DCT

5:23-cv-05720

Cortex MCP Inc v. Visa Inc

Log In

I. Executive Summary and Procedural Information

  • Parties & Counsel:
  • Case Identification: 6:23-cv-00048, W.D. Tex., 04/10/2023
  • Venue Allegations: Plaintiff alleges venue is proper in the Western District of Texas because Defendant Visa, Inc. is registered to do business in Texas and maintains a regular and established place of business in Austin, including a global information technology center.
  • Core Dispute: Plaintiff alleges that Defendant’s Visa Token Service (VTS) infringes four U.S. patents related to systems for securely generating, storing, and verifying digital credentials for mobile payments using tokenization.
  • Technical Context: The technology addresses the security of mobile wallet transactions by replacing sensitive Primary Account Numbers (PANs) with unique, secure digital tokens, a foundational element of modern digital commerce.
  • Key Procedural History: The complaint alleges that Plaintiff met with Defendant's subsidiary, CyberSource, under a non-disclosure agreement in July 2013 to present its technology. It further alleges that in 2016 and 2017, after the first patent-in-suit had issued, Plaintiff provided information about its technology and intellectual property portfolio to Defendant's executives. These allegations may form the basis for claims of willful infringement.

Case Timeline

Date Event
2012-12-21 Earliest Priority Date for all Asserted Patents
2012-12-21 Cortex applies for initial patent for its technology
2013-07-01 Cortex representatives meet with representatives from Visa-owned CyberSource
2016-02-02 U.S. Patent No. 9,251,531 Issues
2016-04-01 Cortex representatives allegedly provide information on '531 Patent to Visa
2017-01-01 Cortex representatives allegedly provide information on '531 Patent to Visa
2018-04-24 U.S. Patent No. 9,954,854 Issues
2020-08-18 U.S. Patent No. 10,749,859 Issues
2022-05-10 U.S. Patent No. 11,329,973 Issues
2023-04-10 First Amended Complaint Filed

II. Technology and Patent(s)-in-Suit Analysis

U.S. Patent No. 9,251,531 - "File format and platform for storage and verification of credentials," issued February 2, 2016

The Invention Explained

  • Problem Addressed: The patent’s background describes how the adoption of mobile wallets was hampered because storing sensitive data like credit card numbers on phones was insecure, and existing secure solutions required specialized hardware (e.g., "secure element chips") that most smartphones lacked (Compl. ¶8; ’531 Patent, col. 1:35-49).
  • The Patented Solution: The invention proposes a system centered on an "Officially Verifiable Electronic Representation" (OVER) file. This OVER file acts as a secure, virtual token representing a user's actual credential. A central "OVER engine" generates this file, sends it to the user's mobile device, and later verifies the token when it is presented for a transaction at a third-party device (e.g., a point-of-sale terminal), thereby avoiding the need to store or transmit the sensitive underlying credential data during the transaction (’531 Patent, Abstract; col. 4:1-36).
  • Technical Importance: This architecture enables secure mobile payments on standard consumer devices without requiring specialized, built-in security hardware, thereby lowering the barrier to adoption for both consumers and merchants (Compl. ¶9).

Key Claims at a Glance

  • The complaint asserts independent claim 1 (Compl. ¶15).
  • The essential elements of claim 1, a computer-implemented method, include:
    • storing information associated with a user's credential in an OVER engine's memory;
    • receiving a generation request from a user's client device;
    • generating an OVER file, which is a virtual representation of the credential verified by an issuing agency;
    • transmitting the OVER file to the user's client device;
    • receiving a verifying request from a third-party device based on a "scan" of the OVER file;
    • verifying that the scan corresponds to the information stored in the OVER engine; and
    • transmitting an authentication message back to the third-party device.
  • The complaint alleges infringement of "one or more claims, including at least claim 1," which suggests a reservation of the right to assert dependent claims (Compl. ¶16).

