DCT

6:22-cv-01306

CTD Networks LLC v. Verizon Communications Inc

Log In

I. Executive Summary and Procedural Information

  • Parties & Counsel:
  • Case Identification: [CTD Networks LLC](https://ai-lab.exparte.com/party/ctd-networks-llc) v. [Verizon Communications, Inc.](https://ai-lab.exparte.com/party/verizon-communications-inc), 6:22-cv-01306, W.D. Tex., 12/28/2022
  • Venue Allegations: Plaintiff alleges venue is proper in the Western District of Texas because Defendant maintains regular and established places of business within the District, including a specific street address in Austin, Texas.
  • Core Dispute: Plaintiff alleges that Defendant’s device-to-cloud security services infringe four U.S. patents related to distributed, agent-based network security monitoring and response systems.
  • Technical Context: The patents address methods for providing network-wide cybersecurity by using distributed software agents to collectively monitor, analyze, and respond to threats, a key architecture in modern enterprise and cloud security.
  • Key Procedural History: The complaint does not mention any prior litigation, Inter Partes Review (IPR) proceedings, or licensing history related to the patents-in-suit.

Case Timeline

Date Event
2002-10-23 Priority Date for ’614 Patent
2002-12-24 Priority Date for ’442, ’470, and ’974 Patents
2012-12-04 ’442 Patent Issued
2016-09-06 ’614 Patent Issued
2016-11-22 ’470 Patent Issued
2021-02-02 Alleged date of Defendant's knowledge of infringement for '442, '614, and '470 patents
2021-11-09 ’974 Patent Issued
2022-12-28 Complaint Filed

II. Technology and Patent(s)-in-Suit Analysis

U.S. Patent No. 8,327,442 - "System and method for a distributed application and network security system (SDI-SCAM)"

  • Issued: December 4, 2012

The Invention Explained

  • Problem Addressed: The patent describes a technical environment where computer network security systems are primarily focused on individual machines, which makes it difficult and slow to detect and counteract coordinated, network-level attacks like viruses that spread across multiple systems (’442 Patent, col. 1:31-43).
  • The Patented Solution: The invention proposes a distributed security architecture where software "agents" reside on individual computers within a network. These agents pool and analyze information gathered from across the network to detect patterns consistent with an attack, and then distribute warnings and countermeasures to every machine in real-time, creating a collective, responsive defense (’442 Patent, col. 1:46-67; Abstract). The FIGURE illustrates this architecture, showing agents on different clients communicating with a central server and each other.
  • Technical Importance: This approach represented a shift from siloed, host-based security to a more holistic, network-aware model capable of identifying and responding to threats that manifest across an entire enterprise rather than on a single machine (’442 Patent, col. 2:1-4).

Key Claims at a Glance

  • The complaint asserts at least independent claim 1 (Compl. ¶20).
  • The essential elements of independent claim 1 include:
    • A distributed security system protecting individual computers in a network.
    • Agents associated with the computers that control them.
    • The agents performing steps of: creating statistical models of usage; gathering and analyzing information on current usage; determining a pattern of usage consistent with an intrusion or attack; determining a probability of the likelihood of an intrusion or attack; and distributing warnings and countermeasures.
  • The complaint reserves the right to assert additional claims (Compl. ¶20).

U.S. Patent No. 9,438,614 - "Sdi-scam"

  • Issued: September 6, 2016

The Invention Explained

  • Problem Addressed: Related patents in the family describe the asymmetric nature of cyber warfare, where attackers have a significant advantage, creating a need for security systems that are adaptive, autonomous, and automatic because human response times are too slow (’470 Patent, col. 1:50-col. 2:7).
  • The Patented Solution: The invention describes a distributed multi-agent system that performs real-time collection, monitoring, aggregation, and modeling of system and network operations. This allows the system to rapidly identify abnormal or suspicious conditions and characterize them as potential threats, enabling automated or semi-automated responses (’614 Patent, Abstract).
  • Technical Importance: The technology aims to create a dynamic, continuously updated model of network health, moving beyond static signatures to a behavioral analysis model that can more rapidly implement countermeasures against emerging threats (’614 Patent, Abstract).

