Veribase LLC v. TCL Technology Group Corp

I. Executive Summary and Procedural Information

• Parties & Counsel:
  • Plaintiff: VeriBase LLC (New Mexico)
  • Defendant: TCL Technology Group Corp. (China)
  • Plaintiff’s Counsel: Rabicoff Law LLC
• Case Identification: 2:25-cv-01237, E.D. Tex., 12/18/2025
• Venue Allegations: Venue is alleged to be proper in the Eastern District of Texas because the defendant is a foreign corporation.
• Core Dispute: Plaintiff alleges that Defendant’s products infringe a patent related to methods for securing a computer system by selectively controlling a program's ability to write data to a storage medium.
• Technical Context: The technology addresses computer security by implementing a proactive, rules-based system to prevent unauthorized file modifications, a common vector for malware and viruses.
• Key Procedural History: The complaint does not mention any prior litigation, licensing history, or post-grant proceedings related to the patent-in-suit.

Case Timeline

Date	Event
2005-12-01	U.S. Patent No. 9,600,661 Priority Date
2017-03-21	U.S. Patent No. 9,600,661 Issues
2025-12-18	Complaint Filed

II. Technology and Patent(s)-in-Suit Analysis

U.S. Patent No. 9,600,661 - System and method to secure a computer system by selective control of write access to a data storage medium

• Patent Identification: U.S. Patent No. 9,600,661 (“System and method to secure a computer system by selective control of write access to a data storage medium”), issued March 21, 2017.

The Invention Explained

• Problem Addressed: The patent addresses the proliferation of computer viruses distributed via the Internet and electronic mail, noting that conventional anti-virus programs are often reactive, dealing with an infection only after it has occurred (U.S. Patent No. 9,600,661, col. 1:11-23).
• The Patented Solution: The invention provides a method for proactively controlling write access to a storage medium like a hard drive. An "interceptor" program runs constantly in the background, monitoring for attempts by other applications to write data. When a write attempt is detected, the interceptor interrogates a "rules database" to determine if the specific application has permission. Based on the rules, the write access is either allowed or blocked (’971 Patent, Abstract; col. 2:25-35). If no rule exists for an application, the system can prompt the user to grant or deny permission, and that choice can be saved as a new rule (’971 Patent, col. 3:16-24).
• Technical Importance: This approach provides a permission-based security model that can prevent unauthorized modifications by unknown threats, contrasting with traditional signature-based antivirus software that must first identify a threat before it can be neutralized (’971 Patent, col. 1:19-23).

Key Claims at a Glance

• The complaint does not specify which claims are asserted, instead referring to "Exemplary '661 Patent Claims" identified in an exhibit not attached to the public filing (Compl. ¶11). Claim 1 is the first independent claim of the ’971 Patent.
• Essential elements of Independent Claim 1 include:
  • Running a first process that operates in conjunction with an operating system in "kernel mode" to monitor data storage device access.
  • Detecting an attempt by a separate application to write data to the storage device.
  • In response, interrogating a "rules database" which contains references to applications and associated access levels.
  • Controlling the write access for the application based on the value of the access level found in the database.
• The complaint does not explicitly reserve the right to assert dependent claims, but alleges infringement of "one or more claims" (Compl. ¶11).

III. The Accused Instrumentality

Product Identification

• The complaint does not specifically name any accused products. It refers to "Exemplary Defendant Products" that are identified in charts incorporated by reference as Exhibit 2 (Compl. ¶11, 16). This exhibit was not included with the filed complaint.

Functionality and Market Context

• The complaint does not provide sufficient detail for analysis of the functionality or market context of the accused products. It alleges only that the products "practice the technology claimed by the '661 Patent" (Compl. ¶16).

IV. Analysis of Infringement Allegations

The complaint references claim-chart exhibits to support its infringement allegations, but these exhibits were not provided with the public filing (Compl. ¶16, 17). The complaint's narrative theory alleges that the "Exemplary Defendant Products" practice the patented technology and satisfy all elements of the asserted claims (Compl. ¶16). No probative visual evidence provided in complaint.

• Identified Points of Contention: Due to the lack of specific allegations or product identification in the complaint, any analysis is preliminary. However, based on the patent's claims, key questions may emerge:
  • Architectural Questions: What evidence demonstrates that the accused products employ the specific architecture recited in the claims, namely a process operating in "kernel mode" that monitors a separate application and consults a "rules database"?
  • Scope Questions: How does the functionality of the accused products map to the concept of a "rules database" that associates specific applications with permission levels, as described in the patent? The dispute may center on whether the accused products' security mechanisms function in the specific manner required by the claims.

V. Key Claim Terms for Construction

• The Term: "kernel mode" (from Claim 1)

  • Context and Importance: This term defines the operational privilege level of the monitoring process. The infringement analysis will depend on whether the accused products utilize a process with the specific technical characteristics of an operating system's kernel mode. Practitioners may focus on this term to determine if a security process running in a different, lower-privilege environment falls outside the claim's scope.
  • Intrinsic Evidence for Interpretation:
    • Evidence for a Narrower Interpretation: The specification explicitly describes an embodiment where the "interceptor module is a kernel mode driver which has a higher level of access to the Windows file system and system resources" (’971 Patent, col. 4:40-42). This could support an argument that the term is limited to this specific implementation.
    • Evidence for a Broader Interpretation: The claim itself simply uses the term "kernel mode" without tying it to a specific operating system or driver type. This could support an argument that the term should be given its plain and ordinary meaning as understood in computer science, covering any equivalent high-privilege operating mode.

• The Term: "rules database" (from Claim 1)

  • Context and Importance: This term is central to how permission is determined. The case may turn on whether the accused products' method for storing and checking permissions constitutes a "rules database" as claimed.
  • Intrinsic Evidence for Interpretation:
    • Evidence for a Narrower Interpretation: The specification describes the database as one that "lists applications approved by the user with their level of write access" and where "the identity of an application is paired with one or more permission values" (’971 Patent, col. 2:34-39). This suggests a structured collection of application-specific rules, potentially narrowing the term to exclude more generalized security policies.
    • Evidence for a Broader Interpretation: The patent also states a rule is "one or more permission values associated with an application" (’971 Patent, col. 2:39-41). This simpler definition could support a broader construction covering any data structure that stores and associates permissions with applications.

VI. Other Allegations

• Indirect Infringement: The complaint alleges induced infringement, stating that Defendant sells the accused products and distributes "product literature and website materials" that instruct end users on how to use the products in a manner that allegedly infringes (Compl. ¶14, 15).
• Willful Infringement: The complaint alleges that service of the complaint itself provides Defendant with "actual knowledge of infringement" and that any continued infringement is despite this knowledge (Compl. ¶13, 14). This forms a basis for post-suit willful infringement.

VII. Analyst’s Conclusion: Key Questions for the Case

1. A central issue will be one of architectural correspondence: Can the plaintiff demonstrate that the accused products, once identified, implement the specific, multi-component security architecture required by the claims—a distinct user application, a monitoring process operating in "kernel mode," and a structured "rules database"—or do they achieve a similar result through a fundamentally different technical approach?
2. A threshold evidentiary question will be one of factual sufficiency: Given the complaint’s complete reliance on an un-provided exhibit for identifying accused products and mapping them to claim elements, a primary focus will be on whether the plaintiff can produce concrete technical evidence to substantiate its generalized infringement allegations against specific products.