Factor2 Multimedia Systems LLC v. First United Bank & Trust Inc

I. Executive Summary and Procedural Information

• Parties & Counsel:
  • Plaintiff: Factor 2 Multimedia Systems, LLC (Virginia)
  • Defendant: First United Bank & Trust, Inc. (Maryland)
  • Plaintiff’s Counsel: DNL Zito
• Case Identification: 1:25-cv-02166, D. Md., 08/18/2025
• Venue Allegations: Plaintiff alleges venue is proper in the District of Maryland because Defendant maintains a regular and established place of business in the district and has committed alleged acts of infringement there.
• Core Dispute: Plaintiff alleges that Defendant’s online, mobile, and text banking authentication systems infringe six patents related to systems and methods for secure user authentication.
• Technical Context: The technology concerns multi-factor authentication methods designed to enhance security for online transactions and access, a critical function in digital banking and e-commerce.
• Key Procedural History: The complaint notes that all six patents-in-suit are members of the same patent family, suggesting a shared technical disclosure and prosecution history. No other procedural events are mentioned.

Case Timeline

Date	Event
2001-08-29	Earliest Priority Date for all Patents-in-Suit
2012-10-02	U.S. Patent No. 8,281,129 Issued
2017-07-11	U.S. Patent No. 9,703,938 Issued
2017-07-19	U.S. Patent No. 9,727,864 Issued
2017-12-27	U.S. Patent No. 9,870,453 Issued
2018-09-25	U.S. Patent No. 10,083,285 Issued
2020-08-19	U.S. Patent No. 10,769,297 Issued
2025-08-18	Complaint Filed

II. Technology and Patent(s)-in-Suit Analysis

U.S. Patent No. 10,769,297 - “Centralized Identification and Authentication System and Method,” issued August 19, 2020

The Invention Explained

• Problem Addressed: The patent describes the problem of users needing to release confidential personal and financial information to multiple businesses to engage in e-commerce, which is described as "unsafe" and does not provide foolproof identity verification (’297 Patent, col. 2:40-47).
• The Patented Solution: The invention proposes a system with a "Central-Entity" that securely stores user information and generates a "dynamic, non-predictable and time dependent SecureCode" upon the user's request (’297 Patent, col. 2:24-28, 48-52). The user then provides this SecureCode along with their username (collectively, a "digital identity") to a third-party "External-Entity" (e.g., a merchant), which forwards the digital identity to the Central-Entity for validation to complete the authentication process (’297 Patent, Abstract; Fig. 2).
• Technical Importance: This architecture centralizes the storage of sensitive user data with one trusted entity and uses temporary, one-time codes for transactions, which is intended to reduce the risk of widespread data compromise if individual merchants are breached (’297 Patent, col. 3:1-10).

Key Claims at a Glance

• The complaint asserts independent Claim 1, which the complaint singles out as representative (Compl. ¶20, ¶68).
• Essential elements of Claim 1 include:
  • An authentication system comprising computing devices configured to perform operations.
  • Receiving a request for a "SecureCode."
  • Generating the "SecureCode."
  • Providing the "SecureCode" to the user, where the code is invalid after a predetermined time, invalid after one use, and valid only for authenticating that user.
  • Receiving a "digital authentication request" that includes a "digital identity" of the user, which in turn includes the "SecureCode."
  • Authenticating the user by "evaluating a validity of the SecureCode" included in the request.
• The complaint asserts claims 1-29, implicitly reserving the right to assert dependent claims (Compl. ¶68).

U.S. Patent No. 8,281,129 - “Direct Authentication System And Method Via Trusted Authenticators,” issued October 2, 2012

The Invention Explained

• Problem Addressed: The patent identifies the foundational problem of identity theft as stemming from flawed authentication processes that rely on supposedly "secret" personal information (like a Social Security Number) that is, in reality, often accessible to thieves (’129 Patent, col. 2:1-6).
• The Patented Solution: The invention describes a "two-factor" authentication method that leverages an existing "trusted-authenticator," such as a bank where the user is already a customer (’129 Patent, col. 3:45-51). The method involves combining "Something the individual knows" (a static key) with "Something the individual receives" (a dynamic key or "SecureCode" from the trusted-authenticator). A third-party entity receives both keys from the user and forwards them to the trusted-authenticator for verification (’129 Patent, col. 6:46-51; Fig. 2a).
• Technical Importance: The system is designed to provide strong, two-factor authentication for transactions with unknown third parties by leveraging pre-existing trust relationships (e.g., between a user and their bank), thereby avoiding the need to create new, large-scale identity databases (’129 Patent, col. 4:1-12).

Key Claims at a Glance

• The complaint asserts independent Claim 1, which it identifies as representative of the family's method claims (Compl. ¶21, ¶43).
• Essential elements of Claim 1 include:
  • A computer-implemented method performed by a "trusted-authenticator's computer."
  • Receiving a request from an individual for a "dynamic code."
  • Calculating the dynamic code, which is valid for a predefined time and becomes invalid after use.
  • Sending the dynamic code to the individual.
  • Receiving an "authentication request from the entity" that includes user information and the dynamic code.
  • Authenticating the individual's identity based on the user information and the dynamic code, and providing the result to the entity.
• The complaint asserts claims 1-52, implicitly reserving the right to assert dependent claims (Compl. ¶43).