Key Claims at a Glance

  • The complaint asserts at least independent claim 10 (Compl. ¶29).
  • The essential elements of independent claim 10 include:
    • A network threat and response system with a plurality of distributed agents.
    • The agents collect, monitor, aggregate, and pattern analyze data from various locations.
    • The agents identify similar patterns of suspicious activities indicative of a threat to different portions of the network.
    • The agents determine from the pattern analysis whether a "probability threshold of suspicious activity" has been exceeded.
    • If the threshold is exceeded, the system alerts other agents, a central server, or a human operator.
  • The complaint reserves the right to assert additional claims (Compl. ¶29).

U.S. Patent No. 9,503,470 - "Distributed agent based model for security and response"

  • Issued: November 22, 2016
  • Technology Synopsis: The patent describes a distributed, agent-based model for security that uses Bayesian analysis to estimate the probabilities that certain patterns of activity are hostile (’470 Patent, col. 2:36-41). The system pools information from sensors and agents across a network to identify anomalies and can recommend or implement responses to detected threats (’470 Patent, Abstract).
  • Asserted Claims: At least independent claim 1 (Compl. ¶38).
  • Accused Features: The complaint accuses Verizon's "device-to-cloud security services" of infringing the ’470 Patent (Compl. ¶¶ 18, 38).

U.S. Patent No. 11,171,974 - "Distributed agent based model for security monitoring and response"

  • Issued: November 9, 2021
  • Technology Synopsis: The patent discloses an architecture for a distributed security system (SDI-SCAM) that protects individual computers by pooling and analyzing information from across a network to detect attack patterns (’974 Patent, Abstract). The system distributes warnings and potential countermeasures, which may include a probability distribution of the likelihood of an attack, to help recommend the most appropriate response (’974 Patent, Abstract).
  • Asserted Claims: At least independent claim 1 (Compl. ¶47).
  • Accused Features: The complaint accuses Verizon's "device-to-cloud security services" of infringing the ’974 Patent (Compl. ¶¶ 18, 47).

III. The Accused Instrumentality

Product Identification

  • The accused instrumentalities are Defendant's "device-to-cloud security services across multicloud and on-premises environments, known as Verizon Security and Protection" (Compl. ¶18).

Functionality and Market Context

  • The complaint identifies the accused services as providing security for customers' cloud and on-premises computing environments (Compl. ¶18). It provides a URL for marketing information but does not include further technical details regarding the specific architecture, algorithms, or operation of the accused services (Compl. ¶18). The complaint alleges the accused products are available to businesses and individuals throughout the United States (Compl. ¶25).
  • No probative visual evidence provided in complaint.

IV. Analysis of Infringement Allegations

The complaint references external claim chart exhibits (Exhibits E, F, G, H) that purport to describe how the accused products infringe the patents-in-suit (Compl. ¶¶ 27, 36, 45, 52). As these exhibits were not attached to the publicly filed complaint, a detailed element-by-element analysis is not possible. The narrative infringement theories are summarized below.

’442 Patent Infringement Allegations

  • The complaint alleges that Verizon's Security and Protection products directly infringe at least claim 1 of the ’442 Patent by making, using, or selling the accused services in the United States (Compl. ¶20). The core of this allegation is that the accused services practice the claimed method of using distributed agents to create statistical models of network usage, analyze those models to determine a probability of an attack, and issue warnings or countermeasures. The complaint references "Exhibit E" for a detailed infringement analysis, which is not provided (Compl. ¶27).

’614 Patent Infringement Allegations

  • The complaint alleges that the same Verizon Security and Protection products directly infringe at least claim 10 of the ’614 Patent (Compl. ¶29). This infringement theory centers on the allegation that the accused services use distributed agents to perform pattern analysis on collected network data to identify suspicious activities and determine when a "probability threshold" for a threat has been exceeded, thereby triggering an alert. The complaint references "Exhibit F" for the specific details of this infringement, which is not provided (Compl. ¶36).

