DCT

2:25-cv-01000

DatRec v. Bamboo HR

Log In
Key Events
Complaint
complaint

I. Executive Summary and Procedural Information

  • Parties & Counsel:
  • Case Identification: 2:25-cv-01000, D. Utah, 11/03/2025
  • Venue Allegations: Plaintiff alleges venue is proper in the District of Utah because Defendant has a regular and established place of business in the district and has committed acts of infringement there.
  • Core Dispute: Plaintiff alleges that Defendant’s human resources software platform infringes a patent related to systems for secure communication over a public network based on user identity verification.
  • Technical Context: The technology concerns methods for authenticating the identity of individuals in online communications by cross-referencing information provided by multiple users to establish a reliability score, thereby increasing trust and security.
  • Key Procedural History: The complaint notes that Plaintiff is a non-practicing entity and discusses at length its compliance with patent marking statutes (35 U.S.C. § 287) in the context of prior settlement licenses with other entities. This suggests an attempt to preemptively address potential defenses related to limitations on pre-suit damages.

Case Timeline

Date Event
2006-12-07 ’309 Patent - Earliest Priority Date
2013-02-19 ’309 Patent - Issue Date
2025-11-03 Complaint Filing Date

II. Technology and Patent(s)-in-Suit Analysis

U.S. Patent No. 8,381,309 - "Method and System for Secure Communication Over a Public Network"

Issued Feb. 19, 2013

The Invention Explained

  • Problem Addressed: The patent identifies the risk in modern internet communication of being "exposed to non-secure connections and to communications from unreliable or falsely-identified senders" (’309 Patent, col. 1:21-25).
  • The Patented Solution: The invention proposes a method to improve confidence in a user's identity by creating a database of verified information (’309 Patent, Abstract). The system permits multiple individuals to enter data about a particular person (e.g., family members entering details about each other) and then compares these data submissions. A "level of reliability" is determined based on the "degree of similarity between data on the individual entered by different individuals" (’309 Patent, col. 20:23-28). Based on this verification, the system can then define and enforce different "levels of permitted communications" between users, enhancing security (’309 Patent, col. 2:5-16). Figure 3A illustrates the logic for comparing data from a first and second user to ascribe high or low reliability.
  • Technical Importance: The approach aims to create a more robust identity verification system than self-attestation by using a collaborative, multi-source validation process to establish trust in online interactions (’309 Patent, col. 2:63-65).

Key Claims at a Glance

  • The complaint asserts infringement of claims 1-17 (Compl. ¶8). Independent claim 1 is central.
  • Essential Elements of Independent Claim 1:
    • Providing a database with verified data relating to an individual's identity, where the database is constructed by:
    • Permitting multiple individuals to enter "individual-associated data bits (IDB)" comprising personal and relationship data.
    • Generating an "individual-associated data set (IDS)" from the IDB.
    • Verifying the IDS for an individual by "determining the level of reliability based on a degree of similarity between data on the individual entered by different individuals."
    • Compiling the individual data sets to construct the database.
    • Defining "one or more levels of permitted communication between individuals in the database and the verified individual on the basis of the verification."
  • The complaint also asserts dependent claims 2-17, which add further limitations related to personalized receiving mechanisms and user interfaces (Compl. ¶8).

III. The Accused Instrumentality

Product Identification

The complaint identifies "Bamboo's server system" and related products and services that provide "secure communication over a public network" (Compl. ¶8, ¶10). In the context of contributory infringement, it also references "Workforce Now and related systems" (Compl. ¶11).

Functionality and Market Context

The complaint alleges Defendant "maintains, operates, and administers a system and methods for secure communication over a public network" (Compl. ¶8). The complaint does not describe the specific technical functionality of the accused systems beyond these general statements. It frames the accused instrumentality as a system used by Defendant's customers for secure communications, as instructed through Defendant's website and product manuals (Compl. ¶10, ¶11).

No probative visual evidence provided in complaint.

