DCT
1:23-cv-01364
QuickVault Inc v. Tanium Inc
I. Executive Summary and Procedural Information
- Parties & Counsel:
- Plaintiff: QuickVault, Inc. (Georgia)
- Defendant: Tanium Inc. (Delaware)
- Plaintiff’s Counsel: OhanianIP; Hill, Kertscher & Wharton, LLP
- Case Identification: 1:23-cv-01364, W.D. Tex., 11/07/2023
- Venue Allegations: Plaintiff alleges venue is proper in the Western District of Texas because Defendant has committed acts of infringement in the district and regularly conducts business there, including hosting an annual conference in Austin.
- Core Dispute: Plaintiff alleges that Defendant’s Converged Endpoint Management (XEM) Platform infringes a patent related to forensic data tracking and endpoint security.
- Technical Context: The technology concerns systems for monitoring computer endpoints within a network to discover, classify, and track sensitive information, enabling remediation of policy violations and prediction of security risks.
- Key Procedural History: The complaint does not mention any prior litigation, Inter Partes Review (IPR) proceedings, or licensing history related to the patent-in-suit.
Case Timeline
| Date | Event |
|---|---|
| 2014-09-12 | U.S. Patent No. 9,961,092 Priority Date |
| 2018-05-01 | U.S. Patent No. 9,961,092 Issued |
| 2023-11-07 | Complaint Filed |
II. Technology and Patent(s)-in-Suit Analysis
- Patent Identification: U.S. Patent No. 9,961,092, issued May 1, 2018.
U.S. Patent No. 9,961,092 - Method and System for Forensic Data Tracking
The Invention Explained
- Problem Addressed: The patent describes the problem of sensitive data, such as Protected Health Information (PHI), leaking outside of secure, authorized environments (e.g., via email, USB drives, or public cloud storage). It notes that existing Data Loss Prevention (DLP) tools are not always effective at preventing such data leakage. (’092 Patent, col. 2:28-52).
- The Patented Solution: The invention proposes a "Forensic Computing Platform" that centrally tracks the movement of data across various authorized and unauthorized devices. The system uses software agents on endpoints to scan files, classify them based on content, and send metadata logs about file activity to a cloud control server. This server analyzes the logs to monitor data movement, enforce policies, and detect potential security breaches. (’092 Patent, Abstract; Fig. 1; col. 3:30-40).
- Technical Importance: This technology aims to provide "Data Provenance," a term used to describe the ability to understand the origin and history of data, which is a key component of regulatory frameworks like HIPAA that govern the handling of sensitive information. (’092 Patent, col. 2:1-7).
Key Claims at a Glance
- The complaint asserts independent claim 1. (Compl. ¶19).
- The essential elements of independent claim 1 include:
- A forensic computing platform deployed as a cloud control server with an analytic component, reporting component, alerting component, policy database, user database, meta database, and settings database.
- At least one endpoint with modules to detect, classify, delete, encrypt, and redact data.
- The platform is configured to execute steps including:
- receiving a meta log from the endpoint containing a file name, data element tags, date information, a user name, and an endpoint ID.
- storing the meta log in the meta database.
- analyzing the data element tags based on a configured setting and criteria.
- determining that a data classification is inappropriate for the file.
- remediating the file (e.g., encrypting, deleting, or redacting data).
- The complaint does not explicitly reserve the right to assert dependent claims.
III. The Accused Instrumentality
Product Identification
- Tanium's Converged Endpoint Management ("XEM") Platform (the "Accused Product"). (Compl. ¶5).
Functionality and Market Context
- The complaint alleges the Accused Product permits network administrators to "see, control, and remediate every endpoint" on a network. (Compl. ¶5).
- Its functionality is described as involving the deployment of software on endpoints to "detect, classify, and track data" and to allow remote administrators to "monitor and remediate policy violations as they occur." (Compl. ¶6).
- The complaint alleges that administrators are alerted to policy violations and provided with remediation options. (Compl. ¶6).
- No probative visual evidence provided in complaint.
IV. Analysis of Infringement Allegations
The complaint references a detailed infringement analysis in an attached Exhibit B, which was not included with the provided filing. (Compl. ¶19, ¶20, ¶21, ¶22). Therefore, the infringement theory is summarized below based on the narrative allegations in the complaint body.
