DCT

4:25-cv-01226

QuickVault Inc v. Musarubra US LLC

Key Events

Complaint

I. Executive Summary and Procedural Information

Parties & Counsel:
- Plaintiff: QuickVault, Inc. (Georgia)
- Defendant: Musarubra US LLC d/b/a Trellix (Delaware)
- Plaintiff’s Counsel: Hill, Kertscher & Wharton, LLP
Case Identification: 4:25-cv-01226, E.D. Tex., 11/10/2025
Venue Allegations: Plaintiff alleges venue is proper because Defendant Trellix maintains a regular and established place of business in the Eastern District of Texas and has committed alleged acts of infringement within the district.
Core Dispute: Plaintiff alleges that Defendant’s Trellix Security Platform infringes six patents related to forensic data tracking and cybersecurity.
Technical Context: The technology addresses the tracking and protection of sensitive data elements as they move across and beyond enterprise computer networks, a capability significant for industries subject to data privacy regulations such as HIPAA.
Key Procedural History: The complaint does not allege any prior litigation, licensing history, or post-grant proceedings involving the Asserted Patents. The Asserted Patents are all part of the same patent family, originating from a 2014 provisional application.

Case Timeline

Date	Event
2014-09-12	Earliest Priority Date for Asserted Patents
2015-01-01	QuickVault creates CloudVault® Health business unit
2017-02-07	’200 Patent Issued
2018-05-01	’092 Patent Issued
2021-05-04	’300 Patent Issued
2023-04-25	’840 Patent Issued
2024-02-06	’125 Patent Issued
2025-07-15	’134 Patent Issued
2025-11-10	Complaint Filed

II. Technology and Patent(s)-in-Suit Analysis

Analysis of the ’200 and ’092 Patents is based on the specifications of U.S. Patent Nos. 10,999,300 and 11,637,840, respectively, which are part of the same patent family and share a common specification.

U.S. Patent No. 9,565,200 - “Method and System for Forensic Data Tracking”

Issued February 7, 2017

The Invention Explained

Problem Addressed: The patent describes the difficulty enterprises face in protecting sensitive data, such as Protected Health Information (PHI) under HIPAA, as it moves across networks. It notes that existing security measures often fail to prevent data leakage, and once data is outside a protected environment, it becomes very difficult to control or track its movement and use (’300 Patent, col. 2:28-52).
The Patented Solution: The invention proposes a "Forensic Computing Platform" that uses software agents on endpoint devices to scan, classify, and create "meta logs" of data elements (’300 Patent, col. 3:18-24). These logs, containing information like file name, classification, and user details, are sent to a central cloud server for analysis (’300 Patent, col. 3:20-24; Fig. 1). The system can also encode files with tracking mechanisms that report back to the server when the file is opened, allowing for tracking even on unauthorized devices (’300 Patent, col. 9:8-34).
Technical Importance: This approach provides a method for establishing "Data Provenance"—understanding the context, origin, and viewership of data—to help organizations comply with regulations requiring the tracking and protection of sensitive information throughout their service networks (’300 Patent, col. 2:1-12).

Key Claims at a Glance

The complaint asserts at least Claim 1 of the ’200 Patent (Compl. ¶29).
The complaint does not provide the language of the asserted claim in the body of the document. It states that a detailed analysis is provided in Exhibit G, which was not available for this report.

U.S. Patent No. 9,961,092 - “Method and System for Forensic Data Tracking”

Issued May 1, 2018

The Invention Explained

Problem Addressed: The patent addresses the shortcomings of prior art systems that fail to track the movement of data files once they leave an authorized, protected environment, such as when copied to a USB drive or stored on a public cloud service (’840 Patent, col. 2:35-43).
The Patented Solution: The invention describes a system for tracking data movement between both authorized and unauthorized devices and users. It involves deploying software agents on endpoints to scan files, classify them according to policy, and generate metadata logs for a central server (’840 Patent, Abstract; Fig. 1). This allows for monitoring and analysis of data flow and can trigger alerts or remediation actions based on analytics performed by the central server (’840 Patent, col. 7:13-16).
Technical Importance: The technology aims to provide complete visibility, auditability, and management of sensitive information even after it moves outside the direct possession of the responsible organization, addressing a critical gap in traditional data loss prevention tools (’840 Patent, col. 2:53-59).

Key Claims at a Glance

The complaint asserts at least Claim 1 of the ’092 Patent (Compl. ¶39).
The complaint does not provide the language of the asserted claim in the body of the document. It states that a detailed analysis is provided in Exhibit H, which was not available for this report.

U.S. Patent No. 10,999,300 - “Method and System for Forensic Data Tracking”

Issued May 4, 2021

Technology Synopsis: This patent, from the same family, discloses a system where software agents on endpoints scan files and send "meta logs" (containing file name, classification, user name, etc.) to a cloud control server. The server analyzes this data based on configured policy settings to track data movement and alert administrators to potential data leakage or policy violations (’300 Patent, Abstract; Fig. 2).
Asserted Claims: At least Claim 1 is asserted (Compl. ¶49).
Accused Features: The complaint accuses the integrated "Trellix Security Platform" of infringement (Compl. ¶5-6, ¶47).

