DCT
2:25-cv-01063
UMBRA Tech Ltd Uk v. Zscaler Inc
I. Executive Summary and Procedural Information
- Parties & Counsel:
- Plaintiff: UMBRA Technologies Ltd. (UK) (British Virgin Islands) & UMBRA Technologies (US) Inc. (Delaware)
- Defendant: Zscaler, Inc. (Delaware)
- Plaintiff’s Counsel: DEVLIN LAW FIRM LLC
- Case Identification: 2:25-cv-01063, E.D. Tex., 10/23/2025
- Venue Allegations: Plaintiff alleges venue is proper in the Eastern District of Texas because Defendant Zscaler maintains a regular and established place of business in Plano, Texas.
- Core Dispute: Plaintiff alleges that Defendant’s network virtualization and security products and services infringe four patents related to multi-perimeter firewalls, content retrieval from remote network regions, and global virtual networking.
- Technical Context: The dispute centers on technologies for Software-Defined Wide Area Networking (SD-WAN) and cloud-based network security, a market critical for enterprises managing distributed workforces and cloud applications.
- Key Procedural History: The lead patent-in-suit, U.S. Patent No. 10,574,482, has been asserted in multiple other pending lawsuits against competitors. Notably, a petition for Inter Partes Review of the ’482 patent, filed by a defendant in a separate case, was denied institution by the Patent Trial and Appeal Board (PTAB), indicating the patent survived a preliminary validity challenge at the USPTO.
Case Timeline
| Date | Event |
|---|---|
| 2014-12-08 | ’329 Patent Priority Date |
| 2015-04-07 | ’482, ’161, and ’192 Patent Priority Date |
| 2020-02-25 | ’482 Patent Issue Date |
| 2025-02-18 | Defendant waives service in UMBRA v. Juniper Networks |
| 2025-04-02 | Complaint filed in UMBRA v. Fortinet |
| 2025-06-13 | Complaint filed in UMBRA v. Palo Alto Networks |
| 2025-06-17 | ’329 Patent Issue Date |
| 2025-09-30 | ’161 Patent Issue Date |
| 2025-10-21 | ’192 Patent Issue Date |
| 2025-10-23 | Complaint Filing Date |
II. Technology and Patent(s)-in-Suit Analysis
U.S. Patent No. 10,574,482 - "MULTI-PERIMETER FIREWALL IN THE CLOUD" (Issued Feb. 25, 2020)
The Invention Explained
- Problem Addressed: The patent’s background section describes the limitations of traditional network security, where a firewall is typically placed at the edge of a local area network (LAN) (Compl. ¶14; ’482 Patent, col. 5:61-64). This architecture can create performance bottlenecks and security challenges when routing traffic from branch offices to the internet or cloud services through a centralized corporate gateway (’482 Patent, col. 1:56-2:11).
- The Patented Solution: The invention proposes a distributed, multi-perimeter firewall system within a global virtual network (GVN) (’482 Patent, Abstract). It separates security functions, using a "first perimeter firewall" for faster stateful packet inspection (SPI) and a "second perimeter firewall" for more intensive deep packet inspection (DPI). These distributed firewalls can communicate and share threat information, aiming to improve security and performance in a cloud or virtualized environment (’482 Patent, col. 2:51-57; FIG. 11).
- Technical Importance: This distributed approach was designed to overcome the rigid, centralized security models associated with prior technologies like MPLS, offering a more flexible architecture for emerging SD-WAN deployments (Compl. ¶¶11-12).
Key Claims at a Glance
- The complaint asserts at least one claim (Compl. ¶31). Independent claim 1 includes the following essential elements:
- A multi-perimeter firewall system comprising an egress ingress point device, a first access point server, a second access point server, and an endpoint device.
- A "first perimeter firewall" performing stateful packet inspection (SPI) on traffic between the first and second access point servers.
- A "second perimeter firewall" performing deep packet inspection (DPI) on traffic between the second access point server and the endpoint device.
- A specific requirement that the DPI is performed on a "cloned copy of traffic that flows through the second perimeter firewall."
- The complaint reserves the right to amend or supplement its infringement analysis (Compl. ¶32).
U.S. Patent No. 12,335,329 - "SYSTEM AND METHOD FOR CONTENT RETRIEVAL FROM REMOTE NETWORK REGIONS" (Issued Jun. 17, 2025)
The Invention Explained
- Problem Addressed: The patent’s background explains that retrieving content from geographically distant servers often results in slow speeds and low bandwidth due to a lack of control over the network path taken between servers (’329 Patent, col. 2:7-21; Compl. ¶15).
- The Patented Solution: The invention describes a system where a user's device can request content from a remote region. The system forwards this request, via a tunnel, to an access point server located in proximity to the content source. This architecture utilizes "smart-routing and point to multi-point topology" to enable concurrent data streams from multiple remote locations, aiming to reduce latency and improve retrieval speed (’329 Patent, Abstract; col. 4:55-67).
