DCT

1:19-cv-02812

Grecia v. Morgan Stanley Smith Barney LLC

Log In

I. Executive Summary and Procedural Information

  • Parties & Counsel:
  • Case Identification: 1:19-cv-02812, S.D.N.Y., 07/05/2019
  • Venue Allegations: Venue is alleged to be proper based on Defendant maintaining corporate offices and conducting continuous and systematic business in the Southern District of New York.
  • Core Dispute: Plaintiff alleges that Defendant’s "Send Money" financial service, which utilizes the Zelle network, infringes a patent related to a process for transforming a user access request for cloud digital content into a secure authorization object.
  • Technical Context: The technology concerns methods for digital rights management (DRM) and secure access to data by authenticating a user and a device through separate, networked systems.
  • Key Procedural History: The complaint notes that the patent-in-suit has survived three separate petitions for inter partes review (IPR) at the U.S. Patent and Trademark Office (PTO), which may strengthen its presumption of validity. The complaint also references a claim construction order from a prior litigation involving the same patent (Grecia v. MasterCard Inc), which construed three terms not central to the current infringement allegations.

Case Timeline

Date Event
2010-03-21 U.S. Patent No. 8,887,308 Priority Date
2014-11-11 U.S. Patent No. 8,887,308 Issue Date
2016-08-30 PTO denies IPR petition filed by Unified Patents Inc.
2017-01-19 PTO denies IPR petition filed by DISH Network, L.L.C.
2017-07-03 PTO denies IPR petition filed by Mastercard Int'l Inc.
2018-09-08 Claim construction order issued in Grecia v. Mastercard Int'l Inc.
2019-07-05 Complaint Filing Date
2021-07-13 Certificate of Correction issued for U.S. Patent No. 8,887,308

II. Technology and Patent(s)-in-Suit Analysis

U.S. Patent No. 8,887,308 - "DIGITAL CLOUD ACCESS (PDMAS PART III)"

  • Patent Identification: U.S. Patent No. 8,887,308, “DIGITAL CLOUD ACCESS (PDMAS PART III),” issued November 11, 2014.

The Invention Explained

  • Problem Addressed: The patent describes the limitations of prior art Digital Rights Management (DRM) systems, which often locked digital media to specific machines, lacked interoperability, and created a risk that consumers would lose access if a provider’s authorization servers were discontinued (’308 Patent, col. 2:38-67). The stated goal is to provide "unlimited interoperability of digital media between unlimited machines" while still protecting intellectual property (’308 Patent, col. 3:12-14).
  • The Patented Solution: The invention claims a process for creating a secure "computer readable authorization object" to control access to cloud-based digital content. The process begins when a user's device ("apparatus") receives an access request with a "verification token." This token is first authenticated against a local or primary "verification token database." Then, the device establishes a separate API communication with a "database apparatus" (e.g., a web service) which is distinct from the first database. Using credentials, the device requests and receives specific metadata (a "verified web service account identifier") from this second database. Finally, the "authorization object" is created by writing both the initial verification data and the received metadata into a local data store for use in subsequent access requests (’308 Patent, col. 14:31 - col. 16:15).
  • Technical Importance: This multi-step, multi-database architecture was designed to create a more flexible and persistent form of access control than traditional server-based DRM, linking access rights to a verifiable web-based identity rather than just a specific hardware ID (’308 Patent, col. 10:4-10).

Key Claims at a Glance

  • The complaint asserts independent claim 1 (’308 Patent, col. 14:31 - col. 16:15).
  • Essential elements of Claim 1 (as corrected):
    • Receiving an access request for cloud digital content via an apparatus, where the request is a write request to a data store and includes a "verification token."
    • Authenticating the verification token using a "verification token database."
    • Establishing an API communication with a "database apparatus" that is different from the verification token database and is part of a "verified web service." This requires a credential recognized as permission to conduct a data exchange session.
    • Requesting metadata (a verified web service account identifier) from the database apparatus via the API session.
    • Receiving the requested metadata from the API session.
    • Creating a "computer readable authorization object" by writing at least two of the received verification data and the received metadata into the data store.
    • The created object is recognized as user access rights and is processed using a "cross-referencing action" for subsequent access requests.
  • The complaint does not reserve the right to assert dependent claims.

