DCT

6:23-cv-00768

SecurityProfiling LLC v. VMware Inc

Log In
Key Events
Complaint

I. Executive Summary and Procedural Information

  • Parties & Counsel:
  • Case Identification: 6:23-cv-00768, W.D. Tex., 11/10/2023
  • Venue Allegations: Plaintiff alleges venue is proper in the Western District of Texas because Defendant VMware maintains regular and established places of business in the district and has allegedly committed acts of infringement there.
  • Core Dispute: Plaintiff alleges that Defendant’s Carbon Black Cloud security product infringes eight patents related to real-time vulnerability monitoring, analysis, and multi-path remediation.
  • Technical Context: The technology at issue is in the field of enterprise cybersecurity, focusing on systems that correlate incoming threats with the specific, real-time configurations of networked devices to more accurately assess and mitigate risks.
  • Key Procedural History: The complaint notes that a predecessor patent to all patents-in-suit (U.S. Patent No. 8,984,644) was the subject of an inter partes review (IPR2017-02192) where the Patent Trial and Appeal Board (PTAB) found certain claims unpatentable, a decision affirmed by the Federal Circuit. Plaintiff asserts that the patents-in-suit are materially different from the invalidated claims, primarily because they do not contain the "user option" limitation that was central to the PTAB’s decision. The complaint also alleges Defendant was on notice of the patents-in-suit as of March 2023.

Case Timeline

Date Event
2003-07-01 Earliest Patent Priority Date (provisional app. 60/484,085)
2015-08-04 U.S. Patent No. 9,100,431 Issued
2015-08-25 U.S. Patent No. 9,118,711 Issued
2018-09-11 U.S. Patent No. 10,075,466 Issued
2018-12-11 U.S. Patent No. 10,154,055 Issued
2019-04-08 PTAB Final Written Decision in IPR for predecessor '644 Patent
2020-01-28 U.S. Patent No. 10,547,631 Issued
2020-03-31 U.S. Patent No. 10,609,063 Issued
2020-12-22 U.S. Patent No. 10,873,595 Issued
2021-01-12 U.S. Patent No. 10,893,066 Issued
2023-03-XX Defendant allegedly put on notice of infringement
2023-11-10 Complaint Filed

II. Technology and Patent(s)-in-Suit Analysis

U.S. Patent No. 10,075,466 - "Real-Time Vulnerability Monitoring"

  • Patent Identification: U.S. Patent No. 10,075,466, "Real-Time Vulnerability Monitoring," issued September 11, 2018.

The Invention Explained

  • Problem Addressed: The patent’s background section describes the challenge of managing network security for complex computing systems where software vulnerabilities are often discovered long after release, and where remediation techniques like patches can themselves cause additional problems (U.S. Patent No. 10,075,466, col. 1:40-59).
  • The Patented Solution: The invention describes a system that protects networked devices by correlating threat data with the real-time status of a target device. The system is configured to report a potential attack (a "first occurrence") only if that occurrence is determined to be "capable of taking advantage of at least one of the actual vulnerability to which the at least one networked device is actually vulnerable" (’466 Patent, Abstract). This determination is based on combining vulnerability information with real-time configuration data collected from the target device itself (’466 Patent, col. 4:1-12).
  • Technical Importance: This approach seeks to improve the accuracy of security systems by reducing false positive alerts that may arise when a threat is directed at a device that is not actually susceptible to that specific threat (’466 Patent, col. 10:36-44).

Key Claims at a Glance

  • The complaint asserts at least claim 6, which depends on independent claim 1 (Compl. ¶75).
  • The essential elements of independent claim 1 include:
    • An apparatus comprising a platform, an intrusion prevention system, a firewall, and first and second data storages.
    • The platform is configured to receive a result of an operation based on first information from the first data storage that identifies potential vulnerabilities.
    • The operation identifies a configuration of a networked device and determines that the device is "actually vulnerable to at least one actual vulnerability" based on that configuration.
    • Second information relating to the actual vulnerability is stored in the second data storage.
    • The platform causes identification of a "first occurrence" (e.g., an attack packet) and a "second occurrence."
    • The platform determines that the first occurrence is capable of taking advantage of the actual vulnerability, while the second is not.
    • The platform causes a reporting of the first occurrence based on this determination.
  • The complaint reserves the right to assert other claims, including dependent claims (Compl. ¶75).

