DCT

4:24-cv-01114

QuickVault Inc v. Netwrix Corp

Log In

I. Executive Summary and Procedural Information

  • Parties & Counsel:
  • Case Identification: 4:24-cv-01114, E.D. Tex., 12/18/2024
  • Venue Allegations: Plaintiff alleges venue is proper in the Eastern District of Texas because Defendant resides in the District, maintains a regular and established place of business in the District, and has committed acts of infringement within the District.
  • Core Dispute: Plaintiff alleges that Defendant’s integrated portfolio of cybersecurity products infringes seven patents related to forensic data tracking, classification, and remote data access.
  • Technical Context: The technology at issue involves systems for monitoring, classifying, and securing sensitive data as it moves across network endpoints, including methods for tracking data that has left a secure environment.
  • Key Procedural History: The complaint does not reference any prior litigation, licensing history, or post-grant proceedings involving the asserted patents. The asserted patents form two families, with five patents relating to "Forensic Data Tracking" and two relating to "Remote Data Access."

Case Timeline

Date Event
2014-09-12 Earliest Priority Date ('200, '092, '300, '840, '125 Patents)
2017-02-07 U.S. Patent No. 9,565,200 Issued
2018-05-01 U.S. Patent No. 9,961,092 Issued
2021-05-04 U.S. Patent No. 10,999,300 Issued
2023-01-31 U.S. Patent No. 11,568,029 Issued
2023-04-25 U.S. Patent No. 11,637,840 Issued
2024-01-23 U.S. Patent No. 11,880,437 Issued
2024-02-06 U.S. Patent No. 11,895,125 Issued
2024-12-18 Complaint Filing Date

II. Technology and Patent(s)-in-Suit Analysis

U.S. Patent No. 9,565,200 - Method and System for Forensic Data Tracking

  • Patent Identification: U.S. Patent No. 9,565,200, “Method and System for Forensic Data Tracking,” issued February 7, 2017.
  • The Invention Explained:
    • Problem Addressed: The patent family addresses the difficulty enterprises face in protecting and tracking sensitive data, such as protected health information (PHI), in compliance with regulations like HIPAA ('300 Patent, col. 1:43-54). It notes that existing security measures often fail to prevent data leakage, and once data leaves a protected environment, it becomes very difficult to control or track its movement ('300 Patent, col. 2:28-52).
    • The Patented Solution: The invention proposes a "Forensic Computing Platform" comprising a central cloud-based server that coordinates with software agents installed on network endpoints ('300 Patent, Abstract; col. 5:29-43). These agents scan files, classify them according to policy, and transmit metadata ("meta logs") about the files and user activity to the central server, which then analyzes the data to track movement, detect policy violations, and alert administrators ('300 Patent, Fig. 1; col. 8:31-44).
    • Technical Importance: This approach centralizes forensic data from distributed endpoints, aiming to provide visibility and control over sensitive information even after it has been moved or shared.
  • Key Claims at a Glance:
    • The complaint asserts at least Claim 1 ('200 Patent, ¶31).
    • The essential elements of Claim 1 of the related ’300 Patent, which is representative of the family, include:
      • Receiving, from an endpoint, a meta log associated with a file.
      • The meta log contains a file name, data element tags, a date, a user name, and an endpoint ID.
      • Storing the meta log in a cloud control server meta database.
      • Analyzing the data element tags based on a configured setting and criteria.
      • Determining a data classification based on the analysis.
      • Reporting the result to an authorized system administrator.
    • The complaint does not explicitly reserve the right to assert dependent claims, but the infringement counts refer generally to "one or more claims" (Compl. ¶29).

U.S. Patent No. 9,961,092 - Method and System for Forensic Data Tracking

  • Patent Identification: U.S. Patent No. 9,961,092, “Method and System for Forensic Data Tracking,” issued May 1, 2018.
  • The Invention Explained:
    • Problem Addressed: As a continuation of the '200 Patent, the '092 Patent addresses the same technical problem of tracking and securing sensitive data across distributed network devices ('300 Patent, col. 1:43-54, col. 2:28-52).
    • The Patented Solution: The invention is directed to the same "Forensic Computing Platform" architecture involving endpoint agents and a cloud control server for centralized meta log collection and analysis, as described for the '200 Patent ('300 Patent, Abstract; Fig. 1).
    • Technical Importance: This patent continues the development of a centralized system for data visibility and forensic tracking.
  • Key Claims at a Glance:
    • The complaint asserts at least Claim 1 ('092 Patent, ¶41).
    • The essential elements of Claim 1 are expected to be highly similar to those of the '200 and '300 Patents, focusing on the reception, storage, and analysis of meta logs from endpoints.
    • The infringement counts refer generally to "one or more claims" (Compl. ¶39).

