DCT

8:25-cv-01431

Factor2 Multimedia Systems LLC v. Tower Federal Credit Union

Log In
Key Events
Complaint
complaint

I. Executive Summary and Procedural Information

  • Parties & Counsel:
  • Case Identification: 8:25-cv-01431, D. Md., 05/04/2025
  • Venue Allegations: Plaintiff alleges venue is proper because Defendant is a Maryland corporation that maintains a regular and established place of business in the district and has committed the alleged acts of infringement there.
  • Core Dispute: Plaintiff alleges that Defendant’s online banking platform and its associated user authentication process infringe six patents related to systems and methods for multi-factor authentication.
  • Technical Context: The technology at issue addresses methods for securely authenticating users in online environments, a critical function for protecting sensitive information in digital banking and e-commerce.
  • Key Procedural History: The complaint does not mention any prior litigation, Inter Partes Review (IPR) proceedings, or licensing history related to the patents-in-suit.

Case Timeline

Date Event
2004-10-05 Earliest Priority Date ('864, '297 Patents)
2005-02-07 Earliest Priority Date ('129, '938, '453, '285 Patents)
2012-10-02 U.S. Patent No. 8,281,129 Issues
2017-07-11 U.S. Patent No. 9,703,938 Issues
2017-08-08 U.S. Patent No. 9,727,864 Issues
2017-12-27 U.S. Patent No. 9,870,453 Issues
2018-09-25 U.S. Patent No. 10,083,285 Issues
2020-09-08 U.S. Patent No. 10,769,297 Issues
2025-05-04 Complaint Filed

II. Technology and Patent(s)-in-Suit Analysis

U.S. Patent No. 8,281,129 - Direct Authentication System and Method Via Trusted Authenticators

Issued October 2, 2012

The Invention Explained

  • Problem Addressed: The patent addresses the widespread problem of online fraud and identity theft, which stems from the reliance on authenticating users based on static personal information (like a Social Security Number) that can be easily stolen and misused (’129 Patent, col. 1:22-48). Existing authentication methods are described as flawed because they depend on keeping personal information secret, an increasingly difficult task (’129 Patent, col. 2:35-43).
  • The Patented Solution: The invention proposes a "two-factor authentication" method where a user's identity is verified by a "trusted-authenticator" (e.g., a bank). To complete a transaction with a business, the user requests a temporary, dynamic key (a "SecureCode") from their trusted-authenticator. The user then provides both a static key (like a password) and the new dynamic key to the business, which forwards them to the trusted-authenticator for verification (’129 Patent, col. 5:10-6:21). This process is designed to ensure that even if static credentials are stolen, they are insufficient for authentication without the time-sensitive dynamic key (’129 Patent, Abstract).
  • Technical Importance: This approach sought to decentralize authentication security, leveraging existing trusted relationships (like those with financial institutions) to verify identities for a wide range of other entities.

Key Claims at a Glance

  • The complaint asserts independent claim 1, among others (Compl. ¶¶20, 31).
  • The essential elements of Claim 1, a computer-implemented method, include:
    • Receiving electronically a request for a dynamic code for an individual from that individual by a trusted-authenticator's computer.
    • Calculating by the trusted-authenticator's computer the dynamic code, which is valid for a predefined time and becomes invalid after use.
    • Sending the dynamic code electronically from the trusted-authenticator's computer to the individual.
    • Receiving by the trusted-authenticator's computer an authentication request from an entity, the request including user information and the dynamic code.
    • Authenticating by the trusted-authenticator's computer the individual's identity based on the user information and the dynamic code, and providing the result to the entity.
  • The complaint asserts claims 1-52, which includes dependent claims (Compl. ¶31).