Multi-Patent Capsules

U.S. Patent No. 9,703,938 - “Direct Authentication System and Method Via Trusted Authenticators,” issued July 11, 2017

• Technology Synopsis: This patent addresses identity theft with a two-factor authentication system. It describes a method where a "trusted-authenticator" (such as a bank) verifies a user's identity for a transaction with a third party by validating both a user's static information and a temporary "dynamic code" that the user requests for that specific transaction (’938 Patent, Abstract).
• Asserted Claims: 1-26 (Compl. ¶48).
• Accused Features: The accused instrumentality is Defendant's overall banking apparatus, which allegedly uses an infringing authentication method (Compl. ¶3, ¶12).

U.S. Patent No. 9,727,864 - “Centralized Identification and Authentication System and Method,” issued July 19, 2017

• Technology Synopsis: This patent discloses a centralized authentication system to enhance e-commerce security. A "Central-Entity" creates and manages a "digital identity" for a user, which includes a dynamic, time-sensitive "SecureCode" that the user provides to external entities for authentication, with the Central-Entity performing the ultimate verification (’864 Patent, Abstract).
• Asserted Claims: 1-15 (Compl. ¶53).
• Accused Features: The complaint accuses Defendant’s banking apparatus, including its system for authenticating users for online and mobile services (Compl. ¶3, ¶12).

U.S. Patent No. 9,870,453 - “Direct Authentication System and Method Via Trusted Authenticators,” issued December 27, 2017

• Technology Synopsis: The patent describes a two-factor authentication method aimed at preventing identity theft by using a "trusted authenticator." The system requires a user to provide a combination of a static identifier and a time-limited "dynamic code" obtained from their trusted authenticator, which a third-party business then verifies to confirm the user's identity (’453 Patent, Abstract).
• Asserted Claims: 1-26 (Compl. ¶58).
• Accused Features: The infringement allegations are directed at Defendant’s banking apparatus and its methods for authenticating users (Compl. ¶3, ¶12).

U.S. Patent No. 10,083,285 - “Direct Authentication System and Method Via Trusted Authenticators,” issued September 25, 2018

• Technology Synopsis: This patent aims to improve online security through a two-factor authentication system involving a "trusted-authenticator." A user provides a business with a static key (something they know) and a dynamic key (a temporary code received from the authenticator), and the business confirms the validity of both with the user's trusted authenticator to verify the transaction (’285 Patent, Abstract).
• Asserted Claims: 1-30 (Compl. ¶63).
• Accused Features: The complaint targets Defendant's banking apparatus, which is alleged to employ an infringing authentication system (Compl. ¶3, ¶12).

III. The Accused Instrumentality

Product Identification

• The accused instrumentality is the "First United Bank System and Apparatus," which the complaint defines as including Defendant’s internet website, back-end systems, and the infrastructure providing mobile and text banking services (Compl. ¶3, ¶22).

Functionality and Market Context

• The complaint alleges the accused system provides mobile and text banking services that use an authentication process involving a one-time code (Compl. ¶27, ¶28). Specifically, when a user registers a mobile phone or uses the "Text Banking feature," the system requires sending an "activation code" via SMS text message to the user (Compl. ¶28). The complaint provides a screenshot of a "Text Banking" informational page which instructs users on how to request an "activation code for reactivation of the Mobile Web" by texting a command (Compl. p. 12). The user is then prompted to enter this code to complete the authentication or registration process (Compl. ¶28).

IV. Analysis of Infringement Allegations

The complaint provides a detailed, element-by-element infringement analysis only for Claim 1 of the ’297 Patent. The complaint does not provide a similar detailed analysis for the ’129 Patent.

’297 Patent Infringement Allegations

Claim Element (from Independent Claim 1)	Alleged Infringing Functionality	Complaint Citation	Patent Citation
An authentication system for enhancing computer network security...	Defendant's system provides mobile and text banking services that users log into to access their accounts. A screenshot depicts the "Sign in to My Bank Online" page (Compl. p. 8).	¶27	col. 6:44-48
...electronically receiving a request for a SecureCode;	When a user registers for text banking or clicks "Login," the system allegedly receives a request for a SecureCode, which it calls an "activation code."	¶28	col. 6:49-52
generating the Secure code;	The system generates a SecureCode, which Defendant refers to as an "Activation Code."	¶29	col. 6:53-54
...electronically providing to the user the SecureCode...	The system sends the SecureCode to the user via text or email after the user initiates the mobile phone registration or text banking process.	¶30	col. 6:55-58
...the SecureCode is invalid after a predetermined time passes,	The system allegedly rejects the SecureCode if it is not used within a predetermined time, prompting the user with an error message.	¶31	col. 6:62-63
...the SecureCode is invalid after one use of the SecureCode for authentication...	The system allegedly renders the SecureCode invalid after a single use, prompting an error message on subsequent attempts.	¶32	col. 6:64-66
...the SecureCode is only valid for authenticating the user;	The SecureCode is allegedly generated for a particular user, and a code for a different user will not result in a successful login.	¶33	col. 6:66-67
...receiving...a digital authentication request for authenticating the user...	The system receives the user's username and the SecureCode as part of the authentication process.	¶34	col. 7:1-4
...the digital authentication request comprises a digital identity of the user, andthe digital identity includes the SecureCode; and	The authentication request allegedly includes the user's username and the SecureCode, which together form the user's digital identity.	¶35, ¶36	col. 7:5-8
...authenticating the user by evaluating a validity of the SecureCode included in the digital authentication request.	The system allegedly receives the user's digital identity (username and SecureCode) and validates the login if the SecureCode is valid for that username.	¶37	col. 7:9-13

