Subscribe to our Newsletter

$1.9 Billion Patent Judgment

In Centripetal Networks, Inc.  v. Cisco Systems, Inc., No. 2:18cv94 (District Ct., October 5, 2020), the US District Court for the Eastern District of Virginia awarded to a cybersecurity startup, Centripetal Networks, one of the largest patent damages in history, $1.9 billion, for willful and literal infringement of its patents by Cisco.

On February 13, 2018, Centripetal Networks  sued Cisco Systems for infringement of a number of US Patents that Centripetal owned. Cisco filed requests for Inter Partes Review of 9 of the 11 patents asserted, of which 6 and select claims of another were found invalid by the Patent Trial and Appeal Board. Infringement of the 5 remaining asserted patents was tried at the bench. The trial concerned the infringement and validity of the following patents:

  • U.S. Patent No. 9,917,856 (the ‘856 Patent), Claims 24 and 35, which teach a security system for detecting malicious data hidden by encryption
  • U.S. Patent No. 9,500,176 (the ‘176 Patent), Claims 11 and 21, which teach a system for detecting malware-infected computers through the use of correlation
  • U.S. Patent No. 9,686,193 (the ‘193 Patent), Claims 18 and 19, which teach a method of preventing the exfiltration of confidential data through packet filtering
  • U.S. Patent No. 9,203,806 (the ‘806 Patent), Claims 9 and 17, which teach a process for a network device to perform a live swap of rules without sacrificing security or dropping any packets
  • U.S. Patent No.9,137, 205 (the ‘205 Patent), Claims 63 and 77, which teach a system that enforces threat intelligence policies on network traffic through encapsulation and forwarding of data

Infringement
To prove a device infringing of a patent, the patent owner must show “a preponderance of the evidence,” per Uniloc USA, Inc. v. Microsoft Corp., Nos. 10-1035, 10-1055 (Fed. Cir., January 4, 2011), that every claim element or its equivalent exists in the accused device, and that “infringement was more likely than not to have occurred,” Advanced Cardiovascular Systems, Inc. v. Scimed Life Systems, Inc., No. 00-1454 (Fed. Cir., August 6, 2001). As established in Cybor Corp. v. FAS Technologies., Inc., 138 F.3d 1448 (Fed. Cir., 1998), there is a two step process where the Court must construct the scope and meaning of the claims before making comparisons to the accused device. For the claim construction step, a Markman claim construction order may be used, where “district courts may engage in a rolling claim construction, in which the court revisits and alters its interpretation of the claim terms as its understanding of the technology evolves,” per Pressure Products Medical Supplies, Inc. v. Greatbatch Ltd., No. 08-1602 (Fed. Cir., March 21, 2010). A device may be found to literally infringe if the device is found to embody “each and every limitation of the patented claim,” under precedent set in V-Formation, Inc. v Benetton Group SpA, No. 03-1408 (Fed. Cir., March 15, 2005).

Regarding infringement of the ‘856 Patent, Cisco argued that the accused products do not infringe as they do not have the functionality required by the asserted claims, on three counts: (1) that the accused system “is exclusively after the fact analysis and does not work on determined packets as required by the claims,” (2) that the null interface used in the accused products “is not a proxy system,” and (3) that “packets are not filtered by the Cisco system.” The Court disagreed on all three counts, finding that Cisco marketing and public technical documents presented by Centripetal directly refuted Cisco’s arguments. The documents portrayed Cisco’s products’ capability to (1) “detect and stop threats, even with encrypted traffic,” or “to detect and respond to threats in real time,” contradicting the argument that Cisco’s systems use solely after the fact analysis. Next, Cisco argued that (2) its usage of a null interface fell outside of the Court’s Markman construction of the asserted claims, which describe a proxy device that would require decryption that Cisco’s products do not perform. Technical evidence, which “describe the null interface as a ‘virtual interface [that] never forward[s] or receive[s] traffic but packet[s] route[ed] to null interface are dropped,’” showed that a null interface directly causes “packets destinated for a particular network to be dropped,” which is an alternative option to a proxy system explicitly mentioned in the specifications of the patent. Lastly, Cisco argued that it does not (3) perform filtering of packets as required by the claims, but its system has a user interface that “provides a view of affected users identified by risk type,” which “allows for the representation of packets currently being processed within the network to be filtered and ordered by information within the unencrypted part of the packet,” as explained by Cisco technical documentation and testimony of Cisco engineers. As such, the Court found Cisco to literally infringe on the asserted claims.

