Speech Transcription LLC v. SentinelOne Inc

I. Executive Summary and Procedural Information

• Parties & Counsel:
  • Plaintiff: Speech Transcription, LLC (Wyoming)
  • Defendant: SentinelOne, Inc. (Delaware)
  • Plaintiff’s Counsel: Law Office Of Barbra Stern PA; Garteiser Honea, PLLC
• Case Identification: 3:24-cv-01228, S.D. Fla., 12/29/2023
• Venue Allegations: Plaintiff alleges that venue is proper in the Southern District of Florida because Defendant maintains a regular and established place of business in the district. The complaint supports its venue allegation with a screenshot from Defendant’s careers webpage showing an office location in Fort Lauderdale, Florida (Compl. p. 2, Fig. 1).
• Core Dispute: Plaintiff alleges that Defendant’s Singularity XDR cybersecurity platform infringes a patent related to a unified security management system for endpoint computing devices.
• Technical Context: The technology addresses the complexity and inefficiency of managing multiple, disparate cybersecurity products from different vendors on a single endpoint device.
• Key Procedural History: The complaint notes that during the patent's prosecution, the U.S. Patent Examiner identified U.S. Patent No. 7,058,796 as the most relevant prior art before allowing the claims to issue.

Case Timeline

Date	Event
2004-09-14	’799 Patent Priority Date
2015-01-20	’799 Patent Issue Date
2023-12-29	Complaint Filing Date

II. Technology and Patent(s)-in-Suit Analysis

U.S. Patent No. 8,938,799 - Security Protection Apparatus and Method for Endpoint Computing Systems, Issued January 20, 2015

The Invention Explained

• Problem Addressed: The patent’s background section describes the problems arising from deploying multiple security software modules from different vendors on host computers. This approach is said to burden the host system, create software conflicts, lead to performance degradation, and result in a high total-cost-of-ownership for enterprises (’799 Patent, col. 3:48-67). For individual users, acquiring and managing multiple security products is described as costly and inconvenient (’799 Patent, col. 4:46-63).
• The Patented Solution: The invention proposes a "unified security management system" that uses a dedicated hardware and software "security subsystem," referred to as a "Security Utility Blade" or "SUB," located at the endpoint between the network and the host computer (’799 Patent, Abstract; col. 5:21-26; Fig. 2A). This SUB runs its own operating system and functions as an "open platform" to receive and execute security modules from various vendors, managed by a central "Management Server" (’799 Patent, col. 5:16-43, col. 8:42-56). This architecture is intended to isolate security functions from the host's operating system and centralize control, thereby simplifying management and improving security (’799 Patent, col. 6:1-9).
• Technical Importance: The described technical approach sought to create a standardized, hardware-isolated abstraction layer for endpoint security, addressing the market challenge of integrating and managing a growing number of point solutions from different cybersecurity vendors. (’799 Patent, col. 6:1-9).

Key Claims at a Glance

• The complaint asserts at least independent claim 14 (’Compl. ¶31).
• Independent Claim 14 requires:
  • A security subsystem configurable between a network and a host of an endpoint
  • The security subsystem comprising computing resources for providing:
  • an open platform for receiving and executing security function software modules from multiple vendors for providing defense functions for protection of the host
• The complaint does not explicitly reserve the right to assert dependent claims, but alleges infringement of "one or more claims, including at least Claim 14" (Compl. ¶31).

III. The Accused Instrumentality

Product Identification

• The complaint identifies "at least the Singularity XDR system" as an Accused Instrumentality (Compl. ¶27).

Functionality and Market Context

• The complaint describes the Singularity XDR system as a cybersecurity platform that works by "integrating and correlating data from various sources across an organization's network, endpoints, and cloud services" to improve threat detection and response (Compl. ¶27).
• The complaint does not provide further technical detail on the specific architecture or operational methods of the accused system.

IV. Analysis of Infringement Allegations

The complaint references a claim chart (Exhibit B) that was not provided with the filed document (Compl. ¶¶ 31, 36). Therefore, the infringement allegations are summarized based on the complaint's narrative.

