2:25-cv-00844
Veribase LLC v. Blackberry Ltd
I. Executive Summary and Procedural Information
- Parties & Counsel:
- Plaintiff: VeriBase LLC (New Mexico)
- Defendant: BlackBerry Limited (Canada)
- Plaintiff’s Counsel: Rabicoff Law LLC
- Case Identification: 2:25-cv-00844, E.D. Tex., 08/22/2025
- Venue Allegations: Plaintiff alleges venue is proper in the Eastern District of Texas because Defendant is a foreign corporation.
- Core Dispute: Plaintiff alleges that Defendant infringes a patent related to securing a computer system by selectively controlling an application's ability to write data to a storage medium.
- Technical Context: The technology at issue falls within the domain of endpoint computer security, specifically behavior-based access control designed to prevent malware or unauthorized programs from modifying a computer's storage.
- Key Procedural History: The complaint does not mention any prior litigation, Inter Partes Review (IPR) proceedings, or licensing history related to the patent-in-suit.
Case Timeline
| Date | Event |
|---|---|
| 2005-12-01 | Priority Date for U.S. Patent No. 9,600,661 |
| 2017-03-21 | U.S. Patent No. 9,600,661 Issued |
| 2025-08-22 | Complaint Filed |
II. Technology and Patent(s)-in-Suit Analysis
U.S. Patent No. 9,600,661 - System and method to secure a computer system by selective control of write access to a data storage medium
- Patent Identification: U.S. Patent No. 9,600,661, “System and method to secure a computer system by selective control of write access to a data storage medium,” issued March 21, 2017.
The Invention Explained
- Problem Addressed: The patent’s background section describes the proliferation of computer viruses and notes that traditional anti-virus programs are often reactive, identifying and removing viruses only after a system has already been infected (ʼ661 Patent, col. 1:11-24).
- The Patented Solution: The invention proposes a proactive security method where a constantly running “interceptor” program monitors all attempts by other applications to write data to a storage medium like a hard drive. When a write attempt is detected, the interceptor consults a “rules database” to determine if the application has the required permission. If a rule for that specific application does not exist, the system can prompt the user to allow or block the action, and that decision can then be stored as a new rule (ʼ661 Patent, Abstract; col. 2:25-48; Fig. 1).
- Technical Importance: This approach represents a method of behavior-based or rule-based access control, which serves as a defense against unknown or "zero-day" threats that signature-based antivirus systems might not recognize (ʼ661 Patent, col. 1:21-24).
Key Claims at a Glance
- The complaint asserts infringement of "one or more claims" of the ’661 Patent, referring to "Exemplary '661 Patent Claims" identified in an external exhibit not attached to the complaint (Compl. ¶11). Claim 1 is the first independent method claim.
- Essential elements of Independent Claim 1 include:
- Running a first process in "kernel mode" that monitors data storage device accesses.
- Detecting an attempt by a distinct application to write data to the storage device.
- Interrogating a "rules database" that contains references to applications and their associated access levels.
- Controlling the application's write access based on the result of the database interrogation.
- The complaint does not explicitly reserve the right to assert dependent claims, but refers generally to "one or more claims" (Compl. ¶11).
III. The Accused Instrumentality
Product Identification
The complaint does not name any specific accused products, methods, or services. It refers to "Exemplary Defendant Products" that are purportedly identified in "charts incorporated into this Count" via an external document, Exhibit 2, which was not filed with the complaint (Compl. ¶11, ¶16).
Functionality and Market Context
The complaint does not provide sufficient detail for analysis of the functionality or market context of the accused instrumentality.
IV. Analysis of Infringement Allegations
The complaint alleges that infringement is detailed in claim charts provided as Exhibit 2, but this exhibit was not included with the public filing (Compl. ¶16-17). In lieu of a claim chart summary, the complaint’s narrative theory alleges that Defendant’s unidentified "Exemplary Defendant Products" practice the technology of the ’661 Patent and satisfy all elements of the asserted claims (Compl. ¶16). The complaint provides no specific facts describing how the accused products operate or align with the claim elements. No probative visual evidence provided in complaint.
