Importance: The claim requires that the first and second firewalls "share threat information." The definition of this term will be critical to determining whether routine status updates or operational data exchanged between Fortinet’s security components meet this limitation, or if more specific data like malware signatures or attack vectors is required.
• Intrinsic Evidence for Interpretation:
  • Evidence for a Broader Interpretation: The specification provides a list of what threat information may include, suggesting the term is not exhaustive: "heuristic patterns, signatures of known threats, known malicious source IP addresses, or attack vectors" (’482 Patent, col. 2:55-58).
  • Evidence for a Narrower Interpretation: The detailed description focuses on specific types of threats like "a search string, a known virus signature or a heuristic signature indicative of a virus, malware patterns," which could support an argument that "threat information" requires more than just generalized security alerts (’482 Patent, col. 9:24-28).

For the ’256 Patent:

• The Term: "virtual interface"
• Context and Importance: The patentability of the claims hinges on the structure and function of the "virtual interface" as a novel improvement over standard network tunnels. Practitioners may focus on this term because its construction will determine whether Fortinet's software-defined routing and tunnel management architecture reads on the claims, or if it is merely a conventional implementation.
• Intrinsic Evidence for Interpretation:
  • Evidence for a Broader Interpretation: The claims define the VIF by its function: providing a "logical point of access to the one or more tunnels" (’256 Patent, Claim 1). This functional language may support a broader construction covering any software abstraction layer that manages tunnels.
  • Evidence for a Narrower Interpretation: The specification repeatedly describes VIFs as "hook points for multiple network tunnels" and for "shifting of time and resource intensive operations" (’256 Patent, col. 1:20-23). An argument could be made that a VIF must be a specific structural element to which multiple, distinct operations are offloaded, not just a general tunnel endpoint.

VI. Other Allegations

• Indirect Infringement: The complaint does not allege specific facts to support knowledge or intent for claims of indirect infringement.
• Willful Infringement: The complaint does not contain specific factual allegations to support a claim of willful infringement. However, the prayer for relief includes a request for a declaration that the case is "exceptional under 35 U.S.C. § 285," which is often associated with findings of willful infringement or litigation misconduct (Compl. p. 14).

VII. Analyst’s Conclusion: Key Questions for the Case

1. Evidentiary Proof: With infringement allegations hinging on unprovided exhibits, a primary hurdle for the Plaintiff will be one of evidentiary demonstration. The case will likely depend on discovery to establish whether the internal operations of Fortinet's complex networking products map onto the specific architectural and functional limitations recited in the patent claims.
2. Definitional Scope: The dispute will likely focus on claim construction, particularly whether Fortinet’s implementation of distributed security policies constitutes "sharing threat information" between distinct "perimeters" (’482 patent), and whether its method of managing network paths qualifies as a "virtual interface" acting as a "logical hook point" (’256 patent), or if these are simply new labels for conventional networking concepts.
3. Impact of Prior PTAB Decision: A key legal question will be the persuasive weight of the PTAB's denial to institute an IPR on the ’482 patent. While not binding, Plaintiff may argue that the denial, which found the petitioner did not show a reasonable likelihood of prevailing, reinforces the patent's presumption of validity against invalidity challenges.