DCT

6:22-cv-01038

CTD Networks LLC v. AT&T Inc

Log In
Key Events
Amended Complaint

I. Executive Summary and Procedural Information

  • Parties & Counsel:
  • Case Identification: 6:22-cv-01038, W.D. Tex., 12/21/2022
  • Venue Allegations: Venue is asserted based on Defendant having regular and established places of business within the Western District of Texas, including a retail store located in Austin.
  • Core Dispute: Plaintiff alleges that Defendant’s AT&T Cybersecurity system infringes four patents related to distributed, agent-based network security monitoring and response.
  • Technical Context: The technology involves a security architecture where software agents installed on individual computers across a network collectively monitor for, analyze, and respond to cybersecurity threats using probabilistic models.
  • Key Procedural History: The complaint alleges Defendant had knowledge of the patents since at least February 8, 2021. Notably, after the filing of this complaint, the U.S. Patent and Trademark Office issued an Ex Parte Reexamination Certificate for the ’614 Patent which cancelled several claims, including claim 10, the only claim of the ’614 Patent asserted in this lawsuit. This subsequent development raises a fundamental question as to the viability of the infringement count related to the ’614 Patent.

Case Timeline

Date Event
2002-10-23 Priority Date for ’614 Patent
2002-12-24 Priority Date for ’442, ’470, and ’974 Patents
2012-12-04 U.S. Patent No. 8,327,442 Issued
2016-09-06 U.S. Patent No. 9,438,614 Issued
2016-11-22 U.S. Patent No. 9,503,470 Issued
2021-02-08 Alleged Pre-Suit Knowledge of Patents-in-Suit
2021-11-09 U.S. Patent No. 11,171,974 Issued
2022-12-21 Complaint Filed
2023-12-14 Ex Parte Reexamination Certificate Issued for ’614 Patent (cancelling asserted claim 10)

II. Technology and Patent(s)-in-Suit Analysis

U.S. Patent No. 8,327,442 - "System and method for a distributed application and network security system (SDI-SCAM)," issued December 4, 2012

The Invention Explained

  • Problem Addressed: The patent addresses the vulnerability of computer networks to coordinated attacks, noting that traditional security systems are often too slow to react, allowing a virus several days to spread and cause damage before a countermeasure can be developed and disseminated (U.S. Patent No. 8,327,442, col. 4:32-44).
  • The Patented Solution: The invention proposes a distributed security system, termed "SDI-SCAM," where intelligent software agents reside on each computer in a network. These agents constantly monitor and share information, allowing the system as a whole to pool data, build statistical models of normal and abnormal activity, and automatically distribute countermeasures in real-time to provide a uniform and adaptive level of security across the entire network (’442 Patent, Abstract; col. 4:45-54).
  • Technical Importance: This approach seeks to shift cybersecurity from a reactive, machine-by-machine defense to a proactive, network-wide "immune system" capable of identifying and countering novel threats far more quickly than human-dependent methods.

Key Claims at a Glance

  • The complaint asserts independent claim 1.
  • Essential elements of claim 1 include:
    • A distributed security system protecting individual computers in a network.
    • Agents on each computer that perform steps including:
      • creating statistical models of usage;
      • gathering and analyzing information about current usage;
      • determining a usage pattern consistent with an intrusion or attack;
      • determining a probability of the likelihood of an attack;
      • distributing warnings and countermeasures in real-time when the probability exceeds a threshold;
      • scheduling anti-viral software updates based on different probability levels; and
      • suspending the schedule to provide an immediate update when an attack is detected.
  • The complaint reserves the right to assert other claims (Compl. ¶20).

U.S. Patent No. 9,438,614 - "Sdi-scam," issued September 6, 2016

The Invention Explained

  • Problem Addressed: The shared patent specification describes the challenge of "asymmetric" cyber warfare, where attackers with limited resources can inflict significant damage on large, complex software systems, creating a "negative progress situation" where defensive efforts are disproportionately expensive and slow (’974 Patent, col. 1:50-67).
  • The Patented Solution: The invention describes a "distributed agent-based model" that functions like an "immune system for software" (’974 Patent, col. 2:9-15). This system uses a large number of simple agents that employ Bayesian analysis to estimate the probability that a pattern of activity is hostile. When a threat is detected, the system can automatically initiate defensive measures, such as raising firewalls or switching to a backup system (’974 Patent, col. 2:30-43; col. 5:4-11).
  • Technical Importance: The use of probabilistic models like Bayesian networks allows the system to identify not just known threats but also novel, previously unseen patterns of attack by flagging them as anomalous deviations from established baselines.

Key Claims at a Glance

  • The complaint asserts independent claim 10.
  • Essential elements of claim 10 include:
    • A system that detects the state of a computer network.
    • A plurality of distributed agents designed for adaptive learning and probabilistic analysis.
    • The agents passively collect, monitor, aggregate, and analyze data to identify similar patterns of suspicious activity indicative of an attack.
    • The agents determine if a "probability threshold of suspicious activity" has been exceeded.
    • When the threshold is exceeded, the system alerts other agents, a central server, or a human operator.
  • The complaint reserves the right to assert other claims (Compl. ¶29).

U.S. Patent No. 9,503,470 - "Distributed agent based model for security and response," issued November 22, 2016

  • Technology Synopsis: This patent, from the same family, describes a distributed security architecture that protects individual client computers. The system pools and analyzes information gathered from machines across a network to rapidly detect patterns consistent with an attack and then distributes warnings and countermeasures to each machine (U.S. Patent No. 9,503,470, Abstract).
  • Asserted Claims: The complaint asserts at least claim 1 (Compl. ¶38).
  • Accused Features: The complaint alleges that AT&T's AT&T Cybersecurity system infringes the patent (Compl. ¶38).

