DCT

2:25-cv-03796

UBS Financial Services Inc v. BrowserKey LLC

Log In
Key Events
Complaint

I. Executive Summary and Procedural Information

  • Parties & Counsel:
  • Case Identification: 2:25-cv-03796, D.N.J., 05/03/2025
  • Venue Allegations: Plaintiff UBS asserts that venue is proper in the District of New Jersey because Defendant BrowserKey has purposefully directed allegations of infringement toward UBS, which operates in the district, thereby establishing personal jurisdiction.
  • Core Dispute: Plaintiff seeks a declaratory judgment that its web and mobile applications do not infringe Defendant’s patent related to a method for restricting user access to a website based on a specific client machine.
  • Technical Context: The lawsuit concerns user authentication technology that aims to enhance security by tying a user's access rights to a particular, pre-authorized computer or device.
  • Key Procedural History: This declaratory judgment action follows a patent infringement lawsuit filed by BrowserKey against UBS in the Eastern District of Texas, which BrowserKey voluntarily dismissed without prejudice. The complaint notes that BrowserKey has filed at least 10 other similar lawsuits against other companies. A pending ex parte reexamination of the patent-in-suit (No. 90/019,856) has been instituted by the USPTO, which may raise questions regarding the validity of certain claims.

Case Timeline

Date Event
2002-05-06 ’262 Patent Priority Date
2007-07-24 ’262 Patent Issue Date
2019-01-01 (approx.) Accused UBS Products available "since at least 2019"
2024-01-12 ’262 Patent Expiration Date (on or before)
2024-07-11 ’262 Patent assigned to BrowserKey
2024-10-02 Earliest date of other BrowserKey lawsuits mentioned
2025-03-13 USPTO grants request for ex parte reexamination
2025-04-30 BrowserKey files Texas Suit against UBS
2025-04-30 BrowserKey voluntarily dismisses Texas Suit
2025-05-03 UBS files this Complaint for Declaratory Judgment

II. Technology and Patent(s)-in-Suit Analysis

U.S. Patent No. 7,249,262 - "Method For Restricting Access To A Web Site By Remote Users," issued July 24, 2007

The Invention Explained

  • Problem Addressed: The patent addresses the security vulnerabilities of traditional authentication methods. Usernames and passwords can be stolen or shared, allowing unauthorized access from any computer, while hardware-based solutions like "dongles" are inconvenient and can be lost or stolen (’262 Patent, col. 1:29-53).
  • The Patented Solution: The invention proposes a software-based method to tie access to a specific, authorized client machine. A client-side program generates a "machine-specific identifier" based on the unique hardware characteristics of the user's computer. A password, which is derived from this unique identifier, is then used for authentication. A key step involves the client machine itself re-generating the identifier and verifying that it corresponds to the user-provided password, thus confirming that the request is coming from the authorized device (’262 Patent, Abstract; col. 2:25-45).
  • Technical Importance: This approach aimed to provide a higher level of security by binding authentication to a physical device without requiring users to carry separate hardware tokens (’262 Patent, col. 2:57-62).

Key Claims at a Glance

  • The complaint’s non-infringement allegations focus on independent claim 1.
  • The essential elements of claim 1 include:
    • installing a client-side software program on a client machine for generating a client machine-specific identifier that is "substantially unique" to that machine;
    • operating the program to generate the identifier;
    • generating a password "remote from the client machine" that is derived from and uniquely corresponds to the identifier;
    • issuing an access request from the client machine to a server;
    • responding by having the client machine re-generate its identifier;
    • "verifying on the client machine" whether the re-generated identifier uniquely corresponds with the password; and
    • recognizing the client machine as authorized only if the verification is true.
  • The complaint does not explicitly reserve the right to seek judgment on other claims, but it seeks a declaration of non-infringement of the ’262 patent generally (Compl., Prayer for Relief ¶B).

III. The Accused Instrumentality

Product Identification

The accused instrumentalities are the "UBS Web and Mobile Applications," including but not limited to the "UBS Financial Services Application (a.k.a., UBS Mobile App or UBS Mobile Application), UBS Mobile Pass, UBS Neo, and UBS Neo FX for iOS, iPadOS, and Android," along with all supporting servers and infrastructure (Compl. ¶6).

Functionality and Market Context

The complaint describes these products as applications that have supported "biometric, token-based, and/or passwordless authentication" since at least 2019 (Compl. ¶6). The core function of these products is to provide UBS customers with secure access to their financial accounts and services. The complaint alleges that BrowserKey’s original infringement contentions in the dismissed Texas Suit were based on a document pertaining to a non-accused product from a foreign UBS entity, "UBS AG, Singapore Branch," not the U.S.-based products at issue in this case (Compl. ¶39).

IV. Analysis of Infringement Allegations

The complaint seeks a declaratory judgment of non-infringement and does not plead an affirmative case for infringement. The following table summarizes UBS's allegations concerning the claim elements it contends are not performed by its Accused Products, as required for a finding of direct infringement.

No probative visual evidence provided in complaint.

