DCT

7:25-cv-00285

PacSec3 LLC v. Bitdefender Inc

Log In
Key Events
Complaint
complaint

I. Executive Summary and Procedural Information

  • Parties & Counsel:
  • Case Identification: 7:25-cv-00285, W.D. Tex., 06/20/2025
  • Venue Allegations: Plaintiff alleges venue is proper because Defendant maintains a regular and established place of business in San Antonio, Texas, within the district, and conducts continuous business activities and sales in the district.
  • Core Dispute: Plaintiff alleges that Defendant’s firewall systems infringe a patent related to a method for defending computer networks against packet flooding attacks.
  • Technical Context: The technology addresses denial-of-service (DoS) attacks, a common form of cyberattack where a target's network bandwidth is consumed by malicious traffic, rendering it unavailable to legitimate users.
  • Key Procedural History: The complaint notes that Plaintiff is a non-practicing entity and has entered into prior settlement licenses, which it argues do not create a patent marking obligation under 35 U.S.C. §287. The patent-in-suit, U.S. Patent No. 7,523,497, underwent an ex parte reexamination, which concluded with the issuance of a Reexamination Certificate confirming the patentability of the asserted claims.

Case Timeline

Date Event
2000-11-16 '497 Patent Priority Date
2009-04-21 '497 Patent Issue Date
2021-05-03 '497 Patent Reexamination Request Filed
2023-05-22 '497 Patent Reexamination Certificate Issued
2025-06-20 Complaint Filing Date

II. Technology and Patent(s)-in-Suit Analysis

U.S. Patent No. 7,523,497 - “PACKET FLOODING DEFENSE SYSTEM”

  • Patent Identification: U.S. Patent No. 7,523,497, “PACKET FLOODING DEFENSE SYSTEM,” issued April 21, 2009.

The Invention Explained

  • Problem Addressed: The patent describes the problem of "packet flooding attacks," where an attacker overwhelms a victim's network connection with useless data, and notes that attackers can "falsify the source address" to obscure the attack's origin, confounding traditional defenses (’497 Patent, col. 2:3-14).
  • The Patented Solution: The invention proposes a distributed defense system where "cooperating sites and routers" work together (’497 Patent, col. 2:30-31). Instead of relying on a packet's (potentially false) source address, the system determines the packet's actual forwarding "path" through the network using "packet marks" applied by upstream routers (’497 Patent, col. 9:1-4). This allows the victim system to identify the true ingress points of malicious traffic and request that cooperating routers throttle traffic from those specific points, mitigating the attack closer to its source (’497 Patent, col. 3:5-14).
  • Technical Importance: This "attacker-independent" path-tracing method was designed to be more resilient to source address spoofing than prior art systems that relied on source/destination address filtering for attack mitigation (’497 Patent, col. 2:1-6; col. 3:51-56).

Key Claims at a Glance

  • The complaint asserts independent method claims 7 and 10 (Compl. ¶21).
  • Independent Claim 7 includes the following essential elements:
    • Determining a path by which data packets arrive at a host computer via packet marks provided by routers leading to the host computer, where the path comprises all routers in the network via which the packets are routed.
    • Classifying the data packets received at the host computer into "wanted" and "unwanted" packets by path.
    • Associating a maximum acceptable "processing rate" with each class of data packet.
    • Allocating a "processing rate" less than or equal to the maximum for unwanted packets.
  • Independent Claim 10 includes the following essential elements:
    • Determining a path by which data packets arrive at a router via packet marks provided by routers leading to the host computer, where the path comprises all routers in the network via which the packets are routed.
    • Classifying data packets received at the router by path.
    • Associating a maximum acceptable "transmission rate" with each class of data packet.
    • Allocating a "transmission rate" equal to or less than the maximum for unwanted data packets.
  • The complaint does not explicitly reserve the right to assert other claims, though this is common practice in litigation.

III. The Accused Instrumentality

Product Identification

  • The complaint identifies the accused instrumentalities as "one or more firewall systems" that are manufactured, sold, and offered for sale by Defendant Bitdefender (Compl. ¶15).

Functionality and Market Context

  • The complaint alleges these firewall systems infringe by "perform[ing] infringing methods or processes" related to defending against packet flood attacks (Compl. ¶3, ¶14). However, the complaint does not provide any specific details about the technical operation of the accused firewalls. It states that support for the infringement allegations is contained in an attached "Exhibit B," which was not filed with the public complaint (Compl. ¶16).

IV. Analysis of Infringement Allegations

The complaint references a claim chart in Exhibit B to support its infringement allegations but does not include the exhibit in the public filing (Compl. ¶16, ¶21). The complaint’s narrative theory is that Defendant’s firewall systems practice the methods of claims 7 and 10 (Compl. ¶15). Without the claim chart, a detailed element-by-element analysis based on the complaint is not possible. The core of the infringement allegation appears to be that the accused firewalls implement a packet-flooding defense mechanism that meets the limitations of the asserted claims.