U.S. Patent No. 11,637,840 - “Method and System for Forensic Data Tracking”

Issued April 25, 2023

Technology Synopsis: This patent describes a forensic computing platform that tracks data elements across authorized and unauthorized devices. A key aspect involves endpoint agents that automatically classify data based on predefined text strings or patterns and report this activity to a cloud server, which can then analyze user behavior and predict policy violations (’840 Patent, col. 3:4-29; col. 4:18-21).
Asserted Claims: At least Claim 1 is asserted (Compl. ¶59).
Accused Features: The complaint accuses the integrated "Trellix Security Platform" of infringement (Compl. ¶5-6, ¶57).

U.S. Patent No. 11,895,125 - “Method and System for Forensic Data Tracking”

Issued February 6, 2024

Technology Synopsis: The technology described involves tracking data movement through a "Forensic Computing Platform" by deploying agents on endpoints that report metadata to a central server. The system is designed to provide visibility and management of sensitive information even when it moves outside an organization's direct control.
Asserted Claims: At least Claim 1 is asserted (Compl. ¶69).
Accused Features: The complaint accuses the integrated "Trellix Security Platform" of infringement (Compl. ¶5-6, ¶67).

U.S. Patent No. 12,363,134 - “Method and System for Forensic Data Tracking”

Issued July 15, 2025

Technology Synopsis: This patent describes a system for forensic data tracking where endpoint agents scan and classify data, reporting results to a cloud server. The server component analyzes this data to track movement, identify policy violations, and provide alerts and reports to administrators.
Asserted Claims: At least Claim 1 is asserted (Compl. ¶79).
Accused Features: The complaint accuses the integrated "Trellix Security Platform" of infringement (Compl. ¶5-6, ¶77).

III. The Accused Instrumentality

Product Identification

The accused instrumentality is the "Trellix Security Platform," which includes interconnected sub-products such as "Endpoint Security," "Data Security," "Cloud Security," and "Security Operations" (collectively, the "Accused Products") (Compl. ¶5).

Functionality and Market Context

The complaint alleges the Accused Products constitute an "integrated platform across endpoint, email, network, data, cloud, and security operations" (Compl. ¶5). A central alleged function is the use of agent software deployed on endpoints to "detect, classify, and track data" and to allow remote administrators to "monitor and remediate policy violations" (Compl. ¶6). The complaint provides a marketing diagram describing the Trellix Security Platform as an "AI-powered, open security platform" designed to "Build resilience, reduce risk, and protect against the latest cyber threats" (Compl. p. 3).

IV. Analysis of Infringement Allegations

The complaint states that detailed infringement analyses for Claim 1 of the ’200 Patent and Claim 1 of the ’092 Patent are provided in Exhibits G and H, respectively (Compl. ¶29, ¶39). These exhibits were not available for this report, and the complaint does not contain a narrative infringement theory or claim chart in the body of the document.

Identified Points of Contention: Based on the technology described in the patents and the functionality of the accused product as alleged in the complaint, several potential points of contention may arise.
- Scope Questions: The patents describe encoding files so they can be tracked after moving to "unauthorized devices" or "unprotected environment[s]" (’300 Patent, col. 2:49-52, 9:20-24). A question for the court may be whether the accused Trellix platform, primarily described as an enterprise security solution for managed endpoints, performs the specific function of tracking data elements after they have left the enterprise's control, as required by certain claim embodiments.
- Technical Questions: The patents describe the generation of a specific "meta log" containing elements such as "file name, data classification, date created or modified, user name, and endpoint ID" (’300 Patent, col. 3:20-24). A factual question will be what specific data the Trellix endpoint agent software actually collects and transmits, and whether this data corresponds to the specific elements required to form the "meta log" of the asserted claims.

V. Key Claim Terms for Construction

The complaint does not provide the language of the asserted claims, precluding an analysis of key terms for construction.

VI. Other Allegations

Indirect Infringement: Plaintiff alleges Trellix actively induces infringement by its customers under 35 U.S.C. § 271(b) (Compl. ¶32, ¶42, et seq.). The alleged basis for inducement includes providing the Accused Products to customers who then operate them in an infringing manner, as well as publishing product listings, a resource library, and blogs that allegedly instruct and encourage customers to use the products in infringing ways (Compl. ¶34, ¶44).
Willful Infringement: The complaint does not include a standalone count for willful infringement. The allegations supporting indirect infringement state that Trellix has knowledge of the asserted patents and its infringement "at least as of the service and filing of this Complaint" (Compl. ¶33, ¶43). This language may support an allegation of post-suit willfulness but does not allege pre-suit knowledge.

VII. Analyst’s Conclusion: Key Questions for the Case

A central evidentiary question will be one of functional correspondence: Does the data tracking and classification performed by the Trellix agent software and security platform align with the specific sequence of steps required by the asserted claims, particularly regarding the creation of "meta logs" with specific content and the tracking of encoded data on "unauthorized" devices?
For method claims where customer actions are implicated, a key legal question may be one of divided infringement: Does Trellix's act of providing software and instructional materials to its customers, who then operate the platform, meet the "direction or control" standard required to attribute the customers' actions to Trellix for purposes of direct infringement?
A fundamental issue will concern claim scope and pleading sufficiency: Given the complaint's reliance on external exhibits to detail its infringement contentions for the lead patents, an early focus may be on whether the complaint itself provides sufficient factual allegations to plausibly support its claims of infringement for each asserted patent.