DCT

1:23-cv-00903

UMBRA Tech Ltd Uk v. Cisco Systems Inc

Log In

I. Executive Summary and Procedural Information

  • Parties & Counsel:
  • Case Identification: 1:23-cv-00903, W.D. Tex., 08/02/2023
  • Venue Allegations: Plaintiff alleges venue is proper because Defendant has committed acts of infringement in the district and maintains multiple regular and established places of business, including a specific address in Austin, Texas.
  • Core Dispute: Plaintiff alleges that Defendant’s networking virtualization and security products infringe four patents related to software-defined networking, cloud-based firewalls, and high-performance data transfer technologies.
  • Technical Context: The technology at issue falls within the domain of Software-Defined Wide Area Networking (SD-WAN) and Secure Access Service Edge (SASE), which are critical for managing and securing network traffic for distributed organizations and cloud applications.
  • Key Procedural History: The complaint alleges that Defendant had pre-suit knowledge of the patents-in-suit from discussions between the parties pertaining to Plaintiff's intellectual property that occurred prior to 2021, a fact which may be central to the allegations of willful infringement.

Case Timeline

Date Event
2015-01-28 Earliest Priority Date for ’505 Patent
2015-04-07 Earliest Priority Date for ’482 and ’595 Patents
2016-04-26 Earliest Priority Date for ’632 Patent
2020-02-25 ’482 Patent Issued
2020-04-21 ’505 Patent Issued
2021-08-31 ’595 Patent Issued
2021-10-12 ’632 Patent Issued
2023-08-02 Complaint Filed

II. Technology and Patent(s)-in-Suit Analysis

U.S. Patent No. 10,574,482: “MULTI-PERIMETER FIREWALL IN THE CLOUD”

  • Patent Identification: U.S. Patent No. 10,574,482, “MULTI-PERIMETER FIREWALL IN THE CLOUD,” issued February 25, 2020.

The Invention Explained

  • Problem Addressed: The patent’s background section describes the limitations of traditional firewalls, which are typically placed at the edge of a local area network (LAN). This architecture is inefficient for modern cloud-based services, as it can create significant latency when remote users must route traffic through a central corporate gateway to access the internet. (Compl. ¶15; ’482 Patent, col. 2:1-12).
  • The Patented Solution: The invention proposes a distributed, multi-perimeter firewall system within a global virtual network (GVN). The system uses multiple firewalls placed at different points in the cloud, such as a first firewall performing stateful packet inspection (SPI) and a second firewall performing deep packet inspection (DPI). These firewalls can communicate with each other, for instance to share threat information, thereby creating a more intelligent and scalable security architecture that is better suited for virtualized networks. (Compl. ¶15; ’482 Patent, Abstract, col. 2:35-57).
  • Technical Importance: This approach moves security enforcement from the traditional network edge into the cloud, closer to where applications and data reside, which is a foundational concept in modern cloud security architectures. (Compl. ¶13, ¶15).

Key Claims at a Glance

  • The complaint asserts infringement of at least independent claim 1. (Compl. ¶29).
  • Claim 1 of the ’482 Patent recites:
    • A multi-perimeter firewall system located in a cloud and forming part of a global virtual network.
    • Comprising an egress ingress point device, a first access point server, a second access point server, and an endpoint device.
    • A first perimeter firewall in communication with the first access point server that performs stateful packet inspection.
    • A second perimeter firewall in communication with the second access point server that performs deep packet inspection on a cloned copy of traffic.
  • The complaint reserves the right to assert dependent claims 6-9. (Compl. ¶29).

U.S. Patent No. 10,630,505: “SYSTEM AND METHOD FOR A GLOBAL VIRTUAL NETWORK”

  • Patent Identification: U.S. Patent No. 10,630,505, “SYSTEM AND METHOD FOR A GLOBAL VIRTUAL NETWORK,” issued April 21, 2020.

