DCT

6:22-cv-01038

CTD Networks LLC v. AT&T Inc

Log In

I. Executive Summary and Procedural Information

  • Parties & Counsel:
  • Case Identification: 6:22-cv-01038, W.D. Tex., 10/05/2022
  • Venue Allegations: Plaintiff alleges venue is proper because Defendant has committed acts of infringement in the district and maintains regular and established places of business, including a specific retail location in Austin, Texas.
  • Core Dispute: Plaintiff alleges that Defendant’s AT&T Cybersecurity system infringes four patents related to distributed, agent-based network security systems that collectively monitor, analyze, and respond to threats.
  • Technical Context: The technology involves creating a collective "immune system" for computer networks, where distributed software agents share threat data in real-time to enable a more rapid and adaptive defense than standalone security solutions.
  • Key Procedural History: The four asserted patents are part of a single family, with the '974, '470, and '442 patents sharing a common priority claim. This extensive shared prosecution history and specification may be a significant factor in claim construction and potential validity challenges. Plaintiff alleges Defendant had knowledge of the '442, '614, and '470 patents since February 8, 2021, but does not allege a specific date of knowledge for the more recently issued '974 patent.

Case Timeline

Date Event
2002-10-23 Priority Date for U.S. Patent No. 9,438,614
2002-12-24 Priority Date for U.S. Patent Nos. 8,327,442 & 9,503,470 & 11,171,974
2012-12-04 U.S. Patent No. 8,327,442 Issued
2016-09-06 U.S. Patent No. 9,438,614 Issued
2016-11-22 U.S. Patent No. 9,503,470 Issued
2021-02-08 Alleged Date of Defendant's Knowledge of '442, '614, '470 Patents
2021-11-09 U.S. Patent No. 11,171,974 Issued
2022-10-05 Complaint Filed

II. Technology and Patent(s)-in-Suit Analysis

U.S. Patent No. 8,327,442

  • Patent Identification: U.S. Patent No. 8,327,442, titled "System and method for a distributed application and network security system (SDI-SCAM)," issued on December 4, 2012 (’442 Patent, Compl. ¶12).
  • The Invention Explained:
    • Problem Addressed: The patent identifies the vulnerability of computer networks to unauthorized intrusions and notes that existing security systems are often focused on individual machines, making them slow to detect and counteract coordinated, network-level attacks (’442 Patent, col. 1:21-41).
    • The Patented Solution: The invention proposes a distributed security system where software "agents" installed on individual computers constantly pool and analyze information from across the entire network. This collective intelligence allows the system to rapidly detect patterns consistent with an attack and then distribute warnings and countermeasures to all machines, functioning as a real-time, network-wide immune system (’442 Patent, Abstract; col. 1:42-2:4).
    • Technical Importance: The technology aimed to create a more resilient and adaptive security paradigm capable of responding to sophisticated, coordinated cyber threats in real-time, a departure from more static, single-point security solutions (’442 Patent, col. 1:42-2:4).
  • Key Claims at a Glance:
    • The complaint asserts at least independent claim 1 (Compl. ¶20).
    • The essential elements of claim 1 include:
      • A distributed security system comprising individual computers with associated "agents" that control them.
      • Each agent performs steps including: "creating statistical models of usage", "gathering and analyzing information", "determining... a pattern of usage" consistent with an intrusion, and "determining a probability of the likelihood of an intrusion".
      • The system "distribut[es] in real-time warnings and potential countermeasures" when the determined probability exceeds a threshold.
      • The agents update the statistical models.
      • The agents schedule "different anti-viral software updates based on different levels of probability of an intrusion or attack".
      • The agents suspend the schedule and provide an immediate update when an attack is detected.
    • The complaint reserves the right to assert additional claims (Compl. ¶27).

