DCT

1:23-cv-00904

UMBRA Tech Ltd Uk v. VMware Inc

Log In
Key Events
Complaint

I. Executive Summary and Procedural Information

  • Parties & Counsel:
  • Case Identification: 1:23-cv-00904, W.D. Tex., 08/02/2023
  • Venue Allegations: Plaintiff alleges venue is proper in the Western District of Texas because Defendant VMware maintains a regular and established place of business in Austin, Texas.
  • Core Dispute: Plaintiff alleges that Defendant’s network virtualization and software-defined networking products infringe four patents related to secure network optimization, global virtual networks, and high-performance data transfer protocols.
  • Technical Context: The technology at issue falls within the domain of Software-Defined Wide Area Networking (SD-WAN) and cloud-based network security, a market segment critical for modern enterprise computing and distributed workforces.
  • Key Procedural History: The complaint alleges that Defendant had pre-suit knowledge of the asserted technologies based on in-person, telephonic, and email discussions with Plaintiff regarding its intellectual property, products, and services, beginning in or around May 2016; this allegation forms the basis for claims of willful and indirect infringement.

Case Timeline

Date Event
2015-01-28 U.S. Patent No. 10,630,505 Priority Date
2015-04-07 U.S. Patent No. 10,574,482 Priority Date
2015-04-07 U.S. Patent No. 11,108,595 Priority Date
2016-04-26 U.S. Patent No. 11,146,632 Priority Date
2016-05-XX Alleged discussions between UMBRA and VMware regarding UMBRA's intellectual property
2020-02-25 U.S. Patent No. 10,574,482 Issues
2020-04-21 U.S. Patent No. 10,630,505 Issues
2021-08-31 U.S. Patent No. 11,108,595 Issues
2021-10-12 U.S. Patent No. 11,146,632 Issues
2023-08-02 Complaint Filing Date

II. Technology and Patent(s)-in-Suit Analysis

U.S. Patent No. 10,574,482: “MULTI-PERIMETER FIREWALL IN THE CLOUD” (Issued Feb. 25, 2020)

The Invention Explained

  • Problem Addressed: The patent's background describes performance issues with traditional Wide Area Networks (WANs), where traffic from a remote office must often be routed through a central corporate headquarters to access the internet gateway (GW), increasing latency (Compl. ¶15; ’482 Patent, col. 1:62-col. 2:10). This architecture is inefficient for accessing cloud-based services and creates a single point of failure and inspection.
  • The Patented Solution: The invention proposes a "multi-perimeter firewall" system implemented within a "global virtual network" (GVN) (Compl. ¶15). Instead of a single physical firewall at the network edge, the system uses multiple, distributed firewalls within the cloud, such as a first firewall for stateful packet inspection (SPI) and a second for deep packet inspection (DPI) ('482 Patent, Abstract; col. 2:35-49). These distributed firewalls can communicate and share threat information, providing layered security that is more scalable and efficient for virtualized networks ('482 Patent, col. 2:53-58).
  • Technical Importance: This approach decouples network security from physical network topology, enabling more flexible and performant security architectures for cloud-centric and geographically distributed organizations (Compl. ¶12).

Key Claims at a Glance

  • The complaint asserts infringement of claims 1-9 (Compl. ¶29). Independent claim 1 recites:
    • A multi-perimeter firewall system located in a cloud and forming part of a global virtual network, comprising:
    • an egress ingress point device;
    • a first access point server in communication with the egress ingress point device;
    • a second access point server in communication with the first access point server;
    • an endpoint device in communication with the second access point server;
    • a first perimeter firewall in communication with the first access point server, performing stateful packet inspection to prevent at least some traffic from passing; and
    • a second perimeter firewall in communication with the second access point server, performing deep packet inspection to prevent at least some traffic from passing.
  • The complaint reserves the right to assert additional claims (Compl. ¶28).

U.S. Patent No. 10,630,505: “SYSTEM AND METHOD FOR A GLOBAL VIRTUAL NETWORK” (Issued Apr. 21, 2020)

The Invention Explained

  • Problem Addressed: The patent and complaint identify challenges with long-distance network connectivity, including issues related to throughput, latency, protocol limitations, and peering inefficiencies that degrade user experience (Compl. ¶16; ’505 Patent, col. 1:31-34).
  • The Patented Solution: The invention describes a "global virtual network" (GVN) comprising endpoint devices, intermediate access point servers, and a control server that work together to establish optimized, end-to-end communication tunnels (’505 Patent, Abstract). This system creates what the patent calls a "neutral third layer" of a virtualized network, allowing traffic that would normally traverse the public internet to be routed through a more controlled and optimized path, increasing versatility in traffic management (Compl. ¶16; ’505 Patent, col. 34:1-11).
  • Technical Importance: The technology aims to provide the benefits of a private, optimized network (like MPLS) over standard internet connections, improving performance and reliability for distributed applications and services (Compl. ¶¶12-13).

