DCT
1:18-cv-10429
William Grecia v. Verizon Communications
I. Executive Summary and Procedural Information
- Parties & Counsel:
- Plaintiff: William Grecia (Pennsylvania)
- Defendant: Verizon Communications, Inc. (Delaware / New York)
- Plaintiff’s Counsel: WAWRZYN & JARVIS LLC
- Case Identification: 1:18-cv-10429, S.D.N.Y., 11/09/2018
- Venue Allegations: Venue is alleged to be proper in the Southern District of New York based on Defendant’s maintenance of corporate offices and its continuous and systematic business activities within the district.
- Core Dispute: Plaintiff alleges that Defendant’s sale of Samsung "Galaxy" smartphones featuring the Samsung Pay application infringes a patent related to systems for authenticating and monitoring access to encrypted digital media.
- Technical Context: The technology at issue concerns digital rights management (DRM) and access control, specifically methods that use web-based services to verify user identity and associate that identity with digital content.
- Key Procedural History: The complaint notes that key claim terms in the patent-in-suit were previously construed by the S.D.N.Y. in a separate case, Grecia v. Mastercard Int'l Inc., providing established definitions for terms central to the dispute. Subsequent to the filing of this complaint, the asserted patent underwent ex parte reexamination, which resulted in the cancellation of all asserted claims.
Case Timeline
| Date | Event |
|---|---|
| 2010-03-21 | '555 Patent Earliest Priority Date |
| 2013-03-19 | '555 Patent Issue Date |
| 2018-09-08 | Claim Construction Order in Grecia v. Mastercard |
| 2018-11-09 | Complaint Filing Date |
| 2022-05-29 | Reexamination Request for '555 Patent |
| 2023-11-17 | '555 Patent Reexamination Certificate Issued (Cancelling Asserted Claims) |
II. Technology and Patent(s)-in-Suit Analysis
U.S. Patent No. 8,402,555 - "Personalized Digital Media Access System (PDMAS)," issued March 19, 2013
The Invention Explained
- Problem Addressed: The patent’s background describes the limitations of traditional Digital Rights Management (DRM) systems, which often restrict content to specific devices, are unpopular with consumers, and can fail if a central authorization server is discontinued, causing users to lose access to purchased media (’555 Patent, col. 2:50-68).
- The Patented Solution: The invention proposes a more flexible system for managing access to encrypted digital media. Instead of tying access solely to a device, the system links it to a user's identity verified through an external "verified web service" (’555 Patent, col. 10:42-48). The process involves a device receiving a "branding request" with a "membership verification token," authenticating that token, connecting to a web service via an API to obtain an "electronic identification reference" (e.g., a user account ID), and then writing both the token and the ID into the media's metadata to personalize access rights (’555 Patent, Abstract; Fig. 6).
- Technical Importance: The described approach sought to create a DRM framework that allowed for "unlimited interoperability" and easier sharing of legally acquired content, addressing consumer frustration with restrictive DRM during the market's shift from physical to digital media distribution (’555 Patent, col. 3:1-7).
Key Claims at a Glance
- The complaint asserts independent claim 15 and dependent claim 23 (Compl. ¶¶11, 17).
- The essential elements of independent claim 15, a computer program product, include:
- Receiving an "encrypted digital media access branding request" containing a "membership verification token."
- Authenticating the token via a "token database."
- Establishing a connection with a "communications console" that combines a GUI and an API protocol related to a "verified web service."
- Requesting and receiving an "electronic identification reference" (which is a "verified web service account identifier") from the communications console.
- "Branding metadata of the encrypted digital media" by writing the token and the identification reference into the metadata.
III. The Accused Instrumentality
Product Identification
The accused instrumentalities are Samsung "Galaxy" telephone products sold by Defendant that include the "Samsung Pay application program code" (Compl. ¶11).
Functionality and Market Context
The complaint alleges that the accused functionality is triggered when a user adds their financial information to the Samsung Pay application. The application is alleged to receive a "write request" for financial data, treating the user's Primary Account Number ("PAN") as a token. It then allegedly connects to the "Samsung Token Requestor web service" via an API to authenticate the user/device and receive a "Tokenized PAN." This Tokenized PAN is then associated with the original PAN to enable secure mobile payments (Compl. ¶¶12-15).
IV. Analysis of Infringement Allegations
No probative visual evidence provided in complaint.
