Background
Vir2us, Inc. is a California cybersecurity company that developed and patented antivirus software using a technique called “containerization” — which isolates potentially malicious files in a virtual safe room for testing. Invincea, Inc. sold antivirus products using both containerization and a competing technology called “machine learning.” All Invincea products used the same underlying source code, with specific modules activated or deactivated depending on which technology a customer licensed.
In 2016, after Vir2us sued Invincea for patent infringement based on the containerization technology, the parties settled. The settlement granted Invincea a worldwide license to all Vir2us patents and required Invincea to pay royalties on sales of “Container Products.” The agreement defined Container Products as four specific named products (the “accused container products”) “as well as natural evolutions and derivations of these products.”
Sophos, Inc. acquired Invincea in 2017. It integrated Invincea’s source code into its own products but activated only the machine-learning modules, not the containerization modules. None of Sophos’s products employed containerization. Vir2us sued in 2019 claiming Sophos owed royalties on its own products because they were “derivations” of the named Container Products, based on the shared presence of certain machine-learning source code files (Cynomix.cpp and Cynomix.h).
In a 2023 appeal, the Fourth Circuit reversed a $24.6M judgment for Vir2us, holding that the first part of the Container Products definition — the list of four named products — was exhaustive and that the disputed Sophos products were not on the list. The case was remanded to address whether the products qualified under the “natural evolutions and derivations” clause. On remand, District Judge Jamar K. Walker granted summary judgment for Sophos. Vir2us appealed again.
The Court’s Holding
The Fourth Circuit (Judges King, Agee, and Heytens, per curiam) affirmed.
The central question was whether the disputed Sophos products were “derivations” of the four named accused container products. The court began with dictionary definitions: all standard references (Webster’s, Merriam-Webster, Oxford English Dictionary, Black’s Law Dictionary) define “derivation” as a sequential relationship in which the later thing originates from or was produced from the earlier one.
Applying that definition, the court concluded the Sophos products were not derivations, for several independent reasons:
- Pre-existing products: The disputed Sophos products existed before Sophos acquired Invincea’s source code. A product cannot be a derivation of something from which it did not originate.
- Insufficient connection: Merely sharing the Cynomix machine-learning source code files was not enough. The shared files were present in the named container products but were deactivated there — they played no functional role in those products. The disputed Sophos products used only machine learning, not containerization.
- Source of the code: Evidence showed Sophos obtained the source code from an Invincea employee’s team, not by extracting it from any named container product.
- Contextual reading: The entire agreement arose from and was defined by the containerization patent infringement claims. The royalty provision was limited to “Container Products” — and a “derivation” of a container product would reasonably be expected to also employ containerization technology.
Vir2us’s alternative argument — that the term “derivations” was ambiguous, precluding summary judgment — also failed. That the parties disagreed about the term’s meaning did not make the contract ambiguous under Virginia law.
Key Takeaways
- “Derivation” in a patent license agreement requires an origination relationship — the later product must have been created from or built upon the earlier one.
- Sharing common source code, particularly code that is inactive in the original licensed product, does not establish the requisite derivation relationship.
- Courts will read royalty provisions in the context of the technology at issue in the underlying patent dispute. If a license arises from containerization patent claims, “derivations” may be limited to future products that also employ containerization.
- Companies acquiring another company’s IP-encumbered technology should carefully audit existing patent licenses to understand which of their own products may be subject to royalty provisions.
- Settlement agreements should be drafted with precision: if royalties are intended to follow the source code into future products regardless of functionality, the agreement should say so explicitly.
Why It Matters
Patent license agreements routinely include “evolutions and derivations” clauses to capture future product generations. But as this case shows, such clauses have limits — and those limits depend heavily on what the contract actually says and the context in which it was negotiated.
For technology companies, this decision is a warning: if you acquire a company whose technology is licensed under a patent settlement, don’t assume that clause will cover only products that directly use the original patented technology. The risk is that the licensor will claim your existing products, rebuilt with the acquired source code, also fall within the clause — and litigation over that question is expensive even if you ultimately win.
For patent counsel drafting settlement licenses, this case highlights the importance of explicitly defining what counts as a “derivation” — whether that means shared source code, shared functionality, or shared technical approach — rather than relying on dictionary definitions that a court may interpret narrowly.
Your browser cannot display this PDF inline.
Download the full opinion (PDF)