DCT

1:19-cv-03278

Grecia v. Samsung Electronics America Inc

Log In

I. Executive Summary and Procedural Information

  • Parties & Counsel:
  • Case Identification: 1:19-cv-03278, S.D.N.Y., 07/05/2019
  • Venue Allegations: Venue is alleged to be proper based on Defendant’s continuous and systematic business and corporate offices within the Southern District of New York.
  • Core Dispute: Plaintiff alleges that Defendant’s Samsung Pay mobile payment service infringes a patent related to transforming a user access request for digital content into a secure authorization object.
  • Technical Context: The technology concerns digital rights management (DRM), specifically methods for authenticating users and managing access to digital assets across multiple devices by linking access rights to a web-based identity rather than a specific piece of hardware.
  • Key Procedural History: The complaint highlights significant history for the patent-in-suit. The U.S. Patent and Trademark Office denied three separate petitions for inter partes review (IPR) against the patent. Additionally, certain key claim terms were previously construed by the S.D.N.Y. in a separate case, Grecia v. Mastercard Int'l Inc. This history may influence how the court approaches issues of patent validity and claim construction in the current case.

Case Timeline

Date Event
2010-03-21 '308 Patent Priority Date
2014-11-11 '308 Patent Issue Date
2016-08-30 USPTO denies IPR petition from Unified Patents
2017-01-19 USPTO denies IPR petition from DISH Network
2017-07-03 USPTO denies IPR petition from Mastercard
2018-09-08 Claim construction order issued in Grecia v. Mastercard
2018-09-10 Plaintiff provides Defendant with notice of infringement
2019-07-05 Amended Complaint Filing Date

II. Technology and Patent(s)-in-Suit Analysis

U.S. Patent No. 8,887,308 - “Digital Cloud Access (PDMAS Part III)”

  • Patent Identification: U.S. Patent No. 8,887,308, “Digital Cloud Access (PDMAS Part III),” issued November 11, 2014.

The Invention Explained

  • Problem Addressed: The patent describes the limitations of traditional Digital Rights Management (DRM) systems, which often lock digital content to specific devices, restrict sharing, and rely on provider-maintained servers that can be discontinued, causing consumers to lose access to purchased media ('308 Patent, col. 2:38-60).
  • The Patented Solution: The invention discloses a process to create a more flexible and user-centric DRM system. It transforms a user's request for "cloud digital content" into a "computer readable authorization object" by a multi-step process: (1) receiving an initial access request with a "verification token," (2) authenticating that token, (3) establishing a secure API communication with a "verified web service" (e.g., a social media platform), (4) using that API to request and receive metadata associated with the user's web service account (e.g., a unique user ID), and (5) creating a final authorization object on the user's device that combines the initial verification data and the web service metadata ('308 Patent, Abstract; Fig. 3; col. 14:31-15:14). This object then governs access rights, tying them to the user's identity rather than a single device.
  • Technical Importance: This method aimed to provide "unlimited interoperability" for digital media, allowing users to access their content on various devices and share it in a manner analogous to the "fair use" of physical media like CDs or DVDs ('308 Patent, col. 3:1-10).

Key Claims at a Glance

  • The complaint asserts independent claim 1.
  • The essential elements of Claim 1 (as corrected by a 2021 Certificate of Correction) include:
    • a) receiving an access request for cloud digital content, the request including verification data recognized as a verification token.
    • b) authenticating the verification token using a verification token database.
    • c) establishing an API communication with a separate database apparatus (a "verified web service") using a credential.
    • d) requesting metadata from the verified web service via the API.
    • e) receiving the requested metadata from the API session.
    • f) creating a computer readable authorization object by writing at least two of the verification data and the received metadata to a data store, which is then used to control future access.
  • The complaint does not explicitly reserve the right to assert dependent claims.

III. The Accused Instrumentality

Product Identification

  • The accused instrumentality is the Samsung Pay application, including its associated software, hardware, and firmware (Compl. ¶18-20).

Functionality and Market Context

  • The complaint alleges that Samsung Pay is a mobile payment service that allows users to make purchases (Compl. ¶17). Functionally, a user enters their credit card account number into the application. The system then communicates with a "Samsung Token Requestor" via an API to transform the credit card number into a secure "payment token" (an "EMV Token") that is stored on the user's device. This token is then used to authorize financial transactions (Compl. ¶17, 20-22).

IV. Analysis of Infringement Allegations

No probative visual evidence provided in complaint.