The complaint alleges that Tanium’s XEM Platform directly and indirectly infringes at least claim 1 of the ’092 Patent. (Compl. ¶18, ¶19, ¶20). The core of the infringement theory appears to be that the XEM Platform’s functionality maps onto the elements of the patented system. The allegation that the Accused Product deploys software on endpoints to "detect, classify, and track data" may be intended to meet the claim requirement of a system that receives a "meta log" from an endpoint containing information such as data classification and data element tags. (Compl. ¶6; ’092 Patent, Claim 1). Further, the complaint's description of the XEM Platform enabling administrators to "monitor and remediate policy violations," receive alerts, and select from "multiple remediation options" may be intended to correspond to the claim limitations of analyzing the meta log, determining a data classification is inappropriate, and performing a remediation step. (Compl. ¶6; ’092 Patent, Claim 1).
- Identified Points of Contention:
- Technical Questions: The complaint provides a high-level functional description of the Accused Product without detailing its specific operations. A central question will be whether the XEM Platform actually generates and transmits a data structure that meets the definition of the claimed "meta log" containing all the required information (file name, data element tags, date, user name, endpoint ID).
- Scope Questions: The infringement analysis may turn on whether the general function of "remediat[ing] policy violations" in the Accused Product performs the specific, multi-step process recited in the claim: analyzing tags, determining a classification is "inappropriate," and then remediating. The sequence and specific nature of these steps as claimed will be a focus.
V. Key Claim Terms for Construction
"meta log"
- Context and Importance: This term defines the core data structure communicated from the endpoint to the central server. The scope of this term is critical, as Plaintiff must prove that the Accused Product generates and transmits a structure containing all the information required by the claim's definition of a "meta log."
- Intrinsic Evidence for Interpretation:
- Evidence for a Broader Interpretation: The specification describes the meta log as containing details "such as: file name, data classification, date created or modified, user name, and endpoint ID," which could suggest the list is exemplary rather than exhaustive. (’092 Patent, col. 3:20-23).
- Evidence for a Narrower Interpretation: Claim 1 recites that the meta log contains a specific list of five distinct data types. A defendant may argue that this defines the term and that an accused system must be shown to transmit a single data structure containing all five of these elements to infringe.
"data element tags"
- Context and Importance: This term is a key component of the "meta log" and is the basis for the "analyzing" step. Its construction will determine what kind of information the endpoint agent must be shown to generate. Practitioners may focus on this term because it appears to require more than simple file metadata (like name or date), pointing instead to content-based indicators.
- Intrinsic Evidence for Interpretation:
- Evidence for a Broader Interpretation: The specification provides a broad description, stating that tags "are indictors that specific fields or types of data are included within the file," and gives examples including a person's name, phone number, credit card number, or diagnosis code. (’092 Patent, col. 5:36-42).
- Evidence for a Narrower Interpretation: A defendant may argue that "tags" implies a specific data format distinct from the raw data itself, rather than just the presence of certain text strings within a file.
VI. Other Allegations
Indirect Infringement
- The complaint alleges active inducement, asserting that Tanium's provision of the Accused Product to its customers, along with its product website, YouTube tutorials, and other documentation, "intentionally instructs and encourages customers to use the Accused Product in infringing manners." (Compl. ¶20, ¶22).
Willful Infringement
- The complaint does not contain a separate count for willful infringement. It alleges that Tanium has had knowledge of its infringement "at least as of the service and filing of this Complaint." (Compl. ¶21). The prayer for relief seeks a finding that the case is "exceptional" under 35 U.S.C. § 285, which is often associated with findings of willful infringement or litigation misconduct. (Compl. p. 7, ¶E).
VII. Analyst’s Conclusion: Key Questions for the Case
- A core issue will be one of evidentiary proof: Given the complaint’s high-level allegations, the case will likely depend on whether discovery reveals that the Tanium XEM Platform’s technical operation aligns with the specific, multi-part process recited in claim 1. The focus will be on the actual data structures transmitted from Tanium’s endpoint agents and the precise logic used to trigger alerts and remediation actions.
- A key legal question will be claim construction: The dispute may turn on the definition of "meta log." The court will need to determine whether this term requires a single data structure containing all recited informational components, or if the elements can be collected and transmitted in a more distributed fashion, which could significantly broaden or narrow the scope of the claim.