DCT

1:24-cv-08582

EasyWeb Innovations LLC v. Bitpay Inc

Log In
Key Events
Complaint
complaint

I. Executive Summary and Procedural Information

  • Parties & Counsel:
  • Case Identification: 1:24-cv-08582, S.D.N.Y., 11/12/2024
  • Venue Allegations: Plaintiff alleges venue is proper in the Southern District of New York because Defendant conducts systematic business in the district, a substantial part of the events giving rise to the claim occurred there, and Defendant’s Chief Compliance Officer resides and maintains an office in New York.
  • Core Dispute: Plaintiff alleges that Defendant’s cryptocurrency platform, which allows users to select between different levels of account security, infringes a patent related to user-selectable, multi-level authorization methods.
  • Technical Context: The technology concerns customizable computer access security, allowing individual users of a multi-user system to choose the strength of their own authentication method, a key feature in modern online services.
  • Key Procedural History: The complaint notes that during prosecution, the patent-in-suit overcame a 35 U.S.C. § 101 rejection by arguing that providing per-user selectable security schemes was a concrete, unconventional improvement over the rigid, system-wide security architectures common at the time of the invention.

Case Timeline

Date Event
1999-03-11 ’905 Patent Priority Date (from Provisional App. 60/123,821)
2015-08-05 Defendant initially filed with the New York Department of State
2016-05-03 ’905 Patent Continuation Application Filed
2018-10-30 ’905 Patent Issued
2019-04-02 Date of Accused Product Screenshots
2019-01-01 Alleged Infringement Start Date ("since at least 2019")
2023-03-16 Defendant settled with NYDFS over compliance issues
2024-11-12 Complaint Filing Date

II. Technology and Patent(s)-in-Suit Analysis

U.S. Patent No. 10,114,905 - “Individual User Selectable Multi-Level Authorization Method for Accessing a Computer System”

  • Patent Identification: U.S. Patent No. 10,114,905, “Individual User Selectable Multi-Level Authorization Method for Accessing a Computer System,” issued October 30, 2018.

The Invention Explained

  • Problem Addressed: At the time of the invention, computer access security was typically rigid and system-wide, forcing all users of a system to use a single, pre-programmed authorization method without the ability to choose an alternative (Compl. ¶20). The patent describes prior art systems for on-demand publishing (e.g., via fax or telephone) as cumbersome or insecure (’905 Patent, col. 1:38-67).
  • The Patented Solution: The invention is a method and system that allows different users of the same computer system to select their own security scheme from a plurality of options. This allows one user to opt for a simpler, more convenient access method while another user on the same system can choose a more secure method requiring additional identification information (’905 Patent, Abstract; col. 46:1-9). The user's selection is then stored with their account and used to manage their subsequent access to the system (Compl. ¶21).
  • Technical Importance: The invention provided a user-centric approach to security, allowing individuals to balance convenience and security based on personal preference rather than being subject to a single, system-wide mandate (Compl. ¶18).

Key Claims at a Glance

  • The complaint asserts infringement of claims 1-20, which includes dependent claims (Compl. ¶41). The lead independent claims are 1 and 9.
  • Independent Claim 1 (a method) includes the following essential elements:
    • Providing a plurality of security schemes, where a first scheme requires a specific number of identification information and a second scheme requires additional identification information.
    • Prompting a user to select a particular security scheme.
    • Storing the user's selection as a preference in the user's storage area.
    • Authorizing the user to access the computer system when the selected security scheme is satisfied.
  • Independent Claim 9 (a method) includes the following essential elements:
    • Providing a computer system with a plurality of user accounts.
    • For a first user, prompting for and storing a selection of a first security scheme.
    • For a second user, prompting for and storing a selection of a second security scheme.
    • The first and second security schemes require a different number of identification information to be satisfied.
    • Authorizing the first or second user upon satisfaction of their respective selected scheme.

III. The Accused Instrumentality

Product Identification

  • The BitPay Website and Desktop/Mobile Applications ("Accused Products") (Compl. ¶29).

Functionality and Market Context

  • The Accused Products provide a platform for users to "buy, store, swap and spend cryptocurrency" (Compl. ¶29). The complaint alleges that the platform allows users to customize their account access security. Specifically, users can choose between a standard security scheme using an email and password, or a more secure two-factor authentication scheme that requires an additional piece of identification—a two-factor authentication code from an app like Google Authenticator or Authy (Compl. ¶¶30, 36). A screenshot from April 2, 2019 shows a user interface for enabling this two-factor security (Compl. p. 10). Another screenshot shows the interface after two-factor security has been enabled, presenting the user with an option to disable it (Compl. p. 11).

