Greater Boston Authentication Solutions LLC v. Siemens PLM Software

I. Executive Summary and Procedural Information

• Parties & Counsel:
  • Plaintiff: Greater Boston Authentication Solutions, LLC (Massachusetts)
  • Defendant: Siemens PLM Software (Delaware)
  • Plaintiff’s Counsel: Prince Lobel Tye LLP
• Case Identification: 1:18-cv-10219, D. Mass., 02/02/2018
• Venue Allegations: Venue is asserted based on Defendant having a regular and established place of business in the District of Massachusetts and allegedly committing acts of infringement within the district.
• Core Dispute: Plaintiff alleges that Defendant’s software license management system infringes three patents related to the use of cryptographic authentication to authorize and control access to electronic data.
• Technical Context: The patents address the field of digital rights management (DRM), specifically systems that use cryptographic keys to prevent unauthorized software use and distribution.
• Key Procedural History: The three patents-in-suit belong to a single family. U.S. Patent No. 6,567,793 is a continuation-in-part of U.S. Patent No. 5,982,892. U.S. Patent No. 7,346,583 is a continuation of U.S. Patent No. 6,567,793. This shared specification and prosecution history may be relevant to claim construction across all three patents.

Case Timeline

II. Technology and Patent(s)-in-Suit Analysis

U.S. Patent No. 7,346,583 - “REMOTE AUTHORIZATION FOR UNLOCKING ELECTRONIC DATA SYSTEM AND METHOD”

• Patent Identification: U.S. Patent No. 7,346,583, “REMOTE AUTHORIZATION FOR UNLOCKING ELECTRONIC DATA SYSTEM AND METHOD,” issued March 18, 2008.

The Invention Explained

• Problem Addressed: The patent addresses the susceptibility of distributed software to unauthorized use, where an authorized user can easily share the software with unauthorized users. Prior art solutions using a single decryption key were inadequate because the key itself could be shared, and systems that generated unique keys for each user often failed to protect the software after its initial installation (’892 Patent, col. 1:11-26).
• The Patented Solution: The invention proposes a system where a software vendor creates "distributable software" by combining the application with a "verification key" (’892 Patent, col. 3:17-24). To unlock the software, a user provides identifying information to a "user-key generator," which cryptographically signs this information to produce a unique "user key." A "user key verifier" within the software then validates the user key against the identifying information each time the software is run, thereby providing persistent, post-installation protection (’892 Patent, Abstract; col. 3:11-20).
• Technical Importance: The invention describes a method for persistent, per-user software licensing enforcement using public-key cryptography, a more robust approach than simple one-time activation or universal decryption keys (’892 Patent, col. 4:26-35).

Key Claims at a Glance

• The complaint asserts independent claims 1, 10, 19, and 28, among others (Compl. ¶14).
• Independent Method Claim 1 includes the elements of:
  • generating, with a digital signature algorithm, a verification key;
  • combining software and the verification key to create distributable software;
  • inputting identifying information (which can include user-identifying info, licensing info, batch number, etc., or a hash thereof) to a user-key generator;
  • converting the identifying information to a numeric representation;
  • generating, using the numeric representation, a user key, with the digital signature algorithm;
  • conveying the user key to the user computer system; and
  • verifying, with the verification key, a relationship between the user key and the identifying information to determine an access level.
• The complaint reserves the right to assert additional claims (Compl. ¶16).

U.S. Patent No. 6,567,793 - “REMOTE AUTHORIZATION FOR UNLOCKING ELECTRONIC DATA SYSTEM AND METHOD”

• Patent Identification: U.S. Patent No. 6,567,793, “REMOTE AUTHORIZATION FOR UNLOCKING ELECTRONIC DATA SYSTEM AND METHOD,” issued May 20, 2003.

The Invention Explained

• Problem Addressed: As a continuation-in-part of the '892 Patent, this patent addresses the same fundamental problem of preventing unauthorized software distribution and use (’793 Patent, col. 1:14-29).
• The Patented Solution: The '793 Patent claims a similar cryptographic authorization system but focuses specifically on licensing for a "group of users" identified by "group-identifying information." This allows for licensing based on an organization's name or other shared identifier, rather than strictly individual user information (’793 Patent, col. 4:52-59). The underlying technical process of generating and verifying keys remains consistent with the parent patent.
• Technical Importance: This patent extends the core invention to enterprise or group licensing scenarios, a commercially significant application for software vendors (’793 Patent, col. 4:52-59).

Key Claims at a Glance

• The complaint asserts independent claims 1 and 8, among others (Compl. ¶21).
• Independent Method Claim 1 includes the elements of:
  • generating, with a digital signature algorithm, a verification key;
  • combining software and the verification key;
  • distributing the software to a user within a group of users;
  • inputting group-identifying information to a user-key generator;
  • converting the group-identifying information to a numeric representation;
  • generating a user key using the numeric representation and a digital signature algorithm;
  • conveying the user key to the user computer system; and
  • verifying the relationship between the user key and the group-identifying information.
• The complaint reserves the right to assert additional claims (Compl. ¶23).