U.S. Patent No. 9,954,854 - "File format and platform for storage and verification of credentials," issued April 24, 2018

The Invention Explained

  • Problem Addressed: This patent addresses the secure management of digital credentials in an environment where users may have multiple devices or replace old devices with new ones, creating a need to securely provision and migrate credentials across a lifecycle (’854 Patent, col. 1:39-48).
  • The Patented Solution: The patent claims a non-transitory computer-readable medium containing instructions to perform a multi-device credential management process. The process involves accessing and verifying a "first OVER file" on a "first... client device," and subsequently accessing a "second OVER file" on a "second... client device." A key aspect is that this second OVER file is described as a "new credential" that is "invalid for use in the first OVER file client device," outlining a method for securely migrating a credential to a new device while potentially invalidating its presence on the old one (’854 Patent, col. 15:15 - col. 16:3).
  • Technical Importance: The invention provides a framework for managing the lifecycle of a digital token, addressing the real-world scenario of device upgrades or replacements while maintaining the security and integrity of the user's credential.

Key Claims at a Glance

  • The complaint asserts independent claim 15 (Compl. ¶36).
  • The essential elements of claim 15, describing operations performed by a processor, include:
    • accessing a first OVER file on a first client device;
    • transmitting a first verifying request to the OVER engine and receiving a first authentication message;
    • outputting a first status indicator;
    • accessing a second OVER file on a second client device, where the second file is invalid for use on the first device;
    • transmitting a second verifying request to the OVER engine and receiving a second authentication message; and
    • outputting a second status indicator.
  • The complaint alleges infringement of "one or more claims, including at least claim 15" (Compl. ¶37).

U.S. Patent No. 10,749,859 - "File format and platform for storage and verification of credentials," issued August 18, 2020

  • Technology Synopsis: This patent specifies a method for credential verification where both the user's device and the third-party verifying device are explicitly required to be Near Field Communication (NFC) enabled. The claimed method hinges on verification being conducted via an "NFC protocol-based communication" initiated when the user's device is brought near the verifying device (’859 Patent, Abstract; Compl. ¶59).
  • Asserted Claims: Independent Claim 1 (Compl. ¶59).
  • Accused Features: The complaint accuses the Visa Token Service, particularly in use cases for in-store payments where a consumer uses an NFC-enabled smartphone to tap-to-pay at an NFC-enabled point-of-sale terminal (Compl. ¶¶63, 66).

U.S. Patent No. 11,329,973 - "File format and platform for storage and verification of credentials," issued May 10, 2022

  • Technology Synopsis: This patent adds further specificity to the NFC-based method of the ’859 Patent by claiming additional back-end processing steps. It explicitly recites the OVER engine requesting an "agency authentication" from the credential's "issuing agency" to validate it, subsequently receiving a "status indicator" from that agency, and storing that status data (’973 Patent, col. 21:50-64; Compl. ¶79). This focuses on the communication loop between the tokenization platform and the financial institution that issued the original credential.
  • Asserted Claims: Independent Claim 1 (Compl. ¶79).
  • Accused Features: The complaint accuses the back-end functionality of the Visa Token Service, wherein the Visa Network communicates with the card issuer (the "issuing agency") to request validation for a transaction and then receives and stores the authentication status (Compl. ¶¶89-91).

III. The Accused Instrumentality

Product Identification

The accused instrumentality is the Visa Token Service ("VTS") (Compl. ¶16).

Functionality and Market Context

VTS is a technology platform that replaces a cardholder's sensitive 16-digit Primary Account Number (PAN) with a unique digital token. According to the complaint, when a consumer adds a Visa card to a digital wallet, VTS works with the card issuer to generate a token that is provisioned to the consumer's mobile device. During a transaction, this token is transmitted from the user's device to the merchant's point-of-sale terminal (often via NFC) and then through the payment network to Visa. The Visa Network then de-tokenizes the data to verify it against the original PAN before sending an authorization message back to the merchant (Compl. ¶¶19-25). The complaint alleges VTS is based on the global EMVCo payment tokenization standard and is a key component of Visa's digital payment ecosystem (Compl. ¶16).

No probative visual evidence provided in complaint.

