ITC Rules Against Fortinet in Patent Dispute

Trend Micro seems to have carried the day, but Fortinet plans to keep fighting, leaving users of the server-based anti-virus technology uncertain of their update status.

A ruling by the U.S. International Trade Commission could spell trouble for users of anti-virus technology from Fortinet.

On Aug. 8, 2005, the ITC declared that Fortinet Inc.s anti-virus technology violated a patent owned by Trend Micro Inc.

The Commission issued a Cease and Desist order that prohibits Fortinet from importing or selling anti-virus technology that relies on the patented technology, and could prevent some customers from obtaining necessary anti-virus software and virus definition updates.

The ruling was a setback for Fortinet in the year-old dispute, but the Sunnyvale, Calif. company said it plans to fight on, arguing that Trend Micros patent is too broad.

Fortinet sells the Fortigate line of security appliances, which offer anti-virus, firewall, content filtering and intrusion detection features, among others.

/zimages/2/28571.gifClick here to read about Fortinets alleged violation of the GPL.

The dispute between Trend and Fortinet dates to June 2004, and is similar to actions that Tokyo-based Trend took against both Symantec Corp. and Network Associates Inc. in the late 1990s over U.S. Patent No. 5,623,600, which covers server-based anti-virus scanning.

Both Symantec and NAI, now McAfee Inc., now license the technology from Trend, said Carolyn Bostick, Trends vice president and general counsel.

In May, an ITC judge ruled in Trends favor in an unfair import proceeding that Trend brought against Fortinet. Then on Monday, the full Commission affirmed that ruling and issued orders prohibiting the importation of Fortinet anti-virus systems to the United States and barring Fortinet from selling, marketing, advertising or distributing products that use the patented technology in the United States.

While that ruling sounds grim, Hal Covert, Fortinets chief financial officer, said that it is not the end of the road for his company in its dispute with Trend Micro.

The ITC ruling only affects the anti-virus component of Fortigate appliances and only U.S. sales of Fortigate devices, which is about 30 percent of Fortinets market. Also, the ITC allows Fortinet to continue issuing software and definition updates to its customers, Covert said.

While Fortinet cant sell Fortigate anti-virus products, Covert believes that the companys channel partners, who arent affected by the ruling, have enough inventory to last until the end of 2005. By that time, Fortinet will have made changes to its anti-virus technology that sidesteps the Trend patent, he said.

/zimages/2/28571.gifTrend Micro acquires anti-spyware startup InterMute. Read more here.

Still unclear from the ITC ruling is whether customers who buy Fortinet gear from the companys channel partners after Aug. 8 will be entitled to software and virus definition updates. Covert and Fortinet claim that they are, Bostick and Trend claim that the ITC ruling prohibits it.

Behind the scenes, Fortinet is working to modify its anti-virus detection technology in a way that doesnt interfere with Trends patent. Covert claims that the changes will improve his companys product and give Fortinet more leverage to negotiate with Trend over the patent issue.

The two companies are also working to try to reach an agreement to have Fortinet license the technology. Trend said that terms are "still under discussion," while Coverts said his company is looking for a "fair and reasonable settlement" from Trend.

With the ITC ruling in place, the case may also begin working its way through the U.S. Courts. A case that Trend filed in the U.S. Court for the Northern District of California was on hold pending a ruling by the ITC, but will resume in the next 60 or 90 days. That court, unlike the ITC, could award Trend damages in the patent infringement case, Bostick said.

/zimages/2/28571.gifCheck out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at Security Center Editor Larry Seltzers Weblog.