DCT
1:25-cv-09971
EasyWeb Innovations LLC v. Meta Platforms Inc
Key Events
Complaint
I. Executive Summary and Procedural Information
- Parties & Counsel:
- Plaintiff: EasyWeb Innovations, LLC (New York)
- Defendant: Meta Platforms, Inc. (Delaware)
- Plaintiff’s Counsel: Hecht Partners LLP
- Case Identification: 1:25-cv-09971, S.D.N.Y., 12/01/2025
- Venue Allegations: Plaintiff alleges venue is proper in the Southern District of New York because Defendant has committed acts of infringement and maintains regular and established places of business in the district.
- Core Dispute: Plaintiff alleges that Defendant’s social media and messaging platforms (Facebook, Instagram, WhatsApp, Messenger) infringe a patent related to user-selectable, multi-level computer access security.
- Technical Context: The technology at issue concerns computer system authentication, specifically methods that allow individual users to choose between different security levels, such as single-factor and multi-factor authentication.
- Key Procedural History: The complaint notes that during prosecution, the asserted patent overcame a patent eligibility rejection under 35 U.S.C. § 101. The applicant argued that the claims were not directed to an abstract idea but rather to a concrete improvement in computer security technology by enabling security scheme selection on a per-user basis.
Case Timeline
| Date | Event |
|---|---|
| 1999-03-11 | ’905 Patent Priority Date |
| 2018-10-30 | ’905 Patent Issue Date |
| 2018-10-30 | Alleged Infringement Period Begins |
| 2025-12-01 | Complaint Filing Date |
II. Technology and Patent(s)-in-Suit Analysis
U.S. Patent No. 10,114,905 - Individual User Selectable Multi-Level Authorization Method for Accessing a Computer System
- Patent Identification: U.S. Patent No. 10,114,905, issued October 30, 2018.
- Asserted Claims: The complaint asserts infringement of claims 1-20 (Compl. ¶41).
The Invention Explained
- Problem Addressed: At the time of the invention, computer access security systems were allegedly limited, offering each user only a single, system-wide authorization scheme without the ability for individual customization (Compl. ¶18). Users could not, for example, choose to bolster their own security by requiring more identification information than the system's default setting (Compl. ¶18).
- The Patented Solution: The invention provides a method where a computer system offers a plurality of security schemes, where at least two schemes require a different amount of identification information to authorize access (’905 Patent, col. 45:28-37). The system allows each user to select a scheme, stores that selection as a user-specific preference, and thereafter authorizes access to the user's account only when the requirements of their chosen scheme are met (’905 Patent, Abstract; col. 45:38-40). This allows individual users to balance security and convenience according to their own preferences, independent of the choices made by other users on the same system (’905 Patent, Abstract).
- Technical Importance: The claimed solution moves beyond a one-size-fits-all security model to a user-centric one, providing a technical framework for customizable account access security on a multi-user computer system (Compl. ¶19).
Key Claims at a Glance
- The complaint asserts infringement of claims 1-20 (Compl. ¶41). Independent claims 1 and 18 are representative.
- Independent Claim 1 (Method):
- Prompting a user for a selection of a security scheme from a plurality of schemes.
- Wherein a first scheme requires a specific number of identification items and a second scheme requires additional identification information beyond the first.
- Storing the user's selection as a preference in the user's storage area.
- Thereafter authorizing the user to access the system only when the selected scheme is satisfied.
- Independent Claim 18 (System): A computer-implemented method comprising functionally similar elements to claim 1, but framed as a system.
- The complaint does not explicitly reserve the right to assert other dependent claims, but the assertion of claims 1-20 covers all claims in the patent.
III. The Accused Instrumentality
Product Identification
The "Accused Products" are identified as the social-networking and messaging platforms Facebook, Instagram, WhatsApp, and Messenger, including their associated websites and mobile applications (Compl. ¶26).
Functionality and Market Context
- The accused functionality is the user-selectable security feature commonly known as "Two-Factor Authentication" (2FA) or "Two-Step Verification" (Compl. ¶29).
- The Accused Products allegedly allow each user to choose between a default single-factor security scheme (e.g., username and password) and a more secure multi-factor scheme that requires an additional piece of identification information (e.g., an SMS code, an authenticator app code, or a PIN) to authorize access (Compl. ¶¶29, 35-36).
- A user's choice to enable or disable 2FA, and their selection of a particular 2FA method, is stored as a preference associated with their individual account (Compl. ¶¶34, 37). The system then applies that selected scheme to subsequent login attempts (Compl. ¶38). The complaint provides a screenshot from a Facebook settings page titled "Choose Your Security Method" to illustrate this user choice (Compl. ¶29, p. 12).
