DCT

1:25-cv-01382

Factor2 Multimedia Systems LLC v. Shore United Bank Na Inc

Log In
Key Events
Complaint
complaint

I. Executive Summary and Procedural Information

  • Parties & Counsel:
  • Case Identification: 1:25-cv-01382, D. Md., 04/30/2025
  • Venue Allegations: Plaintiff alleges venue is proper in the District of Maryland because Defendant maintains a regular and established place of business in the district and has committed acts of infringement there.
  • Core Dispute: Plaintiff alleges that Defendant’s online banking platform, which utilizes two-factor authentication, infringes six patents related to systems and methods for authenticating users via trusted authenticators.
  • Technical Context: The technology at issue involves multi-factor authentication, a method for enhancing computer network security by requiring users to provide more than one piece of evidence to verify their identity, which is a common practice in the online financial services industry.
  • Key Procedural History: The complaint does not mention any prior litigation involving the patents-in-suit, any post-grant proceedings before the U.S. Patent and Trademark Office, or any licensing history.

Case Timeline

Date Event
2001-08-29 Earliest Priority Date for '129, '938, '864, '453, '285, and '297 Patents
2012-10-02 U.S. Patent No. 8,281,129 Issues
2017-07-11 U.S. Patent No. 9,703,938 Issues
2017-07-19 U.S. Patent No. 9,727,864 Issues
2017-12-27 U.S. Patent No. 9,870,453 Issues
2018-09-25 U.S. Patent No. 10,083,285 Issues
2020-09-08 U.S. Patent No. 10,769,297 Issues
2025-04-30 Complaint Filed

II. Technology and Patent(s)-in-Suit Analysis

U.S. Patent No. 8,281,129 - “Direct Authentication System And Method Via Trusted Authenticators”

  • Patent Identification: U.S. Patent No. 8,281,129, titled “Direct Authentication System And Method Via Trusted Authenticators,” issued October 2, 2012 (’129 Patent).

The Invention Explained

  • Problem Addressed: The patent family addresses the problem of online fraud and identity theft, which occurs because conventional authentication methods rely on static, supposedly confidential information (such as a Social Security Number) that is easily compromised (’285 Patent, col. 1:44-56, col. 2:4-14).
  • The Patented Solution: The invention proposes a two-factor authentication method where a "business" relies on a separate "trusted authenticator" (e.g., a user's bank) to verify a user's identity. The method combines "something the individual knows" (a static key like a password) with "something the individual receives" (a dynamic, single-use code requested at the time of the transaction) to confirm the user's identity before the business completes a transaction (’285 Patent, col. 7:16-41; ’129 Patent, Fig. 2a).
  • Technical Importance: This approach seeks to provide a secure, real-time authentication solution for online interactions without forcing a user to share sensitive, static credentials with every entity, thereby centralizing trust with an institution the user already has a relationship with (’285 Patent, col. 5:50-62).

Key Claims at a Glance

  • The complaint asserts at least claims 1-52 and provides Claim 1 as an example of an asserted method claim (Compl. ¶¶20, 31).
  • The essential elements of independent claim 1 include:
    • Receiving a request for a dynamic code for an individual from the individual by a trusted-authenticator's computer.
    • Calculating the dynamic code, which is valid for a predefined time and becomes invalid after use.
    • Sending the dynamic code to the individual.
    • Receiving an authentication request from an entity, the request containing user information and the dynamic code.
    • Authenticating the individual's identity based on the user information and dynamic code.
    • Providing the result of the authentication to the entity.
  • The complaint does not explicitly reserve the right to assert dependent claims for this patent, but asserts a broad range of claims.

U.S. Patent No. 9,703,938 - “Direct Authentication System And Method Via Trusted Authenticators”

  • Patent Identification: U.S. Patent No. 9,703,938, titled “Direct Authentication System And Method Via Trusted Authenticators,” issued July 11, 2017 (’938 Patent).