U.S. Patent No. 9,438,614

  • Patent Identification: U.S. Patent No. 9,438,614, titled "Sdi-scam," issued on September 6, 2016 (’614 Patent, Compl. ¶13).
  • The Invention Explained:
    • Problem Addressed: The patent addresses the challenge of detecting threats to a computer network by using passive data analysis techniques to identify abnormal conditions ('614 Patent, col. 1:13-17).
    • The Patented Solution: The invention is a distributed multi-agent system that performs real-time collection, monitoring, and modeling of network operations. By constructing and dynamically updating analytical models, the system can identify abnormal or suspicious states, implement statistical flagging, and recommend or execute countermeasures to neutralize threats ('614 Patent, Abstract; col. 2:2-15).
    • Technical Importance: The technology represents a move toward a flexible, scalable security architecture that can adapt to new threats by leveraging collective intelligence from across a network, rather than relying solely on static, pre-defined security rules ('614 Patent, col. 2:44-65).
  • Key Claims at a Glance:
    • The complaint asserts at least independent claim 10 (Compl. ¶29).
    • The essential elements of claim 10 include:
      • A system that detects the state of a computer network.
      • The system comprises a plurality of "distributed agents designed for adaptive learning and probabilistic analysis".
      • The agents perform functions including "passively collecting, monitoring, aggregating and pattern analyzing data" to identify similar patterns of suspicious activity indicative of an attack.
      • The system determines if a "probability threshold" has been exceeded by said similar patterns.
      • If the threshold is exceeded, the system alerts "other agents, a central server, and/or a human operator".
    • The complaint reserves the right to assert additional claims (Compl. ¶36).

Multi-Patent Capsule: U.S. Patent No. 9,503,470

  • Patent Identification: U.S. Patent No. 9,503,470, "Distributed agent based model for security and response," issued November 22, 2016 (’470 Patent, Compl. ¶14).
  • Technology Synopsis: The patent describes a distributed security system (SDI-SCAM) where agents on individual computers collaboratively pool and analyze information to detect attack patterns. The system is designed to be adaptive, autonomous, and automatic, functioning like a software "immune system" that can identify and counter even novel threats in real-time using Bayesian models and collective network intelligence (’470 Patent, Abstract; col. 2:5-21).
  • Asserted Claims: At least claim 1 (Compl. ¶38).
  • Accused Features: The AT&T Cybersecurity system is accused of infringement (Compl. ¶18, ¶38).

Multi-Patent Capsule: U.S. Patent No. 11,171,974

  • Patent Identification: U.S. Patent No. 11,171,974, "Distributed agent based model for security monitoring and response," issued November 9, 2021 (’974 Patent, Compl. ¶15).
  • Technology Synopsis: This patent discloses a distributed security system where agents on client machines collect and analyze network information to identify patterns consistent with intrusion or attack. Upon detection, the system distributes warnings and countermeasures, which may include probabilistic assessments of the threat's nature to recommend the most appropriate response, thereby creating a shared, real-time network defense (’974 Patent, Abstract; col. 4:31-55).
  • Asserted Claims: At least claim 1 (Compl. ¶47).
  • Accused Features: The AT&T Cybersecurity system is accused of infringement (Compl. ¶18, ¶47).

III. The Accused Instrumentality

  • Product Identification: The accused instrumentality is Defendant's AT&T Cybersecurity system, identified by the URL AT&T Cybersecurity (Compl. ¶18).
  • Functionality and Market Context: The complaint alleges that the Accused Products are made, used, sold, and offered for sale throughout the United States to businesses and individuals (Compl. ¶20, ¶25). The complaint does not provide sufficient detail for analysis of the specific technical functionality of the AT&T Cybersecurity system, instead identifying it only by its commercial name and associated URL (Compl. ¶18). No probative visual evidence provided in complaint.

IV. Analysis of Infringement Allegations

The complaint provides no narrative infringement theory in its body. For each asserted patent, it alleges infringement and states that an attached exhibit (Exhibits E, F, G, and H, respectively) contains a claim chart describing the infringement (Compl. ¶27, ¶36, ¶45, ¶52). As these exhibits were not provided with the complaint document, a claim chart summary cannot be constructed. The analysis below identifies potential points of contention based on the language of the asserted claims.

Identified Points of Contention (’442 Patent)

  • Scope Questions: Claim 1 requires a system of distributed "agents" that perform a specific, multi-step process. A central question for the court will be whether the architecture of the AT&T Cybersecurity system maps to this claimed "agent" structure or if it operates on a different paradigm (e.g., centralized cloud analysis) that falls outside the claim's scope.
  • Technical Questions: The claim recites a highly specific function: scheduling "different anti-viral software updates based on different levels of probability of an intrusion or attack." A key factual question will be whether the plaintiff can provide evidence that the accused system performs this precise, probability-based, differentiated update scheduling, as distinct from a more general security update or threat response mechanism.