Regarding infringement of the ‘176 Patent, Cisco similarly made two claims for non-infringement: (1) that its system “does not correlate a plurality of transmitted packets with a plurality of received packets,” and (2) that the system “does not generate and provision rules in response to those claimed correlations.” The Court found that the ‘176 Patent’s claims do not explicitly limit the construction to “only ingress and egress out of one device,” rather, “these claim elements would also be met if there was identification, generation, and correlation of logs from two different network devices on either ingress or egress.” This was highlighted in Col 8 Ln 46 of the specification, which indicated that “the network device that generates the correlated logs may be plural as well as singular.” As such, even accepting Cisco’s argument (1) as true, it would be found infringing. Argument (2) was refuted by another of Cisco’s public technical guides, which claimed that the product “correlates threat behaviors seen in the local environment with those seen globally.”

Regarding infringement of the ‘193 Patent, Cisco made two arguments for why the functionality of its products does not meet the requirements of the claims: (1) that “the function which is referred to as a ‘quarantine’ blocks all traffic from a source computer and does not block a ‘particular data transfer’ as claimed, and (2) that Cisco’s system “cannot identify exfiltrations until it is too late to drop the packet.” During cross-examination, Cisco admitted to a “two-stage” process, supported by Cisco’s technical documents, by which Cisco’s quarantine rule is used to implement the rule-based data transfer blocking functionality. The Court then found Argument (2) “irrelevant to the Court’s determination because the accused system operates to block packets based on the particular type of data transfer as required by the claims.”

Regarding the infringement of the ‘806 Patent, Cisco argued that the accused products: (1) do not cache the packets responsive to a signal, (2) do not cease processing of packets responsive to a signal, and (3) do not reprocess packets according to a second rule set. Centripetal argued (1) “that a packet buffer is a cache,” which was confirmed by a testimony from a Cisco engineer, directly refuting the argument that the packet buffer Cisco used did not perform the functionality of caching in the asserted claims. Similarly, a Cisco engineer testified contrary to Argument (2), explaining that “newly compiled rules are swapped for the old rules in-between the two to four clock periods that occur within the switches and routers,” which was merely “an idle period where the accused switches and routers are not processing any packets.” Cisco then argued that these two functionalities were normal and routine processing functionality of their product, but the Court found that on top of such functionality “Cisco has implemented the rule swap functionality outlined in the ‘806 Patent to greatly improve the security functionality of its products without dropping packets.” The Court also found Cisco’s Argument (3) unconvincing on two grounds: (a) that the claims only required a process through a second rule set, which needed not be a separate reprocessing event as Cisco suggested, and (b) that Cisco’s technical documents confirmed that rules were applied on both ingress and egress to its device, wherein a different set of rules would be applied to a packet on ingress and on egress, fulfilling the asserted claims’ requirements.

Regarding the infringement of the ‘205 Patent, Cisco argued that: (1) Centripetal’s argument for infringement “relies on the ‘blocking’ of packets, but the asserted claims of the ‘205 Patent require encapsulation and forwarding,” and that (2) “Centripetal has not asserted any proof that the accused products have ‘at least one rule specifying a set of network addresses and a Session Initiation Protocol (SIP) Uniform Resource Identifier (URI),’ as required by the claims.” Assessing Argument (1), the Court found that Centripetal failed to provide sufficient evidence that Cisco’s products met all the required elements of the claims. The claims required that the network device was “configured to copy information,” and as such while sufficient evidence was provided to prove that the accused products can perform encapsulation of packets, no evidence was provided to prove “that the accused products are ‘configured to’ or have the ability to copy information, as outlined by the asserted claims.” Similarly, no evidence was provided to prove “that the encapsulated packets are those that ‘fall within the set of network addresses and matches the SIP URI with a header containing a network address….’” as claimed. Turning to Argument (2), the Court found the documents presented “sufficient evidence to conclude that the accused products process SIP traffic. However, there is no compelling evidence to show that the accused products have rules that possess both a SIP URI and a network address, as required by the claims.” Therefore, the Court found no infringement of the ‘205 Patent.