U.S. Patent No. 10,154,055 - "Real-Time Vulnerability Monitoring"

  • Patent Identification: U.S. Patent No. 10,154,055, "Real-Time Vulnerability Monitoring," issued December 11, 2018.

The Invention Explained

  • Problem Addressed: The patent addresses the complexity of managing and patching software vulnerabilities in networked computing environments, a problem compounded by the fact that remediation itself can inadvertently create new issues (U.S. Patent No. 10,154,055, col. 1:40-59).
  • The Patented Solution: The invention describes an apparatus that determines if a networked device is "actually vulnerable" by analyzing its specific configuration against a database of potential vulnerabilities. Based on this determination, the system then displays multiple mitigation techniques (e.g., one utilizing an intrusion prevention system, another utilizing a firewall) and allows a user to select which technique to apply (’055 Patent, Abstract). The system then automatically applies the selected technique (’055 Patent, col. 2:21-40).
  • Technical Importance: This "multi-path remediation" approach provides administrators with flexible, context-aware response options rather than a single, predetermined action, allowing for more tailored security management (Compl. ¶6).

Key Claims at a Glance

  • The complaint asserts at least claim 7, which depends on independent claim 1 (Compl. ¶55).
  • The essential elements of independent claim 1 include:
    • An apparatus comprising a platform, an intrusion prevention system, a firewall, and first and second data storages.
    • The platform determines a networked device is "actually vulnerable" based on its configuration and information from the first data storage.
    • The platform causes the display of a plurality of techniques for "occurrence mitigation," including a first technique using the IPS and a second using the firewall.
    • The platform allows receipt of user input selecting either the first or second technique.
    • Based on the user input, the platform automatically applies the selected technique for occurrence mitigation.
  • The complaint reserves the right to assert other claims (Compl. ¶55).

Multi-Patent Capsule: U.S. Patent No. 10,893,066

  • Patent Identification: U.S. Patent No. 10,893,066, "Computer Program Product And Apparatus For Multi-Path Remediation," issued January 12, 2021 (Compl. ¶9).
  • Technology Synopsis: The complaint alleges the invention relates to enterprise security systems that identify client vulnerabilities and mitigate or remediate them using best-possible options, providing for "multi-path remediation" (Compl. ¶6). The technology aims to proactively and remotely manage security policy compliance and enforcement (Compl. ¶6).
  • Asserted Claims: At least claim 2 (Compl. ¶22).
  • Accused Features: The VMware Carbon Black Cloud product (Compl. ¶22).

Multi-Patent Capsule: U.S. Patent No. 10,873,595

  • Patent Identification: U.S. Patent No. 10,873,595, "Real-Time Vulnerability Monitoring," issued December 22, 2020 (Compl. ¶27).
  • Technology Synopsis: The complaint alleges the invention relates to enterprise security systems that identify client vulnerabilities and exposures and provide for "multi-path remediation" options such as patches, policy changes, or disabling a service (Compl. ¶6).
  • Asserted Claims: At least claim 1 (Compl. ¶33).
  • Accused Features: Methods practiced when operating the VMware Carbon Black Cloud product (Compl. ¶33).

Multi-Patent Capsule: U.S. Patent No. 10,609,063

  • Patent Identification: U.S. Patent No. 10,609,063, "Computer Program Product And Apparatus For Multi-Path Remediation," issued March 31, 2020 (Compl. ¶39).
  • Technology Synopsis: The complaint alleges the invention relates to enterprise security systems that identify client vulnerabilities and mitigate or remediate them using best-possible options, providing for "multi-path remediation" (Compl. ¶6). The technology aims to proactively and remotely manage security policy compliance and enforcement (Compl. ¶6).
  • Asserted Claims: At least claim 10 (Compl. ¶45).
  • Accused Features: The VMware Carbon Black Cloud product (Compl. ¶45).