U.S. Patent No. 10,999,300 - Method and System for Forensic Data Tracking

  • Patent Identification: U.S. Patent No. 10,999,300, “Method and System for Forensic Data Tracking,” issued May 4, 2021.
  • Technology Synopsis: This patent, a continuation within the same family, describes a system for tracking data movement by receiving meta logs from endpoints, storing them in a central database, and analyzing them to determine data classification and detect policy violations based on user activity and file attributes ('300 Patent, Abstract, col. 3:31-44).
  • Asserted Claims: At least Claim 1 (Compl. ¶51).
  • Accused Features: The complaint alleges that Netwrix’s platform, which uses agent software on endpoints to detect, classify, and track data for remote monitoring and remediation, infringes this patent (Compl. ¶6).

U.S. Patent No. 11,637,840 - Method and System for Forensic Data Tracking

  • Patent Identification: U.S. Patent No. 11,637,840, “Method and System for Forensic Data Tracking,” issued April 25, 2023.
  • Technology Synopsis: As another continuation, this patent covers the same forensic computing platform technology for centralized monitoring of data across network endpoints through the collection and analysis of meta logs ('840 Patent, Abstract).
  • Asserted Claims: At least Claim 1 (Compl. ¶61).
  • Accused Features: The infringement allegations target the same interoperable system of Netwrix products that deploy agents to monitor and report on data at endpoints (Compl. ¶6).

U.S. Patent No. 11,895,125 - Method and System for Forensic Data Tracking

  • Patent Identification: U.S. Patent No. 11,895,125, “Method and System for Forensic Data Tracking,” issued February 6, 2024.
  • Technology Synopsis: This patent is the most recent in the "Forensic Data Tracking" family and concerns the same underlying technology of using a cloud control server and endpoint agents to track and classify sensitive data ('125 Patent, Abstract).
  • Asserted Claims: At least Claim 1 (Compl. ¶71).
  • Accused Features: The complaint accuses the same integrated cybersecurity platform features as for the other patents in this family (Compl. ¶6).

U.S. Patent No. 11,880,437 - Method and System for Remote Data Access

  • Patent Identification: U.S. Patent No. 11,880,437, “Method and System for Remote Data Access,” issued January 23, 2024.
  • Technology Synopsis: This patent and its related family member ('029 Patent) describe methods for securely accessing remote data using multifactor authentication. The system involves using a mobile device application as a factor for authenticating a user's request to access data stored on a remote server ('437 Patent, Abstract; Fig. 11).
  • Asserted Claims: At least Claim 1 (Compl. ¶81).
  • Accused Features: The complaint alleges that Netwrix’s multifactor authentication system for managing user and administrator access to its platform infringes this patent (Compl. ¶6).

U.S. Patent No. 11,568,029 - Method and System for Remote Data Access

  • Patent Identification: U.S. Patent No. 11,568,029, “Method and System for Remote Data Access,” issued January 31, 2023.
  • Technology Synopsis: This patent is part of the "Remote Data Access" family and describes systems for secure remote data access using multifactor authentication, particularly involving a mobile device as an authentication factor ('029 Patent, Abstract).
  • Asserted Claims: At least Claim 1 (Compl. ¶91).
  • Accused Features: The complaint targets Netwrix’s multifactor authentication system for managing access to its platform (Compl. ¶6).

III. The Accused Instrumentality

  • Product Identification: The complaint identifies a portfolio of Netwrix software products, referred to collectively as the "Accused Products," which allegedly "interoperate as an integrated system/platform" (Compl. ¶¶4, 6). Specific named products include Netwrix Auditor, Netwrix Data Classification, Netwrix Endpoint Protector, and Netwrix Threat Manager (Compl. ¶4, fn. 1).
  • Functionality and Market Context: The complaint alleges the Accused Products function by deploying agent software on network endpoints to "detect, classify, and track data" (Compl. ¶6). This system allegedly allows remote administrators to monitor for and remediate policy violations, with alerts and various remediation options. The complaint also alleges the Accused Products use a multifactor authentication system for managing user and administrator access (Compl. ¶6). The complaint positions these products in the cybersecurity market as providing a "complete range" of functions to identify threats and secure data (Compl. ¶5).

No probative visual evidence provided in complaint.

IV. Analysis of Infringement Allegations

The complaint references, but does not include, Exhibits H-N, which it states contain detailed infringement analyses for each asserted patent (Compl. ¶¶ 31, 41, 51, 61, 71, 81, 91). In the absence of these exhibits, the infringement theory is summarized from the complaint’s narrative allegations.

  • Narrative Infringement Summary ('200 and '092 Patents):
    The complaint alleges that the Accused Products practice the claimed methods for forensic data tracking. The core theory is that Netwrix's deployment of agent software on its customers' endpoint computers constitutes the first part of the claimed system. This agent software allegedly performs the claimed steps of scanning for sensitive information and generating data about that information, which corresponds to the claimed "meta log." This data is then allegedly transmitted to Netwrix's centralized platform, which functions as the claimed "cloud control server." The platform then allegedly stores and analyzes this data to identify policy violations and alert administrators, thereby practicing the remaining steps of the asserted claims (Compl. ¶¶ 4, 6, 34).

