DCT
2:25-cv-00845
Veribase LLC v. Fortinet Inc
I. Executive Summary and Procedural Information
- Parties & Counsel:
- Plaintiff: VeriBase LLC (New Mexico)
- Defendant: Fortinet, Inc. (Delaware)
- Plaintiff’s Counsel: Rabicoff Law LLC
- Case Identification: 2:25-cv-00845, E.D. Tex., 08/22/2025
- Venue Allegations: Plaintiff alleges venue is proper because Defendant has an established place of business in the district and has committed alleged acts of infringement there.
- Core Dispute: Plaintiff alleges that Defendant’s unspecified computer security products infringe a patent related to a system for selectively controlling an application's ability to write data to a storage medium based on a set of rules.
- Technical Context: The technology addresses proactive computer security by intercepting and evaluating an application's attempts to write data to storage, aiming to prevent malware execution before a system is infected.
- Key Procedural History: The complaint does not mention any prior litigation, Inter Partes Review (IPR) proceedings, or licensing history related to the patent-in-suit.
Case Timeline
| Date | Event |
|---|---|
| 2005-12-01 | ’661 Patent Priority Date |
| 2017-03-21 | ’661 Patent Issue Date |
| 2025-08-22 | Complaint Filing Date |
II. Technology and Patent(s)-in-Suit Analysis
U.S. Patent No. 9,600,661 - "System and method to secure a computer system by selective control of write access to a data storage medium," issued March 21, 2017
The Invention Explained
- Problem Addressed: The patent's background section describes the problem of computer viruses proliferating via the internet and email, noting that conventional anti-virus programs are often reactive, addressing an infection only after it has occurred, and may be too slow to identify newly released virus variants (ʼ661 Patent, col. 1:18-24).
- The Patented Solution: The invention proposes a method to proactively prevent infection by monitoring applications attempting to write data to a storage medium like a hard drive. A background "interceptor" process detects the write attempt, interrogates a "rules database" to determine if the specific application has permission, and then either allows or blocks the write operation based on the database's rules (’661 Patent, col. 1:29-37; Fig. 1). If no rule exists for the application, the system can prompt the user for a decision (’661 Patent, Abstract).
- Technical Importance: This rule-based, preventative approach was designed to offer protection against novel or "zero-day" threats for which traditional, signature-based antivirus definitions have not yet been developed (’661 Patent, col. 1:21-24).
Key Claims at a Glance
- The complaint asserts infringement of one or more claims, including what it terms the "Exemplary '661 Patent Claims" (Compl. ¶11). The first independent claim, Claim 1, includes the following essential elements:
- Running a first process in "kernel mode" that monitors data storage device accesses.
- Detecting an attempt by a distinct application to write data to the storage device.
- Interrogating a "rules database" that contains references to applications and associated access levels.
- Controlling the application's write access based on the access level found in the database.
- The complaint states Plaintiff's allegations are not limited to the exemplary claims identified in its incorporated charts (Compl. ¶11, ¶16).
III. The Accused Instrumentality
Product Identification
- The complaint does not name specific accused products. It refers generally to "Defendant products identified in the charts incorporated into this Count" as the "Exemplary Defendant Products" (Compl. ¶11).
Functionality and Market Context
- The complaint does not provide sufficient detail for analysis of the accused products' functionality. It makes the conclusory allegation that the products "practice the technology claimed by the '661 Patent" and "satisfy all elements of the Exemplary '661 Patent Claims" (Compl. ¶16). No probative visual evidence provided in complaint.
IV. Analysis of Infringement Allegations
The complaint incorporates by reference its infringement allegations from claim charts in an "Exhibit 2," which was not filed with the complaint itself (Compl. ¶17). The complaint's narrative allegations state only that Defendant's products infringe directly and that they "satisfy all elements" of the asserted claims (Compl. ¶11, ¶16). Without the claim charts, a detailed analysis of the infringement theory is not possible.
- Identified Points of Contention: Based on the patent's claims and the general nature of the technology, the infringement analysis will likely raise several key questions once evidence is presented:
- Scope Questions: Do the accused products utilize a security process that operates in "kernel mode" as required by Claim 1, and what is the proper technical and legal scope of that term? Does the accused system's method for storing and applying security policies constitute a "rules database" as described in the patent?
- Technical Questions: What evidence does the complaint provide that the accused products' security architecture includes an "interceptor" process that is distinct from the applications it monitors? How do the accused products technically implement the claimed "controlling [of] write access" based on an "access level"?
V. Key Claim Terms for Construction
The Term: "operating in kernel mode" (from Claim 1)
- Context and Importance: This term defines a specific, privileged operational level within a computer's operating system. Infringement of claims containing this limitation may depend on whether the accused products' monitoring process functions at this architectural level. Practitioners may focus on this term because security software can be implemented in different ways (e.g., kernel-level drivers, user-level agents), and the distinction is technically significant.
- Intrinsic Evidence for Interpretation:
- Evidence for a Broader Interpretation: The claims themselves do not further define the term, which a party might argue suggests it should be given its plain and ordinary meaning in the context of computer operating systems.
- Evidence for a Narrower Interpretation: The specification describes the preferred embodiment as a "kernel mode driver which has a higher level of access to the Windows file system and system resources," which could be used to argue the term requires a specific type of implementation with privileged file system access (’661 Patent, col. 4:40-43).
The Term: "rules database" (from Claim 1)
- Context and Importance: This term is central to the patented invention's logic. The dispute will likely involve comparing the structure and content of the accused product's security policy repository to the patent's description of a "rules database".
- Intrinsic Evidence for Interpretation:
- Evidence for a Broader Interpretation: The specification describes a rule as a pairing of an application's identity with "one or more permission values," a structure that could be argued to cover a wide variety of modern security policy formats (’661 Patent, col. 2:35-39).
- Evidence for a Narrower Interpretation: The detailed description provides specific examples of a tiered permission structure, such as "Level 0" (no write access), "Level 1" (full write access), and "Level 2" (write access for specified file extensions) (’661 Patent, col. 2:54-68). A party may argue that the term should be construed to require this type of discrete, leveled permission framework.
VI. Other Allegations
- Indirect Infringement: The complaint alleges induced infringement, asserting that Defendant distributes "product literature and website materials inducing end users and others to use its products in the customary and intended manner that infringes the '661 Patent" (Compl. ¶14).
- Willful Infringement: While the complaint does not use the word "willful," it pleads facts to support post-suit willfulness. It alleges that the service of the complaint provides Defendant with "actual knowledge of infringement" and that Defendant continues its allegedly infringing activities despite this knowledge (Compl. ¶13, ¶14).
VII. Analyst’s Conclusion: Key Questions for the Case
- A core issue will be one of evidentiary sufficiency: as the complaint lacks specific factual allegations regarding the accused products' operation, a primary question for discovery will be what specific components and functions within Fortinet's security architecture can be mapped to the patent's requirements for a "kernel mode" process, a "rules database", and defined "access levels".
- A key legal question will be one of definitional scope: can the term "rules database", which the patent illustrates with a specific, tiered permission structure (e.g., "Level 0," "Level 1"), be construed broadly enough to read on the potentially more complex and dynamic security policy engines used in modern cybersecurity products?