DCT
4:20-cv-01040
Spriv LLC v. Centrify Corp
I. Executive Summary and Procedural Information
- Parties & Counsel:
- Plaintiff: Spriv, LLC (New York)
- Defendant: Centrify Corporation (Delaware)
- Plaintiff’s Counsel: Chassman & Seelig LLP; Meister Seelig & Fein LLP
- Case Identification: 4:20-cv-01040, N.D. Cal., 02/10/2020
- Venue Allegations: Venue is alleged to be proper in the Northern District of California because Defendant Centrify maintains a regular and established place of business in the district.
- Core Dispute: Plaintiff alleges that Defendant’s Centrify Threat Analytics Service infringes four patents related to authenticating user identities by comparing the geographical locations of a user's computer and mobile device.
- Technical Context: The technology addresses online security and fraud prevention by using location as a second factor of authentication, a critical component in the field of identity and access management.
- Key Procedural History: The complaint alleges that Plaintiff provided Defendant with pre-suit notice of infringement on two separate occasions, October 23, 2019, and December 9, 2019, and that the notice letters included sample claim charts for three of the asserted patents. This history is presented to support the allegations of willful infringement.
Case Timeline
| Date | Event |
|---|---|
| 2005-04-26 | Earliest Priority Date for '225 Patent |
| 2005-08-25 | Earliest Priority Date for '867 and '833 Patents |
| 2007-05-29 | Earliest Priority Date for '909 Patent |
| 2013-02-05 | '909 Patent Issued |
| 2014-02-01 | Alleged First Sale of Accused System (approx.) |
| 2015-05-19 | '225 Patent Issued |
| 2017-08-08 | '867 Patent Issued |
| 2019-05-14 | '833 Patent Issued |
| 2019-10-24 | Defendant Allegedly Received First Notice Letter |
| 2019-12-10 | Defendant Allegedly Received Second Notice Letter |
| 2020-02-10 | Complaint Filing Date |
II. Technology and Patent(s)-in-Suit Analysis
U.S. Patent No. 8,370,909 - "Method and system for authenticating internet user identity"
- Patent Identification: U.S. Patent No. 8,370,909, "Method and system for authenticating internet user identity," issued February 5, 2013.
The Invention Explained
- Problem Addressed: The patent identifies the risk of fraud in online commerce, where the transmission of personal and confidential information is required. It posits that prior art methods for user authentication were not sufficiently timely or nonintrusive for modern internet transactions (Compl. ¶¶13-14; ’909 Patent, col. 1:46-55).
- The Patented Solution: The invention proposes a method to authenticate a user by cross-referencing two independent sources of location information: the geographical location of the user's computer (identified via a "computer signature") and the geographical location of the user's "communication voice device," such as a mobile phone. If the two locations are within a predetermined proximity of one another, the user's identity is considered confirmed, and the transaction is allowed to proceed (’909 Patent, Abstract; col. 4:17-29).
- Technical Importance: The technology offered a way to perform two-factor authentication in a more automated and passive manner, using the physical location of a user's trusted mobile device as a proxy for their identity without requiring active user intervention (Compl. ¶15).
Key Claims at a Glance
- The complaint asserts direct infringement of claims 1-17, with specific allegations related to independent claims 1 and 9 (Compl. ¶¶27, 28).
- Independent Claim 1 recites the core steps of a method for authenticating a user, including:
- Identifying a "computer signature" of the computer being used.
- Checking a database to see if the signature is already known.
- If the signature is known, determining a second geographical location of the user's mobile voice device and comparing it to the stored location.
- If the locations are within a "predetermined acceptable distance," providing the user with the ability to conduct a transaction.
- The complaint reserves the right to assert dependent claims 2-8 and 10-17 (Compl. ¶28).
U.S. Patent No. 9,727,867 - "Method for detecting misuse of identity in electronic transactions"
- Patent Identification: U.S. Patent No. 9,727,867, "Method for detecting misuse of identity in electronic transactions," issued August 8, 2017.
The Invention Explained
- Problem Addressed: The patent addresses the ineffectiveness of prior art verification systems in reducing fraudulent purchases (Compl. ¶14, citing ’867 Patent at 1:55-65). It specifically targets scenarios where a user's real-time location may be unavailable, such as when a GPS signal cannot be received inside a building (’867 Patent, col. 8:2-9).
- The Patented Solution: The invention describes a method that relies on cached position information. Upon receiving a notification to authenticate a transaction, the system obtains a "pre-transaction" location from cached data on the user's wireless device or a remote database. It compares this cached location to the current transaction location. A key element is calculating the "speed" required to travel between the two locations in the elapsed time; if this speed is impossible, an alert is generated, flagging potential fraud (’867 Patent, Abstract; col. 15:6-16).
