DCT

6:22-cv-01039

CTD Networks LLC v. Cisco Systems Inc

Log In

I. Executive Summary and Procedural Information

  • Parties & Counsel:
  • Case Identification: 6:22-cv-01039, W.D. Tex., 10/05/2022
  • Venue Allegations: Venue is alleged based on Defendant’s regular and established places of business within the Western District of Texas, including a specific office address in San Antonio.
  • Core Dispute: Plaintiff alleges that Defendant’s Cisco Cloud Solutions system infringes four patents related to distributed, agent-based network security monitoring and response systems.
  • Technical Context: The technology concerns network security systems that use distributed software agents to cooperatively monitor network traffic, identify threats, and deploy countermeasures, a foundational concept in modern cybersecurity.
  • Key Procedural History: The complaint alleges that Defendant has had knowledge of its infringing activities concerning the ’442, ’614, and ’470 patents since at least February 9, 2021, which may form the basis for the willfulness allegations.

Case Timeline

Date Event
2002-10-23 ’614 Patent Priority Date
2002-12-24 ’442, ’470, and ’974 Patent Priority Date
2012-12-04 ’442 Patent Issued
2016-09-06 ’614 Patent Issued
2016-11-22 ’470 Patent Issued
2021-02-09 Alleged date of Defendant’s knowledge of infringement for ’442, ’614, and ’470 Patents
2021-11-09 ’974 Patent Issued
2022-10-05 Complaint Filed

II. Technology and Patent(s)-in-Suit Analysis

U.S. Patent No. 8,327,442 - "System and method for a distributed application and network security system (SDI-SCAM)"

  • Patent Identification: U.S. Patent No. 8,327,442, “System and method for a distributed application and network security system (SDI-SCAM),” issued December 4, 2012.

The Invention Explained

  • Problem Addressed: The patent describes the vulnerability of computer networks to unauthorized intrusions, noting that existing security systems focusing on individual machines struggle to control coordinated, network-level threats where damage can spread rapidly before a countermeasure is developed (’442 Patent, col. 1:19-41).
  • The Patented Solution: The invention proposes a distributed security system where software "agents" on individual computers constantly pool and analyze information from across the network. This collective analysis allows the system to quickly detect attack patterns that are invisible at the single-machine level and then distribute warnings and countermeasures to all protected machines in real-time (’442 Patent, Abstract; col. 2:18-35).
  • Technical Importance: This approach represented a shift from isolated, machine-level security to a cooperative, network-wide "immune system" capable of real-time, collective defense against emerging and coordinated cyber threats (’442 Patent, col. 2:1-4).

Key Claims at a Glance

  • The complaint asserts independent claim 1 (’442 Patent, Compl. ¶20).
  • Claim 1 is a method claim with the following essential steps:
    • Creating statistical models of usage of an associated individual computer.
    • Gathering and analyzing information relating to the current usage of the computer.
    • Determining from the information a pattern of usage consistent with an intrusion or attack.
    • Determining a probability of the likelihood of the intrusion or attack from said pattern.
    • Distributing real-time warnings and potential countermeasures to agents when the determined probability exceeds a threshold.
    • Updating the statistical models to reflect current usage and the likelihood of attack.
  • The complaint reserves the right to assert other claims (’442 Patent, Compl. ¶20).

U.S. Patent No. 9,438,614 - "Sdi-scam"

  • Patent Identification: U.S. Patent No. 9,438,614, “Sdi-scam,” issued September 6, 2016.

The Invention Explained

  • Problem Addressed: The patent addresses the need for a system that can perform real-time collection, monitoring, and modeling of network operations to rapidly identify and characterize abnormal or suspicious conditions within a computer network environment (’614 Patent, Abstract).
  • The Patented Solution: The invention is a distributed multi-agent system where agents are deployed across a network to collect data. Analytical models are then constructed from this data to distinguish normal system states from abnormal ones, allowing the system to identify threats and implement or recommend countermeasures (’614 Patent, col. 4:1-24).
  • Technical Importance: The technology provides a flexible and scalable architecture for a dynamic, model-based security system that can be built on top of existing security platforms to enhance their efficiency and responsiveness (’614 Patent, col. 4:51-64).