Validity
Under 35 U.S.C. §282, patents and their claims are presumed to be valid, but may be challenged by presentation of clear and convincing evidence that the patent is invalid, such as on the grounds of anticipation or obviousness. To prove anticipation under 35 U.S.C. §102, where a prior art has clearly anticipated the invention of the patent at issue and disclosed that invention, “requires the presence in a single prior art disclosure of all elements of a claimed invention arranged as in the claim,” per Finisar Corp. v. DirecTV Group, Inc., Nos. 07-1023, 07-1024 (Fed. Cir., April 18, 2008). The obviousness challenge under 35 U.S.C. §103 asserts that a combination of prior arts into the invention at issue would have been obvious to a person of ordinary skill in the art, and “must demonstrate by clear and convincing evidence that a skilled artisan would have been motivated to combine the teaching of the prior art references to achieve the claimed invention, and that the skilled artisan would have had a reasonable expectation of success in doing so,” per Kinetic Concepts, Inc. v. Smith & Nephew, Inc., No. 11-1105 (Fed. Cir., August 13, 2012).

Cisco challenged the validity of the ‘856, ‘176, ‘193, and ‘806 Patents. The Court disagreed.

Regarding the validity of the ‘856 Patent, Cisco challenged on the grounds of anticipation, opining that Cisco products already contained the infringing functionality before the priority date of the asserted patent. The Court found that “the only technical documents that confirm the functionality are from later than the priority date of the ‘856 Patent,” refuting the argument that such functionality existed beforehand.

Regarding the validity of the ‘176 Patent, Cisco challenged on the grounds of anticipation, obviousness, and lack of adequate written description. Technical documents refuted Cisco’s anticipation and obviousness challenge, as the functionality of the patent at issue was included in the “What’s New” section of a document dated after the priority date of the ‘176 Patent. The same document highlighted that combining two of Cisco’s product features together would yield the functionality of the ‘176 Patent, refuting the obviousness claim that such a combination would be obvious before the priority date of the ‘176 Patent. The Court then turned to the written description challenge and found both the ‘correlate’ and ‘responsive to’ claim elements “adequately disclosed in the specification to meet the written description requirement.”

Regarding the validity of the ‘193 Patent, Cisco challenged on the grounds of anticipation and obviousness. The Court found that there was “clear reliance on multiple prior art references to prove the invalidity case” in regards to the anticipation challenge, which would require proof of a single prior art to pass muster. Turning to the obviousness challenge, “the Court rejects Cisco’s contention that these products have operated in the same manner and functionality just because the system had preexisting baseline functionality and consistent nomenclature.” The Court further pointed, again, to Cisco’s own technical documents which failed to show the infringing functionality from before the priority date of the asserted patent.

Regarding the validity of the ‘806 Patent, Cisco challenged on the grounds of anticipation and obviousness. The Court found that the product Cisco pointed to as prior art anticipating the ‘806 Patent did not possess or serve the functionality at issue. Next, assessing the product that Cisco pointed to as prior art, the Court found that the version of the product before the priority date of the ‘806 Patent involved a process “that resulted in disruption of packet processing and the unintentional dropping of packets,” which the rule swapping technique of the ‘806 Patent would solve. “Therefore, it is axiomatic that the claimed invention would not have been obvious in the prior art because the ‘806 invention of rule swapping was the solution to the exact problem outlined by the original [product].”