The Invention Explained

  • Problem Addressed: As a continuation of the same patent family, the ’938 Patent addresses the same problem of securing online transactions and preventing identity theft that arises from reliance on static, compromisable user credentials (’938 Patent, col. 1:43-55).
  • The Patented Solution: The patent describes a similar two-factor authentication system involving a user, a computer system (or "entity"), and a trusted authenticator. The user provides a combination of static user information and a temporary, dynamic code to the computer system, which then verifies this "digital identity" with the trusted authenticator to complete an electronic transaction (’938 Patent, col. 7:15-40; Fig. 2a).
  • Technical Importance: The technology aims to enhance network security by replacing the exchange of vulnerable, reusable credentials with a time-sensitive, single-use authentication process mediated by an entity the user already trusts (’938 Patent, col. 5:45-61).

Key Claims at a Glance

  • The complaint asserts at least claims 1-26 (Compl. ¶35).
  • The essential elements of independent claim 1 include:
    • Receiving, at a trusted authentication system, an electronic request for a dynamic code for a user.
    • Generating the dynamic code, which is valid for a pre-determined time and becomes invalid after being used.
    • Providing the dynamic code to the user.
    • Receiving a request for authentication from a computer system based on a digital identity that includes user specific information and the dynamic code.
    • Authenticating the user based on the digital identity.
    • Providing the authentication result to the computer system.
  • The complaint does not explicitly reserve the right to assert dependent claims for this patent.

U.S. Patent No. 9,727,864 - “Centralized Identification and Authentication System and Method”

  • Patent Identification: U.S. Patent No. 9,727,864, titled “Centralized Identification and Authentication System and Method,” issued July 19, 2017.
  • Technology Synopsis: This patent describes a centralized system for user identification and authentication. A "Central-Entity" generates a dynamic, non-predictable "SecureCode" for a user, who then combines it with a "UserName" to create a "digital identity" for transactions with an "External-Entity," enhancing e-commerce security (’864 Patent, Abstract; col. 1:24-35).
  • Asserted Claims: At least claims 1-15 (Compl. ¶39).
  • Accused Features: The Shore United Bank online banking two-factor authentication system (Compl. ¶¶3, 11).

U.S. Patent No. 9,870,453 - “Direct Authentication System and Method Via Trusted Authenticators”

  • Patent Identification: U.S. Patent No. 9,870,453, titled “Direct Authentication System and Method Via Trusted Authenticators,” issued December 27, 2017.
  • Technology Synopsis: This patent, from the same family as the '129 and '938 patents, describes a two-factor authentication method using a trusted authenticator. The system validates a user's identity for a transaction with a business by verifying a combination of a static key and a time-sensitive dynamic code requested by the user (’453 Patent, Abstract).
  • Asserted Claims: At least claims 1-26 (Compl. ¶43).
  • Accused Features: The Shore United Bank online banking two-factor authentication system (Compl. ¶¶3, 11).

U.S. Patent No. 10,083,285 - “Direct Authentication System and Method Via Trusted Authenticators”

  • Patent Identification: U.S. Patent No. 10,083,285, titled “Direct Authentication System and Method Via Trusted Authenticators,” issued September 25, 2018.
  • Technology Synopsis: This patent also describes a two-factor authentication method where a trusted authenticator verifies a user's identity for a business. The process relies on confirming both a static credential known to the user and a dynamic code provided to the user for the specific transaction, thereby preventing fraud based on stolen static information (’285 Patent, Abstract; col. 7:16-41).
  • Asserted Claims: At least claims 1-30 (Compl. ¶47).
  • Accused Features: The Shore United Bank online banking two-factor authentication system (Compl. ¶¶3, 11).

U.S. Patent No. 10,769,297 - “Centralized Identification and Authentication System and Method”

  • Patent Identification: U.S. Patent No. 10,769,297, titled “Centralized Identification and Authentication System and Method,” issued September 8, 2020.
  • Technology Synopsis: This patent describes an authentication system where an online computer system generates a time-sensitive, single-use "SecureCode" for a user. The user's "digital identity," comprising the SecureCode, is then submitted for evaluation to complete an authenticated electronic communication, enhancing network security (’297 Patent, Claim 1).
  • Asserted Claims: At least claims 1-29 (Compl. ¶51).
  • Accused Features: The Shore United Bank online banking two-factor authentication system (Compl. ¶¶3, 11).