IV. Analysis of Infringement Allegations

The complaint states that support for its infringement allegations is found in a "preliminary exemplary table attached as Exhibit B" (Compl. ¶9). However, this exhibit was not filed with the complaint. The complaint's narrative allegations are general, asserting that Defendant's system for secure communication infringes one or more claims of the ’309 Patent (Compl. ¶8). Without the claim chart exhibit or more detailed factual allegations, a direct comparison of accused functionality to claim elements is not possible based on the provided document.

Identified Points of Contention

  • Evidentiary Question: A central question will be what evidence Plaintiff can produce to show that the accused BambooHR system performs the specific verification method required by the claims. Specifically, the case may turn on whether the accused system determines a "level of reliability" for a user's identity by comparing "data on the individual entered by different individuals," as claimed, or whether it uses more conventional, non-infringing authentication methods.
  • Scope Question: A likely point of dispute will be the scope of "secure communication over a public network." The infringement theory appears to depend on construing features within an enterprise human resources platform as satisfying the claim limitations directed toward a generalized identity verification and communication system.

V. Key Claim Terms for Construction

  • The Term: "verifying the IDS for the individual by determining the level of reliability based on a degree of similarity between data on the individual entered by different individuals" (Claim 1).

  • Context and Importance: This phrase recites the core technical mechanism of the invention. The outcome of the case may depend on whether this term is construed narrowly to require the specific multi-user, cross-verification process detailed in the patent, or more broadly to cover any system that uses multiple data points to authenticate a user.

  • Intrinsic Evidence for Interpretation:

    • Evidence for a Broader Interpretation: A party might argue that any authentication check that relies on multiple sources of data about an individual meets this limitation.
    • Evidence for a Narrower Interpretation: The specification provides detailed descriptions and flowcharts illustrating a specific process where data strings from a "first user" and a "second user" are compared to "ascribe high reliability" or "ascribe low reliability" based on the match (’309 Patent, Fig. 3A; col. 10:51-65). This suggests the term requires a direct comparison of data inputs from distinct human users.

  • The Term: "defining one or more levels of permitted communication" (Claim 1).

  • Context and Importance: This limitation describes the purpose and output of the verification process. Infringement requires showing that the accused system not only verifies identity but also uses that verification to define distinct communication permissions. Practitioners may focus on this term because standard access control systems might be argued to fall outside the scope of "defining...levels of permitted communication" as taught in the patent.

  • Intrinsic Evidence for Interpretation:

    • Evidence for a Broader Interpretation: A party could argue this language covers any system that grants or denies communication access based on an authentication result.
    • Evidence for a Narrower Interpretation: The specification describes a "graded personalized exposure mechanism" with distinct, user-defined levels, such as exposing a "general profile," "personal profile," or "financial/business profile" to different groups like family members or the public (’309 Patent, Fig. 4B; col. 15:1-21). This may support a construction requiring a system of tiered, granular communication permissions, not merely a binary grant/deny function.

VI. Other Allegations

  • Indirect Infringement: The complaint alleges induced infringement, stating that Defendant encourages infringement by instructing customers on how to use its server system for secure communication (Compl. ¶10). It also alleges contributory infringement, asserting that the accused products' "only reasonable use is an infringing use" and that they are not staple commercial products (Compl. ¶11).
  • Willful Infringement: The complaint alleges Defendant has known of the ’309 Patent "from at least the filing date of the lawsuit" (Compl. ¶10). The prayer for relief requests a finding of willfulness and treble damages if discovery reveals pre-suit knowledge (Compl. ¶(e)).

VII. Analyst’s Conclusion: Key Questions for the Case

  1. A core issue will be one of technical implementation: Does the accused BambooHR platform, an enterprise HR system, actually contain a mechanism that generates a "level of reliability" for an individual's identity by comparing data inputs from multiple different users, as required by the patent, or does it rely on conventional identity and access management technologies?
  2. A second key issue will be one of definitional scope: Can the claim phrase "defining one or more levels of permitted communication," which the patent illustrates with granular, social-media-style exposure settings, be construed to cover the role-based access controls typical of an enterprise software platform?
  3. An initial procedural question will be one of pleading sufficiency: Given the complaint's reliance on a non-proffered exhibit and its lack of specific factual allegations mapping accused product features to claim limitations, the case may face an early motion to dismiss for failure to state a plausible claim of infringement.