Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
×
Patents Businesses Security The Almighty Buck

Cisco Ordered To Cough Up $2 Billion Plus Royalties After Ripping Off Biz's Cybersecurity Patents (theregister.com) 31

Cisco has been hit with a massive $1.9 billion patent-infringement bill for copying cybersecurity tech from Centripetal Networks and pushing the company out of lucrative government contracts. The Register reports: The network switch maker infringed four patents, a Virginia court decided on Monday, but since the infringement was "willful and egregious," the judge multiplied the $756 million owed by 2.5 to a total fine of $1,889,521,362.50. With interest, Cisco faces a hefty $1,903,239,287.50 bill "payable in a lump sum due on the judgment date," the court said. The four patents are: US 9,203,806, 9,560,176, 9,686,193, and 9,917,856.

That's not all: the court also imposed [PDF] a royalty of ten per cent of some of Cisco's products for the next three years, and five per cent for three years after that. That royalty must be at least $168 million and no more than $300 million for the first three years, and between $84 million and $150 million for the next three, the judge said. Even though the sums are massive, they are far from ruinous, and represent about three months of profit for Cisco. The networking giant also has a massive cash pile of roughly $30 billion that the total bill will barely eat into.

As for the tech itself, Centripetal Networks, based in Virginia, developed a network protection system that was in part funded by the US government. The patented parts of it deal with speed and scalability issues, and allowed for live updates and automated workflows. It outlined the technology to Cisco after the company had signed a non-disclosure agreement. But then Cisco simply stole the functionality and incorporated it into its own products in 2017. Centripetal sued [PDF] the following year. "The fact that Cisco released products with Centripetal's functionality within a year of these meetings goes beyond mere coincidence," said District Judge Henry Morgan in his judgment. He noted that Cisco had "continually gathered information from Centripetal as if it intended to buy the technology from Centripetal," but then "appropriated the information gained in these meetings to learn about Centripetal's patented functionality and embedded it into its own products."

This discussion has been archived. No new comments can be posted.

Cisco Ordered To Cough Up $2 Billion Plus Royalties After Ripping Off Biz's Cybersecurity Patents

Comments Filter:
  • Lube up that hole, Cisco, the time has come to pay the piper.

    • "black Lives Matter, but your patents don't." - Cisco
      • Re: (Score:3, Insightful)

        Comment removed based on user account deletion
        • by raymorris ( 2726007 ) on Tuesday October 06, 2020 @08:01PM (#60579558) Journal

          > Did you look at the patents?

          I did. The last one is pretty interesting.

          > Being able to patent implementations of algorithms is hella fucked.

          If you're going to redefine "implementations of algorithms" broadly enough to include '856, what invention WOULDN'T be?

          • by olau ( 314197 )

            Could you explain what you mean by interesting?

            I only read through the claims, and they did not seem special to me. Collect threat indicators, filter by them? What am I missing?

            • by raymorris ( 2726007 ) on Wednesday October 07, 2020 @08:30AM (#60580796) Journal

              '856 is rather more specific than "collect threat indicators".
              Part of what it does I partially do manually, but I haven't seen a firewall that does it automatically; the other part I haven't seen at all.

              A problem in security is how to handle TLS and other encrypted traffic. You can't inspect it without doing a MITM. You have a TLS flow from one of your hosts to some arbitrary IP on port 443, an arbitrary https connection. That's all you know since it's encrypted. How do you know if the connection is downloading malware, beaconing, etc? So you can't secure it without making it less secure.

              Most companies that are serious about security end up doing a MITM, decrypting the TLS traffic (and being blind with any other type of encryption). Obviously breaking the encryption of all of the TLS has some serious security problems of its own. Especially considering that every inspection appliance tested has significant security flaws. One common flaw is that because the inspection appliance replaces the origin cert and ciphersuite with the internal cert and ciphersuite it hides that fact that the origin cert is weak or even mismatched. I identified several such issues in the TLS inspection tool we use at work.

              How do you fix that? People have been pondering that question for at least 15 years without coming up with very good answers. '856 provides a good answer.

              An additional problem, exacerbated by SaaS, IaaS, and the far more widespread use of VPN, is the plain resource cost of inspecting far more traffic. Both hardware resources and human. (More connections means more suspicious connections that my team has to manually analyze). The '856 invention also helps with that.

              Mostly, the approach allows encrypted traffic, which is now most traffic, to be more secure.

            • Basically they are saying if a connection to an entity contains encrypted and no-encrypted data they will form a threat model based on the non-encrypted data and then apply that to both the encrypted and non-encrypted data. They might go into a bit of detail about how to do it but none of it is interesting enough to even bother reading the patent.
        • Your right. Software patents are trash.

          But I'm not unhappy seeing Cisco cop a beating either.

          I'll save my sympathy for the hoards of small businesses that get destroyed by patent trolling from megacorps

        • I don't see why software should be free of patents. The problem with patents are much more general. As I see it it is because there are way too many of them and they very often only claim small, obvious improvements over already published methods. One remedy would be to limit the number of patents a company/corporation can control to a small number such they can't hit small companies with thousands of patents.
  • by doug141 ( 863552 ) on Tuesday October 06, 2020 @05:29PM (#60579206)

    It's like no one at cisco knows the story of the automakers getting obliterated in court after stealing delayed wipers. I wonder if this will spawn a movie, also.

    • They also used the wrong strategy. You don't misappropriate patented tech from a company, you go into talks to buy them out, tell them to stop selling any products before the takeover in order to avoid creating market confusion, string out the talks until they run out of money, then buy the near-bankrupt company and its patents at fire-sale prices. That's the ethical way to do it if you're a big corporation, not just outright theft.
  • by Anonymous Coward on Tuesday October 06, 2020 @06:09PM (#60579310)
    Since Cisco developed their first multiprotocol router by social engineering it out of Bill Yeager at Stanford.
  • by whoever57 ( 658626 ) on Tuesday October 06, 2020 @06:10PM (#60579318) Journal

    "As for the tech itself, Centripetal Networks, based in Virginia, developed a network protection system that was in part funded by the US government."

  • As the article notes, they have 30 billion in cash, 11 billion in net income, etc.

    But also, if you look at the actual patents, it's stuff that has existed in Cisco products for years, other than maybe the one patent about using caching in multiple cores to deal with different rules for a single packet (or something). The fact that they had products that used all four patents within a year easily could have been coincidence, not the least because both companies work closely with Government contracts and use

  • ... for stealing MS' business model.

  • Once the unevenness in society reaches a certain point the system collapses and starts over again.
  • Are increasingly being decided less on the merits and more on which of three categories you fit into: 1) somebody whose tech was stolen (Probably win); 2) a legitimate manufacturer attempting to âoemonetizeâ their patent portfolio (50/50); and 3) patent trolls (probably lose)
  • Describing Cisco as "the network switch maker" on a tech site is like describing GM as "the operator of OnStar" on a car site.

    Cisco invented the internet router.

    • by Anonymous Coward

      I worked at Cisco from 1989, and Cisco did not invent the router. The early Cisco did some very cool things and made products that justifiably dominated the market, but invent the router it did not.

  • Peddling stolen snake oil. Wow.

    I mean, fuck everything and everybody involved in this story in any way.

  • Personally as someone running a Cisco Security [forever-group.co.uk] provider - I'm concerned about the marketing fallout from this, and the fact that it really diminishes all of the good work that Cisco and Talos do within the industry. $2bn is a lot of money to take from any organisation in the current economic climate, and that's going to have an impact on the staff and development.

Counting in octal is just like counting in decimal--if you don't use your thumbs. -- Tom Lehrer

Working...