III. The Accused Instrumentality

Product Identification

  • The accused instrumentality is the "Shore United Bank System and Apparatus," which encompasses the defendant's online banking website, back-end systems, and authentication processes (Compl. ¶21).

Functionality and Market Context

  • The accused system provides online banking services to customers, who log in using an "Access ID" and "Passcode" (Compl. ¶26). A screenshot of the login portal is provided in the complaint (Compl. p. 8). To enhance security, the system offers two-factor authentication where, upon a login attempt, it generates and sends a "one-time code" via SMS to the user (Compl. ¶26). The user must then enter this code to successfully authenticate and gain access to their account. A screenshot from the defendant's website describes this "Two Factor Authentication" process, noting that users will be prompted "to enter a 6-digit authentication code generated by the VIP Access App" (Compl. p. 9).

IV. Analysis of Infringement Allegations

’129 Patent Infringement Allegations

Claim Element (from Independent Claim 1) Alleged Infringing Functionality Complaint Citation Patent Citation
receiving electronically a request for a dynamic code for the individual...from the individual by a trusted-authenticators computer After a user enters their initial credentials, the Shore United Bank system receives a request for a "SecureCode" to complete the two-factor authentication process. ¶26 col. 6:49-55
calculating by the trusted-authenticators computer the dynamic code...wherein the dynamic code is valid for a predefined time and becomes invalid after being used The Shore United Bank system generates a "one-time code" that is valid for only one use and for a short period of time. ¶26 col. 7:1-5
sending by the trusted-authenticator's computer electronically the dynamic code to the individual The system sends the generated code to the user via SMS (text) or other electronic methods. ¶26 col. 7:6-9
receiving by the trusted-authenticator's computer electronically an authentication request from the entity to authenticate the individual based on a user information and the dynamic code The system receives the user's login credentials along with the entered one-time code for final authentication. ¶26 col. 7:10-18
authenticating by the trusted-authenticator's computer an identity of the individual based on the user information and the dynamic code...wherein the result...is provided to the entity. The system validates that the entered one-time code is correct for the specific user and, if so, grants the user access to the online banking application. ¶26 col. 7:19-24

’938 Patent Infringement Allegations

Claim Element (from Independent Claim 1) Alleged Infringing Functionality Complaint Citation Patent Citation
receiving, at a computer of a trusted authentication system...an electronic request for a dynamic code for the user The Shore United Bank system receives a request for a "one-time code" after the user initiates the two-factor login process. ¶26 col. 13:5-9
generating...a dynamic code for the user in response to the request, wherein the dynamic code is valid for a pre-determined time, and becomes invalid after being used The system generates a single-use code that is valid for a limited time. ¶26 col. 13:10-14
providing by the computer of the trusted authentication system said generated valid dynamic code to the user The system sends the generated code to the user via SMS or other electronic communication methods. ¶26 col. 13:15-17
receiving electronically by the trusted authentication system a request for authenticating the user from the computer system based on a digital identity including user specific information and the dynamic code The system receives the user's login credentials ("Access ID") and the entered "one-time code" for authentication. ¶26 col. 13:18-24
the trusted authentication system authenticating the user...based on the digital identity The system authenticates the user by validating the entered code against the user's account information. ¶26 col. 13:25-29
the trusted authentication system providing a result of the authenticating to the computer system Upon successful validation, the system grants the user access to the online banking platform. ¶26 col. 13:30-33

Identified Points of Contention

  • Scope Questions: The patent specifications and figures for the '129 and '938 patents appear to describe a three-party system comprising an "individual," a "business," and a separate "trusted-authenticator" (’129 Patent, Fig. 2a). The complaint accuses a two-party interaction where a bank authenticates its own user for its own online service. This raises the question of whether the bank's system can simultaneously function as both the "entity"/"computer system" and the "trusted-authenticator" as those terms are used in the claims.
  • Technical Questions: The defendant's website references a "VIP Access App" for generating authentication codes (Compl. p. 9). This raises the evidentiary question of whether a third-party service (e.g., Symantec/Broadcom's VIP service) performs some of the claimed steps, such as generating or validating the code. If so, this could introduce issues of divided infringement, where the court would need to determine if the defendant directs or controls the performance of all claimed steps.

