Veribase LLC v. Coolpad Group Ltd

I. Executive Summary and Procedural Information

• Parties & Counsel:
  • Plaintiff: VeriBase LLC (New Mexico)
  • Defendant: Coolpad Group Limited (China)
  • Plaintiff’s Counsel: Rabicoff Law LLC
• Case Identification: 2:25-cv-01234, E.D. Tex., 12/18/2025
• Venue Allegations: Venue is asserted on the basis that Defendant is a foreign corporation, which may be sued in any judicial district.
• Core Dispute: Plaintiff alleges that Defendant infringes a patent related to methods for securing a computer system by selectively controlling an application's ability to write data to a storage medium.
• Technical Context: The technology addresses computer security by proactively intercepting and evaluating write-to-disk requests against a set of rules, a method commonly used to prevent infections by malware or unauthorized software.
• Key Procedural History: The complaint does not mention any prior litigation, licensing history, or administrative proceedings related to the patent-in-suit.

Case Timeline

II. Technology and Patent(s)-in-Suit Analysis

U.S. Patent No. 9,600,661 - System and method to secure a computer system by selective control of write access to a data storage medium

• Patent Identification: U.S. Patent No. 9,600,661, “System and method to secure a computer system by selective control of write access to a data storage medium,” issued March 21, 2017.

The Invention Explained

• Problem Addressed: The patent describes the proliferation of computer viruses distributed via the internet and email, noting that conventional anti-virus programs are often reactive, dealing with infections only after they have occurred, and may fail to identify novel viruses quickly enough (’661 Patent, col. 1:12-24).
• The Patented Solution: The invention proposes a proactive security method where a background "interceptor" program monitors all attempts by other applications to write data to a storage medium, such as a hard drive (’661 Patent, col. 2:30-33). When a write attempt is detected, the interceptor checks a "rules database" to determine if the specific application has permission (’661 Patent, col. 2:33-35). Based on the rules, the write access is either allowed or blocked. If no rule exists, the system can prompt the user for a decision (’661 Patent, Abstract; Fig. 1).
• Technical Importance: This approach provides a defense mechanism against unknown or "zero-day" threats that signature-based antivirus software might miss by focusing on behavior (the act of writing to storage) rather than on recognizing a known malicious file signature (’661 Patent, col. 1:21-24).

Key Claims at a Glance

The complaint does not specify which claims are asserted, referring generally to the "Exemplary '661 Patent Claims" detailed in an unprovided exhibit (Compl. ¶11; Compl. ¶16). Independent claim 1 is representative of the core method:

• running a first process that operates in conjunction with an operating system that manages access to a data storage device, said process operating in kernel mode monitoring data storage device accesses;
• detecting by use of the process an attempt by an application distinct from the first process to write data to said data storage device;
• in response to such detection, interrogating a rules database wherein said rules database is comprised of a plurality of references to a corresponding plurality of applications, each reference further comprised of at least one access level associated with the corresponding application; and
• controlling write access to the data storage device by the application attempting the write in dependence on a result of said interrogation.

III. The Accused Instrumentality

Product Identification

The complaint refers to "Exemplary Defendant Products" but does not name any specific products, instead incorporating them by reference from an unprovided exhibit (Compl. ¶11).

Functionality and Market Context

The complaint does not provide sufficient detail for analysis of the functionality or market context of the accused products. It alleges only in a conclusory manner that these products "practice the technology claimed by the '661 Patent" (Compl. ¶16).

IV. Analysis of Infringement Allegations

The complaint alleges that Defendant’s products infringe the ’661 Patent but incorporates the substantive infringement allegations by reference to "charts" in Exhibit 2, which was not provided with the filed complaint (Compl. ¶16, 17). The narrative alleges that the "Exemplary Defendant Products incorporated in these charts satisfy all elements of the Exemplary '661 Patent Claims" (Compl. ¶16). Without the referenced charts, a detailed analysis of the infringement theory is not possible.

No probative visual evidence provided in complaint.

Identified Points of Contention

Based on the language of the patent and the general nature of the dispute, the infringement analysis may raise several key questions:

• Scope Questions: Will the accused products' security architecture be found to operate in "kernel mode" as required by claim 1, or does it utilize a different, user-space level of system monitoring? The patent suggests a "kernel mode driver" has a "higher level of access," which may frame a narrow technical scope for this term (’661 Patent, col. 4:40-42).
• Technical Questions: Does the accused functionality rely on a "rules database" that pairs application identities with specific access levels, as described in the patent? A central question may be whether the defendant’s implementation of application permissions or controls meets the structural and functional requirements of the claimed "rules database."

V. Key Claim Terms for Construction

• The Term: "kernel mode"

  • Context and Importance: This term appears in independent claim 1 and defines the operational level of the monitoring process. Its construction is critical because modern operating systems have various security layers, and infringement will depend on whether the accused products operate at this specific, privileged level of the operating system. Practitioners may focus on this term to distinguish the claimed invention from more common, application-level security sandboxing or user-space monitoring techniques.
  • Intrinsic Evidence for Interpretation:
    • Evidence for a Broader Interpretation: The specification does not provide an explicit definition, which may support an argument for giving the term its plain and ordinary meaning to one of skill in the art at the time of the invention.
    • Evidence for a Narrower Interpretation: The specification describes the interceptor module as "a kernel mode driver which has a higher level of access to the Windows file system and system resources," tying the term to a specific implementation within a particular operating system family (’661 Patent, col. 4:40-42). This language could be used to argue for a narrower construction limited to such driver-level implementations.

• The Term: "rules database"

  • Context and Importance: The "rules database" is the core component that the interceptor process consults to make an access control decision. The definition of this term will determine what kind of data structure qualifies. A dispute may arise over whether a simple configuration file, a system registry entry, or a more complex, structured database in the accused product meets this limitation.
  • Intrinsic Evidence for Interpretation:
    • Evidence for a Broader Interpretation: The patent states that a "rule" is "one or more permission values associated with an application," suggesting a functional definition that could encompass a variety of data structures that achieve this pairing (’661 Patent, col. 2:39-41).
    • Evidence for a Narrower Interpretation: The specification describes the database as listing "applications approved by the user with their level of write access" and containing "references between applications and file types or file extensions that such application may write," implying a structured collection of pre-defined permissions that might not read on more dynamic or policy-based access control systems (’661 Patent, col. 2:34-35; col. 2:65-67).

VI. Other Allegations

• Indirect Infringement: The complaint alleges inducement of infringement, asserting that Defendant distributes "product literature and website materials" that instruct end users to use the accused products in a manner that infringes the ’661 Patent (Compl. ¶14).
• Willful Infringement: The complaint bases its allegations of knowledge and willfulness on the notice provided by the service of the complaint itself, suggesting a claim for post-filing willful infringement (Compl. ¶13, 15).

VII. Analyst’s Conclusion: Key Questions for the Case

1. A primary issue will be one of evidentiary sufficiency: As the complaint omits the claim charts and fails to identify the accused products or their specific functionalities, a central question will be whether the plaintiff can produce evidence demonstrating that any of the defendant's products actually practice the claimed method of kernel-mode monitoring and rule-based write interception.
2. The case will likely turn on a question of technical claim scope: Can the term "kernel mode," as used in the patent, be construed to cover the specific software architecture of the accused products? The outcome may depend on whether the court adopts a narrow definition tied to a specific type of operating system driver or a broader functional meaning.
3. A further question will be one of definitional structure: Does the accused products' method for managing application permissions qualify as a "rules database" under the patent's description, or does it represent a technologically distinct approach to access control that falls outside the scope of the claims?