III. The Accused Instrumentality

Product Identification

  • The accused instrumentality is Morgan Stanley's "Send Money" service, identified in the complaint as the "Morgan Stanley App," which incorporates the Zelle payment network (Compl. ¶17, ¶19).

Functionality and Market Context

  • The complaint alleges the accused service allows Morgan Stanley customers to send and receive money. The relevant functionality involves a customer registering an email address or mobile phone number, which the complaint alleges functions as a "verification token" (Compl. ¶18). This information is allegedly used to create a payment "token" that facilitates secure financial transactions through the Zelle network (Compl. ¶17). The complaint alleges Zelle is offered "directly within the Morgan Stanley App" (Compl. ¶19, ¶21, ¶22).

IV. Analysis of Infringement Allegations

No probative visual evidence provided in complaint.

  • Claim Chart Summary: The complaint alleges that the "Send Money" service performs the steps of Claim 1. The following table summarizes the core allegations, using the corrected claim language from the patent's Certificate of Correction.

8,887,308 Infringement Allegations

Claim Element (from Independent Claim 1, as corrected) Alleged Infringing Functionality Complaint Citation Patent Citation
a) receiving an access request for cloud digital content through an apparatus in process with at least one CPU, the access request being a write request to a data store...wherein the access request further comprises verification data provided by at least one user, wherein the verification data is recognized by the apparatus as a verification token A Morgan Stanley customer registers their email address and/or mobile telephone number with the "Send Money" service. This registration is a write request, and the email/phone number is alleged to be the "verification token." ¶18 col. 14:32-43
b) authenticating the verification token of (a) using a database recognized by the apparatus of (a) as a verification token database The "Morgan Stanley App" uses a database to authenticate the user's email address and/or mobile telephone number. ¶20 col. 14:44-47
c) establishing an API communication between the apparatus of (a) and a database apparatus, the database apparatus being a different database from the verification token database of (b) wherein the API is related to a verified web service...wherein establishing the API communication requires a credential assigned to the apparatus of (a) The "Morgan Stanley App" establishes a connection to the Zelle service database via the Zelle services API. This Zelle database is alleged to be different from the Morgan Stanley database used for authentication. The connection uses a credential like a "Participant ID." ¶21 col. 14:48-59
d) requesting the metadata, from the apparatus of (a), from the API communication data exchange session of (c)... The "Send Money" service infringes by making a RESTful API call to the Zelle service database to request data, such as "CXCTokens." ¶22, ¶23 col. 15:60-65
e) receiving the metadata requested in (d) from the API communication data exchange session of (c) The service receives the "CXCTokens" from the Zelle service database in response to the request. ¶22, ¶23 col. 16:1-3
f) creating a computer readable authorization object by writing into the data store of (a) at least two of: the received verification data of (a); and the received metadata of (e); wherein the created computer readable authorization object is recognized...as user access rights...and is processed...using a cross-referencing action... The service creates the authorization object by writing the "enrolled" user verification data (email/phone) and the "enrolled" Zelle query data (CXCTokens) into the "Send Money data storage." This object is allegedly used for subsequent "send money" requests. ¶23, ¶8 col. 16:4-15
  • Identified Points of Contention:
    • Scope Questions: Can a financial transaction service ("Send Money") be said to involve a "user access request for cloud digital content" as required by the claim's preamble? The court will need to determine if the claim is limited to media/DRM contexts or if it can be read more broadly to cover financial data access.
    • Technical Questions: A significant question is whether the architecture of the Morgan Stanley App and the Zelle network maps onto the claim's specific structure. Does the app first authenticate a user against a Morgan Stanley database and then separately establish an API call to a "different" Zelle database to retrieve an identifier, as the claim requires? Or do these actions occur as part of a single, integrated transaction process?
    • Evidentiary Questions: The complaint alleges the service creates an "authorization object" by writing both the user's verification data and the Zelle-provided data into storage. Plaintiff will need to provide evidence that this specific combination and writing step actually occurs, rather than the data being handled transiently or stored separately.
    • Claim Language Discrepancy: The complaint quotes the original language of claim 1 (Compl. ¶23). However, a 2021 Certificate of Correction altered the claim, changing "query data" to "metadata" and, more critically, changing the requirement in step (f) from writing at least "one of" the data elements to writing at least "two of" them. This correction raises the bar for infringement, and the case may involve disputes over which version of the claim language applies or how the corrected language impacts the infringement read.

