DCT

2:25-cv-00844

Veribase LLC v. BlackBerry Ltd

Log In
Key Events
Amended Complaint

I. Executive Summary and Procedural Information

  • Parties & Counsel:
  • Case Identification: 2:25-cv-00844, E.D. Tex., 01/12/2026
  • Venue Allegations: Plaintiff alleges venue is proper because the Defendant is a foreign corporation that has committed acts of patent infringement within the district, causing harm to the Plaintiff.
  • Core Dispute: Plaintiff alleges that Defendant’s products infringe a patent related to a method for securing a computer system by monitoring application behavior and selectively controlling write access to data storage based on a set of rules.
  • Technical Context: The technology at issue falls within the domain of proactive cybersecurity, focusing on preventing malware or unauthorized system changes by controlling an application's fundamental ability to write data to a disk.
  • Key Procedural History: The currently operative complaint is a First Amended Complaint. Plaintiff alleges that Defendant has had actual knowledge of the alleged infringement since the service of the original complaint on August 22, 2025.

Case Timeline

Date Event
2005-12-01 ’661 Patent Priority Date
2017-03-21 ’661 Patent Issue Date
2025-08-22 Original Complaint Filing Date
2026-01-12 First Amended Complaint Filing Date

II. Technology and Patent(s)-in-Suit Analysis

  • Patent Identification: U.S. Patent No. 9,600,661, "System and method to secure a computer system by selective control of write access to a data storage medium," issued March 21, 2017.

The Invention Explained

  • Problem Addressed: The patent’s background section describes the proliferation of computer viruses and notes that conventional anti-virus programs are often reactive, identifying and combating threats only after a system has already been infected (’661 Patent, col. 1:11-23).
  • The Patented Solution: The invention proposes a proactive security method where a background process, termed an "interceptor," monitors all attempts by applications to write data to a storage medium like a hard drive. When a write attempt is detected, the interceptor interrogates a "rules database" to determine if the specific application has permission. Based on the rules, the write is either allowed or blocked. If no rule exists for the application, the system can prompt the user to make a decision and create a new rule. (’661 Patent, Abstract; col. 2:26-39; Fig. 1).
  • Technical Importance: This approach represents a shift from signature-based threat detection to behavior-based access control, aiming to prevent unauthorized system modifications at their source rather than cleaning up after an infection has occurred (’661 Patent, col. 1:23-26).

Key Claims at a Glance

  • The complaint alleges infringement of "one or more claims" but does not specify them in the body of the complaint, instead referring to an external exhibit (Compl. ¶11). Independent claim 1 is representative of the asserted method.
  • Essential elements of Independent Claim 1 include:
    • Running a first process in kernel mode that monitors data storage device accesses.
    • Detecting an attempt by a distinct application to write data to the device.
    • Interrogating a rules database that contains references to applications and their associated access levels.
    • Controlling the application's write access based on the access level found in the database.
  • The complaint suggests that Plaintiff may assert additional claims, including dependent claims (Compl. ¶11).

III. The Accused Instrumentality

Product Identification

  • The complaint identifies the accused instrumentalities as the "Exemplary Defendant Products" (Compl. ¶11).

Functionality and Market Context

  • The complaint does not provide any specific names or technical descriptions for the accused BlackBerry products. All details regarding the accused functionality are incorporated by reference from "charts" in an external "Exhibit 2," which was not included with the complaint document (Compl. ¶11, ¶16). Therefore, the complaint does not provide sufficient detail for analysis of the accused instrumentality's specific features, functions, or market positioning.

IV. Analysis of Infringement Allegations

The complaint incorporates by reference an infringement claim chart in Exhibit 2, which was not provided (Compl. ¶16-17). Therefore, a detailed claim chart summary cannot be constructed from the available documents. The narrative theory alleges that Defendant’s products practice the technology claimed by the ’661 Patent, thereby satisfying all claim elements (Compl. ¶16). No probative visual evidence provided in complaint.

