DCT
1:19-cv-02811
Grecia v. Citibank NA
I. Executive Summary and Procedural Information
- Parties & Counsel:
- Plaintiff: William Grecia (Pennsylvania)
- Defendant: Citibank, N.A. (New York)
- Plaintiff’s Counsel: Wawrzyn & Jarvis LLC
- Case Identification: 1:19-cv-02811, S.D.N.Y., 07/05/2019
- Venue Allegations: Plaintiff alleges venue is proper in the Southern District of New York because Defendant Citibank maintains corporate offices and conducts continuous and systematic business in the district.
- Core Dispute: Plaintiff alleges that Defendant’s "Citi with Zelle" financial service infringes a patent related to a process for transforming a user access request for cloud-based data into a secure, computer-readable authorization object.
- Technical Context: The technology at issue addresses secure digital authentication and data exchange, using API communications between distinct systems to authorize access to cloud-based services, a foundational technology in modern financial technology (fintech) and online platforms.
- Key Procedural History: The complaint highlights a significant procedural history for the patent-in-suit. It notes a 2018 claim construction order from a prior case in the same district that defined several key terms. The complaint also asserts that the U.S. Patent and Trademark Office denied three separate petitions for inter partes review (IPR) filed against the patent and, during prosecution, found the claims to possess an "inventive concept" over the prior art.
Case Timeline
| Date | Event |
|---|---|
| 2010-03-21 | U.S. Patent No. 8,887,308 Priority Date |
| 2014-11-11 | U.S. Patent No. 8,887,308 Issue Date |
| 2016-08-30 | USPTO Decision Denying IPR Petition by Unified Patents Inc. |
| 2017-01-19 | USPTO Decision Denying IPR Petition by DISH Network, L.L.C. |
| 2017-07-03 | USPTO Decision Denying IPR Petition by Mastercard Int'l Inc. |
| 2018-09-08 | Claim Construction Order issued in Grecia v. MasterCard Inc |
| 2019-07-05 | Amended Complaint Filing Date |
II. Technology and Patent(s)-in-Suit Analysis
- Patent Identification: U.S. Patent No. 8,887,308, "DIGITAL CLOUD ACCESS (PDMAS PART III)," issued November 11, 2014.
The Invention Explained
- Problem Addressed: The patent describes the limitations of traditional Digital Rights Management (DRM) systems, which often restrict content to specific devices, limit "fair use" sharing, and can fail if a provider ceases to support its servers, causing consumers to lose access to purchased content (’308 Patent, col. 2:38-67).
- The Patented Solution: The invention proposes a process to decouple content access rights from specific hardware by linking them to a user’s persistent identity on a "verified web service" (e.g., a social media platform) (’308 Patent, col. 10:4-10). The process involves receiving an access request with a user-provided "verification token," authenticating that token, and then using an API to communicate with the separate web service to retrieve a unique "account identifier" for the user. This information is used to create a "computer readable authorization object" that manages access rights and can be used for subsequent cross-referencing to verify the user or their authorized friends (’308 Patent, Abstract; col. 3:13-48).
- Technical Importance: This method aims to provide greater interoperability and portability for digital media, allowing access across a plurality of devices and facilitating sharing among verified users, more closely emulating the "fair use" principles associated with physical media (’308 Patent, col. 3:5-10).
Key Claims at a Glance
- The complaint asserts infringement of independent claim 1 (Compl. ¶17).
- The essential elements of independent claim 1 are:
- a) receiving an access request for cloud digital content through an apparatus, the request including verification data recognized as a verification token;
- b) authenticating the verification token using a verification token database;
- c) establishing an API communication with a different database apparatus associated with a verified web service, requiring a credential and enabling an exchange of query data comprising a verified web service account identifier;
- d) requesting the query data (the verified web service identifier) from the API data exchange session;
- e) receiving the requested query data from the API data exchange session; and
- f) creating a computer readable authorization object by writing the received verification data and query data to a data store, which is then used for cross-referencing during subsequent access requests.
III. The Accused Instrumentality
Product Identification
- The accused instrumentality is Citibank's "Citi with Zelle" service ("CZelle"), which is offered within the "Citi App" (Compl. ¶17, ¶18).
Functionality and Market Context
- The service enables users to send and receive money. The complaint alleges that when a user registers an email address or mobile number to use the service, the Citi App receives this information as a "verification token" and initiates a process to authorize the user (Compl. ¶18). This allegedly involves establishing an API connection with the Zelle service database (a separate system) to create a payment token or authorization object that is subsequently used to facilitate financial transactions like sending money (Compl. ¶17, ¶21, ¶23).