The Invention Explained

  • Problem Addressed: The patent addresses problems with long-distance network connectivity and throughput over the public internet, which can be degraded by distance, protocol limitations, and interference. (Compl. ¶16; ’505 Patent, col. 1:31-34).
  • The Patented Solution: The invention describes a network system that uses a control server to manage a plurality of intermediate access point servers. The control server receives information from these access points and intelligently selects an optimal end-to-end tunnel for communication between devices. This creates what the patent calls a "neutral third layer of a virtualized network," allowing traffic to be routed more efficiently and reliably than over the standard internet. (Compl. ¶16; ’505 Patent, Abstract, col. 34:1-11).
  • Technical Importance: The technology provides a method for creating optimized, intelligent network overlays, a core principle of modern SD-WAN solutions that aim to improve performance over commodity internet connections. (Compl. ¶13, ¶16).

Key Claims at a Glance

  • The complaint asserts infringement of at least independent claim 1. (Compl. ¶42).
  • Claim 1 of the ’505 Patent recites:
    • A network system for connecting devices comprising a first device, a second device, and a plurality of intermediate access point servers forming end-to-end tunnels between them.
    • A control server that receives information from at least one of the intermediate access point servers.
    • The control server selects one of the plurality of end-to-end tunnels for communication between the first and second devices based on the received information.
  • The complaint reserves the right to assert dependent claims 2 and 5-7. (Compl. ¶42).

U.S. Patent No. 11,108,595: “SYSTEMS AND METHODS FOR PROVIDING A GLOBAL VIRTUAL NETWORK (GVN)”

  • Patent Identification: U.S. Patent No. 11,108,595, “SYSTEMS AND METHODS FOR PROVIDING A GLOBAL VIRTUAL NETWORK (GVN),” issued August 31, 2021.
  • Technology Synopsis: The invention addresses inefficiencies in establishing connections in a virtualized network by creating and transmitting an "ordered list of available servers" for building a network tunnel. This list prioritizes server combinations based on expected performance and other device-specific contextual information, improving the efficiency of tunnel creation. (Compl. ¶17).
  • Asserted Claims: The complaint asserts infringement of at least claims 1, 2, 4, 8, 12-15, 17, and 20. (Compl. ¶55).
  • Accused Features: The complaint alleges that Cisco’s network virtualization products and services utilize the claimed methods for establishing network connections. (Compl. ¶53).

U.S. Patent No. 11,146,632: “DATA BEACON PULSER(S) POWERED BY INFORMATION SLINGSHOT”

  • Patent Identification: U.S. Patent No. 11,146,632, “DATA BEACON PULSER(S) POWERED BY INFORMATION SLINGSHOT,” issued October 12, 2021.
  • Technology Synopsis: This invention aims to solve problems related to the congestion and inefficiency of standard internet protocols (TCP/IP, UDP/IP) over long distances. It proposes a system using "data beacons" with a first and second node, each having parallel file systems, to write and read data, thereby offering what is described as superior reliability and speed. (Compl. ¶18).
  • Asserted Claims: The complaint asserts infringement of at least claims 1-4 and 7. (Compl. ¶68).
  • Accused Features: The complaint alleges that Cisco’s network virtualization products and services utilize the claimed high-performance data transfer methods. (Compl. ¶66).

III. The Accused Instrumentality

Product Identification

The complaint identifies the accused instrumentalities as Cisco Secure Access Service Edge (SASE), Cisco Software Defined-WAN (SD-WAN), Cisco Security Service Edge (SSE), and Cisco HyperFlex Systems (Hyper Converged Infrastructure or “HCI”), including related hardware, software, and services. (Compl. ¶27).

Functionality and Market Context

The complaint describes the accused products as enabling "highly efficient, secure, optimized virtual WAN architectures over the top of the regular internet." (Compl. ¶4). It alleges that these products incorporate the patented inventions to provide "convenience and efficiency for its customers." (Compl. ¶14). The complaint does not provide specific technical details on the operation of the accused instrumentalities, instead referencing external exhibits containing infringement analysis. (Compl. ¶28, ¶41, ¶54, ¶67). No probative visual evidence provided in complaint.

IV. Analysis of Infringement Allegations

The complaint alleges that Cisco's products directly infringe the asserted patents but provides the detailed infringement analysis in external exhibits (Exhibits 5-8), which were not included with the complaint document provided for this analysis. (Compl. ¶28, ¶41, ¶54, ¶67). The general theory of infringement is that Cisco’s SASE and SD-WAN products, by providing virtualized, secure, and optimized network architectures, necessarily practice the systems and methods claimed in the patents-in-suit. (Compl. ¶14). The complaint does not contain sufficient factual detail in its main body to construct a detailed claim chart.