Identified Points of Contention

• Scope Questions: The complaint's infringement theory centers on an "activation code" used for "mobile phone registration" or "reactivation of the Mobile Web" (Compl. ¶28, p. 9). This raises the question of whether a code used for a one-time service setup or re-enrollment meets the claim limitations of a "SecureCode" or "dynamic code" used for authenticating a user during an "electronic transaction" or communication, as the patents' specifications appear to emphasize (’129 Patent, Abstract; ’297 Patent, col. 4:8-12).
• Technical Questions: Claim 1 of the ’297 Patent requires authenticating the user by evaluating a SecureCode "included in the digital authentication request." The complaint alleges the user's username and the SecureCode are sent to the system (Compl. ¶35, ¶36). A point of contention may be whether the accused system receives and evaluates the username and the code together as a single "digital identity" in one request, or if these are separate steps in a broader login workflow that do not map to the specific sequence required by the claim.
• Architectural Questions: Claim 1 of the ’129 Patent recites steps performed by a "trusted-authenticator's computer" which receives an "authentication request from the entity." This language suggests a three-party architecture (user, entity/business, authenticator). This raises the question of how these distinct roles apply in a two-party scenario where a bank ("entity") is authenticating its own user on its own system, which may also be acting as the "trusted-authenticator."

V. Key Claim Terms for Construction

The Term: "SecureCode" (’297 Patent) / "dynamic code" (’129 Patent)

• Context and Importance: The plaintiff’s infringement case depends on construing the defendant's "activation code" as meeting this claim term. The dispute will likely focus on the context and purpose of the code's use.
• Intrinsic Evidence for a Broader Interpretation: The ’297 Patent defines "SecureCode" broadly as "any dynamic, non-predictable and time dependent alphanumeric code, secret code, PIN or other code" used "as part of a digital identity to identify a user as an authorized user" (’297 Patent, col. 2:48-52).
• Intrinsic Evidence for a Narrower Interpretation: The specifications of both patent families consistently describe the code's use in the context of authenticating a user to "purchase desired goods or services" or "get access to the restricted web sites" (’297 Patent, col. 2:44-47). A defendant may argue this context limits the term to transactional or session-based authentication, not one-time device registration.

The Term: "authenticating the user" (’297 Patent) / "authenticate an individual" (’129 Patent)

• Context and Importance: Whether the accused system's use of an "activation code" constitutes "authenticating the user" in the claimed sense is a central issue. Practitioners may focus on this term because its definition could differentiate between a one-time device verification and the ongoing, transactional identity verification described in the patents.
• Intrinsic Evidence for a Broader Interpretation: The term itself is general and could be interpreted to cover any process that verifies a user's identity.
• Intrinsic Evidence for a Narrower Interpretation: The specifications consistently link the authentication process to an "electronic transaction" (’129 Patent, Claim 1) or an "electronic communication" to access information or services (’297 Patent, Claim 1). This may support a narrower construction tied to a specific user-initiated session or transaction.

VI. Other Allegations

• Indirect Infringement: The complaint makes conclusory allegations of induced and contributory infringement (Compl. ¶3). However, it does not provide specific facts to support the requisite knowledge and intent for these claims, such as referencing user manuals or specific instructions that direct infringement.
• Willful Infringement: Willfulness is alleged for all six patents-in-suit (Compl. ¶46, 51, 56, 61, 66, 71). The complaint does not plead any specific facts suggesting Defendant had pre-suit knowledge of the patents, which is typically a predicate for such a claim.

VII. Analyst’s Conclusion: Key Questions for the Case

• A core issue will be one of definitional scope: can the term "SecureCode" or "dynamic code," described in the patents as a tool for authenticating transactions, be construed to cover the accused "activation code," which the complaint shows is used for service registration and reactivation?
• A key legal question will be one of architectural applicability: do claims that describe a three-party system—where an "entity" requests verification from a "trusted-authenticator"—apply to a two-party scenario where a bank authenticates its own user on its own platform, or does this represent a fundamental mismatch with the claimed invention?
• A central evidentiary question will be one of technical implementation: what evidence will be presented to show that the accused system's workflow for handling a username and an "activation code" meets the specific sequence of receiving and evaluating a unified "digital identity" as recited in the asserted claims?