IV. Analysis of Infringement Allegations
’905 Patent Infringement Allegations
| Claim Element (from Independent Claim 1) | Alleged Infringing Functionality | Complaint Citation | Patent Citation |
|---|---|---|---|
| prompting the particular user of the computer system for a selection of a particular security scheme from among the plurality of security schemes, | The Accused Products present security settings screens and user interfaces that prompt users to select a security scheme, such as enabling "Two-Factor Authentication." A screenshot of an Instagram screen titled "Add Extra Security With Two-Factor Authentication" is provided as an example of this prompt (Compl. ¶29, p. 12). | ¶¶29, 31, 33 | col. 45:24-27 |
| wherein first of the plurality of security schemes requires a specific number of identification information to authorize the particular user, and a second of the plurality of security schemes requires additional identification information beyond that of the first scheme to authorize the particular user; | The first scheme is standard login with primary credentials (e.g., email and password), while the second scheme is 2FA, which requires the primary credentials plus an additional piece of information (e.g., a login code or PIN) (Compl. ¶¶35, 36). A screenshot shows a prompt for a "6-digit login code" after primary login, illustrating the "additional identification information" (Compl. ¶36, p. 16). | ¶¶29, 35-36 | col. 45:28-37 |
| storing the selection as a preference in the particular user's storage area; | A user's choice to enable or disable 2FA, and the specific method chosen, is stored in that user's specific account data on Meta's servers (Compl. ¶¶32, 34, 37). | ¶¶32, 34, 37 | col. 45:38-39 |
| and thereafter authorizing the particular user to access the computer system when the selected security scheme of the particular user is satisfied. | After a user enables 2FA, subsequent login attempts require satisfaction of that scheme (providing the secondary code), whereas users who have not enabled it are granted access after providing only primary credentials (Compl. ¶¶37-38). | ¶¶37, 38 | col. 45:38-40 |
Identified Points of Contention
- Scope Questions: A central question may be whether the patent’s claims, which arise from a 1999 priority application with a specification focused on a "message publishing system" using technologies like fax and interactive voice response (’905 Patent, col. 9:25-34), can be construed to cover modern two-factor authentication on social media platforms.
- Technical Questions: The analysis may turn on the meaning of "prompting...for a selection." The complaint's evidence shows a user navigating to a settings menu to enable an optional feature (Compl. ¶31). A question for the court will be whether this user-initiated, optional setting configuration satisfies the "prompting" limitation, or if the claim requires a more active, system-initiated choice presented to the user.
V. Key Claim Terms for Construction
The Term: "security scheme"
- Context and Importance: The definition of this term is fundamental to the infringement case. The plaintiff's theory relies on a broad construction where "single-factor authentication" and "two-factor authentication" are distinct "security schemes." Practitioners may focus on whether the term is limited by the patent's disclosure or if it is broad enough to encompass modern authentication methods not explicitly described in the 1999-era specification.
- Intrinsic Evidence for Interpretation:
- Evidence for a Broader Interpretation: Claim 9 defines the distinction between schemes as requiring "a different number of identification information," which directly supports plaintiff's theory of mapping the term to single- vs. multi-factor authentication (’905 Patent, col. 46:27-34).
- Evidence for a Narrower Interpretation: The specification does not describe modern web-based 2FA. Its embodiments are focused on authentication for a "message publishing system" via telephone/fax, using methods like Caller ID and DTMF passcodes (’905 Patent, col. 12:7-65). A defendant may argue the term should be construed in light of these disclosed embodiments.
The Term: "prompting the particular user...for a selection"
- Context and Importance: Infringement of this element depends on whether offering a feature in a settings menu constitutes "prompting." The case may depend on whether this requires an active, mandatory prompt from the system (e.g., during account setup) or if it covers a passive option that a user must actively seek out.
- Intrinsic Evidence for Interpretation:
- Evidence for a Broader Interpretation: The claim language does not specify when or how the prompt must occur. The term "prompting" could be read broadly to include presenting an option on a screen for the user to select at any time. The patent mentions providing a "menu of options" to a user (’905 Patent, col. 45:65-67), which aligns with the settings menus shown in the complaint.
- Evidence for a Narrower Interpretation: In the context of the IVR system described in the patent, a "prompt" is an active, audible request for input from the system to the user (’905 Patent, col. 26:62-67). A defendant may argue that this context implies an active, rather than passive, presentation of choices.
VI. Other Allegations
Indirect Infringement
The complaint alleges inducement of infringement, stating that Meta provides instructions, documentation, and user interfaces that guide end-users to enable the accused 2FA functionality, thereby causing them to directly infringe (Compl. ¶45).
Willful Infringement
Willfulness is alleged based on Meta having notice of the patent "since it was published" (Compl. ¶47). This allegation may primarily support a claim for post-suit willfulness, as it does not assert specific pre-suit knowledge of the patent by the defendant.
VII. Analyst’s Conclusion: Key Questions for the Case
- A core issue will be one of claim scope and patent eligibility: can the term "security scheme," rooted in a 1999 priority patent describing a message publishing system, be validly construed to cover the now-ubiquitous practice of two-factor authentication on modern social media platforms, particularly in light of the patent eligibility arguments raised during prosecution?
- A key factual question will be one of user interaction: does providing an optional security setting within a multi-level menu system, which a user must navigate to and select, satisfy the claim limitation of "prompting the particular user...for a selection," or does the claim require a more direct, system-initiated presentation of choices?