Deep Packet Inspection Consortium

Protecting Against Patent Assertion Entities Targeting DPI

Artistic image of blue lines of code

Deep Packet Inspection Consortium

Mike Pennacchi and Vint Cerf discuss the DPI Consortium

Keeping DPI technology available to all

The computer network provides the bedrock of the modern world, and Deep Packet Inspection (DPI) has become a key element of service assurance and security. DPI is used to monitor and troubleshoot the health of both the network and the applications and services running over the network. DPI also continues to find new applications in cybersecurity, with examples including intrusion detection and prevention, web application firewalls, data loss prevention, and the detection and mitigation of malware activity such as reconnaissance, lateral movement, data staging, command and control connections and DDOS attacks.

The foundations of DPI were developed in the 1980’s and 1990’s, but this period of innovation has remained poorly documented because DPI was a niche technology at this time. As a result, many of the original DPI ideas have been rediscovered as DPI has found new application areas such as cybersecurity. The problem facing the industry is that some of these original ideas have been patented many years after they were already being used in DPI products. Such patents prevent companies from exploiting ideas and techniques that should now be free for everyone to use. More worryingly, some of these patents are being used by Patent Assertion Entities (PAEs) to threaten successful technology companies.

Deep Packet Inspection Applications

  • Networking and application health monitoring
  • Detection and mitigation of malware activity such as reconnaissance, lateral movement, data staging, command and control connections
  • DDoS attack detection and mitigation
  • Intrusion detection and prevention systems
  • Web application firewall and data loss prevention functions

The purpose of the DPI Consortium is to bring to light and document the history of DPI technology and innovation for new generations. Not only will this help to enhance the quality of future patents, by ensuring they only protect inventions that are genuinely new and inventive, it will also help members of the Consortium to respond to attacks from PAEs seeking to benefit from people’s lack of knowledge about that history.

The Proof Points

Session tracking is a clear example of how ideas at the heart of DPI have been rediscovered, as DPI is applied to new application areas such as cybersecurity analytics. In some cases, standard and widely used DPI concepts like session tracking have even been granted patents, despite the ideas being well known and understood long before, as early as the 1980s and 1990s. For example, some patents now owned by a company called “Packet Intelligence” (PI) were filed as late as June 1999, even though the concepts in these patents were already widely established and used.

DPI Technology – Evolving for Decades

DPI technology boasts a long and technologically advanced history, starting in the 1990s, before the technology entered what is seen today as common, mainstream deployments. The technology traces its roots back over 30 years, when many of the pioneers contributed their inventions for use among industry participants, such as through common standards and early innovation, such as the following:

  • RMON
  • Sniffer
  • Wireshark

What is important now is that DPI technology and its application and use cases are coming into their own, as the technology is needed to deal with problems of today, especially
in the context of industry’s digital transformation initiatives.

Standing up to PAE Activity

Patent Assertion Entities (PAEs) are non-operating companies that acquire patents from third parties and assert them against alleged infringers. They do not use technology to make products but instead create revenue only through litigation. PAEs exist because technology companies seek to recoup their intellectual property investment by selling patents to PAEs for use in litigation. Targeted companies often agree to settle rather than proceed with expensive litigation that could cost millions of dollars. The impact on the technology industry is substantial: according to statistics published by the LOT Network, 84% of all high-tech patent lawsuits filed annually are from PAEs, with a cost to the US economy of $80 billion. The library of material being built by DPI Consortium is intended to help companies defend against PAE lawsuits for DPI technology by bringing to light prior art that can be used to challenge patents that were either issued in error or are being asserted improperly.

RMON

In the early 1990s, several companies, including Hewlett Packard, Lexcel, Spider Systems, Novell, and NETSCOUT developed, manufactured, and sold protocol analyzers and probes that enabled network operators to monitor data networks. DPI concepts such as session tracking were obvious to these pioneers and were integral to their work building the foundations of efficient network operations.

SNIFFER

As another example, Network General launched its Sniffer packet capture and protocol decode product in 1986.
The evolution of the Sniffer product through the 1990’s resulted in numerous additional innovations in DPI technology.

Wireshark

Wireshark is probably the most widely used open source packet analysis tool in the world and is the result of contributions from a great many people. In fact, the list of authors contributing to Wireshark exceeds 1,400 names.

Patents currently being asserted against several DPI companies by a PAE are based on concepts previously disclosed (among other places) during the early development of Wireshark’s predecessor Ethereal. While these patents remain in force, they represent a potential threat to all of those who use Wireshark, especially for commercial purposes. Companies relying on RMON and using Sniffer face the same potential threats.

DPI Consortium

DPI companies face attacks from PAEs seeking to monetize patents that in fact rely on well-known and widely-deployed DPI technology. To meet these attacks head on, DPI companies can avail themselves of a new approach: the DPI Consortium.

The DPI Consortium is an independent, non- profit, organization with a manager and advisory board committed to:

  • Providing a clearinghouse of educational resources regarding the history of Deep Packet Inspection technology and development to:
    • improve patent quality,
    • deter PAE activity, and
    • support patent challenges by members; and
  • Providing a community forum through an Advisory Board, an annual conference for Deep Packet Inspection Consortium members, and direct informational support to members facing Patent Assertion Entities activity.

“This consortium will help the DPI community carry the fight against those who seek to exploit the patent system. By sharing
information and helping the patent office understand that core DPI technologies were developed before the patents being asserted were filed, we can let innovators focus on what they do best.”

– Anil Singhal

Chief Executive Officer and
Co-Founder, NETSCOUT