Identified Points of Contention (’614 Patent)

  • Scope Questions: Claim 10 of the '614 Patent requires "distributed agents designed for adaptive learning and probabilistic analysis." A key issue for claim construction will be the scope of "adaptive learning." The court will have to determine whether this term encompasses any system that updates its threat models based on new data, or if it is implicitly limited to the specific Bayesian network models discussed in the shared patent specification.
  • Technical Questions: The claim requires "alerting other agents, a central server, and/or a human operator" when a "probability threshold" is exceeded. An evidentiary question will be whether the accused system's alert functions are specifically triggered by a calculated "probability threshold" as required by the claim, or by other logical rules, and whether the alerts are sent to the specific types of recipients listed.

V. Key Claim Terms for Construction

For the ’442 Patent

  • The Term: "agent" (from claim 1)
  • Context and Importance: The entire claim is structured around the functions performed by these "agents". The definition of this term is critical, as it will determine whether AT&T's system, which may utilize a different architecture (e.g., cloud-based sensors and centralized analysis), can be said to possess the claimed "agents."
  • Intrinsic Evidence for Interpretation:
    • Evidence for a Broader Interpretation: The specification provides a functional definition, stating an agent is an "entity that can be loaded onto any node(s) of a network" and can be implemented in "software, through hardware, through human interaction, or some combination thereof" (’442 Patent, col. 4:59-64). This language may support a broad interpretation not tied to a specific software structure.
    • Evidence for a Narrower Interpretation: The specification also describes that in a "preferred embodiment... every machine linked into the system is loaded with an SDI-SCAM agent" (’442 Patent, col. 4:64-66). This, combined with figures depicting agents as discrete blocks on client machines, may support a narrower construction requiring a distinct software component residing on each protected node.

For the ’614 Patent

  • The Term: "adaptive learning" (from claim 10)
  • Context and Importance: This term is central to how the patented system improves its threat detection over time. Its construction will be a focal point of the infringement dispute, determining whether the methods used by the AT&T Cybersecurity system to update its threat intelligence fall within the claim's scope.
  • Intrinsic Evidence for Interpretation:
    • Evidence for a Broader Interpretation: The '614 Patent itself does not appear to provide an explicit definition for "adaptive learning." A plaintiff may argue for its plain and ordinary meaning, which could encompass any system that modifies its behavior or models in response to new data.
    • Evidence for a Narrower Interpretation: The shared specification of the patent family repeatedly references the use of a "Belief network" or "Bayesian network" to model threats (’442 Patent, col. 5:44-46). A defendant may argue that the term "adaptive learning" should be limited by this context to these specific types of probabilistic modeling techniques disclosed in the specification.

VI. Other Allegations

  • Indirect Infringement: The complaint includes a general allegation of indirect infringement, but it does not plead specific facts to support the elements of knowledge and intent for either induced or contributory infringement (Compl. ¶3). For example, there are no allegations related to user manuals, marketing materials, or other instructions that would encourage infringing acts.
  • Willful Infringement: The complaint alleges willful infringement for all four patents-in-suit (Compl. ¶21, ¶30, ¶39, ¶48). The basis for willfulness for the '442, '614, and '470 patents is an allegation of pre-suit knowledge dating back to "at least February 8, 2021" (Compl. ¶22, ¶31, ¶40). Notably, the complaint does not allege a specific date for pre-suit knowledge regarding the '974 patent, which issued in November 2021 (Compl. ¶46-52).

VII. Analyst’s Conclusion: Key Questions for the Case

  • A core issue will be one of evidentiary sufficiency: The complaint provides no narrative infringement theory, relying entirely on external claim charts not included with the filing. A key question for the court will therefore be whether the plaintiff can produce sufficient technical evidence to demonstrate that the specific architectural components and data processing functions of the AT&T Cybersecurity system map onto the detailed, multi-step processes required by the asserted claims.
  • A central dispute will be one of claim construction: The viability of the infringement case will likely turn on the scope afforded to key terms such as "agent" and "adaptive learning." The court's interpretation will determine whether these terms are construed broadly enough to read on AT&T's potentially different cybersecurity architecture, or if they are limited to the specific embodiments, such as node-resident software and Bayesian networks, described in the patents' common specification.
  • A key factual question for trial will relate to willfulness and damages: The plaintiff's allegation of a specific pre-suit knowledge date for three of the four patents will require factual proof to support a claim for enhanced damages. The absence of such an allegation for the most recently issued '974 patent raises a question about the basis and scope of the willfulness claim for that patent.