U.S. Patent No. 10,769,297 - Centralized Identification and Authentication System and Method

Issued September 8, 2020

The Invention Explained

  • Problem Addressed: The patent identifies a need for a secure and scalable authentication system for e-commerce that does not require users to distribute their personal and financial information to multiple businesses, thereby reducing privacy and security risks (’297 Patent, col. 1:40-51). The background notes that traditional identification is "not only unsafe but also it is not fool proof that the user is really the person he says he is" (’297 Patent, col. 1:49-51).
  • The Patented Solution: The invention describes a centralized system where a "Central-Entity" (e.g., a bank) manages a user's identity. To access a service from an "External-Entity" (e.g., a merchant), the user requests a "dynamic, non-predictable and time dependent SecureCode" from the Central-Entity. The user presents this SecureCode along with their username to the External-Entity, which then forwards this "digital identity" to the Central-Entity for validation (’297 Patent, col. 3:1-37, Fig. 2). The Central-Entity confirms or denies the user's identity, allowing the transaction to proceed without the External-Entity ever handling the user's underlying personal information (’297 Patent, col. 5:44-60).
  • Technical Importance: This architecture aimed to provide a universal digital identity that enhances security and privacy by creating a single, trusted point of authentication for various online interactions.

Key Claims at a Glance

  • The complaint asserts independent claim 1, among others (Compl. ¶¶19, 51).
  • The essential elements of Claim 1, an authentication system, include:
    • An online computer system electronically receiving a request for a SecureCode while connected to a user's computing device.
    • Generating the SecureCode.
    • Electronically providing the SecureCode to the user, where the code is invalid after a predetermined time, after one use, and is valid only for that user.
    • Receiving a digital authentication request which comprises a digital identity of the user, where the digital identity includes the SecureCode.
    • Authenticating the user by evaluating the validity of the SecureCode included in the request.
  • The complaint asserts claims 1-29, which includes dependent claims (Compl. ¶51).

Multi-Patent Capsule: U.S. Patent No. 9,703,938

  • Patent Identification: 9703938, Direct Authentication System and Method Via Trusted Authenticators, issued July 11, 2017.
  • Technology Synopsis: This patent is a continuation of the '129 Patent and similarly describes a method for enhancing network security by authenticating a user via a trusted-authenticator that generates and validates a dynamic code during an electronic transaction.
  • Asserted Claims: Claims 1-26 (Compl. ¶35).
  • Accused Features: The accused features are Defendant's online banking authentication processes, as described in Section III (Compl. ¶3).

Multi-Patent Capsule: U.S. Patent No. 9,727,864

  • Patent Identification: 9727864, Centralized Identification and Authentication System and Method, issued August 8, 2017.
  • Technology Synopsis: This patent is a continuation of the '297 Patent family and similarly describes an authentication computer system that enhances security by generating and validating digital codes for users during electronic transactions with third-party systems.
  • Asserted Claims: Claims 1-15 (Compl. ¶39).
  • Accused Features: The accused features are Defendant's online banking authentication processes, as described in Section III (Compl. ¶3).

Multi-Patent Capsule: U.S. Patent No. 9,870,453

  • Patent Identification: 9870453, Direct Authentication System and Method Via Trusted Authenticators, issued December 27, 2017.
  • Technology Synopsis: This patent is part of the '129 Patent family and also claims methods for user authentication involving a trusted authenticator that provides a dynamic code to a user for verification by an entity during a transaction.
  • Asserted Claims: Claims 1-26 (Compl. ¶43).
  • Accused Features: The accused features are Defendant's online banking authentication processes, as described in Section III (Compl. ¶3).

Multi-Patent Capsule: U.S. Patent No. 10,083,285

  • Patent Identification: 10083285, Direct Authentication System and Method Via Trusted Authenticators, issued September 25, 2018.
  • Technology Synopsis: This patent is also part of the '129 Patent family and claims systems for enhancing authentication by receiving user information and a dynamic code, which is validated by a trusted authenticator to confirm a user's identity.
  • Asserted Claims: Claims 1-30 (Compl. ¶47).
  • Accused Features: The accused features are Defendant's online banking authentication processes, as described in Section III (Compl. ¶3).