IV. Analysis of Infringement Allegations

'531 Patent Infringement Allegations

Claim Element (from Independent Claim 1) Alleged Infringing Functionality Complaint Citation Patent Citation
storing, in a memory of an officially verifiable electronic representation (OVER) generation and verification engine, information associated with a credential of a user... The Visa Network, acting as the OVER engine, stores the user's Primary Account Number (PAN) and other cardholder information in its "Token Vault." ¶19 col. 4:1-3
receiving, from an OVER file storage client device of the user, an OVER file generation request... A digital wallet on the user's phone acts as a "Token Requestor," sending a generation request to the Visa Token Service. ¶20 col. 4:4-6
generating, by a processor of the OVER engine, an OVER file comprising a virtual representation of the credential that has been verified by an issuing agency... Visa's OVER engine generates a payment token, which is a virtual representation of the credential, and shares it with the credit card issuer (the "issuing agency") for approval. ¶21 col. 4:7-13
transmitting, to the OVER file storage client device of the user, the OVER file in response to the OVER file generation request The generated token (the "OVER file") is sent back to the digital wallet on the user's phone. ¶22 col. 4:14-16
receiving, from an OVER file third-party client verifying device, a verifying request to verify that the OVER file...authenticates the user based on a scan... A merchant's point-of-sale ("POS") terminal receives the token via a "scan" (e.g., NFC tap) and sends a "Token Payment Request" to the Visa Network. ¶23 col. 4:17-23
verifying that the scan associated with the OVER file corresponds with the information associated with the credential of the user that is stored in the OVER engine... The Visa Network verifies that the received token correlates to the PAN stored in its Token Vault. ¶24 col. 4:24-29
transmitting, to the OVER file third-party client verifying device, an authentication message... The Visa Network sends a payment authorization message to the merchant's POS terminal indicating whether the transaction is approved. ¶25 col. 4:30-36

Identified Points of Contention (’531 Patent)

  • Scope Questions: A central question may be whether the "payment token" generated by VTS, which is based on the EMVCo standard, falls within the patent's definition of an "OVER file." A defendant may argue that the patent discloses a specific file structure for the OVER file that is distinct from a VTS token.
  • Technical Questions: The claim requires verification based on a "scan." The complaint alleges this includes NFC communication. The court may need to determine if the term "scan," in the context of the patent's specification and prosecution history, is limited to optical methods (like QR codes) or can be construed to include radio-frequency protocols like NFC.

'854 Patent Infringement Allegations

Claim Element (from Independent Claim 15) Alleged Infringing Functionality Complaint Citation Patent Citation
accessing a first OVER file stored on a first OVER file client device... The Visa Token Service involves instructions causing a processor to access a first token stored on a user's first device (e.g., a phone). ¶39 col. 3:60-67
transmitting to the OVER engine a first verifying request to verify that the first OVER file...authenticates the user When a user initiates a payment, the first token is transmitted to the Visa Network (the OVER engine) for verification. ¶42 col. 4:17-23
receiving a first authentication message... The Visa Network receives a verification request from the merchant POS terminal, which authenticates the user by confirming the token corresponds to the PAN. ¶43 col. 4:24-29
outputting a first status indicator expressing whether the first OVER file authenticates the user After verification, a status indicator (transaction approval/denial) is sent from the Visa Network to the merchant. ¶44 col. 4:30-36
accessing a second OVER file stored on a second OVER file client device... wherein the second OVER file... is invalid for use in the first OVER file client device... The complaint alleges this corresponds to accessing a second token on a second mobile phone, which becomes the new virtual representation of the user's credentials. ¶45 col. 15:46-56
transmitting to the OVER engine a second verifying request... When the user transacts with the second token from the second device, that token is sent to the Visa Network for authorization. ¶46 col. 15:57-61
receiving a second authentication message... The merchant sends a second verification request to the Visa Token Service to verify the second token corresponds to the PAN. ¶47 col. 15:62-67
outputting a second status indicator... After the second token is verified, a second status indicator is sent to the Visa Network and the merchant. ¶48 col. 16:1-3

Identified Points of Contention (’854 Patent)

  • Scope Questions: The analysis may focus on whether Visa's process for provisioning a token to a new device meets the specific claim limitation that the "second OVER file... is invalid for use in the first OVER file client device." The case may require evidence on whether and how VTS deactivates or invalidates tokens on old devices as part of its standard device migration workflow.
  • Technical Questions: Does the complaint provide sufficient detail that VTS performs the claimed sequence of steps—accessing, transmitting, receiving, and outputting for a first device, followed by the same sequence for a second device with an invalidated first token—as a single, unified process? A defendant may argue that these are separate, unrelated user actions rather than a single claimed method.

