DCT
2:25-cv-01121
Congruent Media Resourcing LLC v. Palo Alto Networks Inc
Key Events
Complaint
I. Executive Summary and Procedural Information
- Parties & Counsel:
- Plaintiff: Congruent Media Resourcing LLC (Texas)
- Defendant: Palo Alto Networks, Inc. (Delaware)
- Plaintiff’s Counsel: Direction IP Law
- Case Identification: 2:25-cv-01121, E.D. Tex., 11/13/2025
- Venue Allegations: Plaintiff alleges venue is proper in the Eastern District of Texas because Defendant maintains a regular and established place of business in Plano, Texas, within the district.
- Core Dispute: Plaintiff alleges that Defendant’s Prisma Cloud Defender product infringes a patent related to methods for creating secure software applications by modifying and repackaging them with security "intercepts."
- Technical Context: The technology addresses security vulnerabilities in software applications, particularly in enterprise and cloud environments, by "wrapping" existing applications with security policies without modifying their original source code.
- Key Procedural History: The complaint does not mention any prior litigation, licensing history, or post-grant proceedings related to the patent-in-suit.
Case Timeline
| Date | Event |
|---|---|
| 2011-10-10 | ’418 Patent Priority Date |
| 2015-09-15 | ’418 Patent Issued |
| 2019-05-29 | Accused Prisma Product Line Announced |
| 2025-11-13 | Complaint Filed |
II. Technology and Patent(s)-in-Suit Analysis
- Patent Identification: U.S. Patent No. 9,135,418, "System and Method for Creating Secure Applications," issued September 15, 2015.
The Invention Explained
- Problem Addressed: The patent's background section describes the security risks enterprises face when corporate data is placed on employees' personal mobile devices, which may contain malware or other untrusted applications. It notes that IT departments have limited ways to manage and secure applications on these devices ('418 Patent, col. 1:21-41).
- The Patented Solution: The invention proposes a method to convert a standard "target application" into a secure one without accessing its source code. This is achieved by programmatically binding one or more "intercepts" to the application—new instructions that interrupt or replace existing instructions to enforce security policies—and then "repackaging" the application to make the intercepts an inseparable part of the final deployable entity ('418 Patent, col. 1:54-61; col. 2:4-10). Figure 10 of the patent illustrates this transformation, showing a securitization agent (1017) adding intercepts (1025) to a target application (1005).
- Technical Importance: This "application wrapping" approach allows for the imposition of security and management layers onto compiled applications, removing the need for developer-implemented changes and reducing the risk of programmer error ('418 Patent, col. 12:19-26, 12:45-49).
Key Claims at a Glance
- The complaint asserts independent claim 9 ('418 Patent, col. 41:19-40; Compl. ¶17).
- Claim 9 recites a method with the following essential elements:
- Receiving a target application designed to interact with an operating system.
- Configuring the target application by imposing one or more intercepts, which converts it into a secure application that maintains its interaction with the operating system.
- Repackaging the secure application so the intercepts are integrated with and inseparable from it.
- The complaint does not explicitly reserve the right to assert dependent claims.
III. The Accused Instrumentality
Product Identification
- The Palo Alto Networks Prisma Cloud Defender ("Prisma Cloud Defender") (Compl. ¶18).
Functionality and Market Context
- The complaint alleges that Prisma Cloud Defender is a component of the Prisma Cloud platform that provides Runtime Application Self-Protection (“RASP”) technology to protect applications (Compl. ¶19). It is described as an "agent-based" security feature that is deployed to protect specific assets (Compl. ¶21). The complaint identifies two deployment types, "App-embedded" and "Serverless," which allegedly involve integrating the Defender into a target application "without modifying development code" (Compl. ¶20-21). A press release included in the complaint positions the Prisma suite as a comprehensive cloud security platform used by approximately 9,000 enterprise customers as of May 2019 (Compl. p. 7).