- Technical Importance: By using cached location data, the system provides a fallback authentication mechanism that works even when a live location fix is not possible, thereby increasing the reliability and coverage of location-based fraud detection (’867 Patent, col. 3:39-44).
Key Claims at a Glance
- The complaint asserts direct infringement of claims 1-20, with specific allegations related to independent claim 11 (Compl. ¶¶44, 45).
- Independent Claim 11 recites a method for detecting fraudulent identity use, including the steps of:
- Associating a user identity with a wireless terminal.
- Receiving a notification to authenticate a use of the identity at a first location.
- Obtaining either a "pre-transaction second location" from cached data or a "post-transaction second location."
- Obtaining time stamps for both locations.
- Calculating the speed required to move between the locations in the elapsed time.
- Generating an alert if the calculated speed is above a predetermined value.
- The complaint reserves the right to assert other claims from the patent (Compl. ¶45).
U.S. Patent No. 10,289,833 - "Authenticating internet user identities in electronic transactions"
- Patent Identification: U.S. Patent No. 10,289,833, "Authenticating internet user identities in electronic transactions," issued May 14, 2019.
- Technology Synopsis: As a divisional of the ’867 Patent, this patent also describes authenticating an internet user's identity by comparing information from two independent sources. It addresses the problem of online fraud by comparing the geographical location associated with a user's computer "signature" with the geographical location of the user's mobile voice device (’833 Patent, Abstract).
- Asserted Claims: The complaint asserts claims 1-18, with a focus on independent claims 1 and 10 (Compl. ¶62).
- Accused Features: The complaint alleges that the Accused System infringes by embodying the patented inventions, specifically through its use of location-based authentication (Compl. ¶¶19, 59).
U.S. Patent No. 9,033,225 - "Method and System for Authenticating Internet Users"
- Patent Identification: U.S. Patent No. 9,033,225, "Method and System for Authenticating Internet Users," issued May 19, 2015.
- Technology Synopsis: This patent is directed at facilitating secure electronic transactions and controlling access to websites. It proposes to solve the problem of identity misuse by determining a user's location via their wireless communication device, based on the geographical proximity of Wi-Fi locations and cached position information, and comparing that location to the transaction location (’225 Patent, Abstract).
- Asserted Claims: The complaint asserts claims 1-15, with a focus on independent claim 1 (Compl. ¶¶78, 79).
- Accused Features: The Accused System is alleged to infringe by duplicating and embodying the patented inventions, particularly through its location-based authentication functionalities (Compl. ¶¶19, 76).
III. The Accused Instrumentality
Product Identification
The "Centrify Threat Analytics Service" (the "Accused System") (Compl. ¶19).
Functionality and Market Context
The complaint describes the Accused System as containing "authentication tools that compare geographical locations of a user's devices to perform authentication" (Compl. ¶19). It allegedly employs a User Behavior Analytics ("UBA") module that uses machine learning to analyze a user's behavior patterns and identify "anomalous" or "risky" activities. This analysis is alleged to incorporate details about events across "systems, location, time, privileged commands and more" to compute a real-time risk score, and to "alert or notify security" in response to risky events (Compl. ¶19). The complaint alleges that Centrify has been selling the Accused System since approximately February 2014 as part of its broader offering of user identification and analytics systems (Compl. ¶¶12, 19).
IV. Analysis of Infringement Allegations
The complaint alleges infringement of all four patents and states that claim charts demonstrating infringement were provided as exhibits to the complaint and in pre-suit notice letters (Compl. ¶¶28, 45, 62, 79). No probative visual evidence provided in complaint. The narrative infringement theory is summarized below.