'308 Patent Infringement Allegations

Claim Element (from Independent Claim 1, as corrected) Alleged Infringing Functionality Complaint Citation Patent Citation
a) receiving an access request for cloud digital content... wherein the verification data is recognized by the apparatus as a verification token... Samsung Pay receives an access request when a user enters their credit card account number, which is alleged to be the "verification token." ¶18 col. 14:34-44
b) authenticating the verification token of (a) using a database recognized by the apparatus of (a) as a verification token database... The Samsung Pay application authenticates the user's credit card number using a database of supported credit card issuers. ¶19 col. 14:45-47
c) establishing an API communication between the apparatus of (a) and a database apparatus... wherein the API is related to a verified web service... Samsung Pay establishes a connection to the Samsung Token Requestor using a Token Service API, which is alleged to be the "verified web service." ¶20 col. 14:48-62
d) requesting the metadata... from the API communication data exchange session... Samsung Pay requests a tokenized card number (the "EMV Token") from the Samsung Token Requestor API. The complaint refers to this as "query data." ¶21 col. 14:63-15:2
e) receiving the metadata requested in (d) from the API communication data exchange session... Samsung Pay receives the tokenized card number (the "EMV Token") from the Samsung Token Requestor API. The complaint refers to this as "query data." ¶21 col. 14:63-15:2
f) creating a computer readable authorization object by writing into the data store of (a) at least two of: the received verification data of (a); and the received metadata of (e)... Samsung Pay writes the received EMV Token to the user's device storage, which is alleged to be the "computer readable authorization object." ¶22 col. 15:3-14
  • Identified Points of Contention:
    • Scope Questions: A central issue will be whether the scope of the patent, which focuses on managing access to "digital content," extends to the financial transaction tokenization performed by Samsung Pay. Does a "credit card number" constitute "cloud digital content" and is a "payment token" a "computer readable authorization object" for accessing that content, as those terms are used in the patent?
    • Technical Questions: The complaint alleges that requesting and receiving an "EMV Token" satisfies the claim's requirement for requesting and receiving "metadata." A key technical question is whether a payment token, which is a substitute for primary account data, functions as "metadata" (data describing other data) as required by the corrected claim.
    • Evidentiary Questions: The corrected claim requires creating the authorization object by writing at least two specified data elements to storage. The complaint alleges that Samsung Pay writes the EMV Token to storage (Compl. ¶22) but does not explicitly allege that it also writes the original "verification data" (the credit card number) as part of the same creation step, raising a question of whether the pleading fully maps to this limitation.

V. Key Claim Terms for Construction

  • The Term: "cloud digital content"

    • Context and Importance: The complaint notes this term was previously construed in a related case as "data capable of being processed by a computer" (Compl. ¶7). This broad definition is critical for the Plaintiff's theory that a credit card number falls within the claim's scope. The defense may argue that in the context of the patent specification, the term is implicitly limited to media files like music and video.
    • Intrinsic Evidence for Interpretation:
      • Evidence for a Broader Interpretation: The plain language of the prior construction is very broad. The term "data" itself is not inherently limited to media.
      • Evidence for a Narrower Interpretation: The patent's "Background" and "Detailed Description" sections repeatedly frame the invention in the context of DRM for "music and video files," "media asset," and "e-books," which could support an argument that the term's scope should be read in light of these specific examples ('308 Patent, col. 2:1-22).

  • The Term: "metadata"

    • Context and Importance: This term is central because of the 2021 Certificate of Correction, which replaced "query data" with "metadata." Plaintiff alleges that the "EMV Token" is the claimed "metadata" (Compl. ¶21, referring to it as "query data"). Practitioners may focus on this term because the case may turn on whether a financial payment token can be properly classified as metadata.
    • Intrinsic Evidence for Interpretation:
      • Evidence for a Broader Interpretation: The patent does not provide an explicit definition of "metadata." Plaintiff may argue that since the EMV token relates to and stands in for the primary account number, it functions as a form of metadata in the context of the transaction authorization process.
      • Evidence for a Narrower Interpretation: The specification discusses "metadata" in a more conventional sense, such as "metadata area of a delivered file format" ('308 Patent, col. 2:21-22) or using Facebook IDs (FBIDs) and MAC addresses as identifiers written to metadata ('308 Patent, col. 13:28-32). This could support a narrower definition that excludes a primary transactional token like an EMV token.

VI. Other Allegations

  • Willful Infringement: The complaint alleges willful infringement based on pre-suit knowledge. It states that on September 10, 2018, the Plaintiff "forwarded to Samsung a claim chart setting forth how Samsung Pay infringes claim 1 of the ’308 patent" and offered a license, which Samsung allegedly rejected (Compl. ¶23).

VII. Analyst’s Conclusion: Key Questions for the Case

The dispute appears to hinge on fundamental questions of claim scope and technical applicability. The key issues for the court will likely be:

  1. A core issue will be one of definitional scope: can the term "cloud digital content", which was developed in the context of digital media rights management (DRM), be construed to cover financial account data, and can a "computer readable authorization object" for managing access to that content be read to cover a payment token used to execute a financial transaction?

  2. A key evidentiary question will be one of technical classification: is the "EMV Token" generated by Samsung Pay properly classified as "metadata" as required by the corrected claim language, or is it primary data that falls outside the claim? The complaint's reliance on the patent's original "query data" language highlights this as a central point of contention.

  3. A final question will be one of functional congruence: does the process of tokenizing a credit card number for a financial payment (the accused conduct) embody the same inventive concept as the patent's disclosed process for creating a persistent, user-linked authorization object to manage access and sharing rights for digital media?