DCT
8:25-cv-02536
Factor 2 Multimedia Systems LLC v. NASA Federal Credit Union
I. Executive Summary and Procedural Information
- Parties & Counsel:
- Plaintiff: Factor 2 Multimedia Systems, LLC (Virginia)
- Defendant: NASA Federal Credit Union (Maryland)
- Plaintiff’s Counsel: DNL Zito
- Case Identification: 8:25-cv-02536, D. Md., 08/03/2025
- Venue Allegations: Venue is alleged to be proper based on Defendant maintaining a regular and established place of business in the district and having committed alleged acts of infringement within the district.
- Core Dispute: Plaintiff alleges that Defendant’s online banking platform, which utilizes two-factor or multi-factor authentication, infringes six patents related to systems and methods for secure user authentication.
- Technical Context: The patents relate to two-factor authentication, a widely used security process in online financial services to verify user identity and prevent unauthorized account access by requiring a second, temporary code in addition to a password.
- Key Procedural History: The complaint does not mention any prior litigation, licensing history, or post-grant administrative proceedings involving the patents-in-suit. The patents-in-suit are all members of the same patent family and claim priority back to a common application.
Case Timeline
| Date | Event |
|---|---|
| 2001-08-29 | Earliest Priority Date for all Patents-in-Suit |
| 2012-10-02 | U.S. Patent No. 8,281,129 Issues |
| 2017-07-11 | U.S. Patent No. 9,703,938 Issues |
| 2017-07-19 | U.S. Patent No. 9,727,864 Issues |
| 2017-12-27 | U.S. Patent No. 9,870,453 Issues |
| 2018-09-05 | U.S. Patent No. 10,083,285 Issues |
| 2020-08-19 | U.S. Patent No. 10,769,297 Issues |
| 2025-08-03 | Complaint Filing Date |
II. Technology and Patent(s)-in-Suit Analysis
U.S. Patent No. 8,281,129 - "Direct Authentication System And Method Via Trusted Authenticators"
The Invention Explained
- Problem Addressed: The patent addresses the growing problem of online fraud and identity theft, which stems from the reliance on static, "knowledge-based" information (like Social Security Numbers) to authenticate users (US 8,281,129 B1, col. 1:11-2:44). The background section notes that this sensitive information is often not kept secret, making traditional authentication methods vulnerable.
- The Patented Solution: The invention proposes a "two-factor" authentication method where a "trusted authenticator" (such as a bank with which a user has a pre-existing relationship) is used to verify a user's identity for a transaction with another entity (a "business") (US 8,281,129 B1, col. 6:11-21). The user requests a temporary, one-time "dynamic key" from their trusted authenticator and provides it, along with a "static key" (like a password), to the business, which then has the trusted authenticator verify both keys to confirm the user's identity (US 8,281,129 B1, Fig. 2a).
- Technical Importance: This approach aims to enhance security by decentralizing authentication and leveraging existing trust relationships (e.g., with a user's bank) without requiring the user to share sensitive, static personal information directly with every online business.
Key Claims at a Glance
- The complaint asserts claims 1-52 and identifies Claim 1 as exemplary (Compl. ¶21, 31).
- Independent Claim 1 is a computer-implemented method comprising the essential elements:
- Receiving electronically a request for a dynamic code for the individual... by a trusted-authenticator's computer.
- Calculating by the trusted-authenticator's computer the dynamic code... wherein the dynamic code is valid for a predefined time and becomes invalid after being used.
- Sending by the trusted-authenticator's computer electronically the dynamic code to the individual.
- Receiving by the trusted-authenticator's computer electronically an authentication request from the entity to authenticate the individual based on user information and the dynamic code.
- Authenticating by the trusted-authenticator's computer an identity of the individual based on the user information and the dynamic code... wherein the result of the authentication is provided to the entity.
U.S. Patent No. 9,703,938 - "Direct Authentication System and Method Via Trusted Authenticators"
The Invention Explained
- Problem Addressed: Like its parent ’129 Patent, the ’938 Patent addresses the vulnerabilities of knowledge-based authentication in preventing online fraud and identity theft (US 9,703,938 B2, col. 2:6-23).
- The Patented Solution: The ’938 Patent claims a similar two-factor authentication method involving a user, a computer system (e.g., a business), and a trusted authentication system. The core concept remains the generation and use of a time-limited, single-use "dynamic code" to supplement static user credentials during an electronic transaction (US 9,703,938 B2, col. 13:1-39). The claims focus on the method steps performed by the trusted authentication system in response to a digitally triggered request from the user during the transaction.
- Technical Importance: This patent continues to build on the concept of using a trusted third party to provide dynamic, temporary credentials, thereby reducing the risk of static credential theft.
Key Claims at a Glance
- The complaint asserts claims 1-26 (Compl. ¶35). The complaint does not single out an exemplary claim, but Claim 1 is the first independent claim.
- Independent Claim 1 is a method for enhancing network security, comprising the essential elements:
- Receiving... an electronic request for a dynamic code for the user.
