DCT

2:17-cv-00054

Guyzar LLC v. Mayor League Soccer LLC

Log In
Key Events
Complaint
complaint

I. Executive Summary and Procedural Information

  • Parties & Counsel:
  • Case Identification: 2:17-cv-00054, E.D. Tex., 01/13/2017
  • Venue Allegations: Plaintiff alleges venue is proper because Defendant is subject to personal jurisdiction in the district, conducts business there, and the accused instrumentality is used in the district via Defendant's website.
  • Core Dispute: Plaintiff alleges that Defendant’s website login system, which uses third-party authentication services, infringes a patent related to a security system for internet transactions.
  • Technical Context: The lawsuit concerns the technical methods used to authenticate users for online services and transactions, a fundamental component of e-commerce and web applications.
  • Key Procedural History: The complaint does not mention any prior litigation, Inter Partes Review (IPR) proceedings, or specific licensing history related to the patent-in-suit.

Case Timeline

Date Event
1996-12-18 U.S. Patent No. 5,845,070 Priority Date
1998-12-01 U.S. Patent No. 5,845,070 Issued
2017-01-13 Complaint Filed

II. Technology and Patent(s)-in-Suit Analysis

U.S. Patent No. 5,845,070 - "Security System for Internet Provider Transaction"

  • Issued: December 1, 1998

The Invention Explained

  • Problem Addressed: The patent describes a growing risk in the 1990s Internet ecosystem where users' confidential information (e.g., credit card details, social security numbers) could be misappropriated during online transactions, leading to financial loss ('070' Patent, col. 1:11-28). Existing systems were identified as lacking adequate controls to prevent this information from being exposed to potentially insecure "Internet Entities" ('070 Patent, col. 1:55-61).
  • The Patented Solution: The invention proposes a method and system centered on a "tracking and authentication module" that acts as a trusted intermediary ('070 Patent, Fig. 3, item 50). A user logs in with a "first data set" (ID and password). The system validates this and, in response, issues a "second data set" (described as a temporary "framed IP address") for use during that specific session ('070 Patent, col. 2:11-35). When the user attempts a transaction with a third-party website (an "Internet Entity"), that entity uses the second data set to query the module for validation, which can then authorize the transaction without ever disclosing the user's underlying confidential financial data to the third party ('070 Patent, col. 2:36-57).
  • Technical Importance: The approach aimed to enhance security by tying a user's session and transaction authority to a temporary, non-reusable identifier, thereby isolating the user's permanent confidential data within a secure database. ('070 Patent, col. 2:1-10).

Key Claims at a Glance

  • The complaint asserts infringement of at least independent Claim 1 ('070 Patent, col. 21:6-48; Compl. ¶21).
  • Independent Claim 1 recites a method comprising the steps of:
    • Accessing the Internet by a user entering a "first data set" into a computer-based controller.
    • Establishing a database containing the user's confidential information.
    • Submitting the first data set to a "tracking and authentication control module" which includes a database, an authentication server, and a certification server.
    • Comparing the user's first data set to information in the database for a validating match.
    • Issuing a "second data set" in real time upon a successful match.
    • Submitting the second data set to the certification server upon initiation of a transaction.
    • Consummating the transaction subject to validation of the second data set, which ties the confidential information to the user without disclosing it.
  • The complaint does not explicitly reserve the right to assert dependent claims, but the prayer for relief requests an adjudication of infringement of the "'070 patent" generally (Compl. ¶a, p. 7).

III. The Accused Instrumentality

Product Identification

  • The "Accused Instrumentality" is identified as the "Sign In with" feature on Defendant's website, mlssoccer.com (Compl. ¶13).

Functionality and Market Context

  • The complaint alleges this feature utilizes the OAuth open standard to allow users to authenticate using third-party credentials from services like Facebook, Google, or Microsoft (Compl. ¶13). The complaint includes a screenshot of a registration page showing options to "Log in" with these social networks (Compl. p. 4). This functionality allegedly allows for user authentication and the preservation of confidential information against unauthorized use during internet transactions (Compl. ¶13).
  • By using this feature, the complaint alleges, a database is established containing confidential user information such as address, email, phone number, and online profile, which is subject to authentication (Compl. ¶15).

