DCT
1:22-cv-09866
Alto Dynamics LLC v. Harry's Inc
I. Executive Summary and Procedural Information
- Parties & Counsel:
- Plaintiff: Alto Dynamics, LLC (Georgia)
- Defendant: Harry's, Inc. (Delaware)
- Plaintiff’s Counsel: Rozier Hardt McDonough PLLC
- Case Identification: 1:22-cv-09866, S.D.N.Y., 11/18/2022
- Venue Allegations: Plaintiff alleges venue is proper because Defendant maintains an established and regular place of business in the Southern District of New York and has committed acts of patent infringement in the district.
- Core Dispute: Plaintiff alleges that Defendant’s e-commerce website and its underlying functionalities for user activity tracking, state-less authentication, and data extraction infringe five U.S. patents.
- Technical Context: The patents relate to foundational technologies for e-commerce and web applications, including user session management, personalized content delivery via cookies, and automated data processing.
- Key Procedural History: The complaint does not mention any prior litigation, inter partes review proceedings, or licensing history concerning the asserted patents.
Case Timeline
| Date | Event |
|---|---|
| 2001-03-20 | U.S. Patent No. 6,662,190 Priority Date |
| 2001-04-19 | U.S. Patent No. 8,051,098 & 7,657,531 Priority Date |
| 2001-12-21 | U.S. Patent No. 7,392,160 & 7,152,018 Priority Date |
| 2003-12-09 | U.S. Patent No. 6,662,190 Issue Date |
| 2006-12-19 | U.S. Patent No. 7,152,018 Issue Date |
| 2008-06-24 | U.S. Patent No. 7,392,160 Issue Date |
| 2010-02-02 | U.S. Patent No. 7,657,531 Issue Date |
| 2011-11-01 | U.S. Patent No. 8,051,098 Issue Date |
| 2022-11-18 | Complaint Filing Date |
II. Technology and Patent(s)-in-Suit Analysis
U.S. Patent No. 7,392,160 - "System and Method for Monitoring Usage Patterns," issued June 24, 2008
The Invention Explained
- Problem Addressed: The patent addresses the challenge of personalizing web content for users without relying on unique, persistent user identifiers (like traditional tracking cookies), which can raise privacy concerns and be incompatible with performance-enhancing tools like web caches (Compl. ¶19; ’160 Patent, col. 2:1-21).
- The Patented Solution: The invention proposes a method where a "state object" (e.g., a cookie) containing a "profile" of the user's activities—rather than just a unique ID—is stored on the user's client machine. This state object is passed to the server with each interaction. The server then "audits" this profile and "performs analysis" on it to deliver tailored content or services back to the client, enabling personalization based on aggregate behavior rather than a specific identity (’160 Patent, col. 3:4-7, col. 4:3-7).
- Technical Importance: This approach provided a method for session management and content personalization that could function in a more "stateless" manner, potentially enhancing user anonymity and system scalability.
Key Claims at a Glance
- The complaint asserts at least independent claim 1 (Compl. ¶22).
- The essential elements of independent claim 1 include:
- Providing a state object with a profile of user usage.
- Storing the state object on the client.
- Passing the state object to a central server with each interaction.
- Receiving the state object back from the server.
- Modifying the profile to reflect the interaction.
- The central server auditing the passed state object/profile.
- The central server performing analysis on the audited profile to direct services/information to the client.
- The complaint does not explicitly reserve the right to assert dependent claims for this patent.
U.S. Patent No. 8,051,098 - "Systems and Methods for State-Less Authentication," issued November 1, 2011
The Invention Explained
- Problem Addressed: The patent describes the inefficiency of "state-full" authentication systems where a user must repeatedly log in to access different program objects or resources within a distributed system, imposing a burden on both the user and system resources (’098 Patent, col. 2:10-24).
- The Patented Solution: The invention discloses a method where a user establishes a single, temporary, secure communication session with a "logon component." During this session, the user's credentials are verified once, and a "security context" is generated. This security context is a portable, state-less token containing all necessary authorization information. The user can then present this security context to access multiple different resources without any "follow-on authorization communications" with the original logon component, enabling seamless and efficient access across a distributed environment (’098 Patent, col. 1:40-54, col. 5:10-21).
- Technical Importance: This technology aimed to solve a key usability and architectural problem in secure, distributed systems by decoupling the act of authentication from the act of accessing a resource.
Key Claims at a Glance
- The complaint asserts at least independent claim 1 (Compl. ¶39).
- The essential elements of independent claim 1 include:
- Establishing a secure, temporary, interactive communication session between a user device and a logon component.
- Verifying logon information provided by the user during that session.
- Responsively generating a security context that is unique to the user.
- The security context being necessary to access a plurality of resources "without requiring any follow-on authorization communications between the accessed resource and the logon component."