Identified Points of Contention
Given the limited detail, the initial and most significant point of contention will be evidentiary.
- Evidentiary Questions: What are the specific BlackBerry products accused of infringement? What technical evidence does Plaintiff possess to demonstrate that these products perform each step of the asserted claims, such as operating in "kernel mode" and utilizing a "rules database" to control write access?
- Scope Questions: Assuming an accused product is identified, a likely dispute will concern whether its security architecture meets the specific limitations of the claims. For example, does the accused product’s method of monitoring file system activity constitute operation in "kernel mode" as that term is understood in the context of the patent?
V. Key Claim Terms for Construction
The Term: "kernel mode" (from Claim 1)
Context and Importance: This term defines the operational privilege level of the monitoring process. Its construction will be critical because "kernel mode" implies a high degree of control over the operating system's core functions. The infringement analysis will depend on whether the accused products operate at this specific, privileged level.
Intrinsic Evidence for Interpretation:
- Evidence for a Narrower Interpretation: The specification explicitly describes the interceptor module as "a kernel mode driver which has a higher level of access to the Windows file system and system resources" (ʼ661 Patent, col. 4:40-42). This language may be used to argue that the term is limited to a formal kernel-level device driver, not just any process with elevated permissions.
- Evidence for a Broader Interpretation: A party might argue that "kernel mode" should be construed more broadly to encompass any process that operates with sufficient system privileges to monitor and intercept file write requests across the entire system, consistent with the patent's overall objective of providing system-wide security.
The Term: "rules database" (from Claim 1)
Context and Importance: The structure and content of the "rules database" are central to the claimed invention. The dispute will likely focus on whether the accused product's mechanism for storing application permissions qualifies as the claimed "rules database."
Intrinsic Evidence for Interpretation:
- Evidence for a Broader Interpretation: The specification states that a "rule database is a set of entries or references in a data structure where the identity of an application is paired with one or more permission values" (ʼ661 Patent, col. 2:35-39). This suggests the term could cover a wide variety of data structures that map applications to permissions.
- Evidence for a Narrower Interpretation: The patent describes specific "levels" of write access (e.g., Level 0 for no access, Level 1 for full access) that are stored in the database (ʼ661 Patent, col. 2:55-68). This could support an argument that the term requires a database that stores these or functionally similar granular permission levels, not just a simple allow/deny list.
VI. Other Allegations
Indirect Infringement
The complaint alleges inducement, stating that Defendant distributes "product literature and website materials inducing end users and others to use its products in the customary and intended manner that infringes the ’661 Patent" (Compl. ¶14). The complaint notes these materials are referenced in the unattached Exhibit 2 (Compl. ¶14).
Willful Infringement
The allegation of willfulness appears to be based entirely on post-suit knowledge. The complaint asserts that "service of this Complaint, in conjunction with the attached claim charts... constitutes actual knowledge of infringement" and that Defendant continues to infringe "Despite such actual knowledge" (Compl. ¶13-14).
VII. Analyst’s Conclusion: Key Questions for the Case
- A threshold issue will be one of evidentiary sufficiency: The complaint’s failure to identify accused products or provide infringement contentions, instead deferring entirely to an unattached exhibit, creates a fundamental question of whether the pleading provides sufficient notice. The first phase of litigation will likely focus on compelling Plaintiff to identify the specific accused instrumentalities and articulate a detailed infringement theory.
- A central technical question will be one of operational equivalence: Assuming an accused product is identified, the case will likely turn on whether its security architecture meets the specific technical requirements of the claims. In particular, does the accused product employ a process operating in "kernel mode" to consult a "rules database" for controlling write access, or does it achieve a similar security outcome through a fundamentally different technical implementation?