’909 Patent Infringement Allegations
| Claim Element (from Independent Claim 1) | Alleged Infringing Functionality | Complaint Citation | Patent Citation |
|---|---|---|---|
| a computer-implemented method of authenticating an Internet user's identity | The Accused System provides "authentication tools" for user identification (Compl. ¶19). | ¶19 | col. 4:17-18 |
| identifying... a computer signature of a computer being used by the Internet user... | The Accused System analyzes privileged user behavior and events "across systems," which implies the identification of the user's computer or device (Compl. ¶19). | ¶19 | col. 2:3-9 |
| determining a... geographical location using at least a geographical location of at least one mobile voice device of the Internet user | The UBA module is alleged to drill into details around events, including "location," and the system is said to compare locations of a "user's devices" (Compl. ¶19). | ¶19 | col. 5:21-29 |
| comparing the geographical location... with the second geographical location | The complaint alleges the Accused System's tools "compare geographical locations of a user's devices to perform authentication" (Compl. ¶19). | ¶19 | col. 4:23-29 |
| providing to the internet user the ability to conduct a transaction | By performing authentication, the system necessarily determines whether a user's transaction or access attempt is permitted to proceed. | ¶19 | col. 8:1-3 |
’867 Patent Infringement Allegations
| Claim Element (from Independent Claim 11) | Alleged Infringing Functionality | Complaint Citation | Patent Citation |
|---|---|---|---|
| receiving a notification to authenticate the use of the identity at a first location | The Accused System is alleged to "comprehend access and events" and compute risk for "any specific event," which suggests it receives notification of an event requiring authentication (Compl. ¶19). | ¶19 | col. 2:50-55 |
| obtaining a pre-transaction second location... based on cached position information... or... a post-transaction second location... | The system's use of UBA is based on "constantly evolving user behavior patterns," which suggests a reliance on historical or cached data, including location, to establish a baseline for normal activity (Compl. ¶19). | ¶19 | col. 3:39-44 |
| calculating a speed required to move from the first location to the second location... | The complaint alleges the system identifies "anomalous" activity but does not specify that it does so by "calculating a speed." | ¶19 | col. 9:1-7 |
| generating an alert if the speed is above a predetermined value | The system is alleged to "identify 'anomalous' or 'non-normal' and therefore risky activities and alert or notify security" (Compl. ¶19). | ¶19 | col. 9:7-9 |
Identified Points of Contention
- Technical Questions: A primary technical question is whether the Accused System's "risk computation" for "anomalous activity" performs the specific function of "calculating a speed" as required by claim 11 of the ’867 Patent. The complaint alleges general anomaly detection based on location but provides no facts to suggest this specific calculation is performed.
- Scope Questions: A potential dispute may arise over the definition of "computer signature" in the ’909 and ’833 Patents. The infringement case may depend on whether the data points collected by the Accused System to identify a device (which are not specified in the complaint) fall within the patent's definition, which includes specific hardware and software identifiers.
V. Key Claim Terms for Construction
The Term: "computer signature" (e.g., ’909 Patent, cl. 1; ’833 Patent, cl. 1)
- Context and Importance: This term is foundational to the ’909 and ’833 Patents, as it defines the first data point used in the location comparison. The viability of the infringement claim depends on whether the method of device identification used by Centrify falls within the scope of this term.
- Evidence for a Broader Interpretation: The specification suggests a broad, non-limiting definition, stating a "computer signature can be set of one or more hardware devices information" or "one or more software components," with "unlimited example" lists (’833 Patent, col. 2:3-9).
- Evidence for a Narrower Interpretation: The claims themselves recite "at least one common identifier installed on the computer" and further specify that this identifier can be a "non-unique identifier" of software (’833 Patent, col. 7:52-54). A defendant may argue the term is limited by these claim recitations or by the specific examples provided in the specification.
The Term: "calculating a speed" (’867 Patent, cl. 11)
- Context and Importance: This is a specific functional limitation that forms the core of the fraud detection method in claim 11. Practitioners may focus on this term because the complaint's allegations of "anomalous activity" detection are general, and proof of infringement requires showing this specific calculation is performed.
- Evidence for a Broader Interpretation: A plaintiff might argue that any risk algorithm that deems travel between two geolocations in a given time frame to be "anomalous" is inherently performing the function of "calculating a speed," even if the algorithm does not explicitly output a "miles per hour" value.
- Evidence for a Narrower Interpretation: The plain language of the claim suggests a specific mathematical operation (distance divided by time). A defendant could argue that a general machine learning or rule-based risk assessment that considers location as one of many factors does not meet this precise functional requirement.
VI. Other Allegations
- Indirect Infringement: The complaint alleges that Centrify induces infringement by providing customers with instructions on how to use the Accused System in an infringing manner through its website, blogs, webinars, and other support materials (Compl. ¶¶23, 29). It further alleges contributory infringement on the basis that the Accused System is a material component of the invention, is especially adapted for infringing use, and is not a staple article of commerce suitable for substantial non-infringing use (Compl. ¶¶30, 47).
- Willful Infringement: Willfulness is alleged based on Defendant’s continued infringement after receiving two pre-suit notice letters, dated October 23, 2019, and December 9, 2019. The complaint asserts these letters provided actual notice of the patents and included detailed claim charts, and that Centrify failed to cease its infringing conduct or provide a basis for non-infringement or invalidity (Compl. ¶¶31, 33, 38).
VII. Analyst’s Conclusion: Key Questions for the Case
- A key evidentiary question will be one of functional equivalence: Does the Accused System's generalized "risk computation" and "anomaly detection" algorithm perform the specific, discrete functions recited in the patent claims? In particular, the case may turn on whether Spriv can demonstrate that Centrify's system performs the "speed calculation" required by the ’867 Patent, or if there is a fundamental mismatch between a broad risk score and the claimed method.
- A central issue will be one of definitional scope: Can the term "computer signature," which the patents define with reference to specific hardware and software identifiers like MAC addresses and CPU serial numbers, be construed to cover the unspecified device identification methods used by Centrify's modern User Behavior Analytics platform? The outcome will depend on the evidence presented regarding the Accused System's actual operation.