- The complaint does not explicitly reserve the right to assert dependent claims for this patent.
U.S. Patent No. 6,662,190 - "Learning Automatic Data Extraction System," issued December 9, 2003
- Technology Synopsis: The patent describes a system for automatically extracting structured data (records) from unstructured text. Its key innovation is the ability to "glean" and "learn" new attribute values that are not in its pre-existing vocabulary by deducing them from the structure and context of the source text, thereby improving its own vocabulary over time (’190 Patent, Abstract).
- Asserted Claims: At least independent claim 1 (Compl. ¶49).
- Accused Features: The complaint accuses the functionality for processing résumés uploaded to Defendant's platform (Compl. ¶48, ¶50).
U.S. Patent No. 7,152,018 - "System and Method for Monitoring Usage Patterns," issued December 19, 2006
- Technology Synopsis: This patent, a parent to the ’160 Patent, also describes a method of monitoring user behavior using a state object (cookie) containing a profile. The key distinction in its independent claim is the focus on the profile being modified by scripts or programs executed on the client location, which "preclud[es] manipulation of the profile by the server." This client-side modification enables the system to work with web caches (’018 Patent, Abstract; Claim 1).
- Asserted Claims: At least independent claim 1 (Compl. ¶59).
- Accused Features: The complaint accuses Defendant’s use of cookies to track user activities and preferences on its online sales platform (Compl. ¶58, ¶60).
U.S. Patent No. 7,657,531 - "Systems and Methods for State-Less Authentication," issued February 2, 2010
- Technology Synopsis: This patent, related to the ’098 Patent, also describes state-less authentication via a portable security context. The independent claim focuses specifically on a method for renewing an existing security context. The method involves receiving the existing context, comparing its expiration time to the current time, and generating an updated context if needed (’531 Patent, Claim 1).
- Asserted Claims: At least independent claim 1 (Compl. ¶76).
- Accused Features: The complaint accuses Defendant’s website and user authentication systems, such as user login processes and secured sessions (Compl. ¶75, ¶77).
III. The Accused Instrumentality
- Product Identification: The accused instrumentalities are the website https://www.harrys.com/en/us and its associated hardware, software, and backend systems (Compl. ¶14).
- Functionality and Market Context: The complaint alleges that the accused website provides several infringing functionalities. These include an online sales platform that tracks user activities and preferences through the use of cookies; a user authentication system that employs login processes and secure sessions; and an automated job application feature that processes uploaded résumés (Compl. ¶14). The complaint references exhibits depicting the "Harry's – Login" page, "Harry's – Privacy Policy," and "Harry's – Automated Job Application Feature" as evidence of these functionalities (Compl. ¶14 n.1). The complaint does not provide specific allegations regarding the product's commercial importance beyond its function as an online sales platform.
IV. Analysis of Infringement Allegations
U.S. Patent No. 7,392,160 Infringement Allegations
| Claim Element (from Independent Claim 1) | Alleged Infringing Functionality | Complaint Citation | Patent Citation |
|---|---|---|---|
| a method for monitoring user usage patterns of a system, comprising the steps providing at least one state object, the object including a profile representative of user usage | Defendant's system tracks user activities and preferences, for example, using cookies that contain a profile of user usage. | ¶23 | col. 4:3-4 |
| storing the state object at a client location | The user's browser stores the cookie (state object) at the client location. | ¶23 | col. 4:5 |
| passing, to a central server, the state object with each subsequent interaction initiation | The user's browser passes the cookie back to Harry's central server with subsequent requests. | ¶23 | col. 4:6-7 |
| receiving, from the central server, the state object along with the response of the central server | The user's browser receives the cookie along with the server's response (e.g., a web page). | ¶23 | col. 4:8-9 |
| wherein the profile is modified to reflect the interaction between the client location and the central server | The profile within the cookie is modified to reflect the user's interaction with the website. | ¶23 | col. 4:10-12 |
| wherein the central server audits the state object/profile passed to it, and performs analysis on the audited profile in order to direct services and/or information suited to the profile to the client location | Harry's central server audits the received cookie/profile and performs analysis on it to direct services or information, such as personalized content, back to the user. | ¶23 | col. 4:13-17 |
- Identified Points of Contention:
- Scope Question: A central question may be whether standard e-commerce cookies, which often contain session IDs or basic preference flags, meet the claim requirement of a "profile representative of user usage."
- Technical Question: The infringement allegation hinges on the specific nature of the server-side processing. What evidence does the complaint provide that the server performs an "audit" and "analysis" on the cookie profile specifically "in order to direct services," as opposed to general logging or analytics for internal business intelligence?