’262 Patent Infringement Allegations

Claim Element (from Independent Claim 1) Alleged Non-Infringing Functionality Complaint Citation Patent Citation
a. installing a client-side software program on the client machine for generating a client machine-specific identifier... UBS alleges this step is not carried out by UBS or its agents. ¶41(a) col. 12:16-22
b. operating the client-side software program on the client machine to generate the client machine-specific identifier; UBS alleges this step is not carried out by UBS or its agents. ¶41(b) col. 12:23-25
c. generating a password remote from the client machine and providing the password to a user... the password being derived from the client machine-specific identifier generated in step b.... UBS alleges the Accused Products do not generate a password in the manner recited by this limitation. ¶¶40, 41(c) col. 12:26-32
d. issuing a request by the client machine to the server computer for access to data... UBS alleges that this step, to the extent it occurs, is performed by the client machine, not by UBS. ¶¶41(d), 42 col. 12:33-35
f. verifying on the client machine whether the client machine-specific identifier re-generated... uniquely corresponds with the password... UBS alleges that this step, to the extent it occurs, is performed by the client machine, not by UBS. ¶¶41(e), 42 col. 12:39-44
  • Identified Points of Contention:
    • Divided Infringement: A central issue raised by the complaint is whether a single actor performs all steps of the claimed method. UBS argues that several key steps, such as "issuing a request" and "verifying on the client machine," are performed by the end-user's device, not by UBS, and therefore UBS cannot be liable for direct infringement (Compl. ¶42). This raises the question of whether BrowserKey could prove that UBS directs or controls its users' performance of these steps to meet the legal standard for direct infringement under a divided infringement theory.
    • Technical Questions: The complaint raises a factual question about whether the Accused Products practice the specific architecture of claim 1. Specifically, UBS alleges that its products do not perform the step of "generating a password remote from the client machine... derived from the client machine-specific identifier" (Compl. ¶40). The case may turn on evidence of how authentication credentials in the UBS system are actually created and stored.

V. Key Claim Terms for Construction

  • The Term: "verifying on the client machine"

    • Context and Importance: This term is critical to UBS's divided infringement defense. The location of the "verifying" step—whether on the user's device or a UBS server—determines which entity performs the step. Practitioners may focus on this term because if the verification is performed exclusively by software on the end-user's device without direction or control from UBS, it could defeat a claim of direct infringement against UBS.
    • Intrinsic Evidence for Interpretation:
      • Evidence for a Broader Interpretation: The specification discusses the client-side software and server-side software working in conjunction, which could suggest a more holistic system view rather than a strict locational requirement (e.g., ’262 Patent, col. 5:10-16).
      • Evidence for a Narrower Interpretation: The plain language of the claim explicitly locates the "verifying" step "on the client machine" (’262 Patent, col. 12:39). The specification repeatedly distinguishes between actions taken by client-side software versus the server computer, reinforcing a separation of functions (e.g., ’262 Patent, col. 3:9-12).

  • The Term: "client machine-specific identifier"

    • Context and Importance: The definition of this term dictates the foundation of the patented method. The dispute may involve whether the tokens or other authentication factors used by the UBS system qualify as an "identifier" that is "substantially unique to the particular machine upon which such client-side software program is initially installed," as the claim requires.
    • Intrinsic Evidence for Interpretation:
      • Evidence for a Broader Interpretation: The specification suggests the identifier is "virtually unique" and based on "particular characteristics," which could encompass a wide range of software- or hardware-based markers (’262 Patent, col. 7:34-36; col. 8:1-4).
      • Evidence for a Narrower Interpretation: The specification provides examples of such characteristics, including "hard drive characteristics, RAM characteristics, input/output device parameters and other hardware specific details," which could be used to argue for a narrower definition tied to physical hardware attributes (’262 Patent, col. 10:63-67).

VI. Other Allegations

  • Indirect Infringement: UBS seeks a declaratory judgment that it has not indirectly infringed. Its argument rests on two grounds: first, that there can be no indirect infringement without an underlying act of direct infringement by anyone, which it disputes (Compl. ¶47); and second, that it lacked knowledge of the ’262 Patent prior to its expiration, a required element for both induced and contributory infringement (Compl. ¶¶49-50, 52).
  • Willful Infringement: UBS seeks a declaratory judgment of no willful infringement, arguing that it lacked knowledge of the ’262 Patent before the patent expired and therefore could not have acted with the requisite intent (Compl. ¶58).

VII. Analyst’s Conclusion: Key Questions for the Case

  1. Divided Infringement: A primary legal hurdle for BrowserKey will be proving that a single entity, UBS, is liable for direct infringement. The case will likely examine whether UBS directs or controls its users' actions to an extent that satisfies the legal requirements for attributing the steps performed "on the client machine" to UBS.
  2. Factual Congruence: A core evidentiary question will be one of technical operation. Does the authentication architecture of the UBS Accused Products align with the specific, sequential method claimed in the patent—particularly the creation of a password derived from a unique machine identifier and the subsequent client-side verification of that password?
  3. Impact of Reexamination: The pending ex parte reexamination at the USPTO, which was instituted based on a "substantial new question" as to the patentability of claims 11-17, introduces uncertainty about the patent's ultimate scope and validity. A key procedural question is whether the court will stay this litigation pending the outcome of the reexamination, which could significantly alter the contours of the dispute.