No probative visual evidence provided in complaint.

  • Identified Points of Contention:
    • Evidentiary Question: The complaint's lack of specific factual allegations raises the primary question of what evidence Plaintiff will be able to produce to show that the accused Bitdefender firewalls perform the specific steps of the asserted claims. The case will depend heavily on information obtained in discovery.
    • Technical Question: A key technical dispute may center on whether the accused firewalls use "packet marks provided by routers" to determine a forwarding "path," as strictly required by the claims. The infringement analysis will turn on whether the accused systems employ this specific, cooperative, path-tracing mechanism or an alternative, non-infringing technology for attack mitigation (e.g., source IP reputation, behavioral analysis, or signature matching).
    • Scope Questions: Claims 7 and 10 recite actions occurring at a "host computer" and a "router," respectively. The complaint accuses a "firewall system" (Compl. ¶15). This raises the question of how a single accused instrumentality is alleged to meet the distinct limitations of both claims, which describe different network components performing different functions (e.g., "processing rate" allocation at a host vs. "transmission rate" allocation at a router).

V. Key Claim Terms for Construction

  • The Term: "packet marks provided by routers"

  • Context and Importance: This term is the central mechanism of the claimed invention for tracing a packet's origin in a way that is independent of a potentially falsified source address. The infringement case hinges on whether the accused systems use this specific technique. Practitioners may focus on this term because it appears to require a cooperative action from upstream network devices.

  • Intrinsic Evidence for Interpretation:

    • Evidence for a Broader Interpretation: The patent does not define a rigid structure for the "marks." A party could argue the term covers any information added by an upstream router that allows for the determination of the packet's path, as described in the specification's goal to "determine the actual direction of the packet flow" (’497 Patent, col. 3:51-54).
    • Evidence for a Narrower Interpretation: The specification describes a "cooperating neighborhood" of "transitively connected cooperating machines," which may suggest that a "packet mark" is not just any incidental data but a specific piece of information added as part of an intentional, cooperative defense protocol (’497 Patent, col. 2:30-34).

  • The Term: "path comprising all routers in said network via which said packets are routed"

  • Context and Importance: This limitation appears in both asserted independent claims and defines the required scope of the path-tracing element. Its construction will be critical, as it sets a potentially high bar for infringement.

  • Intrinsic Evidence for Interpretation:

    • Evidence for a Broader Interpretation: A plaintiff might argue that "path" does not require a literal, exhaustive list of every router hop. The purpose is to associate packets with "‘places’ in the cooperating neighborhood from which those packets are forwarded," suggesting that identifying a key ingress router may satisfy the claim's objective (’497 Patent, col. 2:37-40).
    • Evidence for a Narrower Interpretation: A defendant will likely argue for a plain reading of "all routers in said network," contending that any path-tracing mechanism that provides less than a complete, hop-by-hop list of every router the packet traversed fails to meet this limitation as a matter of law.

VI. Other Allegations

  • Indirect Infringement: The complaint's prayer for relief seeks judgment for inducement of infringement, alleging Defendant instructs others to use its products (Compl. p. 7, ¶a). However, the body of the complaint does not allege specific supporting facts, such as references to user manuals, marketing materials, or technical support documents that allegedly instruct users on infringing activities.
  • Willful Infringement: The complaint makes a conditional allegation of willfulness, stating that infringement should be declared willful "provided discovery reveals that Defendant knew" of the patent pre-suit and knew its conduct constituted infringement (Compl. p. 7, ¶e). This is a placeholder allegation that does not assert pre-suit knowledge but reserves the right to pursue a willfulness claim if such evidence is discovered.

VII. Analyst’s Conclusion: Key Questions for the Case

  • A central issue will be one of evidentiary sufficiency: can the Plaintiff, whose complaint is devoid of specific technical facts, produce discovery evidence to demonstrate that the accused firewall systems practice the precise, multi-step method of claims 7 and 10, particularly the specific mechanism of using "packet marks" from cooperating routers?
  • The case will also turn on a question of technical implementation and scope: does the attack mitigation technology in Bitdefender’s firewalls rely on the claimed "path"-based, "packet mark"-dependent system, or does it operate on a fundamentally different, non-infringing principle? The construction of the term "path comprising all routers" will be a critical battleground in defining the scope of the claims.
  • A final key factor will be the impact of the patent's reexamination: the confirmation of the asserted claims by the USPTO may strengthen the patent's presumption of validity and could be used by the Plaintiff to frame the technical and legal arguments around claim construction and infringement.