Key Claims at a Glance

  • The complaint asserts infringement of claim 1 (Compl. ¶42). Independent claim 1 recites:
    • A network system comprising:
    • a first device in communication with a first endpoint device;
    • a second device in communication with a second endpoint device;
    • a plurality of intermediate access point servers forming a plurality of end-to-end tunnels connecting the first and second devices; and
    • a control server that receives information from the access point servers and selects one of the tunnels for communication based on that information.
  • The complaint reserves the right to assert additional claims (Compl. ¶41).

U.S. Patent No. 11,108,595: “SYSTEMS AND METHODS FOR PROVIDING A GLOBAL VIRTUAL NETWORK (GVN)”

  • Identification: Issued August 31, 2021 (Compl. ¶51).
  • Technology Synopsis: The invention addresses problems in prior art systems where devices had to interact directly to establish connections and where server availability was not a primary factor in tunnel creation (Compl. ¶17). The patented solution involves a system that develops and transmits an ordered list of available servers to build a network tunnel, prioritizing server combinations based on expected performance and other contextual information to increase network efficiency (Compl. ¶17).
  • Asserted Claims: The complaint asserts infringement of claim 1 (Compl. ¶55).
  • Accused Features: The complaint accuses VMware's network virtualization products and services that are used to establish tunnels within a GVN (Compl. ¶53).

U.S. Patent No. 11,146,632: “DATA BEACON PULSER(S) POWERED BY INFORMATION SLINGSHOT”

  • Identification: Issued October 12, 2021 (Compl. ¶64).
  • Technology Synopsis: The invention seeks to solve problems related to the "congestion and inefficiencies" of standard TCP/IP and UDP/IP protocols for data transfer over long distances (Compl. ¶18). It proposes a system of "data beacons" (DB) comprising two nodes with parallel file systems; the first node writes data to the second node's file system, which then reads the data into a queue, offering what is described as superior reliability and speed over distance (’632 patent, Ex. 4 at 5:20-32; Compl. ¶18).
  • Asserted Claims: The complaint asserts infringement of claims 1 and 7 (Compl. ¶68).
  • Accused Features: The complaint accuses VMware systems and methods for network virtualization that transfer data (Compl. ¶66).

III. The Accused Instrumentality

Product Identification

The accused instrumentalities are VMware SD-WAN, VMware NSX software-defined data center, VMware vSphere, and VMware Horizon, along with "related earlier versions" (Compl. ¶¶27, 40, 53, 66).

Functionality and Market Context

The complaint alleges these products provide network virtualization and related services (Compl. ¶27). Collectively, they form the core of VMware's software-defined data center (SDDC) and software-defined WAN (SD-WAN) offerings. These products create virtual network overlays on top of standard physical hardware, allowing for centralized control, automation, and security of network traffic for enterprises, particularly those with distributed data centers, branch offices, and cloud infrastructure (Compl. ¶¶12-14). The complaint alleges these products have significant commercial value because they implement features that utilize the patented inventions to provide convenience and efficiency for customers (Compl. ¶14).

No probative visual evidence provided in complaint.

IV. Analysis of Infringement Allegations

The complaint references preliminary infringement claim charts in Exhibits 5, 6, 7, and 8 for the ’482, ’505, ’595, and ’632 patents, respectively (Compl. ¶¶28, 41, 54, 67). However, these exhibits were not filed with the complaint. The narrative infringement theory is summarized below.

’482 Patent Infringement Allegations

The complaint alleges that VMware's products and services for virtualized network architectures implement features that utilize the patented inventions (Compl. ¶14). The infringement theory suggests that VMware's SD-WAN and NSX products create a "multi-perimeter firewall in the cloud" by deploying virtualized security functions, such as stateful and deep-packet inspection, at various points within the software-defined network, thereby meeting the limitations of the asserted claims (Compl. ¶¶15, 27).