  • Identified Points of Contention:

    • Scope Questions: A potential point of contention may be whether the data packets transmitted by Netwrix’s endpoint agents to its servers meet the specific definition of a "meta log" as outlined in the patents' claims and specifications. Another question may arise regarding whether Netwrix's platform architecture corresponds to the "cloud control server" recited in the claims, which the patents describe as having distinct analytics, alerting, and reporting components ('300 Patent, Fig. 1).
    • Technical Questions: For the method claims, a central evidentiary question may be one of divided infringement. The complaint alleges that some steps are performed by Netwrix and others by its customers (Compl. ¶¶ 61, 71). It asserts that Netwrix maintains direction and control over its customers by "writing and maintaining the software that customers use to perform claim steps" and providing instructional materials (Compl. ¶¶ 61, 71). The sufficiency of these allegations to establish infringement under 35 U.S.C. § 271(a) for method claims performed by multiple actors will be a key legal and factual issue.

V. Key Claim Terms for Construction

  • The Term: "meta log"

  • Context and Importance: This term is central to the "Forensic Data Tracking" patents. Its construction will determine whether the information packets sent from Netwrix's endpoint agents to its servers fall within the scope of the claims. Practitioners may focus on this term because the infringement analysis hinges on whether the accused functionality generates and transmits a data structure meeting this definition.

  • Intrinsic Evidence for Interpretation:

    • Evidence for a Broader Interpretation: The specification describes a meta log as containing details about a scanned file, including "for example: a file name, data classification, data element tags, access rights, date created or modified, user name, and unique endpoint ID" ('300 Patent, col. 5:31-36). The use of "for example" may support an interpretation that a "meta log" does not need to contain every listed item.
    • Evidence for a Narrower Interpretation: The independent claims of the '300 Patent family explicitly recite what the meta log contains, such as "a file name, data element tags... a date created, date deleted, or date modified, and an endpoint ID" ('300 Patent, col. 36:2-6). This explicit recitation could support a narrower construction requiring the presence of these specific data fields.

  • The Term: "cloud control server"

  • Context and Importance: The definition of this term is critical for establishing the presence of the claimed system architecture. The dispute may turn on whether Netwrix's distributed platform, which may consist of various interoperable products, constitutes the single "cloud control server" described in the patents.

  • Intrinsic Evidence for Interpretation:

    • Evidence for a Broader Interpretation: The specification describes the server as consisting of "a series of components including servers, firewalls, load balancers, and storage devices" ('300 Patent, col. 6:28-30), which could support reading the term on a variety of modern distributed cloud architectures.
    • Evidence for a Narrower Interpretation: Figure 1 of the patents depicts a "Cloud Control Server" with specific, labeled functional blocks for "Business Logic," including "analytics," "alerts," and "reporting" ('300 Patent, Fig. 1). This could support an argument that an accused system must have a similarly defined and integrated architecture to meet the claim limitation.

VI. Other Allegations

  • Indirect Infringement: The complaint alleges active inducement of infringement for all asserted patents. The basis for this allegation is that Netwrix provides the Accused Products to its customers and publishes materials such as its "Featured Products" website, "Resource Library," and "Knowledge Center," which allegedly instruct and encourage customers to use the products in an infringing manner (Compl. ¶¶ 34, 36-37, 44, 46-47).
  • Willful Infringement: The complaint does not contain an explicit allegation of willful infringement. For each count of indirect infringement, it alleges that Netwrix has knowledge of the asserted patent "at least as of the service and filing of this Complaint," which does not establish the pre-suit knowledge typically required to support a claim for willful infringement (Compl. ¶¶ 35, 45, 55, 65, 75, 85, 95).

VII. Analyst’s Conclusion: Key Questions for the Case

  • A core issue will be one of definitional scope: Does the data transmitted between Netwrix’s endpoint agents and its central platform constitute a "meta log" as specifically defined by the patent claims, and does the accused platform architecture embody the claimed "cloud control server"? The case may depend on whether the general descriptions in the specification allow for a broad interpretation or if the specific claim language and figures impose a narrower, more structured definition.
  • A key legal and evidentiary question will be one of divided infringement: For the asserted method claims, the complaint alleges that Netwrix directs or controls its customers' performance of certain steps. The court will need to determine whether providing and maintaining software, along with instructional materials, is sufficient to attribute the actions of Netwrix's customers to Netwrix itself for the purpose of finding direct infringement.
  • A third central question will involve claim differentiation across families: The complaint accuses the same multifactor authentication system of infringing two distinct patents ('437 and '029). The litigation will likely explore the specific limitations of the claims in these two patents to determine if there is a substantive difference in scope that would permit a finding of infringement against one but not the other.