- Generating... a dynamic code for the user in response to the request, wherein the dynamic code is valid for a pre-determined time, and becomes invalid after being used.
- Providing... said generated valid dynamic code to the user.
- Receiving electronically... a request for authenticating the user from the computer system based on a digital identity including user specific information and the dynamic code.
- The trusted authentication system authenticating the user... based on the digital identity... wherein the dynamic code is used for authenticating the user for a first time within the predetermined time.
- Providing a result of the authenticating to the computer system.
Multi-Patent Capsule: U.S. Patent No. 9,727,864
- Patent Identification: 9,727,864, “Centralized Identification and Authentication System and Method,” issued July 19, 2017.
- Technology Synopsis: This patent describes a centralized system where a "Central-Entity" holds user information and generates a temporary "SecureCode." A user provides this SecureCode to an "External-Entity" (e.g., a merchant), which then contacts the Central-Entity to verify the user's identity for a transaction, aiming to increase e-commerce security without distributing the user's underlying personal data (US 9,727,864 B2, Abstract).
- Asserted Claims: Claims 1-15 (Compl. ¶39).
- Accused Features: The "two-factor authentication (2FA) or as also referred to, multi-factor authentication (MFA)" system used for online banking (Compl. ¶26).
Multi-Patent Capsule: U.S. Patent No. 9,870,453
- Patent Identification: 9,870,453, “Direct Authentication System and Method Via Trusted Authenticators,” issued December 27, 2017.
- Technology Synopsis: This patent is a continuation of the '938 patent and similarly discloses a two-factor authentication method. The claims focus on the steps of receiving user information and a dynamic code, authenticating the user based on their validity, and then proceeding with an electronic communication, such as accessing restricted information online (US 9,870,453 B2, col. 13:1-51).
- Asserted Claims: Claims 1-26 (Compl. ¶43).
- Accused Features: The "two-factor authentication (2FA) or as also referred to, multi-factor authentication (MFA)" system used for online banking (Compl. ¶26).
Multi-Patent Capsule: U.S. Patent No. 10,083,285
- Patent Identification: 10,083,285, “Direct Authentication System and Method Via Trusted Authenticators,” issued September 5, 2018.
- Technology Synopsis: This patent continues the same technology family, describing an authentication method involving an online system and an authentication system. It claims a method where the online system receives a user-authentication code, sends a request to the authentication system, and upon receiving confirmation, provides the user with access to information (US 10,083,285 B2, col. 13:21-14:5).
- Asserted Claims: Claims 1-30 (Compl. ¶47).
- Accused Features: The "two-factor authentication (2FA) or as also referred to, multi-factor authentication (MFA)" system used for online banking (Compl. ¶26).
Multi-Patent Capsule: U.S. Patent No. 10,769,297
- Patent Identification: 10,769,297, “Centralized Identification and Authentication System and Method,” issued August 19, 2020.
- Technology Synopsis: This patent, related to the '864 patent, describes an authentication system for enhancing computer network security. An online computer system receives a request for a "SecureCode," generates it, and provides it to the user. The code is single-use and time-limited. The system then authenticates the user by evaluating the validity of the SecureCode when it is presented as part of a digital identity (US 10,769,297 B2, Claim 1).
- Asserted Claims: Claims 1-29 (Compl. ¶51).
- Accused Features: The "two-factor authentication (2FA) or as also referred to, multi-factor authentication (MFA)" system used for online banking (Compl. ¶26).
III. The Accused Instrumentality
Product Identification
The accused instrumentality is the "NASA FCU System and Apparatus," which includes the "internet website of the NASA FCU Apparatus, on-line banking at NASA FCU, also the back end systems and backbone which provides access and functionality" (Compl. ¶22).
Functionality and Market Context
The complaint alleges the accused apparatus provides "two-factor authentication (2FA) or as also referred to, multi-factor authentication (MFA)" (Compl. ¶26). This functionality is described as a security layer where, upon a user logging in, "the bank sends a security code to your phone" which is needed as a "second verification" (Compl. ¶26). The complaint further alleges that this process requires a message code sent to a separate device, that the code is time-limited, and that it is for one-time use (Compl. ¶26). A screenshot from the NASA FCU website describes 2FA as a way to enhance security against hacking (Compl., p. 8).