Identified Points of Contention

  • Factual Questions: A central dispute will be factual: what is the specific technical operation of the Verizon Security and Protection services? The case will depend on evidence demonstrating whether the accused services actually perform the specific analytical steps required by the claims, such as creating "statistical models of usage" (’442 Patent) or determining if a "probability threshold" is breached (’614 Patent).
  • Scope Questions: The case may raise questions about the scope of the claims. For example, a point of contention could be whether the general-purpose monitoring and threat scoring in a modern cloud security product performs the same function as the specific "pattern of usage...consistent with an intrusion" analysis required by claim 1 of the ’442 Patent.

V. Key Claim Terms for Construction

For the ’442 Patent (Claim 1)

  • The Term: "statistical models of usage"
  • Context and Importance: This term is a foundational element of the claimed invention. Practitioners may focus on this term because its construction will determine the type and complexity of data analysis required to infringe. The dispute will likely center on whether any form of data aggregation and analysis meets this limitation or if a more rigorous, specific type of statistical modeling is required.
  • Intrinsic Evidence for Interpretation:
    • Evidence for a Broader Interpretation: The specification discusses the concept generally, for instance by referencing a "Belief network" as one possible implementation, which could suggest that the term is not limited to a single, specific statistical technique (’442 Patent, col. 5:40-45).
    • Evidence for a Narrower Interpretation: The patent does not provide a specific definition for the term. A party could argue that, in the context of the patent, "statistical models" implies a higher standard than simple data logging or tracking, requiring the application of specific mathematical modeling techniques known at the time of the invention.

For the ’614 Patent (Claim 10)

  • The Term: "probability threshold of suspicious activity"
  • Context and Importance: This term defines the trigger for the system's alert function. Its meaning is critical to determining infringement, as it defines the condition under which the system must act. The debate may focus on whether this requires a discrete, predetermined value or if it can encompass a more dynamic or qualitative risk assessment.
  • Intrinsic Evidence for Interpretation:
    • Evidence for a Broader Interpretation: The patent family uses flexible language, such as discussing "probabilistic estimate determination" and a "probabilistic comprehensive assessment," which may support an interpretation that does not require a fixed, numerical threshold (’470 Patent, col. 9:48-49; ’974 Patent, col. 27:21-23).
    • Evidence for a Narrower Interpretation: The plain meaning of "threshold" suggests a specific cutoff point. A party could argue that a system generating a general risk score without a defined trigger point for alerts does not meet this limitation, requiring evidence of a specific boundary being breached.

VI. Other Allegations

Indirect Infringement

  • The complaint includes a general allegation that Defendant "indirectly" infringes (Compl. ¶3). However, the formal counts for infringement (Counts I-IV) are pleaded exclusively as direct infringement under 35 U.S.C. §271(a) (Compl. ¶¶ 20, 29, 38, 47). The complaint does not plead specific facts to support the elements of either induced or contributory infringement.

Willful Infringement

  • The complaint alleges that Defendant's infringement was willful for all four patents-in-suit. For the ’442, ’614, and ’470 patents, this allegation is based on alleged pre-suit knowledge of the patents and infringement since "at least February 2, 2021" (Compl. ¶¶ 22, 31, 40). For the ’974 patent, the complaint makes a conclusory allegation of willful infringement but does not plead a specific date or factual basis for Defendant's alleged knowledge (Compl. ¶48).

VII. Analyst’s Conclusion: Key Questions for the Case

  1. Evidentiary Sufficiency on Technical Operation: A central issue will be whether discovery produces evidence that the accused Verizon Security and Protection platform, a complex commercial product, actually performs the specific, multi-step analytical functions recited in the claims. The outcome will depend on mapping the abstract claim language (e.g., "creating statistical models," determining a "probability of the likelihood of an intrusion") to the concrete, operational reality of the accused software.
  2. Claim Construction and Technical Scope: The case will likely turn on the construction of foundational claim terms like "statistical models of usage" and "probability threshold." A key question for the court will be one of definitional scope: are these terms, as described in patents with a 2002 priority date, broad enough to read on the functionality of a modern, sophisticated cloud security service, or does the specific implementation of Verizon's technology fall outside the proper scope of the claims?
  3. Basis for Willfulness: For the ’974 patent, a key question will be whether the Plaintiff can substantiate its willfulness allegation. The complaint alleges willfulness without pleading any facts supporting Defendant's pre-suit knowledge of this specific patent, which issued only a year before the suit was filed, a notable departure from the allegations for the other three patents.