Identified Points of Contention

  • ’482 Patent: A potential point of contention may be whether Cisco's integrated SASE/SSE security stack can be mapped to the claim's requirement for both "a first perimeter firewall" performing stateful inspection and a distinct "second perimeter firewall" performing deep packet inspection. The analysis may question whether these are logically or architecturally separate components in the accused systems or a single, unified function.
  • ’505 Patent: The dispute may focus on whether a component of Cisco's SD-WAN architecture, such as its vManage controller, meets the definition of the claimed "control server." A key question could be whether the accused controller "selects" tunnels based on "information" received from network devices in the specific manner required by the claim.

V. Key Claim Terms for Construction

For the ’482 Patent

  • The Term: "a first perimeter firewall ... and a second perimeter firewall" (from Claim 1).
  • Context and Importance: This limitation requires two distinct firewalls. Practitioners may focus on this term because modern SASE architectures often integrate multiple security functions (like SPI and DPI) into a single, cloud-native service stack. The case may turn on whether two separate functions within one integrated product can satisfy the claim's requirement for two separate firewalls.
  • Intrinsic Evidence for Interpretation:
    • Evidence for a Broader Interpretation: The patent specification describes the two firewalls in functional terms, stating one "performs stateful packet inspection" and the other "performs deep packet inspection," which could support an argument that any system performing these two functions, regardless of integration, meets the limitation. ('482 Patent, col. 27:8-19).
    • Evidence for a Narrower Interpretation: Figure 11 of the patent depicts two structurally separate blocks, "FW (SPI) 11-SP0-PRO" and "FW (DPI) 11-DP0-PRO," each communicating with different cloud firewall load balancers. This could suggest that the claims require more than just functional separation. (’482 Patent, Fig. 11).

For the ’505 Patent

  • The Term: "control server" (from Claim 1).
  • Context and Importance: Plaintiff's infringement case depends on mapping a component of Cisco's SD-WAN architecture to this term. The construction of "control server" will define the necessary structure and functions—specifically, how it "receives information" and "selects" a tunnel—that the accused component must perform.
  • Intrinsic Evidence for Interpretation:
    • Evidence for a Broader Interpretation: The abstract broadly describes "systems and methods for connecting devices," which may support a construction covering any centralized management plane that orchestrates tunnel selection in a virtual network. ('505 Patent, Abstract).
    • Evidence for a Narrower Interpretation: The detailed description discusses specific modules, such as a "Server Availability Mechanism" and various managers within a "SRV_CNTRL" device, that perform the control functions. This could support a narrower construction requiring the specific logic or components disclosed in the embodiments. (’505 Patent, Fig. 28).

VI. Other Allegations

  • Indirect Infringement: The complaint alleges inducement to infringe for all four patents. The stated basis is that Cisco, with alleged knowledge of the patents, provides the accused products along with materials and services that instruct and encourage its partners and customers to use the products in an infringing manner. (Compl. ¶31, ¶44, ¶57, ¶70).
  • Willful Infringement: The complaint alleges willful infringement for all four patents. The basis for this allegation is Defendant's alleged pre-suit knowledge of the patents, stemming from "in-person, telephonic, videoconference, online chat and email discussions between representatives for Cisco and UMBRA pertaining to UMBRA’s intellectual property" that occurred prior to 2021. (Compl. ¶30, ¶43, ¶56, ¶69).

VII. Analyst’s Conclusion: Key Questions for the Case

  • A core issue will be one of architectural mapping: can the discrete, multi-component systems recited in the patent claims (e.g., a "first" and "second" firewall; a "control server" and "intermediate access point servers") be found in Cisco’s allegedly integrated SD-WAN and SASE product architectures, or is there a fundamental mismatch between the claimed systems and the accused products?
  • A key evidentiary question will be one of proof: given that the complaint relies on external exhibits for its detailed infringement contentions, the case will likely turn on whether the discovery process yields specific evidence of the accused products' internal operations that maps directly onto the specific limitations of the asserted claims.
  • The dispute will likely raise a central question of claim scope: will the claims be construed narrowly to cover the specific implementations disclosed in the patent specifications, or broadly enough to read on what may be argued are more general, industry-standard approaches to building and managing secure, virtualized networks?