Multi-Patent Capsule: U.S. Patent No. 10,547,631

  • Patent Identification: U.S. Patent No. 10,547,631, "Real-Time Vulnerability Monitoring," issued January 28, 2020 (Compl. ¶60).
  • Technology Synopsis: The complaint alleges the invention relates to enterprise security systems that identify client vulnerabilities and exposures and provide for "multi-path remediation" options such as patches, policy changes, or disabling a service (Compl. ¶6).
  • Asserted Claims: At least claim 6 (Compl. ¶65).
  • Accused Features: The VMware Carbon Black Cloud product (Compl. ¶65).

Multi-Patent Capsule: U.S. Patent No. 9,118,711

  • Patent Identification: U.S. Patent No. 9,118,711, "Anti-Vulnerability System, Method, and Computer Program Product," issued August 25, 2015 (Compl. ¶80).
  • Technology Synopsis: The complaint alleges the invention relates to enterprise security systems that identify client vulnerabilities and mitigate or remediate them using best-possible options, providing for "multi-path remediation" (Compl. ¶6). The technology aims to proactively and remotely manage security policy compliance and enforcement (Compl. ¶6).
  • Asserted Claims: At least claim 1 (Compl. ¶85).
  • Accused Features: The VMware Carbon Black Cloud product (Compl. ¶85).

Multi-Patent Capsule: U.S. Patent No. 9,100,431

  • Patent Identification: U.S. Patent No. 9,100,431, "Computer Program Product And Apparatus For Multi-Path Remediation," issued August 4, 2015 (Compl. ¶90).
  • Technology Synopsis: The complaint alleges the invention relates to enterprise security systems that identify client vulnerabilities and mitigate or remediate them using best-possible options, providing for "multi-path remediation" (Compl. ¶6). The technology aims to proactively and remotely manage security policy compliance and enforcement (Compl. ¶6).
  • Asserted Claims: At least claim 19 (Compl. ¶95).
  • Accused Features: The VMware Carbon Black Cloud product (Compl. ¶95).

III. The Accused Instrumentality

  • Product Identification: The accused instrumentality is Defendant’s Carbon Black Cloud product (Compl. ¶22).
  • Functionality and Market Context: The complaint does not provide a technical description of how the Carbon Black Cloud product operates. It alleges that by making, using, selling, and marketing the product, VMware practices the claimed inventions (Compl. ¶22, 33, 45, 55, 65, 75, 85, 95). The infringement allegations are supported by reference to claim chart exhibits which were not included with the complaint (Compl. ¶23, 34, 46, 56, 66, 76, 86, 96). No probative visual evidence provided in complaint.

IV. Analysis of Infringement Allegations

The complaint references claim chart exhibits for each asserted patent but does not include them in the filing. Therefore, the narrative infringement theories are summarized below.

  • '466 Patent Infringement Allegations: The complaint alleges that VMware’s Carbon Black Cloud systems directly infringe at least claim 6 of the ’466 Patent (Compl. ¶75). It states that a comparison of claim 6 to the accused systems is attached as Exhibit 14, which is incorporated by reference but was not provided (Compl. ¶76). Without the exhibit, the specific factual basis for how Carbon Black Cloud is alleged to meet each claim element is not detailed in the complaint.
  • '055 Patent Infringement Allegations: The complaint alleges that VMware’s Carbon Black Cloud systems directly infringe at least claim 7 of the ’055 Patent (Compl. ¶55). A comparison chart for this allegation is identified as Exhibit 12, which was incorporated by reference but not provided with the complaint (Compl. ¶56). The specific mapping of accused functionality to the claim limitations is therefore not available for analysis.
  • Identified Points of Contention: Based on the claim language and the general nature of the dispute, the infringement analysis may raise several technical and legal questions.
    • Evidentiary Questions: The core of the patented inventions appears to be the real-time correlation of a specific threat with the specific configuration of a target device to determine an "actual vulnerability." A central question for the court will be what evidence Plaintiff can produce to demonstrate that the Carbon Black Cloud product performs this precise, multi-step correlation as required by the claims, rather than a more general form of threat detection.
    • Scope Questions: For the ’055 Patent, claim 1 requires providing a user with selectable "occurrence mitigation" techniques, including one utilizing an "intrusion prevention system" and another utilizing a "firewall." This raises the question of whether the Carbon Black Cloud product offers distinct and selectable mitigation paths that correspond to these specific technical categories as understood in the patent.