- Technical Importance: This method provides a way to enhance the performance of global applications and content delivery by optimizing how data is fetched from different geographic regions over the internet (Compl. ¶15).
Key Claims at a Glance
- The complaint asserts at least one claim (Compl. ¶38). Independent claim 1 includes the following essential elements:
- A content delivery network device with processors and network interfaces.
- The device is configured to receive a "secure request for content delivery" and an "indication of a desired target region."
- The device initiates a delivery request to a "selected one of... two or more second network devices that is serving the desired target region," indicating a source from which to retrieve content.
- The device then accepts the retrieved content and addresses it back to the original requesting client device.
- The complaint reserves the right to amend or supplement its infringement analysis (Compl. ¶39).
U.S. Patent No. 12,432,161 - "MULTI-PERIMETER FIREWALL IN THE CLOUD" (Issued Sep. 30, 2025)
- Technology Synopsis: Belonging to the same patent family as the ’482 patent, this invention addresses technical problems of implementing a multi-perimeter firewall in a cloud or virtualized network (Compl. ¶14). It focuses on distributing workload, sharing threat information, and using both stateful and deep-packet inspections to secure the network (Compl. ¶14).
- Asserted Claims: At least one claim is asserted (Compl. ¶45).
- Accused Features: The complaint accuses Zscaler's systems and methods for network virtualization and related services (Compl. ¶45).
U.S. Patent No. 12,452,192 - "SYSTEMS AND METHODS FOR PROVIDING A GLOBAL VIRTUAL NETWORK (GVN)" (Issued Oct. 21, 2025)
- Technology Synopsis: This invention addresses technical problems in virtualized networks related to establishing connections, or "tunnels" (Compl. ¶16). It discloses a method for creating and transmitting a prioritized list of available servers for building a tunnel, which can be ordered based on expected performance and other contextual device information to increase network efficiency (Compl. ¶16).
- Asserted Claims: At least one claim is asserted (Compl. ¶52).
- Accused Features: The complaint accuses Zscaler's systems and methods for network virtualization and related services (Compl. ¶52).
III. The Accused Instrumentality
Product Identification
The complaint identifies the accused instrumentalities broadly as "Zscaler systems and methods, including one or more hardware and software products for network virtualization and related services" (Compl. ¶31). Specific product names are identified in Exhibits E-H, which were not provided with the complaint document (Compl. ¶31).
Functionality and Market Context
The complaint alleges that the accused products are used in "virtualized network architectures" to provide "highly efficient, secure, optimized virtual WAN architectures" over the internet (Compl. ¶¶12-13). Plaintiff claims these products offer significant commercial value by improving the performance, convenience, and efficiency of network connections for Zscaler's customers (Compl. ¶13).
IV. Analysis of Infringement Allegations
No probative visual evidence provided in complaint. The complaint references claim chart exhibits that were not provided; the following tables summarize the infringement theory inferred from the patent claims and the complaint's general allegations.
U.S. Patent No. 10,574,482 Infringement Allegations
| Claim Element (from Independent Claim 1) | Alleged Infringing Functionality | Complaint Citation | Patent Citation |
|---|---|---|---|
| a multi-perimeter firewall system located in a cloud and forming part of a global virtual network, comprising: an egress ingress point device; a first access point server...; a second access point server...; an endpoint device... | Zscaler's systems are alleged to be implemented in virtualized network architectures that provide secure virtual WAN services, which would necessarily include endpoint devices, servers, and network ingress/egress points. | ¶¶13, 31 | col. 25:61-26:7 |
| a first perimeter firewall... performs stateful packet inspection to prevent at least some traffic from passing from the first access point server to the second access point server; | Zscaler's virtual WAN architecture is alleged to utilize "multi-perimeter firewall inventions," which implies the use of distinct firewalls performing security functions like stateful packet inspection. | ¶¶11, 14, 31 | col. 26:8-13 |
| a second perimeter firewall... performs deep packet inspection to prevent at least some traffic from passing from the second access point server to the end point device, | Zscaler's architecture is alleged to utilize inventions involving "deep-packet inspections in a virtualized firewall system." | ¶¶14, 31 | col. 26:14-19 |
| wherein the deep packet inspection is performed on a cloned copy of traffic that flows through the second perimeter firewall. | The complaint does not provide sufficient detail for analysis of this element. | ¶31 | col. 26:20-22 |
U.S. Patent No. 12,335,329 Infringement Allegations
| Claim Element (from Independent Claim 1) | Alleged Infringing Functionality | Complaint Citation | Patent Citation |
|---|---|---|---|
| A content delivery network device comprising: one or more network interfaces... and one or more processors... | Zscaler's accused products are described as "hardware and software products for network virtualization," which inherently include processors and network interfaces. | ¶38 | col. 13:1-12 |
| receive, from any given requesting device of the client devices, a secure request for content delivery, and an indication of a desired target region... | Zscaler's network services allegedly process user traffic requests for content from various network locations, which Plaintiff may argue constitutes receiving a request with an "indication" of a target region (e.g., the region where a requested domain is hosted). | ¶¶15, 38 | col. 13:13-17 |
| initiate a delivery request... to a selected one of the two or more second network devices that is serving the desired target region... the delivery request indicating a network source from which the selected... is to retrieve delivery content... | The complaint alleges Zscaler's products utilize "smart-routing" to enhance content retrieval, which may be argued to correspond to selecting a network device in a target region to initiate content retrieval. | ¶¶15, 38 | col. 13:18-29 |
| accept any respective delivery content... and address the respective delivery content back to the respective given requesting device... | Zscaler's systems necessarily receive and deliver content to end-users as a core function of providing secure network access. | ¶38 | col. 13:30-36 |
Identified Points of Contention
- Technical Evidence (’482 Patent): A primary question will be evidentiary. Claim 1 requires deep packet inspection to be performed on a "cloned copy of traffic." The complaint offers no facts to support this specific technical implementation. The case may turn on whether Plaintiff can show that Zscaler's architecture duplicates traffic for inspection, as opposed to performing in-line inspection on the live traffic stream.