IV. Analysis of Infringement Allegations
’308 Patent Infringement Allegations
| Claim Element (from Independent Claim 1) | Alleged Infringing Functionality | Complaint Citation | Patent Citation |
|---|---|---|---|
| a) receiving an access request for cloud digital content through an apparatus... the access request being a write request to a data store... wherein the access request further comprises verification data provided by at least one user, wherein the verification data is recognized by the apparatus as a verification token | The Citi App receives a write request for access to "Zelle cloud digital financial account data" when a user registers their email address and mobile telephone number. The email address and phone number are alleged to be the "verification token" (Compl. ¶18). | ¶18 | col. 14:31-42 |
| b) authenticating the verification token of (a) using a database recognized by the apparatus of (a) as a verification token database | Citibank's service uses a database to authenticate the CZelle user's email address and mobile telephone number (Compl. ¶20). | ¶20 | col. 14:43-46 |
| c) establishing an API communication between the apparatus of (a) and a database apparatus, the database apparatus being a different database from the verification token database of (b) wherein the API is related to a verified web service... wherein the data exchange session is also capable of an exchange of query data, wherein the query data comprises at least one verified web service account identifier | The Citi App establishes an API connection with the Zelle service database, which is alleged to be a different database than Citibank's authentication database. The Zelle service is the "verified web service," and the connection requires a credential such as a "Participant ID" (Compl. ¶21). | ¶21 | col. 14:47-67 |
| d) requesting the query data, from the apparatus of (a), from the API communication data exchange session of (c)... | The complaint alleges this step is met when the service makes a RESTful API operation call to the Zelle service database to request "CXCTokens" (Compl. ¶22). The complaint provides a textual example of the RESTful API call allegedly used to request the query data (Compl. ¶22). | ¶22 | col. 15:1-5 |
| e) receiving the query data requested in (d) from the API communication data exchange session of (c) | The Citi App receives the requested "CXCTokens" from the Zelle service database (Compl. ¶22). | ¶22 | col. 15:6-8 |
| f) creating a computer readable authorization object by writing into the data store of (a)... the received verification data of (a); and the received query data of (e); wherein the... object is processed by the apparatus of (a) using a cross-referencing action during subsequent user access requests... | CZelle creates an authorization object by writing the enrolled user verification data and the Zelle query data into CZelle data storage. This object is allegedly used in subsequent "send money" requests via a cross-reference action (Compl. ¶23). | ¶23 | col. 15:9-22 |
- Identified Points of Contention:
- Scope Questions: A primary issue may be whether authorizing financial transactions and accessing account data, as performed by "Citi with Zelle," falls within the scope of accessing "cloud digital content" as claimed by the patent. The defense may argue the patent's specification, with its focus on media like music and video, does not contemplate financial services, while the plaintiff will point to the prior broad construction of the term.
- Technical Questions: The infringement analysis may turn on whether the data elements used by the accused service map directly onto the claimed elements. For instance, what evidence demonstrates that the "CXCTokens" allegedly returned by the Zelle API function as a "verified web service account identifier" in the manner described by the patent, which provides a persistent user ID (like a Facebook ID) as its main example?
V. Key Claim Terms for Construction
- The Term: "cloud digital content"
- Context and Importance: The definition of this term is fundamental to the dispute. The case's viability may depend on whether "financial account data" (Compl. ¶18) is considered "cloud digital content."
- Intrinsic Evidence for Interpretation:
- Evidence for a Broader Interpretation: The complaint cites a prior court order that construed this term to mean "data capable of being processed by a computer" (Compl. ¶7). This construction is exceptionally broad and would likely encompass the financial data at issue.
- Evidence for a Narrower Interpretation: The patent’s specification repeatedly uses examples of entertainment media, such as "music and video files," "e-books," and "computer games," to describe the invention (’308 Patent, col. 2:2-23; col. 7:20-24). A party could argue these specific embodiments limit the claim’s scope to such media.
- The Term: "verified web service account identifier"
- Context and Importance: Practitioners may focus on this term because the infringement allegation hinges on whether the data exchanged with the Zelle API (e.g., "CXCTokens," "Participant ID") meets this definition.
- Intrinsic Evidence for Interpretation:
- Evidence for a Broader Interpretation: The claim language itself is general and does not specify the format or permanence of the "account identifier," potentially covering any data string a web service uses to identify an account for a given session.
- Evidence for a Narrower Interpretation: The specification’s primary and detailed example is a Facebook ID ("FBID"), described as a persistent, unique identifier tied to a specific user's social media account (’308 Patent, col. 11:18-25). A party could argue this context requires the "identifier" to be a persistent user-centric ID, not a transactional or institutional one.
VI. Other Allegations
- Indirect Infringement: The complaint does not plead separate counts for indirect infringement (inducement or contributory infringement) and focuses its allegations on direct infringement by Citibank.
- Willful Infringement: The complaint does not contain allegations of willful infringement or assert that Defendant had pre-suit knowledge of the ’308 Patent.
VII. Analyst’s Conclusion: Key Questions for the Case
- A core issue will be one of definitional scope: can the term "cloud digital content", previously construed as "data capable of being processed by a computer," be applied to the authorization of financial transactions and access to account data, or will the patent's focus on media files be seen as a limiting context?
- A key evidentiary question will be one of technical mapping: does the data allegedly exchanged between the Citi App and the Zelle service—specifically the user's email, a "Participant ID," and "CXCTokens"—perform the specific functions of the "verification token" and "verified web service account identifier" as required by the claim language and understood through the patent's specification?
- A central procedural question will be the persuasive weight of the patent's history: to what extent will the prior favorable claim construction and the three unsuccessful IPR challenges cited in the complaint influence the court's view of the patent's validity and the plausibility of the infringement allegations?