Speech Transcription LLC v. Cybereason Inc

I. Executive Summary and Procedural Information

• Parties & Counsel:
  • Plaintiff: Speech Transcription, LLC (Wyoming)
  • Defendant: Cybereason Inc. (California)
  • Plaintiff’s Counsel: SML Avvocati P.C.
• Case Identification: 3:25-cv-01589, S.D. Cal., 06/22/2025
• Venue Allegations: Venue is alleged to be proper because Defendant is deemed a resident of the Southern District of California, and alternatively, because acts of infringement allegedly occur in the district where Defendant has a regular and established place of business.
• Core Dispute: Plaintiff alleges that Defendant’s endpoint cybersecurity products infringe a patent related to a unified, hardware-isolated apparatus for managing and executing security functions.
• Technical Context: The technology addresses the field of endpoint security, a critical market focused on protecting enterprise computers (endpoints) from malware, unauthorized access, and other digital threats.
• Key Procedural History: The complaint alleges that Defendant’s knowledge for the purpose of induced infringement began, at the latest, upon service of the complaint, which may form the basis for a post-suit willfulness claim.

Case Timeline

Date	Event
2004-09-14	'799 Patent Priority Date
2015-01-20	'799 Patent Issue Date
2025-06-22	Complaint Filing Date

II. Technology and Patent(s)-in-Suit Analysis

U.S. Patent No. 8,938,799 - "Security Protection Apparatus and Method for Endpoint Computing Systems," issued January 20, 2015

The Invention Explained

• Problem Addressed: The patent addresses the problems arising from deploying multiple security software products from different vendors onto a single computer ('799 Patent, col. 4:47-50). This conventional approach is described as creating software conflicts, reducing computer performance, increasing management complexity, and creating security vulnerabilities if the software is disabled by malware or human error ('799 Patent, col. 4:50-62).
• The Patented Solution: The invention proposes a hardware and software "security subsystem," termed a "Security Utility Blade" (SUB), which is a distinct apparatus that resides in a managed endpoint computer ('799 Patent, col. 5:18-25). This SUB runs its own separate, security-hardened operating system (SUBOS) and functions as an "open platform" for executing security software modules from various vendors ('799 Patent, col. 6:51-54; FIG. 3). By physically and logically separating the security functions from the host's main operating system, the invention aims to create an isolated, resilient, and centrally manageable security environment ('799 Patent, col. 9:6-14).
• Technical Importance: This architectural approach sought to solve the "agent fatigue" and security management problems in enterprise computing by abstracting security functions away from the host OS into a dedicated, hardened subsystem, thereby improving both security posture and system performance. ('799 Patent, col. 4:20-26).

Key Claims at a Glance

• The complaint asserts "one or more claims" of the '799 patent without specifying them (Compl. ¶14). Independent claim 1 is representative of the core invention.
• Independent Claim 1 requires:
  • An apparatus associated with an endpoint, configurable between a network and a host of the endpoint.
  • The apparatus comprises computational resources, including at least one processor.
  • Crucially, these computational resources are "not accessible by the host."
  • The resources are accessible over a secure connection by a management server.
  • The apparatus is configured to provide an "open platform" to execute security software modules from multiple vendors to protect the host.
• The complaint reserves the right to assert additional claims, including dependent claims.

III. The Accused Instrumentality

Product Identification

The complaint alleges infringement by products "specified in the infringement claim charts attached herewith as Exhibit B" (Compl. ¶14). However, this exhibit was not provided with the publicly filed complaint.

Functionality and Market Context

The complaint does not provide sufficient detail for analysis of the accused product's specific functionality or market position.

IV. Analysis of Infringement Allegations

The complaint references claim charts in an Exhibit B that was not included with the filed document, precluding a detailed, element-by-element analysis based on Plaintiff's specific allegations (Compl. ¶14). The general infringement theory suggests that Defendant's endpoint security products, which operate on endpoint computers, constitute an "apparatus" that performs the functions recited in the asserted claims.

No probative visual evidence provided in complaint.

• Identified Points of Contention:
  • Scope Questions: A central dispute may arise over whether Defendant's accused products, which are likely software-based, can meet the limitations of claims that describe a distinct "apparatus" with computational resources "not accessible by the host." The case may turn on whether the claims are limited to a separate hardware device, as depicted in embodiments like the "Security Utility Blade" (FIG. 2A), or if they can read on a purely software-based agent operating in a protected or kernel-level mode on the host's own hardware.
  • Technical Questions: A key factual question will be what evidence demonstrates that the accused products create a security environment that is truly "not accessible by the host" as required by the claim. The parties may dispute whether a software agent running in a privileged mode on the host's operating system meets this limitation, or if the claim requires complete hardware-level isolation as suggested by the patent's description of a separate operating system (SUBOS) ('799 Patent, FIG. 3).

V. Key Claim Terms for Construction

• The Term: "apparatus ... comprising computational resources"

  • Context and Importance: The definition of this term is fundamental. If construed to require a distinct hardware component separate from the host computer's main processor and memory, it may be difficult for the plaintiff to prove infringement by a software-only product. Practitioners may focus on this term because it determines whether the patent covers modern software-based security architectures or is limited to the hardware-centric embodiments disclosed.
  • Intrinsic Evidence for a Broader Interpretation: The patent states the invention comprises a "hardware and software 'security subsystem'" ('799 Patent, col. 5:21-22), which could support an argument that the "apparatus" is a combination of elements, not necessarily a single, monolithic piece of hardware.
  • Intrinsic Evidence for a Narrower Interpretation: The patent repeatedly uses the term "Security Utility Blade (SUB)" ('799 Patent, col. 5:23), describes it as being installed in a motherboard slot (FIG. 2B), and depicts it as a discrete physical component (FIG. 2A, 3), all suggesting a hardware-based construction.

• The Term: "not accessible by the host"

  • Context and Importance: This term defines the required degree of isolation between the security apparatus and the host system it protects. Its construction will determine the technical evidence needed to prove infringement.
  • Intrinsic Evidence for a Broader Interpretation: A party might argue this means inaccessible to standard, user-level applications on the host, while still allowing for some form of controlled interaction with the host's kernel or privileged processes.
  • Intrinsic Evidence for a Narrower Interpretation: The patent's description of the SUB running its own, separate "Security Utility Blade Operating System (SUBOS)" ('799 Patent, col. 10:29-31) and having its own processor and memory systems (FIG. 4) strongly supports an interpretation requiring complete hardware and operating system-level isolation, where the host OS has no direct control over or access to the SUB's resources.

VI. Other Allegations

• Indirect Infringement: The complaint pleads inducement under 35 U.S.C. § 271(b), alleging that Defendant has had knowledge of the '799 patent "At least since being served by this Complaint" and has continued to induce infringement (Compl. ¶16). The factual basis for pre-suit knowledge or specific intent is not detailed.
• Willful Infringement: While the complaint does not use the word "willful," the allegation of knowing infringement continuing after service of the complaint lays the foundation for a claim of post-suit willful infringement, which could support a request for enhanced damages under 35 U.S.C. § 284 (Compl. ¶16).

VII. Analyst’s Conclusion: Key Questions for the Case

• A core issue will be one of technological scope: Can the patent's claims, which are exemplified by a distinct hardware "Security Utility Blade" with its own operating system, be construed to cover a modern, software-based endpoint security agent that runs on the host's own hardware, albeit in a privileged and protected memory space?
• A key evidentiary question will be one of functional isolation: What level of technical proof will be required to demonstrate that the accused software product is truly "not accessible by the host" in the manner required by the claims, versus being a hardened process that is merely difficult for other host processes to access?