The complaint alleges that SentinelOne’s Singularity XDR system infringes at least Claim 14 of the ’799 Patent (Compl. ¶31). The infringement theory appears to map the system's function of "integrating and correlating data from various sources" to the claim requirement of an "open platform for receiving and executing security function software modules from multiple vendors" (Compl. ¶27; ’799 Patent, col. 26:50-55). The complaint asserts direct infringement through SentinelOne's own use and testing, as well as through its manufacturing, selling, and offering for sale of the system (Compl. ¶¶ 31-32).

• Identified Points of Contention:
  • Scope Questions: A central dispute may concern the meaning of "security subsystem." The infringement claim will raise the question of whether a software-based platform like the accused Singularity XDR system can meet this limitation, given the patent's specification repeatedly describes the "subsystem" as a distinct hardware/software component (a "Security Utility Blade" or "SUB") that is separate from the host and its primary operating system (’799 Patent, col. 5:21-26, col. 7:6-12).
  • Technical Questions: What evidence does the complaint provide that the accused product’s function of "integrating and correlating data" is equivalent to "receiving and executing security function software modules from multiple vendors" as required by the claim? The court may need to determine if merely processing data from third-party sources constitutes "executing" their "software modules" in the manner envisioned by the patent.

V. Key Claim Terms for Construction

• The Term: "security subsystem"

  • Context and Importance: This term defines the apparatus itself. Its construction will be critical to determining if the claim reads on a software-only product or is limited to the specific hardware-centric architecture described in the patent. Practitioners may focus on this term because the accused product is a software platform, whereas the patent specification appears to describe a distinct hardware component.
  • Intrinsic Evidence for Interpretation:
    • Evidence for a Broader Interpretation: A party could argue that the claim language itself does not explicitly require dedicated hardware or use the term "Security Utility Blade," potentially allowing the term "subsystem" to encompass a logical, software-based component.
    • Evidence for a Narrower Interpretation: A party could argue that the term is defined by the specification, which consistently describes the invention as a "hardware and software 'security subsystem', herein called a Security Utility Blade (SUB)" that runs its own separate operating system (’799 Patent, col. 5:21-26, col. 7:6-12). The claim's requirement that the subsystem is "configurable between a network and a host" may also support a narrower interpretation tied to a specific architectural position (’799 Patent, col. 26:46-48).

• The Term: "open platform for receiving and executing security function software modules"

  • Context and Importance: This term defines the core functionality of the claimed invention. The dispute will likely center on whether "integrating and correlating data" from other security products, as the accused system allegedly does, is the same as "receiving and executing" software modules.
  • Intrinsic Evidence for Interpretation:
    • Evidence for a Broader Interpretation: A party may argue that an API call to a third-party service is a "module" and that processing the resulting data constitutes "executing" that module's function.
    • Evidence for a Narrower Interpretation: The specification describes a process where software modules are "downloaded" into a "Repository and Execution Unit" within the subsystem (’799 Patent, col. 8:42-56). This may support an interpretation requiring the platform to download and run the vendors' actual code, not just interact with their data outputs.

VI. Other Allegations

• Indirect Infringement: The complaint alleges inducement of infringement, stating that SentinelOne provides "product literature and website materials inducing end users and others to use its products in the customary and intended manner that infringes the '799 Patent" (Compl. ¶34). It also makes a conclusory allegation of contributory infringement (Compl. ¶31).
• Willful Infringement: The willfulness allegation is based on knowledge of infringement acquired "at least as of the service of the present complaint" (Compl. ¶29). The complaint does not allege pre-suit knowledge of the patent or infringement.

VII. Analyst’s Conclusion: Key Questions for the Case

1. A core issue will be one of definitional scope: can the claim term "security subsystem", which the patent specification extensively describes as a distinct hardware-based component ("Security Utility Blade"), be construed broadly enough to read on the accused "Singularity XDR" software platform?

2. A key evidentiary question will be one of technical operation: does the accused system's alleged function of "integrating and correlating data from various sources" meet the claim's requirement of "receiving and executing security function software modules," or does the evidence show a fundamental mismatch between the claimed method and the accused functionality?