Willful and Literal Infringement
The Court exercised its power to grant enhanced damages under 35 U.S.C. §284, which allowed damages up to three times the amount awarded. The guiding precedent for awarding enhanced damages in Halo Electronics, Inc. v. Pulse Electronics, Inc. (Sup. Ct., June 2016) “highlights that enhanced damages are warranted as a ‘punitive’ or ‘vindictive’ sanction for egregious conduct described as ‘willful, wanton, malicious, bad-faith, deliberate, consciously wrongful, flagrant, or – indeed – characteristic of a pirate.’” The Court further looked to Read Corp. v. Portec, Inc., No. 91-1069 (Fed. Cir., July 1992)  and Markman v. Westview Instruments, Inc., No. 95-26 (Fed. Cir., April 1996) for guidance on factors to determine if enhanced damages are warranted.

The Read factors referenced are as follows:

(1) deliberate copying;

(2) defendant’s investigation and good faith-belief of invalidity or non-infringement;

(3) litigation behavior;

(4) defendant’s size and financial condition;

(5) closeness of the case;

(6) duration of the misconduct;

(7) remedial action by the defendant;

(8) defendant’s motivation for harm; and

(9) attempted concealment of the misconduct.

The Court first looked to determine if Cisco had prior knowledge of the infringement before applying the Read factors, and found Cisco’s infringement to be willful, as emails sent from Centripetal to Cisco show that Centripetal shared information with Cisco after it had signed an NDA. Internal Cisco emails, including one suggesting to “study their claims,” confirm knowledge of the patents at issue. Presented evidence further showed that Centripetal’s device implementing the patented invention was presented and demonstrated to Cisco, “indicating that they had direct contact with the label showing the practiced patents.” This established that Cisco had prior knowledge of the patents, and willfully infringed.

Looking next to the Read factors, the Court first found Cisco’s copying deliberate as to Factor (1), as Cisco released products with Centripetal’s functionality within a year of meetings with Centripetal, copying “the ‘ideas and design’ of the elements of the claim [and] the commercial embodiment of the patent,” and therefore meriting enhanced damages. For Factor (4), Cisco “represents itself as the largest provider of network infrastructure and services in the world,” meaning it would not be unduly prejudiced by an enhanced damages award. The Court then found that none of the four patents found infringed were close calls as per Factor (5), as “Cisco repeatedly relied upon animations prepared ex post facto for trial, while ignoring their own technical documents” that contradicted their arguments, therefore meriting enhanced damages. Then turning to Factors (6) (7) and (9), the Court found that since June of 2017, no remedial action has been taken, even after suit has been filed, which merited enhanced damages. Factor (8) was in favor of enhanced damages, as infringement “resulted in a dramatic increase in sales which Cisco touted in both technical and marketing documents.” Ultimately, the Court summarized that “Cisco did not advance any objectively reasonable defenses at trial as to the four infringed and valid patents,” and consequently awarded a 2.5x multiplier on the damages award.

In summary, Cisco was found to willfully, literally, and egregiously infringe on patents asserted by Centripetal, who was awarded enhanced damages totaling $1,889,521,362.50. While Cisco’s defense that Centripetal’s infringement accusation for the ‘205 Patent failed to show the claimed functionality in Cisco’s products was successful, Cisco’s defense for the other four patents at issue was deeply flawed. Cisco’s strategy to construct the scope of the claims differently, and the characterizations of its products differently, failed in light of technical facts and its own technical documents contradicting such constructions and characterizations. Centripetal’s detailed specifications supported their asserted claims by disclosing implementations of the inventions. The facts of the case clearly showed proof of infringement, and given the nature of the infringement, won Centripetal one of the highest damages awards in patent litigation history.

About the Author

Babak Akhlaghi is an adjunct professor at University of Maryland, where he teaches legal aspects of entrepreneurship. Babak is also a registered patent attorney and the Managing Director at NovoTech Patent Firm, where he assists inventors in protecting and monetizing their inventions. He is also a co-author of the "Patent Applications Handbook," which has been updated and published annually by West Publications (Clark Boardman Division) since 1992. One of his distinguished accomplishments involves guiding a startup through the patent application process, which led to substantial licensing opportunities that significantly enhanced the company's strategic value.

×