- Scope and Functionality (’329 Patent): The infringement analysis for the ’329 Patent may raise questions of claim scope. Does Zscaler's general secure routing of user internet traffic meet the specific claim requirement of receiving an "indication of a desired target region"? The interpretation of this phrase will be critical in determining whether simply requesting content from a server in a known geographic location satisfies this element, or if the claim requires a more explicit user- or policy-defined selection of a region for retrieval.
V. Key Claim Terms for Construction
U.S. Patent No. 10,574,482
- The Term: "cloned copy of traffic" (Claim 1)
- Context and Importance: This term is technically precise and central to the infringement analysis. Its construction will determine whether the claim reads on systems that perform DPI on the live data stream (in-line) versus systems that duplicate the stream for out-of-band analysis. Practitioners may focus on this term because it creates a potentially significant technical distinction from common firewall architectures.
- Intrinsic Evidence for Interpretation:
- Evidence for a Broader Interpretation: The specification describes this feature as an option, stating that traffic "can be a diversion of traffic or as cloned traffic in a duplicate stream" (’482 Patent, col. 13:20-23). This language may support an argument that "cloned copy" does not require a specific method of duplication.
- Evidence for a Narrower Interpretation: Figure 11 and its description detail a specific architecture where traffic is passed via "path TUN 11-2 to cloud load balancer 11-142LB," which is separate from the main traffic path through firewall 11-144LB (’482 Patent, col. 13:20-27). This embodiment could be used to argue for a narrower construction requiring a physically or logically separate path for the copied traffic.
U.S. Patent No. 12,335,329
- The Term: "indication of a desired target region" (Claim 1)
- Context and Importance: The definition of this term is critical to determining whether Zscaler's products perform the claimed method. The dispute may center on whether a standard user request for content (e.g., accessing a website hosted in another country) constitutes an "indication," or if the term requires a specific user interface or configuration option for selecting a geographic region for content retrieval.
- Intrinsic Evidence for Interpretation:
- Evidence for a Broader Interpretation: The patent's summary describes forwarding a request to a "destination access point server located in proximity to the one or more content servers" (’329 Patent, col. 2:40-44). This could support an argument that the "indication" is implicit in the location of the requested content, not an explicit user action.
- Evidence for a Narrower Interpretation: The claim language uses "desired target region," which suggests user intent. This could support a narrower reading requiring a mechanism for the user to specify a region, distinct from merely specifying the content's ultimate location. The specification’s goal of allowing users to get content "from a different geographic location" they "might desire" reinforces this user-centric view (’329 Patent, col. 2:4-6).
VI. Other Allegations
The complaint does not contain explicit counts or allegations of indirect infringement or willful infringement.
VII. Analyst’s Conclusion: Key Questions for the Case
This litigation will likely center on the following key questions for the court:
- A key evidentiary question will be one of technical implementation: Can Plaintiff produce discovery evidence showing that Zscaler’s security architecture performs deep packet inspection on a "cloned copy of traffic," as specifically required by Claim 1 of the ’482 patent, or does its system operate in a fundamentally different manner?
- A core issue will be one of definitional scope: Does Zscaler's general-purpose secure network routing, which directs user traffic to its destination, fall within the scope of the ’329 patent's claim of a device that receives an "indication of a desired target region" for content retrieval, or does the claim require a more specific, user-directed function not present in the accused systems?
- A central procedural question will be one of pleading sufficiency: Given the complaint’s broad allegations against Zscaler's entire product line without detailed, public-facing technical mappings for infringement, the initial phases of the case may focus on whether the allegations are specific enough to proceed to full discovery on all four asserted patents.