IV. Analysis of Infringement Allegations

’905 Patent Infringement Allegations

Claim Element (from Independent Claim 1) Alleged Infringing Functionality Complaint Citation Patent Citation
prompting the particular user of the computer system for a selection of a particular security scheme from among the plurality of security schemes The Accused Products prompt users to select a security scheme through a user interface offering a security settings prompt. A provided screenshot shows an "Edit User Security" page for this purpose. ¶33, p. 10 col. 26:62-66
wherein first of the plurality of security schemes requires a specific number of identification information to authorize the particular user, and a second of the plurality of security schemes requires additional identification information beyond that of the first scheme The platform offers a first scheme requiring two pieces of information (email and password) and a second scheme requiring those two plus a third piece of information (a two-factor authentication code). ¶¶35, 36 col. 45:29-34
storing the selection as a preference in the particular user's storage area The complaint alleges, on information and belief, that the user's choice of whether to use two-factor authentication is stored in the user's storage area and is used for subsequent logins. ¶¶34, 37 col. 45:34-36
and thereafter authorizing the particular user to access the computer system when the selected security scheme of the particular user is satisfied A user who has not enabled two-factor security is granted access with just an email and password. A user who has enabled it must also provide the two-factor code to be granted access. ¶38 col. 45:36-39

Identified Points of Contention

  • Scope Questions: The patent has a 1999 priority date and a specification focused on technologies like interactive voice response (IVR) and fax systems. A question for the court will be whether the claims, which use general terms like "computer system" and "security scheme," can be properly construed to cover a modern cryptocurrency platform and its web-based security-toggle feature.
  • Technical Questions: The complaint alleges that the user's security selection is "stored in the user's storage area" on "information and belief" (Compl. ¶34). A key factual question will be what evidence the plaintiff can produce to demonstrate that the accused system's method of enabling or disabling 2FA meets the "storing the selection" limitation as described in the patent.

V. Key Claim Terms for Construction

  • The Term: "a plurality of security schemes"

    • Context and Importance: The infringement theory hinges on the idea that enabling or disabling two-factor authentication constitutes a user's "selection of a particular security scheme from among the plurality of security schemes." Practitioners may focus on this term because its definition is central to whether the accused functionality meets the claim. If enabling/disabling 2FA is merely a modification of a single security architecture rather than a choice between distinct "schemes," the infringement argument may be challenged.
    • Intrinsic Evidence for Interpretation:
      • Evidence for a Broader Interpretation: Claim 1 requires only that a second scheme uses "additional identification information," and Claim 9 requires only a "different number of identification information." This language could support an interpretation where adding a factor of authentication creates a new "scheme" for the purposes of the patent (e.g., ’905 Patent, col. 46:21-32).
      • Evidence for a Narrower Interpretation: The specification's examples often involve technologically distinct methods, like publishing a fax versus an audio message (’905 Patent, col. 26:62-66). A party could argue that a "scheme" implies a more fundamental difference in kind than simply adding an authentication layer to a password-based system.

  • The Term: "user's storage area"

    • Context and Importance: This term is critical for mapping the patent's architecture onto the accused modern, likely cloud-based, system. The nature and location of this "storage area" will be a key factual and legal point in the infringement analysis.
    • Intrinsic Evidence for Interpretation:
      • Evidence for a Broader Interpretation: The claim language itself is not limiting, suggesting any data repository associated with a specific user could qualify. The patent abstract refers to storing selections with the user's "account information," a broad concept (’905 Patent, Abstract).
      • Evidence for a Narrower Interpretation: The detailed description discusses user directories on an Internet server, which might be argued to imply a more discrete, partitioned storage architecture than is common in modern distributed databases (’905 Patent, col. 37:7-14).

VI. Other Allegations

  • Indirect Infringement: The complaint alleges induced infringement, stating that BitPay provides instructions, documentation, and technical support that encourage and instruct end-users on how to use the allegedly infringing selectable security features (Compl. ¶45).
  • Willful Infringement: The complaint alleges that BitPay's infringement is willful, asserting that BitPay acted with knowledge of the ’905 Patent and with intent or willful blindness (Compl. ¶45). The complaint does not plead any specific facts regarding pre-suit knowledge, such as a notice letter, suggesting the willfulness claim may be based on knowledge acquired from the service of the complaint itself.

VII. Analyst’s Conclusion: Key Questions for the Case

  • A core issue will be one of claim scope and construction: Can the term "selection of a particular security scheme," which originates in a 1999-priority patent focused on IVR and fax systems, be construed to cover a modern user's choice to enable or disable two-factor authentication on a web-based cryptocurrency platform? This will determine if the technology accused falls within the patent's scope.
  • A second central question will be one of patent eligibility: As anticipated by the plaintiff's extensive arguments in the complaint, the case will likely involve a challenge under 35 U.S.C. § 101. The court will need to decide whether the claims are directed to the abstract idea of tiered access or customizable security, and if so, whether the patent's solution—allowing individual users of a single system to select their own security level—represented a concrete, unconventional technical improvement in 1999 that constitutes an "inventive concept" sufficient to pass the Alice test.