DCT

1:19-cv-02813

Grecia v. TIAA FSB Member Fdic

Log In

I. Executive Summary and Procedural Information

  • Parties & Counsel:
  • Case Identification: 1:19-cv-02813, S.D.N.Y., 07/05/2019
  • Venue Allegations: Plaintiff asserts venue is proper in the Southern District of New York because Defendant TIAA Bank maintains corporate offices and conducts continuous and systematic business in the district.
  • Core Dispute: Plaintiff alleges that Defendant’s "Send Money" mobile banking service, which utilizes the Zelle network, infringes a patent related to a process for transforming a user access request for cloud digital content into a computer readable authorization object.
  • Technical Context: The technology at issue involves methods for authenticating users and managing access to digital assets or services through API communications between distinct systems, using tokens and web service identifiers.
  • Key Procedural History: The complaint notes that in a prior case, Grecia v. Mastercard Int'l Inc., the court construed several key claim terms. It also states that the U.S. Patent and Trademark Office has denied three separate petitions for inter partes review (IPR) against the patent-in-suit, with the complaint asserting these decisions affirmed the patent’s "inventive concept." A Certificate of Correction was issued for the patent, amending several instances of "query data" in the asserted claim to "metadata."

Case Timeline

Date Event
2010-03-21 ’308 Patent Priority Date
2014-11-11 ’308 Patent Issue Date
2016-08-30 USPTO upholds patent validity over prior art in IPR proceeding (Unified Patents)
2017-01-19 USPTO upholds patent validity over prior art in IPR proceeding (DISH Network)
2017-07-03 USPTO upholds patent validity over prior art in IPR proceeding (Mastercard)
2018-09-08 Claim construction order entered in Grecia v. Mastercard Int'l Inc.
2019-07-05 Amended Complaint Filing Date
2021-07-13 Certificate of Correction for '308 Patent Issued

II. Technology and Patent(s)-in-Suit Analysis

  • Patent Identification: U.S. Patent No. 8,887,308, "DIGITAL CLOUD ACCESS (PDMAS PART III)," issued November 11, 2014.
  • The Invention Explained:
    • Problem Addressed: The patent’s background section describes the limitations of traditional Digital Rights Management (DRM) systems, which often lack interoperability across different manufacturers' devices and can cause consumers to lose access to purchased content if a provider ceases services or a device fails ('308 Patent, col. 2:38-67). The stated goal is to provide "unlimited interoperability" and protect "fair use" rights for consumers ('308 Patent, col. 3:1-9).
    • The Patented Solution: The invention describes a process to manage access to digital content by decoupling authorization from a specific device. It uses an "apparatus" (e.g., a software application) to receive a user request containing a "verification token" (e.g., an email address). This token is authenticated against a first database. The apparatus then establishes an API communication with a second, different "database apparatus" associated with a "verified web service" (e.g., a membership system) to obtain an account identifier. Finally, it creates a "computer readable authorization object" by storing the user's verification data and the account identifier, which is then used to manage access rights during subsequent requests ('308 Patent, Abstract; col. 14:31-15:15).
    • Technical Importance: The described process reflects a move away from device-locked DRM towards a more flexible, web-centric authentication model where a user's identity, verified through a third-party service, becomes the key to accessing content across multiple platforms ('308 Patent, col. 9:4-8).
  • Key Claims at a Glance:
    • The complaint asserts direct infringement of independent Claim 1 ('308 Patent, Prayer for Relief ¶(a)).
    • Independent Claim 1, as corrected, recites the essential steps:
      • (a) receiving an access request for cloud digital content through an apparatus, with the request including verification data recognized as a "verification token";
      • (b) authenticating the verification token using a "verification token database";
      • (c) establishing an API communication between the apparatus and a different "database apparatus" related to a "verified web service" using a credential to create a data exchange session for at least one "verified web service account identifier";
      • (d) requesting the "metadata" from the API communication data exchange session;
      • (e) receiving the requested "metadata"; and
      • (f) creating a "computer readable authorization object" by writing the verification data and received metadata to a data store, which is later processed via a cross-referencing action to determine user access permission.

III. The Accused Instrumentality

  • Product Identification: The accused instrumentality is TIAA Bank's "Send Money" service, as implemented in the "TIAA App" and which uses the Zelle network (Compl. ¶¶17-18).
  • Functionality and Market Context: The complaint alleges that a user initiates a transaction by registering for the Send Money service within the TIAA App using their email address or mobile number (Compl. ¶18). The TIAA App allegedly authenticates this information against a TIAA database (Compl. ¶20). It then establishes an API connection with the Zelle service, which the complaint identifies as a separate database and a "verified web service" (Compl. ¶21). Through this API, the app allegedly requests and receives data identified as "CXCTokens" (Compl. ¶22). The complaint provides a specific example of the API call structure used in this process (Compl. ¶22). This process is alleged to create an authorization object stored by the Send Money service to enable subsequent financial transactions (Compl. ¶23). The complaint quotes from an exhibit to assert that "Zelle is offered directly within the TIAA mobile app," positioning it as an integrated feature of TIAA's mobile banking platform (Compl. ¶19, ¶23).

