NortonLifeLock Willfully Infringed Malware Patents

NortonLifeLock Inc, formerly known as Symantec, has been found in violation of the rights of Columbia University in a matter concerning two malware-fighting patents.  

The trustees of the school sued Norton in December 2013, claiming that the company, in Version 6.0 of a product feature called SONAR/BASH, had infringed six Columbia University patents relating to intrusion-detection systems. 

Launched in late 2009 and incorporated into all Norton products through the present, the feature “uses decision trees that are models of function calls created by modeling program executions,” according to court papers.

On Monday, a jury in Virginia federal court found that Norton had infringed two Columbia patents and should therefore pay the New York-based educational institution at least $185.1m in royalties to cover sales of infringing products.

The judge could raise this figure as high as $555m because the jury found that the patents were infringed by Norton willfully. 

Of the total award, $94m was a royalty for Norton’s sales of an infringing product produced and distributed from America and sold to customers outside the US, while $91.1m was a royalty for Norton’s sales to US-based customers.

Columbia contended that two of its professors, who worked in the university’s Intrusion Detection Systems Laboratory, should be listed as the sole inventors of a patent concerned with decoy technology for baiting viruses, which was issued to Norton. The jury further found that two professors ought to be listed as joint inventors of the patent.

In the suit against Norton, Columbia said it had shared research about the decoy technology with the company when the pair joined forces to work on bids for government grants. 

Norton, based in Tempe, Arizona, said it disagreed with the jury’s findings and planned to launch an appeal against the verdict. 

A company spokesperson said Norton “strongly” believes “our technology does not infringe on patents held by Columbia.”

Columbia University intellectual property official Orin Herskowitz said in a statement that the institution was glad that the court had recognized the violation of its rights to “groundbreaking computer security innovations.”

What’s Hot on Infosecurity Magazine?