V. Key Claim Terms for Construction

  • The Term: "actually vulnerable" (appears in independent claim 1 of both the ’466 and ’055 Patents)

  • Context and Importance: This term is central to the asserted claims, distinguishing the invention from conventional systems that may flag potential threats without confirming the target's susceptibility. The construction of this term will define the evidentiary burden for infringement; a narrow construction could require proof of a specific, rigorous verification process within the accused product, while a broader one might be satisfied by more general correlation logic.

  • Intrinsic Evidence for Interpretation:

    • Evidence for a Broader Interpretation: The specification discusses the general problem of "security vulnerabilities in a product" that are discovered after release, suggesting the term could encompass any known vulnerability present on a device (’466 Patent, col. 1:44-46).
    • Evidence for a Narrower Interpretation: The specification describes a process of executing a "client-side program that continuously monitors the software installation and configuration status for that device" and communicating that information in "substantially real time" to a security server (’466 Patent, col. 4:35-41). This language may support a narrower construction requiring a specific, active, and continuous monitoring and reporting process to determine a vulnerability is "actual."

  • The Term: "occurrence mitigation" (appears in independent claim 1 of the ’055 Patent)

  • Context and Importance: Claim 1 of the ’055 Patent requires displaying and allowing user selection of "a plurality of techniques" for "occurrence mitigation," including distinct techniques utilizing an IPS and a firewall. The scope of this term is critical because it defines the nature and variety of the responsive actions the accused product must be shown to perform to infringe.

  • Intrinsic Evidence for Interpretation:

    • Evidence for a Broader Interpretation: The term itself is broad, and the specification discusses remediation in general terms, such as applying "patches, policy settings, and configuration options" (’055 Patent, col. 6:60-62). This could support a reading where any security action qualifies as mitigation.
    • Evidence for a Narrower Interpretation: The claim explicitly recites "a first technique for utilizing the intrusion prevention system for occurrence mitigation, a second technique for utilizing the firewall for occurrence mitigation" (’055 Patent, Abstract). This explicit distinction suggests that "occurrence mitigation" may be construed to require technically distinct and selectable pathways that map to recognized categories like IPS and firewall, not just different options within a single category.

VI. Other Allegations

  • Indirect Infringement: The complaint alleges induced infringement under 35 U.S.C. § 271(b) with respect to the U.S. Patent No. 10,873,595 (Compl. ¶35). The alleged inducement is based on "instructions that VMware has provided and continues to provide to its customers" on how to use the Carbon Black Cloud systems in a manner that allegedly practices the claimed methods (Compl. ¶35).
  • Willful Infringement: The complaint does not contain an explicit count for willful infringement. However, for every asserted patent, it alleges that VMware "was and/or is on notice of the [...] patent and its infringement thereof at least as early as March of 2023," which predates the filing of the complaint (Compl. ¶¶24, 36, 47, 57, 67, 77, 87, 97). These allegations of pre-suit knowledge could be used to support a future claim for willful infringement.

VII. Analyst’s Conclusion: Key Questions for the Case

  • A central issue will be one of claim differentiation and estoppel: Given that a predecessor patent was invalidated in an IPR proceeding based on a "user option" limitation, a threshold question will be whether the asserted claims of the current patents—which Plaintiff argues are "materially different" for lacking that specific limitation—are sufficiently distinct to overcome the prior art and arguments that were successful before the PTAB.
  • A key evidentiary question will be one of technical implementation: The asserted claims recite a specific sequence of operations: identifying a threat, correlating it against the real-time configuration of a target device to confirm an "actual vulnerability," and then applying or presenting specific mitigation options. The case may turn on what evidence is produced to show that the accused Carbon Black Cloud product performs this exact claimed logic, as opposed to a more generalized form of endpoint threat detection and response.