V. Key Claim Terms for Construction

The Term: "trusted-authenticator" / "trusted authentication system"

  • Context and Importance: This term is central to the architectural premise of the invention and the infringement theory. Its construction will determine whether the claims require a three-party system (with the authenticator being a separate entity from the business the user is transacting with) or if they can read on a two-party system where an entity authenticates its own users. Practitioners may focus on this term because the accused product involves a bank authenticating its own customer, whereas the patent figures depict the "business" and "trusted-authenticator" as distinct entities.
  • Intrinsic Evidence for Interpretation:
    • Evidence for a Broader Interpretation: The specification defines a trusted-authenticator as an entity that "already knows the individual, maintains information about that individual, and has established a trusted relationship with that individual," providing a bank as a "reasonable candidate" (’129 Patent, col. 7:48-55). This definition does not explicitly forbid the authenticator from being the same entity the user is accessing.
    • Evidence for a Narrower Interpretation: The figures consistently depict the "individual" (10), the "business" (20), and the "trusted-authenticator" (30) as three separate actors in the system architecture, suggesting they are not the same entity (’129 Patent, Fig. 1a, 1b, 2a, 2b). Embodiments describe a "creditor" (business) communicating with a "customer's bank" (trusted-authenticator) (’129 Patent, col. 8:56-62).

The Term: "dynamic code"

  • Context and Importance: The technical nature of the accused "one-time code" sent via SMS must meet the requirements of the claimed "dynamic code." The dispute may center on whether a simple, unencrypted SMS code possesses the technical characteristics required by the claims.
  • Intrinsic Evidence for Interpretation:
    • Evidence for a Broader Interpretation: The specification defines a "dynamic key" as a "key or information that is variable and is provided to the individual...at the time it is needed for authentication" (’129 Patent, col. 8:10-15). This general description could encompass a one-time SMS code.
    • Evidence for a Narrower Interpretation: The specification suggests additional security features, stating that "a dynamic key may have a non-repeating value, may be time dependent (valid for some period of time) and may be in an encrypted format" (’129 Patent, col. 8:18-22). A defendant may argue that these optional, but disclosed, features inform a narrower construction that requires more than a simple one-time use code.

VI. Other Allegations

Indirect Infringement

  • The complaint alleges inducement infringement based on Defendant providing instructions for operation (Compl. ¶23). This allegation may be supported by the screenshot of Defendant’s "Two Factor Authentication" webpage, which instructs users on how to enroll in and use the accused authentication feature (Compl. p. 9).

Willful Infringement

  • The complaint makes a conclusory allegation of willfulness in the prayer for relief (Prayer for Relief, ¶B), but does not plead specific facts suggesting Defendant had pre-suit knowledge of the patents-in-suit. Any willfulness claim would likely depend on conduct occurring after the filing of the complaint.

VII. Analyst’s Conclusion: Key Questions for the Case

  • A core issue will be one of architectural scope: can the claims, which appear to describe a three-party authentication framework (user, business, separate trusted authenticator), be construed to cover the accused two-party online banking login system where the bank authenticates its own user for access to its own service?
  • A key evidentiary question will be one of infringing acts: what is the precise technical implementation of the accused authentication system, particularly concerning the "VIP Access App" referenced in Defendant's materials? Determining which entity—the Defendant or a third-party vendor—performs each of the claimed method steps will be critical to the analysis of direct and divided infringement.