III. The Accused Instrumentality

Product Identification

  • The accused instrumentality is the "TFCU System and Apparatus," which the complaint defines as including TFCU's internet website, back-end systems, and the backbone infrastructure that provides access and authenticates users (Compl. ¶21).

Functionality and Market Context

  • The complaint alleges that TFCU operates a financial institution that provides services to users through an online banking website (Compl. ¶26). To access these services, users must log in through an authentication system. This system is alleged to employ two-factor (or multi-factor) authentication, where after entering a username and password, a user is prompted to enter a "SecureCode" (referred to by TFCU as a "one-time code") (Compl. ¶26, p. 9). The complaint provides a screenshot showing TFCU's initial online banking login page where users enter a username and password (Compl. p. 8). This code is allegedly generated by TFCU's online computer system and sent to the user via SMS text or generated via a mobile authenticator application, which the user sets up by scanning a QR code (Compl. ¶26, pp. 9-10). The complaint alleges this authentication process is required for users to access their accounts and TFCU's services (Compl. ¶26).

IV. Analysis of Infringement Allegations

'297 Patent Infringement Allegations

Claim Element (from Independent Claim 1) Alleged Infringing Functionality Complaint Citation Patent Citation
An authentication system for enhancing computer network security by authenticating a user in an electronic communication between a computing device of the user and an online computer system... TFCU provides services through a website where users can log into their accounts. ¶26 col. 3:1-16
while the online computer system is connected to the computing device of the user...electronically receiving a request for a SecureCode; When a user attempts to sign in with two-factor authentication, the TFCU system receives a request for a "SecureCode" (a "one-time code"). ¶26 col. 5:21-30
generating the SecureCode; The TFCU online computer system generates the SecureCode. The complaint provides a screenshot of a mobile authenticator app generating such codes after setup (Compl. p. 10). ¶26 col. 5:31-34
...electronically providing to the user the SecureCode in response to the request... TFCU sends the SecureCode to the user via text, email, or an authenticator app after the user initiates the login process. ¶26 col. 5:35-41
wherein: the SecureCode is invalid after a predetermined time passes, The TFCU website allegedly rejects a SecureCode if it is not used within a predetermined time, advising users that the code is "only be active for a short period of time." The complaint includes a screenshot of an authenticator app with a time-sensitive, refreshing code (Compl. p. 11). ¶26 col. 6:20-22
the SecureCode is invalid after one use of the SecureCode for authentication... TFCU's "one-time code" is allegedly valid for only one use, and an error message is prompted if a user attempts to use a code that has already been used. ¶26 col. 6:23-25
the SecureCode is only valid for authenticating the user; and The SecureCode is allegedly generated for the particular user attempting to log in and does not work for a different user. ¶26 col. 6:26-27
...receiving from the online computer system a digital authentication request for authenticating the user, wherein: the digital authentication request comprises a digital identity of the user, and the digital identity includes the SecureCode; TFCU's system allegedly receives a digital identity that includes the user's username and the SecureCode when the user submits them for login. ¶26 col. 6:49-55
...authenticating the user by evaluating a validity of the SecureCode included in the digital authentication request. The TFCU authentication system receives the digital identity (username and SecureCode) and validates the login if the SecureCode is valid for that particular username. ¶26 col. 6:56-61

Identified Points of Contention

  • Architectural Questions: The '297 Patent describes a system architecture involving a "user," an "External-Entity" (like a merchant), and a "Central-Entity" (like a bank) that provides the authentication service (’297 Patent, col. 2:24-38). The complaint's allegations map TFCU's system to the "online computer system" that both provides the primary service (banking) and performs the authentication. A potential point of contention is whether this two-party user-TFCU arrangement meets the limitations of a claim that may be construed to require a three-party architecture where the service provider and the authenticating entity are distinct.
  • Scope Questions: The infringement analysis may raise the question of whether TFCU, as a single entity, can simultaneously embody both the "online computer system" with which the user communicates and the system that "generat[es]" and "authenticat[es]" the SecureCode as distinct claim elements.