V. Key Claim Terms for Construction

The Term: "OVER file" (asserted in all patents)

  • Context and Importance: This term is foundational to all asserted claims. The Plaintiff's infringement theory equates a Visa "payment token" with the patents' "OVER file." The viability of the case may depend on whether this construction is adopted.
  • Intrinsic Evidence for Interpretation:
    • Evidence for a Broader Interpretation: The specification describes the invention as comprising a "virtual representation of the credential" (’531 Patent, col. 6:8-9), language that could support a broad, functional definition covering any form of digital token that stands in for a physical credential.
    • Evidence for a Narrower Interpretation: The detailed description and figures in the shared specification of the patent family illustrate a specific structure for a displayed credential, including a "credential title field," an "image field," "text sections," and a "code section" (’859 Patent, Fig. 9). A defendant may argue that the term "OVER file" is limited to a data structure that includes these specific, disclosed elements.

The Term: "scan" (’531 Patent, Claim 1)

  • Context and Importance: Verification in the ’531 Patent is initiated based on a "scan." The complaint's primary infringement theory relies on this term encompassing NFC tap-to-pay transactions. Practitioners may focus on this term because its scope determines whether the patent reads on the most common form of in-person mobile payment.
  • Intrinsic Evidence for Interpretation:
    • Evidence for a Broader Interpretation: The abstract of the related ’859 Patent, which shares a specification, explicitly mentions "verifying that a NFC or Bluetooth protocol-based communication associated with the file corresponds with the credential" (’859 Patent, Abstract), suggesting the inventors contemplated wireless protocols beyond optical scanning.
    • Evidence for a Narrower Interpretation: The specification includes figures and descriptions that associate the verification process with scanning a "2D BC" (2-Dimensional Bar Code) (’859 Patent, Fig. 3, element 220). This could be used to argue that "scan" should be limited to the optical scanning methods explicitly detailed in the embodiments.

VI. Other Allegations

Indirect Infringement

The complaint alleges induced infringement against all four patents, stating that Visa provides technical documentation, application programming interfaces (APIs), and developer guides that instruct third parties (such as banks, merchants, and app developers) on how to implement and use the allegedly infringing Visa Token Service (Compl. ¶¶27, 50, 70, 93).

Willful Infringement

The complaint alleges willful infringement of the ’531 Patent. The basis for this allegation is pre-suit knowledge, stemming from alleged meetings and communications in 2013, 2016, and 2017 where Plaintiff allegedly informed Visa representatives about its technology and the ’531 patent specifically (Compl. ¶¶10-11, 101). For the other patents, the complaint alleges knowledge as of the date of service of the complaint in the action (e.g., Compl. ¶49).

VII. Analyst’s Conclusion: Key Questions for the Case

  • A core issue will be one of definitional scope: can the term "OVER file," which is described in the patent specification with potentially distinct structural elements, be construed broadly enough to encompass the industry-standard "payment token" generated by the Visa Token Service? The outcome of this claim construction dispute may be dispositive.
  • A key evidentiary question will be one of process mapping: does the complaint and subsequent discovery demonstrate that Visa's process for provisioning tokens to new user devices performs the specific sequence of invalidating the token on a prior device, as required by the life-cycle management claims of the ’854 patent?
  • A central question for damages will be one of knowledge and intent: what was the extent of Visa's knowledge of the ’531 patent following the alleged pre-suit meetings, and does its conduct in continuing to operate the Visa Token Service rise to the level of willful infringement?