  • Identified Points of Contention: Based on the patent’s claims and the general nature of the dispute, the infringement analysis may raise several key questions.
    • Scope Questions: A central question may be whether BlackBerry's security architecture, which could be part of a modern Unified Endpoint Management (UEM) platform, constitutes the specific "interceptor" and "rules database" structure claimed in the patent. For example, the court may need to determine if a security policy enforced by an operating system's core functions based on rules pushed from a central server is equivalent to the patent’s described method of a "distinct" kernel-mode process interrogating a rules database to control another application.
    • Technical Questions: A factual dispute may arise over how the accused products technically operate. For instance, what evidence demonstrates that a BlackBerry security process runs in "kernel mode" for the purpose of monitoring write access by other applications, as required by claim 1? The analysis may hinge on whether BlackBerry's security is achieved through the claimed interception method or through alternative means such as application sandboxing, virtualization, or different OS-level permission models.

V. Key Claim Terms for Construction

  • The Term: "interrogating a rules database"

    • Context and Importance: The definition of this term is critical for determining the scope of the claimed method. Practitioners may focus on this term because its construction will decide whether the claim is limited to a system with a local, self-contained database or if it can also read on systems where permissions are verified by querying a remote policy server, a common architecture in modern enterprise security.
    • Intrinsic Evidence for Interpretation:
      • Evidence for a Broader Interpretation: The specification mentions that a "rules database can be pre-created, or incrementally improved and distributed" and that "Rule updates can be downloaded into the computer," which may support an interpretation that the database is not strictly local (’661 Patent, col. 4:13-19).
      • Evidence for a Narrower Interpretation: The patent's primary embodiment, shown in Figure 1, depicts a self-contained system where the "Interceptor" (18) directly interrogates a local "Database" (20) within the same computer system, suggesting a tighter coupling than a remote network query (’661 Patent, col. 2:30-32; Fig. 1).

  • The Term: "application distinct from the first process"

    • Context and Importance: Infringement requires showing that the monitoring process is "distinct" from the application attempting the write access. The interpretation of "distinct" will be key to whether the claim applies to integrated security suites where monitoring and application functions might be part of the same overall software package.
    • Intrinsic Evidence for Interpretation:
      • Evidence for a Broader Interpretation: The term could be interpreted broadly to mean any two processes that are separately executable or operate in different memory spaces, regardless of whether they are provided by the same software vendor.
      • Evidence for a Narrower Interpretation: The patent’s background focuses on the threat from outside programs like viruses (’661 Patent, col. 1:11-23). This context, along with diagrams showing "application 12" and "interceptor program 18" as separate blocks, could support a narrower reading that requires a clear separation between the security tool and the application being monitored, potentially implying they are from different sources or serve fundamentally different purposes (’661 Patent, col. 2:26-34).

VI. Other Allegations

  • Indirect Infringement: The complaint alleges that Defendant induces infringement by distributing "product literature and website materials inducing end users and others to use its products in the customary and intended manner that infringes the ’661 Patent" (Compl. ¶14).
  • Willful Infringement: The complaint does not contain a formal count for willful infringement. However, it lays the factual groundwork for such a claim by alleging that Defendant gained "Actual Knowledge of Infringement" upon service of the original complaint on August 22, 2025, and continued its allegedly infringing activities thereafter (Compl. ¶13-14).

VII. Analyst’s Conclusion: Key Questions for the Case

  • A primary issue will be one of evidentiary sufficiency: As the complaint’s infringement allegations rely entirely on an unprovided external exhibit, a threshold question is whether the Plaintiff can produce specific, factual evidence to plausibly map the elements of the asserted claims onto the actual architecture and functionality of the accused BlackBerry products.
  • A key technical question will concern architectural equivalence: The case will likely turn on whether BlackBerry’s modern security solutions, developed long after the patent's 2005 priority date, implement the specific "kernel mode interceptor" and "rules database" architecture claimed, or if they achieve a similar security outcome through fundamentally different technical means not covered by the patent's scope.