'129 Patent Infringement Allegations

The complaint does not provide a detailed narrative or claim chart mapping elements of the '129 Patent to the accused instrumentality. It alleges generally that the accused TFCU software, hardware and authentication process infringes claims 1-52 of the patent (Compl. ¶3, 31).

Identified Points of Contention

  • Scope Questions: Based on the language of claim 1 of the '129 Patent, a central issue may be whether TFCU's integrated system can be considered a "trusted-authenticator's computer" that is authenticating an individual for an "entity." The patent's specification often describes the "trusted authenticator" as a distinct third party verifying a user's identity for another business (’129 Patent, col. 4:41-52; Fig. 1a). The analysis may question whether the claim language reads on a two-party scenario where the "entity" and the "trusted-authenticator" are the same.

V. Key Claim Terms for Construction

  • The Term: "trusted-authenticators computer" (from '129 Patent, Claim 1)

    • Context and Importance: This term is the central component of the claimed method in the ’129 Patent. Its definition is critical because the infringement theory requires mapping TFCU's own authentication servers to this element. Practitioners may focus on whether this term requires the authenticating computer to belong to an entity separate from the one with which the user is transacting.
    • Intrinsic Evidence for Interpretation:
      • Evidence for a Broader Interpretation: The claims do not explicitly state that the "trusted-authenticator's computer" and the "entity" must be separate legal or corporate entities. A party could argue that any computer performing the claimed authentication functions meets the definition.
      • Evidence for a Narrower Interpretation: The specification describes the trusted-authenticator as an entity with which the individual has a pre-existing trusted relationship, such as a bank, which is then leveraged to authenticate the individual for another "business" (’129 Patent, col. 7:51-57). The patent's figures also depict the "Trusted-Authenticator," "Individual," and "Business" as three distinct nodes in the system (’129 Patent, Fig. 1a).

  • The Term: "online computer system" (from '297 Patent, Claim 1)

    • Context and Importance: Claim 1 of the '297 Patent recites an "authentication system" that facilitates communication between a user's device and an "online computer system." The construction of this term is important for determining if the accused TFCU platform embodies the claimed system architecture.
    • Intrinsic Evidence for Interpretation:
      • Evidence for a Broader Interpretation: The term itself is general and could be argued to encompass any server system accessible over a network that interacts with a user. The claim recites an "online computer system" receiving requests and an "authentication system" performing actions, which could be argued to be different components of a single larger platform like TFCU's.
      • Evidence for a Narrower Interpretation: The detailed description of the ’297 Patent consistently distinguishes between a "Central-Entity" that generates the SecureCode and an "External-Entity" (e.g., a merchant or service provider) that the user interacts with (’297 Patent, col. 2:24-38). This suggests the "online computer system" may be intended to refer to the "External-Entity," distinct from the "authentication system" operated by the "Central-Entity."

VI. Other Allegations

  • Willful Infringement: The complaint does not contain an explicit count for willful infringement or allege pre-suit knowledge of the patents-in-suit. However, it alleges that the Defendant has "no good faith defense" to the infringement allegations (Compl. ¶28), and the prayer for relief seeks enhanced damages pursuant to 35 U.S.C. § 284 (Compl. p. 17, ¶E).

VII. Analyst’s Conclusion: Key Questions for the Case

  • A core issue will be one of architectural scope: does the two-party architecture of the accused TFCU online banking platform—where TFCU is both the service provider and the authenticator—map onto the claimed systems, which the patent specifications suggest are three-party architectures involving a user, a primary entity (e.g., a merchant), and a separate trusted third-party authenticator (e.g., a bank)?
  • A related central question will be one of claim construction: can terms like "trusted-authenticators computer" ('129 Patent) and the functionally distinct "online computer system" ('297 Patent) be construed to cover different parts of a single, integrated platform operated by one defendant, or do they require structurally separate entities as depicted in the patents' figures and descriptions?