V. Key Claim Terms for Construction

  • The Term: "computer readable authorization object"

  • Context and Importance: This term defines the ultimate output of the claimed process. The infringement allegation hinges on equating the "enrolled" user data and Zelle tokens in the "Send Money data storage" with this claimed "object." Practitioners may focus on this term because its construction will determine whether a simple record of a user's enrollment status and associated identifiers meets the specific structural and functional requirements of the claimed "object," which is created by combining distinct data elements.

  • Intrinsic Evidence for Interpretation:

    • Evidence for a Broader Interpretation: The claim itself broadly defines the object by its creation process: "creating a computer readable authorization object by writing into the data store...at least two of: the received verification data...and the received metadata" (’308 Patent, col. 16:4-8). This could support an interpretation where any persistent data record created by this combination qualifies.
    • Evidence for a Narrower Interpretation: The specification discusses the object in the context of DRM and media files, and the "cross-referencing action" suggests a persistent object that is repeatedly consulted for access decisions (’308 Patent, col. 15:11-15). A defendant may argue this implies a more structured and specific data entity than a general user account record in a financial system.

  • The Term: "database apparatus being a different database from the verification token database"

  • Context and Importance: This limitation was identified by the PTO as part of the patent's "inventive concept" (Compl. ¶12). The plaintiff's theory requires proving that the Morgan Stanley authentication database is "different" from the Zelle service database. The definition of "different" is therefore critical.

  • Intrinsic Evidence for Interpretation:

    • Evidence for a Broader Interpretation: The specification provides no explicit definition of "different," which could support a plain meaning interpretation where any two databases that are technologically or administratively separate (e.g., operated by different entities like Morgan Stanley and Zelle) would meet the limitation.
    • Evidence for a Narrower Interpretation: A defendant may argue that "different" implies functional, not just physical or administrative, separation. If both databases are used as part of a single, indivisible authentication and transaction process, a court could be persuaded they do not function as "different" databases in the manner contemplated by the patent, which describes a two-step process of local authentication followed by a separate web service query.

VI. Other Allegations

The complaint does not contain allegations of indirect or willful infringement.

VII. Analyst’s Conclusion: Key Questions for the Case

  1. Definitional Scope: A central issue will be one of claim construction. Can the term "computer readable authorization object", developed in the context of digital media rights, be construed to cover the "enrolled" user profile and associated payment tokens within the accused financial transaction service? The outcome will depend on whether the court views the claim as being tied to its DRM origins or as a broader data security process.
  2. Architectural Mapping: A key factual and technical question is whether the accused Morgan Stanley/Zelle system embodies the specific two-database architecture required by the patent. The case will likely require a detailed examination of how user authentication and transaction authorization are actually processed to determine if there is a "verification token database" that is truly "different" from the "database apparatus" (the Zelle service) from which metadata is later retrieved.
  3. Impact of Claim Correction: The discrepancy between the claim language quoted in the 2019 complaint and the narrower, corrected language from 2021 will be a significant issue. A core evidentiary question will be whether the plaintiff can prove the accused system performs the corrected claim's more stringent step of creating an object by writing both the initial verification data and the metadata received from the Zelle API into a data store.