IV. Analysis of Infringement Allegations

5,845,070 Infringement Allegations

Claim Element (from Independent Claim 1) Alleged Infringing Functionality Complaint Citation Patent Citation
A method of authenticating a user's confidential information and preserving the confidentiality against unauthorized use, said information being essential for conducting Internet transactions between a log-in and log-out session The Accused Instrumentality allegedly utilizes the OAuth open standard to provide a method of authenticating a user's confidential information. ¶13 col. 2:1-10
accessing the Internet by the user entering a first data set into a computer based controller to control modems and communication protocols The user enters a "first data set," such as third-party log-in credentials, into a computer-based controller to access the Internet. ¶14 col. 2:11-14
establishing a data base containing confidential information subject to authentication with a user's first data set The OAuth standard is allegedly used to establish a database containing a user's confidential information (address, email, online profile, etc.) subject to authentication. ¶15 col. 2:19-24
submitting said first data set to a tracking and authentication control module requesting authentication of the user, said tracking and authentication control module including a data base containing user's confidential information, an authentication server for authenticating said first data set and a certification server The OAuth standard is allegedly used to submit the first data set to a "tracking and authentication control module," identified as a dedicated "Authorization Server" and "Resource Server." ¶16 col. 2:24-28
comparing the user's first data set input to the authentication server incident to accessing the internet with the I.D. and password in the data base and subject to a validating match The OAuth standard is allegedly used to compare the user's first data set input to the I.D. and password in the database. ¶17 col. 2:29-31
issuing a second data set in real time by the authentication server subject to a validation match of the I.D. and password with the data in the database usable for the instant transaction The OAuth standard is allegedly used to issue a "second data set," identified as an "Access Token and Authorization Code," responsive to a successful validation. ¶18 col. 2:31-35
submitting the second data set to the certification server upon the initiation of a transaction by the user The second data set is allegedly submitted to the certification server (equated with a "Resource Server") which validates the authenticity of the Access Token. ¶19 col. 2:37-39
consummating the transaction subject to validation of the second data set by tying the confidential information in the data base to the user whereby the confidential information is retained undisclosed in the data base The transaction is allegedly consummated by using the user's third-party credentials and profile information on the website, subject to validation of the second data set, retaining the information undisclosed in the database. ¶20 col. 2:51-57
  • Identified Points of Contention:
    • Architectural Questions: The complaint maps the distributed components of the modern OAuth standard (e.g., Authorization Server, Resource Server) onto the patent's "tracking and authentication control module," which the patent specification depicts as a more integrated system ('070 Patent, Fig. 3). A central question may be whether the allegedly separate servers in the OAuth protocol can collectively meet the definition of the single "module" claimed in the patent, which itself is described as including an authentication server and a certification server.
    • Technical Questions: The complaint equates the claimed "second data set" with an OAuth "Access Token and Authorization Code" (Compl. ¶18). While the specification provides some support for a broad interpretation of this term (see Section V), the patent repeatedly and specifically describes this element as a "framed-IP-address" ('070 Patent, Abstract; col. 2:4-5; Claim 2). The technical and functional differences between a session-specific IP address from 1996 and a modern cryptographic access token may be a key focus of the dispute.

V. Key Claim Terms for Construction

  • The Term: "tracking and authentication control module" (Claim 1)

    • Context and Importance: This term appears to be the central architectural component of the claimed invention. Its construction is critical because the infringement read depends on mapping the functions of a modern, distributed authentication standard (OAuth) onto this single, patent-defined "module."
    • Intrinsic Evidence for Interpretation:
      • Evidence for a Broader (Functional) Interpretation: The claims define the module by its constituent parts and their functions: "including a data base..., an authentication server..., and a certification server" ('070 Patent, col. 21:21-28). An argument could be made that any collection of components performing these functions, regardless of their physical or network location, constitutes the "module."
      • Evidence for a Narrower (Structural) Interpretation: Figure 3 depicts the "tracking and authentication module" (50) as a single logical system that contains the database (52), authentication server (53), and certification server (54). This visual representation could support an argument that the term requires a more integrated or unified system than the distributed architecture of OAuth, which involves communication between distinct entities (e.g., the MLS website and a Google server).

  • The Term: "second data set" (Claim 1)

    • Context and Importance: This term is the unique identifier generated after initial authentication that enables secure transactions. The complaint's infringement theory hinges on this term being broad enough to read on an OAuth "Access Token."
    • Intrinsic Evidence for Interpretation:
      • Evidence for a Broader Interpretation: The detailed description contains an explicit statement that may support a broad definition: "It will be appreciated that the second data set can comprise any form of alpha or numeric data and it is intended that it not be limited to an address form" ('070 Patent, col. 3:31-34). This language could be used to argue that the term was intended to cover future, non-IP-address-based technologies like software tokens.
      • Evidence for a Narrower Interpretation: The patent's abstract, summary, and dependent Claim 2 all specifically refer to this element as a "framed-IP-address" ('070 Patent, Abstract; col. 2:4-5; Claim 2). A party could argue that, despite the disclaimer in the specification, the invention as a whole is contextually limited to the IP address-based embodiment that is consistently described as the solution to the stated problem.

VI. Other Allegations

  • Indirect Infringement: The complaint alleges that Defendant conditions the availability of its service on end-users performing the claimed steps, and that it establishes the manner and timing for doing so (Compl. ¶22, ¶23). These allegations appear to lay the groundwork for a claim of induced infringement under 35 U.S.C. § 271(b) by asserting that Defendant directs or controls the actions of its users and third-party authentication providers (e.g., Facebook/Google) to perform the patented method.
  • Willful Infringement: The complaint alleges knowledge of infringement "at least as of the service of the present complaint" (Compl. ¶26). This pleading supports a claim for post-filing willfulness but does not assert any pre-suit knowledge by the Defendant.

VII. Analyst’s Conclusion: Key Questions for the Case

  1. Architectural Equivalence: A central issue will be whether the distributed, multi-entity architecture of the accused OAuth-based login system can be mapped onto the patent's "tracking and authentication control module," which the specification describes as a more cohesive system. The case may turn on whether this claim term is interpreted structurally or purely functionally.
  2. Technological Evolution and Scope: The dispute will likely focus on a question of definitional scope: whether the term "second data set," conceived in 1996 and predominantly described as a "framed IP address," can be construed to cover a modern OAuth "Access Token." The outcome may depend on the weight given to a single broadening sentence in the specification versus the otherwise consistent description of a specific technological embodiment.
  3. Divided Infringement: Because the claimed method involves actions by the end-user (entering credentials), the Defendant (providing the website), and third-party services (authenticating the user), a key evidentiary question will be one of direction and control. Can the Plaintiff demonstrate that Defendant directs or controls the performance of all steps of the claimed method, including those performed by users and external authentication providers, to a degree sufficient to attribute all steps to the Defendant and overcome a divided infringement defense?