Veribase LLC v. Hanvon Ugee HK Technology Co Ltd

I. Executive Summary and Procedural Information

• Parties & Counsel:
  • Plaintiff: VeriBase LLC (New Mexico)
  • Defendant: Hanvon Ugee (HK) Technology Co., Ltd. (China)
  • Plaintiff’s Counsel: Rabicoff Law LLC
• Case Identification: 2:25-cv-01235, E.D. Tex., 12/18/2025
• Venue Allegations: Venue is asserted based on the defendant being a foreign corporation.
• Core Dispute: Plaintiff alleges that Defendant's unspecified products infringe a patent related to securing a computer system by selectively controlling an application's ability to write data to a storage medium.
• Technical Context: The technology operates in the field of computer security, specifically proactive threat prevention by intercepting and mediating write-access requests from applications based on a set of predefined rules.
• Key Procedural History: The complaint does not reference any prior litigation, inter partes review proceedings, or licensing history related to the patent-in-suit.

Case Timeline

Date	Event
2005-12-01	’661 Patent Priority Date
2017-03-21	’661 Patent Issue Date
2025-12-18	Complaint Filing Date

II. Technology and Patent(s)-in-Suit Analysis

• Patent Identification: U.S. Patent No. 9,600,661, System and method to secure a computer system by selective control of write access to a data storage medium, issued March 21, 2017 (’661 Patent).
• The Invention Explained:
  • Problem Addressed: The patent describes the proliferation of computer viruses and notes that conventional anti-virus programs are often reactive, addressing a virus only after a system has been infected ( Compl. ¶9; ’661 Patent, col. 1:11-24).
  • The Patented Solution: The invention proposes a proactive security method where a background "interceptor" process monitors all attempts by applications to write data to a storage device like a hard drive. Upon detecting a write attempt, the interceptor consults a "rules database" to determine if the specific application has permission. Based on the rules, the write access is either allowed or blocked, thereby preventing unauthorized programs from saving malicious code to the disk in the first place (’661 Patent, col. 1:28-35; Fig. 1).
  • Technical Importance: This approach reflects a method of behavior-based threat prevention—controlling potentially harmful actions (like writing to disk) regardless of whether a virus signature is known—which is a foundational concept in modern endpoint security (’661 Patent, col. 1:25-27).
• Key Claims at a Glance:
  • The complaint asserts infringement of one or more "Exemplary '661 Patent Claims" without specifying them (Compl. ¶11). Independent claim 1 is representative of the patented method.
  • Essential Elements of Independent Claim 1:
    • Running a first process in "kernel mode" that monitors data storage device access.
    • Detecting an attempt by a distinct application to write data to the storage device.
    • Interrogating a "rules database" that contains references to a plurality of applications, with each reference associated with at least one "access level."
    • Controlling the application's write access based on the value of the access level found in the database.
  • The complaint does not explicitly reserve the right to assert dependent claims but alleges infringement of "one or more claims" (Compl. ¶11).

III. The Accused Instrumentality

• Product Identification: The complaint does not identify any accused products by name, referring to them generally as the "Exemplary Defendant Products" (Compl. ¶11).
• Functionality and Market Context: The complaint does not describe the specific functionality of the accused products. It alleges that they "practice the technology claimed by the '661 Patent" and incorporates by reference claim charts from Exhibit 2, which was not filed with the public complaint (Compl. ¶16-17). The complaint does not provide sufficient detail for analysis of the accused products' functionality or market position.

IV. Analysis of Infringement Allegations

The complaint alleges that the "Exemplary Defendant Products" infringe the ’661 Patent but provides the specific mapping of product features to claim elements in an incorporated Exhibit 2, which is not publicly available (Compl. ¶16-17). The complaint’s narrative theory of infringement asserts that the accused products "satisfy all elements of the Exemplary '661 Patent Claims" without providing further technical detail in the body of the complaint itself (Compl. ¶16).

No probative visual evidence provided in complaint.

• Identified Points of Contention:
  • Scope Questions: A central question may be whether the accused products contain a process that operates in "kernel mode," as required by the claim (’661 Patent, col. 6:13-14). The distinction between privileged kernel-mode access and standard user-mode operation is technically precise and could be a focal point of non-infringement arguments.
  • Technical Questions: The analysis will likely raise the question of whether the accused products employ a "rules database" that maps a "plurality of applications" to specific "access level[s]," as the claim requires (’661 Patent, col. 6:19-24). The inquiry may focus on whether the accused system uses a granular, application-specific permission structure or a more generalized security model that does not meet these structural requirements.

V. Key Claim Terms for Construction

• The Term: "kernel mode"

• Context and Importance: This term is a well-defined term of art in computer science referring to a privileged execution mode for an operating system. Whether the accused process operates in kernel mode is a potentially dispositive technical question for infringement.

• Intrinsic Evidence for Interpretation:

  • Evidence for a Broader Interpretation: The claims use the term without further definition, suggesting it should be given its plain and ordinary meaning to one skilled in the art of operating systems at the time of the invention.
  • Evidence for a Narrower Interpretation: The specification provides a single, specific example of implementation: "the interceptor module is a kernel mode driver which has a higher level of access to the Windows file system and system resources" (’661 Patent, col. 4:39-42). A party could argue this embodiment limits the term's scope to such a driver-based implementation.

• The Term: "rules database"

• Context and Importance: The structure and content of the "rules database" are at the core of the patented method. The definition of this term will be critical to determining whether the permissioning system in the accused products falls within the claim scope.

• Intrinsic Evidence for Interpretation:

  • Evidence for a Broader Interpretation: The specification provides a broad definition, stating a "rule database is a set of entries or references in a data structure where the identity of an application is paired with one or more permission values" (’661 Patent, col. 2:36-39). This language may support a construction covering a wide variety of data structures.
  • Evidence for a Narrower Interpretation: The detailed description outlines a specific structure with enumerated "Level[s]" of write access (e.g., Level 0 for no access, Level 1 for full access) (’661 Patent, col. 2:54-68). A party may argue that the term "rules database" requires this specific type of multi-level permission architecture, not just a simple allow/deny list.

VI. Other Allegations

• Indirect Infringement: The complaint alleges induced infringement, stating that Defendant distributes "product literature and website materials inducing end users and others to use its products in the customary and intended manner that infringes" the ’661 Patent (Compl. ¶14).
• Willful Infringement: The basis for willfulness appears to be post-suit knowledge. The complaint alleges that service of the complaint itself "constitutes actual knowledge of infringement" and that Defendant continues to infringe despite this knowledge (Compl. ¶13-14).

VII. Analyst’s Conclusion: Key Questions for the Case

• A primary issue will be one of evidentiary proof: given the lack of detail in the complaint, the plaintiff will bear the burden of demonstrating through technical evidence that the accused products perform the specific functions required by the claims, particularly the requirement for a process operating in "kernel mode."
• The case will likely turn on a question of definitional scope: can the permissioning architecture within the accused products be properly characterized as a "rules database" that associates a "plurality of applications" with distinct "access level[s]," as contemplated by the patent, or does it employ a different security paradigm that falls outside the boundaries of the asserted claims?