DCT

4:25-cv-01409

Securonix Inc v. Speech Transcription LLC

Key Events

Complaint

I. Executive Summary and Procedural Information

Parties & Counsel:
- Plaintiff: Securonix, Inc. (Delaware)
- Defendant: Speech Transcription, LLC (Wyoming)
- Plaintiff’s Counsel: Perkins Coie LLP
Case Identification: 3:25-cv-07099, N.D. Cal., 08/21/2025
Venue Allegations: Plaintiff Securonix asserts venue is proper in the Northern District of California because Defendant Speech Transcription is subject to personal jurisdiction there, having previously filed four patent infringement lawsuits in the district asserting the same patent-in-suit.
Core Dispute: Plaintiff Securonix seeks a declaratory judgment that its cybersecurity products and services do not infringe Defendant Speech Transcription’s U.S. Patent No. 8,938,799, which relates to security apparatus for endpoint computing systems.
Technical Context: The dispute involves endpoint cybersecurity, a field focused on securing end-user devices like desktops, laptops, and servers from threats by managing various defense functions such as firewalls and antivirus software.
Key Procedural History: This declaratory judgment action follows a prior lawsuit filed by Speech Transcription against Securonix in the Northern District of Texas on May 8, 2025. That case was transferred to the Eastern District of Texas, but Speech Transcription allegedly failed to serve the complaint on Securonix by the court-ordered deadline. The complaint also notes that Speech Transcription has filed lawsuits asserting the same patent against 17 other defendants since May 2023, with 14 of those cases having been dismissed.

Case Timeline

Date	Event
2004-09-14	’799 Patent Priority Date
2015-01-20	’799 Patent Issue Date
2023-05-16	Speech Transcription begins litigation campaign with '799 patent
2025-05-08	Speech Transcription files lawsuit against Securonix in N.D. Tex.
2025-05-27	N.D. Tex. case transferred to E.D. Tex.
2025-08-06	Deadline for Speech Transcription to serve complaint in Texas action passes
2025-08-21	Securonix files Complaint for Declaratory Judgment in N.D. Cal.

II. Technology and Patent(s)-in-Suit Analysis

U.S. Patent No. 8,938,799 - "Security Protection Apparatus and Method for Endpoint Computing Systems"

Issued: January 20, 2015

The Invention Explained

Problem Addressed: The patent addresses the operational complexity, performance degradation, and security vulnerabilities that arise when multiple, distinct security software programs (e.g., firewall, antivirus, VPN) from different vendors are installed and run on a single endpoint computer's host operating system (’799 Patent, col. 4:46-68). This conventional approach can lead to software conflicts, registry corruption, and high management costs (’799 Patent, col. 4:20-26).
The Patented Solution: The invention proposes a dedicated hardware and software "security subsystem," referred to as a "Security Utility Blade" (SUB), that is physically or logically situated between the network and the endpoint's host computer (’799 Patent, col. 5:21-29; Fig. 1B). This SUB runs its own security-hardened operating system, separate from the host's, and functions as an "open platform" where security software modules from various vendors can be downloaded and executed in an isolated environment (’799 Patent, col. 5:51-56, col. 8:6-9). This architecture is intended to offload security processing from the host, prevent software conflicts, and provide a centralized, secure management point for endpoint security (’799 Patent, col. 5:29-34). Figure 2A illustrates this positioning, showing the SUB (101) intercepting traffic between the network (201) and the endpoint host (203).
Technical Importance: The approach described seeks to decouple security functions from the primary operating system of an endpoint, aiming to create a more stable, secure, and manageable computing environment by isolating potentially conflicting security applications in a dedicated hardware-enforced sandbox.

Key Claims at a Glance

The complaint references language from what appears to be independent claim 14, noting it has been asserted in the majority of Defendant's other lawsuits (Compl. ¶26, ¶31).
Independent Claim 14:
- A security subsystem configurable between a network and a host of an endpoint,
- the security subsystem comprising computing resources for providing:
- an open platform for receiving and executing security function software modules from multiple vendors
- for providing defense functions for protection of the host.
The complaint seeks a declaration of non-infringement of "any claims" of the ’799 patent (Compl. ¶31).

III. The Accused Instrumentality

Product Identification

Securonix's cybersecurity products and services, including its "cloud-native, AI-driven platform" (Compl. ¶7, ¶21).

Functionality and Market Context

The complaint describes the accused instrumentalities as "advanced threat detection and response solutions" that provide capabilities such as security information and event management (SIEM), user and entity behavior analytics (UEBA), and security orchestration, automation and response (SOAR) (Compl. ¶7). These solutions are designed to help organizations identify and respond to insider and external threats in real time using behavior-based analytics and machine learning (Compl. ¶7).
The complaint alleges these solutions are recognized as industry-leading, but does not provide specific technical details about their architecture or operation beyond the high-level functional descriptions (Compl. ¶8).

IV. Analysis of Infringement Allegations

As this is a complaint for declaratory judgment of non-infringement, the plaintiff (Securonix) alleges that its products do not meet the patent's claim limitations. The complaint does not provide a detailed technical basis for its non-infringement contentions beyond conclusory statements.