Claim Chart Summary
’555 Patent Infringement Allegations
| Claim Element (from Independent Claim 15) | Alleged Infringing Functionality | Complaint Citation | Patent Citation |
|---|---|---|---|
| receiving an encrypted digital media access branding request from at least one communications console...the request comprising a membership verification token provided by a first user... | The Galaxy phones receive an access/write request for financial data, with the original Primary Account Number ("PAN") from the Samsung Pay app allegedly being the "membership verification token." | ¶12 | col. 16:53-59 |
| authenticating the membership verification token, the authentication being performed in connection with a token database... | The phone's CPU authenticates the PAN using a database of supported card issuers. | ¶13 | col. 16:60-63 |
| establishing connection with the at least one communications console wherein the communications console is a combination of a graphic user interface (GUI) and an Application Programmable Interface (API) protocol wherein the API is related to a verified web service... | The phone's CPU establishes a connection with the Samsung Pay application (the GUI) and the Samsung Token Requestor web service (the verified web service), which has an API compliant with the EMVCo standard. | ¶14 | col. 16:63-17:2 |
| requesting at least one electronic identification reference from the at least one communications console wherein the electronic identification reference comprises a verified web service account identifier of the first user; receiving the at least one electronic identification reference... | The Galaxy phone, via the Samsung Pay app, requests and receives a "Tokenized PAN" from the Samsung Token Requestor web service, which is alleged to be the "electronic identification reference." | ¶15 | col. 17:3-8 |
| branding metadata of the encrypted digital media by writing the membership verification token and the electronic identification reference into the metadata. | The phone's CPU writes the original PAN and the Tokenized PAN into the metadata of the "Samsung Pay digital financial content." | ¶16 | col. 17:9-11 |
Identified Points of Contention
- Scope Question: A central issue may be whether the term "membership verification token," defined in a prior case as "data that represents permission to access digital media," can be interpreted to cover a pre-existing financial identifier like a credit card PAN, as opposed to a token created specifically for media access (Compl. ¶¶7, 12).
- Technical Question: The complaint alleges the PAN and Tokenized PAN are written "into the metadata" of the financial content (Compl. ¶16). A point of contention may be whether this accurately describes the technical operation of Samsung Pay, or if these identifiers are instead stored and linked within a secure database or hardware enclave separate from any "metadata" of a "digital media" file.
- Scope Question: The infringement theory equates the "Samsung Token Requestor" with the claimed "verified web service" and the "Tokenized PAN" with the "verified web service account identifier" (Compl. ¶¶14-15). This raises the question of whether a financial tokenization system, designed for secure transactions, performs the same role as the patent's exemplary web services (e.g., Facebook), which are described as verifying a user's persistent social identity (’555 Patent, col. 11:10-28).
V. Key Claim Terms for Construction
The complaint references a prior claim construction order, making the following terms critical (Compl. ¶7).
The Term: "membership verification token"
- Context and Importance: Plaintiff's case hinges on equating a credit card PAN with this term. The prior construction is "data that represents permission to access digital media or cloud digital content" (’555 Patent, col. 18:8-12; Compl. ¶7). Practitioners may focus on whether "permission to access" financial data via Samsung Pay fits this definition.
- Intrinsic Evidence for a Broader Interpretation: The patent claims are not explicitly limited to a specific type of digital media, and the specification references "other computer based apparatus in which processed data is facilitated," which could arguably include financial data systems (’555 Patent, col. 15:37-39).
- Intrinsic Evidence for a Narrower Interpretation: The patent’s specification is replete with examples related to content consumption, such as "purchasing rights, rental rights and membership access rights" and using "kodekey[s]," suggesting the term was intended for a media DRM context, not payment authorization (’555 Patent, col. 6:38-54).
The Term: "verified web service"
- Context and Importance: Plaintiff alleges the "Samsung Token Requestor" meets this definition. The prior construction is "a web service that is used to authenticate the identity of a user or device" (Compl. ¶7). The dispute may turn on the meaning of "authenticate the identity."
- Intrinsic Evidence for a Broader Interpretation: The patent mentions the PayPal API as a possible verified web service, which is a financial service (’555 Patent, col. 10:48-52). The Samsung Token Requestor functionally authenticates a device and payment credential before issuing a token, which could fit the plain language of the construction.
- Intrinsic Evidence for a Narrower Interpretation: The specification’s primary example of a verified web service is Facebook, where identity is tied to a persistent user profile (’555 Patent, col. 10:45-48). A party could argue that this context implies a service that verifies a person's social or registered identity, not one that merely performs a transient authentication for a single transaction.
VI. Other Allegations
- Indirect Infringement: The complaint does not contain explicit counts or detailed factual allegations for indirect infringement.
- Willful Infringement: The complaint does not contain an allegation of willful infringement or a corresponding request for enhanced damages in its prayer for relief (Compl. p. 5).
VII. Analyst’s Conclusion: Key Questions for the Case
A dispositive issue for the court will be the procedural viability of the lawsuit. The U.S. Patent and Trademark Office issued an ex parte reexamination certificate after this complaint was filed, cancelling the asserted claims (15 and 23). This raises the threshold question of whether Plaintiff can maintain a cause of action for infringement of claims that are now statutorily cancelled.
Should the case proceed, a core issue will be one of technological and definitional scope: can the patent’s claim language, which is heavily contextualized by examples of consumer media DRM (e.g., sharing movies), be construed to cover the distinct technical architecture and commercial purpose of a mobile payment tokenization system like Samsung Pay?
Finally, a key evidentiary question will be one of technical implementation: does the accused Samsung Pay system actually "brand metadata" by writing payment credentials (the PAN and Tokenized PAN) into a media file as claimed, or does it employ a fundamentally different security model, such as using a secure element or database to manage credentials, that falls outside the scope of the claims?