Multi-Patent Capsule: U.S. Patent No. 5,982,892 - “SYSTEM AND METHOD FOR REMOTE AUTHORIZATION FOR UNLOCKING ELECTRONIC DATA”

• Patent Identification: U.S. Patent No. 5,982,892, “SYSTEM AND METHOD FOR REMOTE AUTHORIZATION FOR UNLOCKING ELECTRONIC DATA,” issued November 9, 1999.
• Technology Synopsis: As the parent patent in the family, the ’892 Patent discloses the foundational system for controlling unauthorized software access. It describes a method where a vendor distributes software bundled with a verification key. A user obtains a unique, cryptographically generated user key based on their specific identifying information, which is then validated at run-time to control the software’s mode of execution (’892 Patent, Abstract).
• Asserted Claims: The complaint asserts independent claims 1 and 8, among others (Compl. ¶28).
• Accused Features: The complaint accuses Siemens' Product Activation and Licensing software of infringing by performing the claimed method of generating keys, combining them with software, and verifying a user key against user-identifying information to determine an access level (Compl. ¶28).

III. The Accused Instrumentality

Product Identification

• Siemens Product Activation and Licensing software (Compl. ¶4).

Functionality and Market Context

• The complaint alleges the accused instrumentality is a network-based license management system that uses a license server to process license requests from client applications (Compl. ¶11).
• The system utilizes a text-based "License File (splm.lic)" that stores site-specific licensing data, including "Server Names," "Host Identifiers," and "INCREMENT / FEATURE Information" (Compl. ¶12).
• A table included in the complaint, sourced from Defendant's website, describes the parameters of the license file. This visual evidence describes a SIGN="nnnn ... nnnn" parameter as "A hexadecimal number that 'authenticates' the readable license file text, ensuring that the license text has not been modified" (Compl. ¶13, p. 4).
• The complaint alleges that this system is used with Siemens' software products, but provides no further detail on the products' market context (Compl. ¶4).

IV. Analysis of Infringement Allegations

'583 Patent Infringement Allegations

• Identified Points of Contention:
  • Architectural Questions: A primary issue will be whether the architecture of the accused Siemens system, with its license server and .lic file, can be mapped to the patent's claimed architecture of a "product key generator" and "user-key generator." The complaint alleges these components exist but provides limited factual support for their structure or operation.
  • Technical Questions: The complaint alleges the SIGN field is generated with a "digital signature algorithm." However, the provided evidence merely states it "authenticates" the license file. A key factual dispute will be whether this authentication process meets the technical requirements of a "digital signature algorithm" as understood in the art and defined by the patent, or if it is a simpler, non-infringing mechanism like a checksum or basic hash.

'793 Patent Infringement Allegations

• Identified Points of Contention:
  • Scope Questions: The central issue for this patent will be one of claim scope: does an identifier for a machine, such as a "Server Name" or "Host Identifier," constitute "group-identifying information" as required by the claims? The patent describes this term in the context of an "organization's name" (’793 Patent, col. 4:53-54), raising the question of whether an identifier for a single piece of hardware meets that definition.

V. Key Claim Terms for Construction

For the '583 and '793 Patents

• The Term: "digital signature algorithm"
• Context and Importance: This term is a core technical limitation in the independent claims of all asserted patents. Infringement will depend heavily on whether the SIGN field's "authentication" function in the accused product is performed by what can be legally construed as a "digital signature algorithm." Practitioners may focus on this term because the complaint's evidentiary support for this element is inferential.
• Intrinsic Evidence for Interpretation:
  • Evidence for a Broader Interpretation: The patent’s summary of the invention broadly frames the invention around "the use of digital signatures to generate user keys" without limitation to a specific type, suggesting the general concept is central (’892 Patent, col. 2:45-48).
  • Evidence for a Narrower Interpretation: The detailed description explicitly discloses specific public-key cryptographic algorithms, namely the Digital Signature Algorithm (DSA) and RSA, as embodiments of the invention (’892 Patent, col. 5:30-45; col. 9:5-14). A party could argue the term should be construed to require the features of such public/private key systems, and not a simpler authentication method.

For the '793 Patent

• The Term: "group-identifying information"
• Context and Importance: This term distinguishes the '793 Patent claims from its parent patent. Proving infringement of the '793 Patent requires Plaintiff to show that the accused system uses information that falls within this definition.
• Intrinsic Evidence for Interpretation:
  • Evidence for a Broader Interpretation: The specification provides a flexible, functional description: "Group-identifying information is for a group of users. The group-identifying information may be chosen to be an organization's name, and the group of users belong to that organization" (’793 Patent, col. 4:52-55). This could support an argument that any identifier used for a multi-user license (like a server name) qualifies.
  • Evidence for a Narrower Interpretation: The context implies an identifier for a group of people ("users") who belong to an "organization." A party might argue that an identifier for a single server machine does not identify a "group of users" in the manner contemplated by the patent, which distinguishes it from "user-identifying information" for a single person.

VI. Other Allegations

The complaint does not provide sufficient detail for analysis of indirect or willful infringement.

VII. Analyst’s Conclusion: Key Questions for the Case

1. Architectural Mapping: A core issue will be whether the components of the accused Siemens licensing system—a license server and a .lic file—can be mapped onto the patent's claimed architecture of distinct "product key" and "user-key" generators. The outcome may depend on how abstractly these functional claim terms are construed.
2. Technical Functionality: A key evidentiary question will be one of functional equivalence: does the accused product’s SIGN field, described as performing "authentication," operate using a "digital signature algorithm" as required by the claims? Or does it use a technically distinct, non-infringing method for ensuring license file integrity?
3. Definitional Scope: The viability of the claims from the '793 patent will likely turn on a question of definitional scope: can machine-specific data like "Server Names" or "Host Identifiers" be construed to be "group-identifying information," a term the patent specification associates with an "organization's name"?