No probative visual evidence provided in complaint.

'799 Patent Infringement Allegations

Claim Element (from Independent Claim 14)	Alleged Non-Infringing Functionality	Complaint Citation	Patent Citation
A security subsystem configurable between a network and a host of an endpoint	Securonix alleges its product or service does not meet or embody this limitation. The complaint does not specify why, but its description of its products as "cloud-native" suggests an architectural difference from the patent's endpoint-centric subsystem.	¶31	col. 26:47-49
the security subsystem comprising computing resources	Securonix alleges its product or service does not meet or embody this limitation.	¶31	col. 26:50-51
an open platform for receiving and executing security function software modules from multiple vendors	Securonix alleges its product or service does not meet or embody this limitation.	¶31	col. 26:52-54
for providing defense functions for protection of the host	Securonix alleges its product or service does not meet or embody this limitation.	¶31	col. 26:55-56

Identified Points of Contention:
- Architectural Questions: A primary point of contention will likely be whether Securonix’s "cloud-native" platform (Compl. ¶7) can be considered a "security subsystem configurable between a network and a host of an endpoint" as required by the claim. The patent's specification heavily emphasizes a hardware-based "Security Utility Blade" (SUB) physically or logically installed at the endpoint (’799 Patent, col. 8:7-12; Fig. 2A-2D). The analysis may turn on whether the claim language can be construed to cover a distributed, cloud-based service architecture that is not a discrete subsystem at the endpoint itself.
- Technical Questions: The dispute will raise the question of whether Securonix's platform, which integrates various security capabilities, functions as an "open platform for receiving and executing security function software modules from multiple vendors" in the manner described by the patent. The court may need to determine what constitutes an "open platform" and whether the security tools integrated into Securonix's services are equivalent to the downloadable "software modules" envisioned by the inventor (’799 Patent, col. 8:45-49).

V. Key Claim Terms for Construction

The Term: "a security subsystem configurable between a network and a host of an endpoint"
- Context and Importance: This term is central to defining the physical or logical location and architecture of the claimed invention. Securonix's non-infringement defense, based on its "cloud-native" platform, suggests this term will be a focal point. Practitioners may focus on whether "between a network and a host" requires an in-line apparatus at the endpoint, or if it can be read more broadly to include cloud services that logically interpose themselves.
- Intrinsic Evidence for Interpretation:
  - Evidence for a Narrower Interpretation: The specification repeatedly describes the invention as a "Security Utility Blade (SUB)," which is a "hardware and software 'security subsystem'" that "reside[s] in a managed endpoint" (’799 Patent, col. 5:21-26). Figures 2A, 2B, 2C, and 2D all depict a discrete hardware module installed in or attached to an endpoint's motherboard, positioned to intercept traffic. This may support an interpretation that requires a localized hardware or firmware component.
  - Evidence for a Broader Interpretation: The claim uses the more general term "security subsystem" rather than the specification's "Security Utility Blade." Parties seeking a broader reading may argue that "configurable between" does not strictly require physical in-line placement and could describe a logical relationship, such as traffic being routed through a cloud-based proxy or agent-based system that communicates with a cloud service.
The Term: "an open platform for receiving and executing security function software modules from multiple vendors"
- Context and Importance: This term defines the core functionality of the subsystem. The outcome of the case may depend on whether Securonix's SIEM and SOAR platform, which integrates various security technologies, meets this definition.
- Intrinsic Evidence for Interpretation:
  - Evidence for a Narrower Interpretation: The patent describes a "Repository and Execution Unit" where "software modules may be downloaded from defense function vendors' security management systems" and stored in a database before being downloaded into the SUB for execution (’799 Patent, col. 8:46-53). This suggests a specific mechanism for downloading and running distinct, vendor-provided software packages, which might be narrower than simply integrating data feeds or APIs from multiple security tools.
  - Evidence for a Broader Interpretation: The term "open platform" itself may suggest flexibility. Parties could argue that any system that allows for the integration and operation of security logic or tools from different sources qualifies. The specification's goal of solving the "heterogeneous environment" created by multiple vendors could be used to argue that the "platform" concept should be read broadly to cover modern integration methods beyond the specific download-and-execute model described (’799 Patent, col. 4:63-68).

VI. Other Allegations

The complaint is a declaratory judgment action for non-infringement and does not contain allegations of indirect or willful infringement.

VII. Analyst’s Conclusion: Key Questions for the Case

A core issue will be one of architectural scope: Can the claims of the '799 patent, which are described in the context of a localized, endpoint-resident "Security Utility Blade," be construed to cover a modern, distributed "cloud-native" cybersecurity platform? This question pits the patent's hardware-centric embodiments against the accused software-as-a-service architecture.
A second key issue will be definitional interpretation: How broadly will the court define the term "open platform for receiving and executing security function software modules"? The case will likely turn on whether this phrase is limited to a system that downloads and runs discrete software packages, as detailed in the specification, or if it can encompass a platform that integrates data and functionality from multiple security vendors through APIs or other modern means.