U.S. Patent No. 11,171,974 - "Distributed agent based model for security monitoring and response," issued November 9, 2021

  • Technology Synopsis: This patent, also from the same family, details a distributed security system (SDI-SCAM) that uses software agents to protect computers. The agents pool information, use probabilistic analysis to assess the likelihood of an intrusion based on detected patterns, and distribute warnings and potential countermeasures to machines on the network (’974 Patent, Abstract).
  • Asserted Claims: The complaint asserts at least claim 1 (Compl. ¶47).
  • Accused Features: The complaint alleges that AT&T's AT&T Cybersecurity system infringes the patent (Compl. ¶47).

III. The Accused Instrumentality

Product Identification

The accused instrumentality is identified as "AT&T's AT&T Cybersecurity system" (Compl. ¶18).

Functionality and Market Context

The complaint provides minimal technical detail about the accused system's specific functionality or operation, instead referencing a general marketing URL (AT&T Cybersecurity) (Compl. ¶18). The complaint alleges the accused products are available to businesses and individuals throughout the United States (Compl. ¶25). No specific features of the AT&T Cybersecurity system are described or mapped to the patent claims within the body of the complaint itself.

No probative visual evidence provided in complaint.

IV. Analysis of Infringement Allegations

The complaint states that attached exhibits describe how the accused products infringe exemplary claims of the patents-in-suit (Compl. ¶¶ 27, 36). As these exhibits were not publicly available at the time of this analysis, it is not possible to conduct a detailed, element-by-element review of the infringement allegations. The complaint’s narrative infringement theory is limited to general assertions that the Defendant infringes "by making, using, testing, selling, offering for sale and/or importing" the Accused Products (e.g., Compl. ¶20, ¶29).

Identified Points of Contention

  • Viability of Claim: A threshold legal question is whether Count II, which asserts infringement of claim 10 of the ’614 Patent, presents a valid cause of action. Public records indicate that claim 10 was cancelled during an ex parte reexamination proceeding that concluded after this complaint was filed, which may render the count moot.
  • Evidentiary Questions: As the complaint lacks specific factual allegations mapping product features to claim elements, a central issue will be the evidence Plaintiff proffers to meet its pleading and proof burdens. Key questions include:
    • What evidence will show that the AT&T Cybersecurity system creates "statistical models of usage" and schedules updates based on "different levels of probability," as required by claim 1 of the ’442 Patent?
    • What evidence will demonstrate that the accused system performs a "probabilistic analysis" to determine if a "probability threshold" is exceeded, as required by claim 10 of the ’614 Patent?

V. Key Claim Terms for Construction

"statistical models of usage" (from claim 1 of the ’442 Patent)

  • Context and Importance: This term defines the core analytical engine of the claimed invention. The scope of this term will be critical to determining whether the analytical methods used by the AT&T Cybersecurity system fall within the claim.
  • Intrinsic Evidence for Interpretation:
    • Evidence for a Broader Interpretation: The specification describes the system’s use of a "Belief network" and the generation of a "probabilistic estimate" (’442 Patent, col. 6:47-50), language which may support a construction covering a wide range of statistical and probabilistic techniques.
    • Evidence for a Narrower Interpretation: The detailed description provides specific examples of patterns to be analyzed, such as "log-ins at particular time intervals or frequencies" or "log-ins from suspect IPs" (’442 Patent, col. 8:31-34). A defendant may argue these examples limit the term to models based on such specific, enumerated user activities.

"probabilistic analysis" (from claim 10 of the ’614 Patent)

  • Context and Importance: Practitioners may focus on this term because its construction is central to the infringement analysis for the ’614 patent, should that count proceed. The definition will determine what type of analytical process constitutes infringement.
  • Intrinsic Evidence for Interpretation:
    • Evidence for a Broader Interpretation: The specification broadly refers to using "probabilistic estimate determination" and statistical modeling, which could be argued to encompass any analysis that calculates a likelihood of an event (’614 Patent, col. 10:48-55).
    • Evidence for a Narrower Interpretation: The shared specification repeatedly and specifically discloses the use of a "Bayesian Belief Network" and "Bayesian analysis" to estimate probabilities (’614 Patent, col. 5:48-51). This repeated emphasis may support an argument that "probabilistic analysis" should be construed more narrowly to mean, or at least require, a Bayesian approach.

VI. Other Allegations

Willful Infringement

The complaint alleges that Defendant's infringement has been willful, asserting that Defendant has had knowledge of its infringement of the patents-in-suit "since at least February 8, 2021" (Compl. ¶¶ 22, 31, 40). The willfulness allegation is further supported by claims that Defendant "made no attempt to design around the claims" and "did not have a reasonable basis for believing that the claims of the [patents] were invalid" (e.g., Compl. ¶¶ 23-24, 32-33).

VII. Analyst’s Conclusion: Key Questions for the Case

  • A threshold issue for the case will be one of viability: can Plaintiff’s infringement claim on the ’614 Patent proceed given that the sole asserted claim was cancelled by the USPTO in a reexamination proceeding that concluded after the complaint was filed?
  • A central evidentiary question will be one of technical proof: because the complaint's specific infringement theory relies on unprovided exhibits, a key focus will be on the evidence Plaintiff introduces to show that the accused AT&T Cybersecurity system actually performs the specific data analysis and response functions recited in the patent claims, such as creating "statistical models of usage" and performing "probabilistic analysis."
  • A likely point of dispute will be one of claim scope: the case may turn on whether core terms like "statistical models of usage" and "probabilistic analysis" are interpreted broadly to cover general statistical methods, or are construed more narrowly to require the specific "Bayesian network" approach detailed in the patents' shared specification.