IV. Analysis of Infringement Allegations

’308 Patent Infringement Allegations

Claim Element (from Independent Claim 1, as corrected) Alleged Infringing Functionality - Complaint Citation Patent Citation
a) receiving an access request for cloud digital content through an apparatus... wherein the access request further comprises verification data... recognized by the apparatus as a verification token... The TIAA App ("the apparatus") receives a write request to access "Zelle cloud digital financial account data" when a customer registers their email address and mobile telephone number, which is the "verification token." ¶18 col. 14:31-43
b) authenticating the verification token of (a) using a database recognized by the apparatus of (a) as a verification token database... TIAA Bank uses its own database to authenticate the user's email address and mobile telephone number. - ¶20 col. 14:44-47
c) establishing an API communication between the apparatus of (a) and a database apparatus, the database apparatus being a different database from the verification token database... The TIAA App establishes an API connection to the Zelle service database, which is alleged to be different from the TIAA authentication database, using a credential such as a "Participant ID." - ¶21 col. 14:48-62
d) requesting the metadata, from the apparatus of (a), from the API communication data exchange session of (c)... The TIAA App requests "CXCTokens" from the Zelle service database. The complaint alleges this is a request for "query data." A visual example of the API call is provided as https://<servername:serverport>/fxh/svc/cxctokens/{key}. ¶22 col. 14:63-67
e) receiving the metadata requested in (d) from the API communication data exchange session of (c)... The TIAA App receives the requested "CXCTokens" from the Zelle service. The complaint alleges this is receipt of "query data." - ¶22 col. 15:1-2
f) creating a computer readable authorization object by writing into the data store of (a)... the received verification data of (a); and the received metadata of (e)... The TIAA App creates an authorization object by writing the enrolled user verification data and the enrolled Zelle data ("CXCTokens") into the "Send Money data storage," which is then used for cross-referencing in subsequent transactions. ¶23 col. 15:3-15
  • Identified Points of Contention:
    • Scope Questions: A primary question is whether authorizing a financial transaction constitutes a process for accessing "cloud digital content" as that term is used in the patent. The defense may argue the patent's context, which is focused on media DRM, does not extend to financial account data and payment services.
    • Technical Questions: The infringement read depends on whether the TIAA and Zelle systems function as the distinct, separate databases required by the claim. A factual dispute may arise over whether the "CXCTokens" allegedly transferred from Zelle constitute a "verified web service account identifier" and, more critically, whether they qualify as "metadata" under the corrected claim language.
    • Legal Questions: The complaint consistently alleges infringement based on steps involving "query data" (Compl. ¶¶12, 22), but the patent's Certificate of Correction amends this term to "metadata" in the asserted claim. This discrepancy raises the question of whether the plaintiff has adequately pleaded infringement of the actual, corrected claim.

V. Key Claim Terms for Construction

  • The Term: "cloud digital content"

  • Context and Importance: This term defines the subject matter of the access request and is foundational to the claim's scope. Its construction will determine whether the patent can be applied beyond the media DRM context described in its background to the financial transaction services of the accused product.

  • Intrinsic Evidence for Interpretation:

    • Evidence for a Broader Interpretation: The term is not explicitly defined or limited in the specification, and the claims themselves do not restrict it to a particular type of content. Plaintiff alleges the accused service involves "Zelle cloud digital financial account data," arguing this falls within a broad reading of the term (Compl. ¶18).
    • Evidence for a Narrower Interpretation: The "Description of the Prior Art" section focuses entirely on DRM for "music and video files," "e-books," and "computer games" ('308 Patent, col. 2:1-24). This context suggests "digital content" may be construed more narrowly to mean consumable media rather than transactional financial data.

  • The Term: "metadata" (corrected from "query data")

  • Context and Importance: This is the information requested from the secondary "database apparatus" (allegedly the Zelle service) and used to create the authorization object. As the subject of a formal correction, its meaning is critical. The case may depend on whether the accused "CXCTokens" (Compl. ¶22) meet the definition of "metadata."

  • Intrinsic Evidence for Interpretation:

    • Evidence for a Broader Interpretation: The specification provides a broad definition: metadata "‘describe[s] other data’" and can include information like "how large the picture is, the color depth, the image resolution, when the image was created, and other data" ('308 Patent, col. 13:20-24). Plaintiff may argue that a transaction token like a "CXCToken" is data that describes or enables access to other data (the financial account), thus qualifying as metadata.
    • Evidence for a Narrower Interpretation: The examples provided in the specification are descriptive attributes of a media file. A party could argue that "metadata" should be limited to such descriptive information, as opposed to a functional, ephemeral authorization token used to execute a financial transfer. The very act of correcting the claim from the broader "query data" could be argued to imply an intent to narrow the scope to descriptive data.

VI. Other Allegations

  • Indirect Infringement: The complaint does not include allegations of indirect or induced infringement. It alleges that "Defendant TIAA Bank is the party that practices the steps" of the claimed method, which is a claim of direct infringement (Compl. ¶22).
  • Willful Infringement: The complaint does not contain an explicit allegation of willful infringement.

VII. Analyst’s Conclusion: Key Questions for the Case

  • A core issue will be one of definitional scope: can the term "cloud digital content," which is rooted in the patent's discussion of media DRM, be construed to cover the authorization of financial transactions in the accused TIAA "Send Money" service? This may implicate not only claim construction but also questions of patentable subject matter.
  • A key legal and evidentiary question will be the impact of the Certificate of Correction: the complaint alleges infringement based on the transfer of "query data," while the patent's corrected claim requires the transfer of "metadata." The case will likely hinge on whether the "CXCTokens" at issue can be properly characterized as "metadata" and whether the plaintiff's pleading is sufficient in light of this discrepancy.
  • A central factual question will be one of architectural correspondence: does the interaction between the TIAA App, its internal databases, and the external Zelle network precisely mirror the three-part system recited in Claim 1, which requires a distinct "apparatus," "verification token database," and "database apparatus"? The technical details of the data flow and system boundaries will be subject to intense scrutiny.