Key Claims at a Glance

  • The complaint asserts independent claim 10 (’614 Patent, Compl. ¶29).
  • Claim 10 is a system claim with the following essential components:
    • A plurality of distributed agents designed for adaptive learning and probabilistic analysis.
    • The agents are configured for passively collecting, monitoring, aggregating, and pattern analyzing data to identify similar patterns of suspicious activities indicative of an attack.
    • The agents determine if a probability threshold for suspicious activity has been exceeded by said similar patterns.
    • Upon exceeding the threshold, the agents alert other agents, a central server, and/or a human operator.
  • The complaint reserves the right to assert other claims (’614 Patent, Compl. ¶29).

U.S. Patent No. 9,503,470 - "Distributed agent based model for security monitoring and response"

  • Patent Identification: U.S. Patent No. 9,503,470, “Distributed agent based model for security monitoring and response,” issued November 22, 2016.
  • Technology Synopsis: The ’470 patent describes a distributed, agent-based security model that uses Bayesian analysis to estimate the probability of various threat vectors based on collected network data (’470 Patent, col. 4:22-27). The system uses this probabilistic model to tune its response to new threats and can leverage cloud computing and "honey pot" reference systems to validate and calibrate the model (’470 Patent, col. 4:36-41, 61-64).
  • Asserted Claims: The complaint asserts at least claim 1 (Compl. ¶38).
  • Accused Features: The complaint accuses Cisco's Cloud Solutions system of infringing the ’470 Patent (Compl. ¶¶18, 38).

U.S. Patent No. 11,171,974 - "Distributed agent based model for security monitoring and response"

  • Patent Identification: U.S. Patent No. 11,171,974, “Distributed agent based model for security monitoring and response,” issued November 9, 2021.
  • Technology Synopsis: The ’974 patent, which is a continuation of the '470 patent, details a distributed security architecture (SDI-SCAM) that pools and analyzes information from machines across a network to detect attack patterns (’974 Patent, Abstract). Upon detection, the system distributes warnings and potential countermeasures, which may include a probability distribution of the attack's likelihood and characteristics to help recommend the most effective response (’974 Patent, Abstract).
  • Asserted Claims: The complaint asserts at least claim 1 (Compl. ¶47).
  • Accused Features: The complaint accuses Cisco's Cloud Solutions system of infringing the ’974 Patent (Compl. ¶¶18, 47).

III. The Accused Instrumentality

Product Identification

  • The accused instrumentality is identified as "Cisco's Cisco Cloud Solutions system" (Compl. ¶18).

Functionality and Market Context

  • The complaint alleges this is a system offered by Cisco but does not provide specific details on its technical operation or architecture, instead pointing to a high-level marketing URL (Compl. ¶18).
  • The complaint alleges that the Accused Products are commercially significant and available to businesses and individuals throughout the United States (Compl. ¶25).
  • The complaint does not provide sufficient detail for a technical analysis of the accused system's specific functionality. No probative visual evidence provided in complaint.

IV. Analysis of Infringement Allegations

The complaint references claim chart exhibits (Exhibits E, F, G, and H) that purport to describe how the accused system infringes the patents-in-suit (Compl. ¶¶ 27, 36, 45, 52). As these exhibits are not attached to the publicly filed complaint, the specific, element-by-element infringement theories are not available for analysis. The narrative of the complaint alleges that the Defendant’s Accused Products directly infringe the asserted claims by making, using, testing, selling, or offering for sale products that practice the claimed inventions (Compl. ¶¶ 20, 29, 38, 47).

  • Identified Points of Contention:
    • Scope Questions: The patents-in-suit use broad, functional terms conceived in the early 2000s, such as "distributed agent" and "statistical models of usage." A central question for the court will be whether the components and processes of Cisco's modern, multifaceted cloud architecture fall within the scope of these terms as defined and used in the patent specifications.
    • Technical Questions: The complaint lacks specific factual allegations linking the accused system's operations to the claimed elements. A key evidentiary question will be what proof Plaintiff can offer that the accused Cisco Cloud Solutions system actually performs the specific steps of the asserted method claims or contains the specific components of the asserted system claims.