U.S. Patent No. 8,051,098 Infringement Allegations
| Claim Element (from Independent Claim 1) | Alleged Infringing Functionality | Complaint Citation | Patent Citation |
|---|---|---|---|
| establishing a secure communication session between a user computing device and a logon component, wherein the secure communication session comprises a temporary, interactive information exchange that is set up and then torn down | The Accused Instrumentalities provide for "user login processes and secured sessions," which constitutes a temporary, secure session. | ¶40 | col. 9:15-20 |
| verifying logon information provided by the user computing device to the logon component using the secure communication session | Harry's system verifies the user's login information during the secure session. | ¶40 | col. 9:21-24 |
| and responsively generating a security context to be employed by the user computing device that is unique to a user of the user computing device | In response to a successful login, the system generates a security context (e.g., a session token) unique to that user. | ¶40 | col. 9:24-28 |
| and necessary to access any of the plurality of resources without requiring any follow-on authorization communications between the accessed resource and the logon component | The generated security context allows the user to access various resources on the site without requiring further authorization communications with the logon component for each access. | ¶40 | col. 9:28-33 |
- Identified Points of Contention:
- Scope Question: Does a standard web session token, generated after a user logs in, constitute a "security context" as claimed?
- Technical Question: The critical limitation is "without requiring any follow-on authorization communications." The case may turn on whether Harry's system architecture truly eliminates all such communications with the logon component after the initial context is issued, or if there are, for example, periodic checks or other interactions that would fall outside the claim's scope.
V. Key Claim Terms for Construction
For the ’160 Patent:
- The Term: "audits the state object/profile"
- Context and Importance: This term appears central to distinguishing the invention from merely receiving and storing a cookie. The definition of "audits" will likely determine whether Defendant's server-side processing of cookie data constitutes infringement. Practitioners may focus on this term because its construction could require a specific type of analysis beyond simple data logging.
- Intrinsic Evidence for Interpretation:
- Evidence for a Broader Interpretation: The specification does not provide a specific definition, which may support an argument for applying its plain and ordinary meaning. The related ’018 patent notes that user information "can also be collected and audited during the HTTP transfer" without further defining the term, suggesting it can be a general part of the process (’018 Patent, col. 2:60-63).
- Evidence for a Narrower Interpretation: The full claim limitation requires the server to "audit[] the state object/profile passed to it, and performs analysis on the audited profile in order to direct services..." (’160 Patent, col. 4:13-17). This linkage suggests "audits" is not a passive step but is part of an active process of analysis for the direct purpose of tailoring a response to the user.
For the ’098 Patent:
- The Term: "without requiring any follow-on authorization communications between the accessed resource and the logon component"
- Context and Importance: This phrase captures the core "state-less" benefit of the invention. Infringement will depend on whether Harry's system, after issuing an initial session token, truly operates without any further checks back to the central authentication authority.
- Intrinsic Evidence for Interpretation:
- Evidence for a Broader Interpretation: A party might argue this phrase only prohibits a full, per-request re-authentication, while still permitting lower-level communications like session validity checks or heartbeats that do not re-verify the user's identity from scratch.
- Evidence for a Narrower Interpretation: The patent background criticizes state-full systems that require repeated logons, and the solution is a portable "security context" that makes such re-engagement unnecessary (’098 Patent, col. 2:10-24, col. 5:15-21). This context may support an interpretation that any communication back to the logon component for authorization purposes is precluded for the life of the security context.
VI. Other Allegations
- Indirect Infringement: The complaint alleges induced and contributory infringement for the ’160 and ’018 patents. The inducement claims are based on allegations that Defendant provides instructions and encourages customers and end-users to use the accused website in an infringing manner (Compl. ¶24, ¶61). The contributory infringement claims allege that the accused systems have special features (e.g., the method of claim 1) that are not staple articles of commerce and have no substantial non-infringing uses (Compl. ¶25, ¶62).
- Willful Infringement: The complaint alleges willful infringement of the ’160 and ’018 patents. The allegations are based on knowledge of the patents as of the filing of the complaint and an alleged "policy or practice of not reviewing the patents of others," which Plaintiff characterizes as willful blindness (Compl. ¶26-29, ¶63-66).
VII. Analyst’s Conclusion: Key Questions for the Case
- A core issue will be one of definitional scope: can terms rooted in specific technical solutions, such as a server that "audits" a user profile (’160 patent) or an authentication system that requires no "follow-on authorization communications" (’098 patent), be construed to cover the common, general-purpose functionalities of a modern e-commerce website? The resolution of these claim construction questions may be determinative.
- A key evidentiary question will be one of technical implementation: beyond the public-facing features of the website, what are the actual data flows and logical processes within Defendant's backend systems? The complaint's allegations for data extraction (’190 patent) and security context renewal (’531 patent) will require discovery to determine if the specific, multi-step methods recited in the claims are actually practiced by the accused instrumentalities.