HP Settles Patent Dispute With Cenzic

Patent infringement can be a dicey affair, with parties arguing over whether
intellectual property infringement occurred.

Such is the case in a dispute dating back more than a year between HP’s SPI
Dynamic’s security division and security vendor Cenzic. Cenzic said in a statement today that it had reached an agreement with HP that
will result in the two vendors cross-licensing each other’s patents.

A Cenzic spokesperson declined to comment, and HP, which acquired SPI Dynamics in June, did not immediately respond to requests for comment.

SPI Dynamics made the first move in September 2006 in a Georgia Northern District Court, alleging that Cenzic had infringed on SPI’s U.S. Patent 6,996,845, which it filed in November 2000 and officially granted on Feb. 7, 2006.

The SPI patent is “an automated Web security analysis system and process identifies security vulnerabilities in a target Internet Web site by parsing through the target Web site to search for a predetermined list of common security vulnerabilities,” according to the patent abstract.

Cenzic then filed its own patent-infringement case
against SPI Dynamics in Virginia Eastern District Court on July 27.
Cenzic alleged that SPI Dynamics infringed on U.S. patent number 7,185,232, which it filed for in February of 2002.

Cenzic’s patent is “a method of testing a
target in a network by fault injection, includes: defining a transaction
baseline; modifying at least one of an order and a structure of the
transaction baseline to obtain a modified transaction with malformed
grammar; and transmitting the modified transaction to a target,” according to the patent abstract.

The dispute revolves around processes related to technologies that are
critical to security researchers seeking vulnerabilities. Both Cenzic and
SPI Dynamics produce software that helps security researchers find errors
and vulnerabilities in their applications and environments.

A number of security researchers complained about the Cenzic
patent. Chris Eng, Veracode’s director of security services, alleged in a
blog post that Cenzic’s timing in suing over the patent was somewhat

“Conveniently, they waited until after SPI was acquired by HP, which clearly
has much deeper pockets than the previously privately held SPI,” Eng wrote
in a blog posting.

Eng also argued that Cenzic’s patent didn’t describe anything new, but that it actually is something that other vendors had done before the patent was filed.

The outcome of the case, however, implies that the validity of both vendors’
patents have merit, since they’re cross-licensing each other’s intellectual property.

“This agreement settles the outstanding litigations filed by SPI Dynamics (which was acquired by HP) in Federal Court in Georgia and filed by Cenzic in Federal Court in Virginia, and these lawsuits will be immediately dismissed,” Cenzic said in a statement.

News Around the Web