IV. Analysis of Infringement Allegations
U.S. Patent No. 8,281,129 Infringement Allegations
| Claim Element (from Independent Claim 1) | Alleged Infringing Functionality | Complaint Citation | Patent Citation |
|---|---|---|---|
| receiving electronically a request for a dynamic code for the individual... by a trusted-authenticator's computer | The complaint does not specify how the request is made but alleges the user logs into an account to trigger the process. | ¶26 | col. 9:18-24 |
| calculating by the trusted-authenticator's computer the dynamic code... wherein the dynamic code is valid for a predefined time and becomes invalid after being used | Defendant's system "sends a security code" where each implementation "requires a message code... and time limits the use of the code and also allows for only one time use of codes." | ¶26 | col. 8:52-61 |
| sending by the trusted-authenticator's computer electronically the dynamic code to the individual | Defendant's system "sends a security code to your phone." | ¶26 | col. 9:25-28 |
| receiving by the trusted-authenticator's computer electronically an authentication request from the entity to authenticate the individual based on a user information and the dynamic code | A user provides the received code to complete the login process, which constitutes the authentication request. | ¶26 | col. 9:48-55 |
| authenticating by the trusted-authenticator's computer an identity of the individual based on the user information and the dynamic code... wherein the result of the authentication is provided to the entity | The system requires the code as a "second verification" to complete the login process, thereby authenticating the user and granting access. | ¶26 | col. 9:56-62 |
U.S. Patent No. 9,703,938 Infringement Allegations
| Claim Element (from Independent Claim 1) | Alleged Infringing Functionality | Complaint Citation | Patent Citation |
|---|---|---|---|
| receiving... an electronic request for a dynamic code for the user | The complaint alleges a user logs into an account to initiate the 2FA process, which constitutes the request. | ¶26 | col. 10:25-30 |
| generating... a dynamic code for the user... wherein the dynamic code is valid for a pre-determined time, and becomes invalid after being used | The system generates a "security code" which is described as having a time limit and being for "only one time use." | ¶26 | col. 8:52-61 |
| providing... said generated valid dynamic code to the user | The system "sends a security code to your phone." | ¶26 | col. 10:31-33 |
| receiving electronically... a request for authenticating the user from the computer system based on a digital identity including user specific information and the dynamic code | The user submits the received code to complete the login, which acts as the authentication request. | ¶26 | col. 10:41-48 |
| the trusted authentication system authenticating the user... wherein the dynamic code is used for authenticating the user for a first time within the predetermined time | The system performs a "second verification" using the time-limited, single-use code to authenticate the user. | ¶26 | col. 10:49-55 |
| providing a result of the authenticating to the computer system | Successful authentication results in the user being granted access to their online account. | ¶26 | col. 10:56-59 |
Identified Points of Contention
- Pleading Sufficiency: A primary issue may be whether the complaint's generalized allegations, which map the functionality of a generic 2FA system to the claims, meet the plausibility standard under Twombly and Iqbal. The complaint does not allege specific details about the architecture of Defendant's back-end systems.
- Scope Questions: The analysis may raise the question of whether NASA FCU, in authenticating its own user for its own system, acts as both the "entity" and the "trusted-authenticator" as those terms are used in the patents. The patent specifications contemplate architectures involving three distinct parties (user, business, authenticator), and the applicability of the claims to a two-party (user, bank) scenario may be a central point of dispute.
V. Key Claim Terms for Construction
The Term: "trusted-authenticator"
Context and Importance
This term is the central actor in the asserted claims of the '129 and '938 patents and defines the claimed system's architecture. Its construction will be critical to determining whether the claims read on a system where a single entity (NASA FCU) authenticates its own users for access to its own services, or if the claims require a separate, third-party authenticating entity distinct from the entity requiring the authentication (the "business").
Intrinsic Evidence for Interpretation
- Evidence for a Broader Interpretation: The specification states, "A reasonable candidate for such a trusted authenticator would be a bank or other financial institution with whom the individual has already established an account" (’129 Patent, col. 4:51-54). This language could support an interpretation where the bank requiring authentication (the "entity") can also be the "trusted-authenticator" for its own customers.
- Evidence for a Narrower Interpretation: The patent's figures and descriptions often depict a three-party system: an "individual" (10), a "business" (20), and a "trusted-authenticator" (30) operating as distinct entities (’129 Patent, Fig. 1a). Language describing an "authentication request from the entity to authenticate the individual" (’129 Patent, Claim 1) may suggest that the entity and the authenticator receiving the request are separate.
VI. Other Allegations
Indirect Infringement
The complaint alleges inducement of others to infringe and contribution to infringement (Compl. ¶3, 24). The basis for inducement is alleged to be "Defendant's instructions for operation," though no specific instructions, manuals, or marketing materials are identified (Compl. ¶24).
Willful Infringement
The complaint does not contain an explicit count for willful infringement or allege pre-suit knowledge of the patents. However, it requests "enhancement of damages in accordance with 35 U.S.C. 284" and alleges that "Defendant has no good faith defense to Plaintiff's infringement allegations" (Compl. ¶28; Prayer for Relief ¶B, F). These allegations could form the basis for a later claim of willfulness or a finding that the case is exceptional.
VII. Analyst’s Conclusion: Key Questions for the Case
- Architectural Scope: A core issue will be one of claim construction: does the term "trusted-authenticator", as used in the context of an "authentication request from the entity," require a three-party architecture where the authenticator is a separate entity from the business seeking verification, or can it be construed to cover a two-party scenario where a bank authenticates its own users for its own services?
- Evidentiary Sufficiency: A key procedural question will be whether the complaint's high-level assertion—that a standard two-factor authentication system inherently practices the specific, multi-step methods of the patents-in-suit—provides sufficient factual detail to state a plausible claim for relief, or if it will be found deficient at the pleading stage.