Bloomberg Law
Free Newsletter Sign Up
Bloomberg Law
Advanced Search Go
Free Newsletter Sign Up

Norton Owes Columbia $185 Million Over Antivirus Patents (1)

May 2, 2022, 4:32 PMUpdated: May 2, 2022, 6:51 PM

NortonLifeLock Inc. must pay Columbia University $185.1 million after a federal jury on Monday found that a feature of five families of its antivirus products infringes two patents for technology that uses emulators to monitor programs for malicious behavior.

The jury also found that Norton’s infringement was intentional, meaning the judge may increase the award by up to three times the jury’s amount, according to the verdict in the U.S. District Court for the Eastern District of Virginia.

Of the total award, $91.1 million was a royalty for Norton’s sales to U.S. customers. The jury awarded a royalty of $94 million for sales to customers outside the U.S. after finding that the infringing product sold to such customers was made in and distributed from the U.S.

Jurors also found that Columbia had proven that the U.S. Patent and Trademark Office should add two Columbia professors as joint inventors of a patent issued to Norton, but they rejected the university’s contention that the professors, of Columbia’s Intrusion Detection Systems Laboratory, were the sole inventors.

They also denied Columbia’s bid for $22.2 million in damages on its argument, which the court rejected, that Norton committed fraudulent concealment in connection with its filing of the application that became the Norton patent.

Norton said in a statement that it would appeal the verdict. A spokesperson said the company “strongly” believes “our technology does not infringe on patents held by Columbia.”

Orin Herskowitz, senior vice president of intellectual property and technology transfer at Columbia, disagreed, and emphasized the patents’ importance.

“The patented technology changed the way we detect malicious malware and increased the safety of individuals’, companies’ and the U.S. government’s computers at a critical time when traditional malware detection was failing,” Herskowitz said in Columbia’s statement.

Jurors resumed deliberations Monday for less than two and a half hours before returning the verdict. Judge M. Hannah Lauck had urged them to “carefully reexamine and reconsider” the evidence following their note late on April 29 saying they’d “reached an impasse” on one of the verdict form’s questions.

The Richmond, Va., trial had been slated to wrap up by April 25, but a dispute over a cross-examination by Norton’s lawyers of a Columbia damages expert slowed its progress.

Columbia had sought a royalty of as much as $228.2 million from Norton’s billions in global sales of such products during the relevant period, according to court papers.

The dispute centered on Version 6.0 of a product feature called SONAR/BASH, launched in late 2009 and incorporated into all accused Norton products through the present. The feature “uses decision trees that are models of function calls created by modeling program executions,” according to court papers.

Columbia says each “decision tree” is a combination of “numerous individual program execution models” that were made on different computers run by Norton’s customers around the world. Each model is included in a so-called “BASH submission.”

Columbia says Norton, based in Tempe, Ariz., used a machine-learning algorithm to create “the combined decision tree models,” which can be used as a basis for determining whether a function call deviates from normal program execution and may reflect malicious behavior.

The features of SONAR/BASH relevant to decision-tree analysis haven’t changed since 2010, Columbia said. It alleged infringement by Norton’s sales of products that include the feature from Dec. 6, 2011, through the present.

Those products are from the Norton-branded AntiVirus, Internet Security, 360, and Security families; and from the Symantec-branded Endpoint Protection family. According to court papers, Norton’s global sales of such products during the relevant periods were in the billions of dollars.

One of the patents was issued in December 2011, the other two years later. Columbia sued Symantec Corp., now NortonLifeLock, in December 2013.

Columbia also sought a correction of inventorship or, alternatively, joint inventorship for a patent it said Norton unlawfully obtained and wielded “as a ‘defensive’ patent to protect sales of its Data Loss Prevention product,” preventing rivals from using the technology in products that competed with Norton’s. The patent, which Bloomberg Law estimates will expire in June 2031, covers the use of a data-loss-prevention system’s decoys to protect against potential security threats.

Jurors rejected Columbia’s argument that the university “lost the ability to obtain a patent on the technology” that the professors invented because of Norton’s fraudulent concealment in connection with the patent application. Norton had denied Columbia’s allegations and had called the professors’ supposed contributions “nothing more than well-known concepts.”

Columbia University is represented by Spotts Fain PC and Sullivan & Cromwell LLP. NortonLifeLock is represented by Troutman Pepper Hamilton Sanders LLP; Quinn Emanuel Urquhart & Sullivan LLP; Latham & Watkins LLP; and Colt Singer Bea LLP. Third-party movant WetStone Technologies Inc. is represented by Hyland Law PLLC.

The case is Trs. of Columbia Univ. in N.Y.C. v. NortonLifeLock Inc., E.D. Va., No. 3:13-cv-808, verdict issued 5/2/22.

(Updates to add company comments starting in fifth paragraph, and details and context throughout.)

To contact the reporter on this story: Christopher Yasiejko in Wilmington, Del., at

To contact the editors responsible for this story: Rob Tricchinelli at; Nicholas Datlowe at