Veribase LLC v. Twinhead Intl Corp

I. Executive Summary and Procedural Information

• Parties & Counsel:
  • Plaintiff: VeriBase LLC (New Mexico)
  • Defendant: Twinhead International Corporation (Taiwan)
  • Plaintiff’s Counsel: Rabicoff Law LLC
• Case Identification: 2:25-cv-01238, E.D. Tex., 12/18/2025
• Venue Allegations: Plaintiff alleges venue is proper because Defendant is a foreign corporation and has committed acts of patent infringement within the Eastern District of Texas.
• Core Dispute: Plaintiff alleges that Defendant infringes a patent related to a system and method for securing a computer by selectively controlling an application's ability to write data to a storage medium.
• Technical Context: The technology addresses fundamental computer security by proactively monitoring and controlling write access to storage devices, aiming to prevent malicious software like viruses from infecting a system.
• Key Procedural History: The complaint does not allege any prior litigation, licensing history, or administrative proceedings related to the patent-in-suit.

Case Timeline

Date	Event
2005-12-01	’661 Patent Priority Date
2017-03-21	’661 Patent Issue Date
2025-12-18	Complaint Filing Date

II. Technology and Patent(s)-in-Suit Analysis

U.S. Patent No. 9,600,661 - "System and method to secure a computer system by selective control of write access to a data storage medium"

The Invention Explained

• Problem Addressed: The patent describes the proliferation of computer viruses, which commonly infect systems by writing malicious code to storage media like hard drives. It notes that conventional anti-virus programs are often reactive, addressing a virus only after a system has been infected (’661 Patent, col. 1:12-24).
• The Patented Solution: The invention proposes a proactive security method where a background process, termed an "interceptor," monitors all attempts by applications to write data to a storage device. Upon detecting a write attempt, the interceptor interrogates a "rules database" to determine if the specific application has permission. Based on the rules, the write access is either permitted or blocked. If no rule exists for a given application, the system can prompt the user for a decision (’661 Patent, Abstract; col. 2:25-34). Figure 1 illustrates this architecture, showing an "Interceptor" (18) positioned between an "Application" (12) and a "Disk" (16), with the interceptor checking a "Database" (20).
• Technical Importance: This technology embodies a behavioral, access-control approach to security, contrasting with the signature-based detection methods common at the time, representing a foundational concept for modern host-based intrusion prevention systems (’661 Patent, col. 1:25-34).

Key Claims at a Glance

• The complaint does not specify which claims are asserted in its narrative text, instead referencing "Exemplary ’661 Patent Claims" in an unattached exhibit (Compl. ¶11). The following analysis proceeds on the basis of independent claim 1 as a representative asserted claim.
• Independent Claim 1:
  • Running a first process operating in kernel mode that monitors data storage device accesses.
  • Detecting an attempt by a separate application to write data to the storage device.
  • In response, interrogating a rules database containing references to applications and associated access levels.
  • Controlling the application's write access based on the result of the interrogation.
• The complaint does not explicitly reserve the right to assert dependent claims.

III. The Accused Instrumentality

Product Identification

• The complaint does not name any specific accused products in its main body. It refers to "Exemplary Defendant Products" that are purportedly identified in charts within an exhibit that was not attached to the publicly filed complaint (Compl. ¶11, 16).

Functionality and Market Context

• The complaint does not provide sufficient detail for analysis of the accused instrumentality's functionality. It makes only the conclusory allegation that the "Exemplary Defendant Products practice the technology claimed by the ’661 Patent" (Compl. ¶16). No allegations are made regarding the products' market positioning.

IV. Analysis of Infringement Allegations

The complaint references claim-chart exhibits to support its infringement allegations but does not include them with the filing (Compl. ¶16-17). The narrative infringement theory alleges that Defendant directly infringes by making, using, and selling the accused products, which "satisfy all elements of the Exemplary ’661 Patent Claims" (Compl. ¶11, 16). No specific factual basis for how the accused products meet the claim limitations is provided in the complaint's text.

No probative visual evidence provided in complaint.

• Identified Points of Contention: Based on the patent’s claim language, the infringement analysis may raise several technical and legal questions:
  • Scope Questions: Claim 1 requires a process "operating in kernel mode." A potential dispute is whether the accused products' monitoring process functions at this specific, privileged operating system level, or if it operates in "user mode," which could present a significant technical distinction relevant to infringement.
  • Technical Questions: The claim requires "interrogating a rules database" where application identity is "paired with one or more permission values" (’661 Patent, col. 2:35-38). A key question will be whether the accused products utilize a security architecture that maps to this claimed structure, or if they employ a more generalized security policy engine that does not rely on a database of application-specific rules as described in the patent.

V. Key Claim Terms for Construction

• The Term: "rules database"

  • Context and Importance: This term is central to the claimed invention's decision-making logic. Its construction will determine the scope of security architectures that fall within the claims. Practitioners may focus on this term because the functionality of modern security software may not align with the specific database structure described in the patent.
  • Intrinsic Evidence for Interpretation:
    • Evidence for a Broader Interpretation: The specification describes the database broadly as "a set of entries or references in a data structure where the identity of an application is paired with one or more permission values" (’661 Patent, col. 2:35-38). This language may support a construction covering various data structures beyond a formal database table.
    • Evidence for a Narrower Interpretation: The specification also describes a "preferred number of possible write access levels," such as "Level 0" (no access), "Level 1" (full access), and "Level 2" (access for specified file extensions) (’661 Patent, col. 2:54-62). A defendant may argue this disclosure narrows the term to a database that implements such a granular, level-based permission scheme.

• The Term: "process operating in kernel mode"

  • Context and Importance: This limitation defines the operational privilege level of the monitoring component. Proving that an accused product operates at this specific level is a prerequisite for infringement of claims containing this element.
  • Intrinsic Evidence for Interpretation:
    • Evidence for a Broader Interpretation: The patent does not provide a special definition for "kernel mode," which may suggest the parties should apply its plain and ordinary meaning as understood in computer science—a privileged execution mode for core operating system functions.
    • Evidence for a Narrower Interpretation: The patent states that "In the preferred embodiment, the interceptor module is a kernel mode driver which has a higher level of access to the Windows file system and system resources" (’661 Patent, col. 4:38-41). This statement could be used to argue that the claimed process must be a formal "kernel mode driver," a specific type of program, rather than any process that simply executes with elevated privileges.

VI. Other Allegations

• Indirect Infringement: The complaint alleges induced infringement, stating that Defendant distributes "product literature and website materials inducing end users... to use its products in the customary and intended manner that infringes the ’661 Patent" (Compl. ¶14).
• Willful Infringement: The complaint does not use the term "willful," but it lays a foundation for post-suit willfulness. It alleges that service of the complaint constitutes "actual knowledge of infringement" and that despite this knowledge, Defendant "continues to make, use, test, sell, offer for sale, market, and/or import" infringing products (Compl. ¶13-14).

VII. Analyst’s Conclusion: Key Questions for the Case

• A core issue will be one of evidentiary sufficiency: The complaint's infringement allegations are entirely conclusory and dependent on an unattached exhibit. A primary question for litigation will be whether the plaintiff can produce specific evidence demonstrating that the unnamed accused products actually perform each element of the asserted claims, particularly the requirements of operating in "kernel mode" and utilizing a "rules database" as claimed.
• A key legal question will be one of claim construction scope: The case may turn on whether the term "rules database" is construed broadly to cover modern, policy-based security systems or is limited to the specification’s more rigid structure of pairing individual applications with discrete permission "levels." The resolution of this definitional dispute will likely be critical to the infringement outcome.