V. Key Claim Terms for Construction

For the ’442 Patent

  • The Term: "statistical models of usage" (from claim 1)
  • Context and Importance: This term is the foundation of the claimed method. The definition will be critical for determining whether the analytical methods employed by the Cisco Cloud Solutions system constitute the "statistical models" envisioned by the patent. Practitioners may focus on this term because its breadth will be a primary driver of the infringement analysis.
  • Intrinsic Evidence for Interpretation:
    • Evidence for a Broader Interpretation: The claim language itself is broad, not limiting the "models" to any particular type. The specification describes the analysis of various data types, such as network traffic, which may support an interpretation covering any data-driven model of user or system behavior (’442 Patent, col. 7:11-20).
    • Evidence for a Narrower Interpretation: The specification discusses specific analytical techniques, such as the use of a "Bayesian network" and analysis of "Attack Patterns Consistent with Previously-Observed Patterns" (’442 Patent, col. 7:24-40). A defendant may argue that these specific examples limit the scope of "statistical models" to these or similar sophisticated methods, rather than any general data analysis.

For the ’614 Patent

  • The Term: "a plurality of distributed agents" (from claim 10)
  • Context and Importance: This term defines the fundamental architectural component of the claimed system. The infringement case depends on whether software components within Cisco's cloud infrastructure can be characterized as "distributed agents" performing the claimed functions.
  • Intrinsic Evidence for Interpretation:
    • Evidence for a Broader Interpretation: The family's specifications define an agent broadly as "an entity that can be loaded onto any node(s) of a network" and can be implemented in software, hardware, or through human interaction (’974 Patent, col. 6:24-29). This could support a reading that covers a wide variety of software modules in a distributed system.
    • Evidence for a Narrower Interpretation: The specification also describes agents with a specific list of responsibilities, including data collection, communication with other agents, maintaining protections, and repairing damage (’974 Patent, col. 6:32-65). This detailed description could support a narrower construction where a software component must perform these specific functions to qualify as an "agent."

VI. Other Allegations

  • Indirect Infringement: The complaint background makes a general reference to Defendant indirectly developing products, but the formal counts of infringement for all four patents exclusively allege direct infringement under 35 U.S.C. § 271(a) (Compl. ¶¶ 3, 20, 29, 38, 47).
  • Willful Infringement: The complaint alleges willful infringement for the ’442, ’614, and ’470 patents, asserting that Defendant has known of its infringement since "at least February 9, 2021" (Compl. ¶¶ 22, 31, 40). The complaint also alleges that Defendant made no attempt to design around the patents (Compl. ¶¶ 23, 32, 41, 48). Notably, the count for infringement of the ’974 patent does not include a parallel allegation of willful infringement or a specific date of knowledge.

VII. Analyst’s Conclusion: Key Questions for the Case

  1. Evidentiary Sufficiency: A primary issue will be whether the Plaintiff can produce sufficient technical evidence, which is absent from the complaint itself, to demonstrate that the specific functionalities of the complex Cisco Cloud Solutions system practice each element of the asserted patent claims. The case's viability depends on the details that will presumably be articulated in the infringement contentions referenced in the complaint.

  2. Claim Scope and Technological Evolution: The core of the dispute will likely involve claim construction, focusing on whether foundational terms from the early-2000s patents, such as "distributed agent" and "statistical models of usage," can be construed to read on the architecture and analytical methods of a modern cloud services platform. The outcome may depend on whether the court adopts a broad, functional definition or one tied more closely to the specific technologies and embodiments described in the patents.

  3. Basis for Willfulness: For three of the four patents, the allegation of pre-suit knowledge from a specific date sets the stage for a significant dispute over willful infringement. A key question will be what event or communication occurred on or before February 9, 2021, to establish this alleged knowledge, and whether the different pleading for the fourth patent reflects a different history of notice for that patent.