’505 Patent Infringement Allegations

The complaint alleges that VMware's products create a "global virtual network" by operating a control server (e.g., VMware Orchestrator) and a plurality of intermediate access point servers (e.g., VMware SD-WAN Edges or Gateways) to establish and manage end-to-end tunnels for communications between devices (Compl. ¶16, 40). This architecture allegedly provides the "neutral third layer" for traffic management described in the patent.

Identified Points of Contention

  • Scope Questions: A central question may be whether the term "global virtual network" as used in the patents, which describes a specific network architecture, can be construed to read on the software-defined overlay networks created by VMware's products. For the '482 Patent, a key issue may be whether VMware's distributed security features constitute a "multi-perimeter firewall system" as claimed, or if they are architecturally distinct.
  • Technical Questions: A factual dispute may arise over how VMware's products technically operate. For example, for the '505 Patent, the analysis may focus on whether a VMware Orchestrator performs the specific functions of the claimed "control server" in selecting tunnels based on received information. For the '482 Patent, a question will be whether the accused products contain distinct "first" and "second" access point servers and corresponding "first" and "second" perimeter firewalls as recited in the claims.

V. Key Claim Terms for Construction

The Term: "multi-perimeter firewall" (’482 Patent, Claim 1)

Context and Importance

The definition of this term is central to the infringement analysis for the '482 Patent. Practitioners may focus on whether this term requires physically or logically distinct firewall components corresponding to separate "perimeters," or if it can be read broadly to cover any distributed set of security policies within a virtual network.

Intrinsic Evidence for Interpretation

  • Evidence for a Broader Interpretation: The specification describes the system as having firewalls "placed at multiple perimeters in the cloud," which could suggest a conceptual rather than strictly structural limitation ('482 Patent, col. 1:19-20).
  • Evidence for a Narrower Interpretation: The abstract and claim 1 explicitly recite a "first firewall" in communication with a "first access point server" and a "second firewall" in communication with a "second access point server," which may support an interpretation requiring at least two distinct firewall-server pairings ('482 Patent, Abstract).

The Term: "control server" (’505 Patent, Claim 1)

Context and Importance

This term is critical for mapping VMware's architecture to the claims of the '505 Patent. The dispute will likely center on whether a product like VMware's SD-WAN Orchestrator performs the specific claimed function of "receiv[ing] information from at least one of the plurality of intermediate access point servers" and "select[ing] one of the plurality of end-to-end tunnels" based on that information.

Intrinsic Evidence for Interpretation

  • Evidence for a Broader Interpretation: The specification describes the GVN as utilizing "advanced tunnels, collaborating and communicating via Application Program Interface (API), Database (DB) replication, and other methods," suggesting the control function could be part of a distributed, collaborative system (’505 Patent, col. 3:64-67).
  • Evidence for a Narrower Interpretation: Claim 1 recites a distinct "control server" element that performs both receiving and selecting steps, which could support an argument that a single, centralized component must perform these functions as claimed.

VI. Other Allegations

Indirect Infringement

The complaint alleges both induced and contributory infringement for all four patents-in-suit. The allegations for intent are based on Defendant's alleged actual knowledge of Plaintiff's intellectual property from discussions occurring around May 2016 (e.g., Compl. ¶¶30, 31, 43, 44). The complaint alleges inducement occurs through VMware's distribution of the accused products and provision of related materials and services to partners and customers (e.g., Compl. ¶32). Contributory infringement is alleged on the basis that the accused products are material components especially made for use in an infringing system and are not staple articles of commerce (e.g., Compl. ¶34).

Willful Infringement

Willfulness is alleged for all four patents-in-suit. The basis for willfulness is Defendant's alleged pre-suit knowledge of the patents and technology stemming from the May 2016 discussions (e.g., Compl. ¶¶35, 48, 61, 74).

VII. Analyst’s Conclusion: Key Questions for the Case

  • A central evidentiary question will be one of pre-suit knowledge: what was the specific content and context of the alleged May 2016 discussions between the parties, as this event is the primary factual basis for all claims of indirect and willful infringement?
  • A core issue will be one of technical mapping: do the architectural components of VMware's software-defined networking products (e.g., Orchestrators, Edges, Gateways) align with and perform the specific functions of the claimed "control server," "access point servers," and distinct "perimeter firewalls," or is there a fundamental mismatch in their structure and operation?
  • The case will likely involve a significant battle over claim construction: can terms rooted in specific network hardware concepts, such as "access point server" and "firewall," be construed broadly enough to encompass their alleged software-defined, virtualized equivalents in the accused products?