IV. Analysis of Infringement Allegations
'418 Patent Infringement Allegations
| Claim Element (from Independent Claim 9) | Alleged Infringing Functionality | Complaint Citation | Patent Citation |
|---|---|---|---|
| receiving a target application that is designed to interact with an operating system; | Prisma Cloud Defender is used to convert a target application to a secure application and therefore receives a target application for this purpose. The target application interacts with the host operating system at the process and kernel interface level. | ¶20 | col. 1:42-47 |
| configuring the target application by imposing one or more intercepts on the target application, wherein the imposition of the intercepts converts the target application into a secure application that maintains the interaction with the operating system; | The deployment of a Prisma Cloud Defender agent, such as an "App-embedded" Defender, allegedly imposes intercepts. The complaint includes a flowchart from Defendant's documentation that illustrates the process of converting a target application, with Plaintiff adding a callout labeling this step as "imposing one or more intercepts." | ¶21 | col. 2:1-3 |
| and repackaging the secure application such that the intercepts are integrated with the secure application and are inseparable from the secure application. | Prisma Cloud Defender allegedly secures an application by "embedding a Defender into the workloads," which modifies the application's code and/or a container's entry point. This embedding process is alleged to result in a secure application where the intercepts are integrated and inseparable. | ¶22 | col. 2:4-10 |
Identified Points of Contention
- Scope Questions: The case may turn on whether the accused Prisma Cloud Defender "agent" functions as an "intercept" as described in the patent. The patent defines an intercept as a "replacement of an existing instruction or a new instruction that may interrupt program flow" ('418 Patent, col. 2:1-3). The dispute may focus on whether the Defender's runtime protection mechanism meets this structural or functional definition. The complaint illustrates this theory with a flowchart from Defendant's documentation titled "Deploy Prisma Cloud Defenders," which depicts different paths for converting an application to a secure state (Compl. p. 11).
- Technical Questions: A central technical question will be what the complaint means by "inseparable." The complaint alleges that embedding the Defender into a workload and modifying the container's entry point makes it inseparable (Compl. ¶22; Compl. p. 12). The court may need to determine if this level of integration satisfies the claim language, especially in light of the patent's description of creating an "immutable deployable entity" ('418 Patent, col. 2:9-10).
V. Key Claim Terms for Construction
The Term: "intercept"
- Context and Importance: The definition of "intercept" is central to the infringement analysis, as it describes the core mechanism for modifying the target application. Practitioners may focus on this term because the complaint's theory hinges on equating the deployment of a "Defender agent" with the patent's concept of imposing an "intercept."
- Intrinsic Evidence for Interpretation:
- Evidence for a Broader Interpretation: The specification provides a definition: "An intercept... may be considered as an actual replacement of an existing instruction or a new instruction that may interrupt program flow and conditionally return control to the program flow" ('418 Patent, col. 1:66-2:3). This could support a reading that covers various forms of runtime modification.
- Evidence for a Narrower Interpretation: The specification provides specific technical examples of intercepts, such as "byte code injection" and "link injection," which involve replacing API calls or preexisting system calls ('418 Patent, col. 22:45-57). This could support an argument that the term is limited to these specific types of code-level replacements rather than a more general agent-based monitoring system.
The Term: "inseparable from the secure application"
- Context and Importance: This term is critical for determining the required level of integration between the security mechanism and the application. The dispute will likely focus on whether the "embedding" of the Defender agent (Compl. ¶22) achieves the "inseparable" state required by the claim.
- Intrinsic Evidence for Interpretation:
- Evidence for a Broader Interpretation: The patent states that as a result of repackaging, "the intercepts may be considered to be physically inseparable from the original files" ('418 Patent, col. 2:7-9). The use of "may be considered" might suggest a functional rather than a strictly physical standard of inseparability.
- Evidence for a Narrower Interpretation: The same passage also states that this process "can result in an immutable deployable entity," which "can prevent the secure application from having the intercepts removed by an unauthorized party" ('418 Patent, col. 2:9-11). This language suggests a high degree of integration that makes subsequent modification or removal difficult, potentially narrowing the scope of what qualifies as "inseparable."
VI. Other Allegations
- Indirect Infringement: The complaint alleges induced and contributory infringement. It asserts that Defendant provides marketing materials, instructional guides, and user manuals that instruct customers on how to use Prisma Cloud Defender in an infringing manner (Compl. ¶23, ¶24). Knowledge is alleged to have begun "at least as of the date of the service of the original Complaint" (Compl. ¶24, ¶25).
- Willful Infringement: The complaint does not contain an explicit count for willful infringement or allege pre-suit knowledge of the patent.
VII. Analyst’s Conclusion: Key Questions for the Case
The resolution of this case may depend on the court's answers to two central questions:
- A core issue will be one of definitional scope: Does Palo Alto Networks' "Defender agent," a runtime security component, meet the definition of an "intercept" as described in the ’418 Patent, which contemplates the replacement or interruption of specific program instructions?
- A key evidentiary question will be one of technical integration: Does the accused method of "embedding a Defender into the workloads" and modifying a container's entry point achieve the "repackaging" that renders the security components "inseparable" from the application, as required by the claim?