DCT
2:17-cv-00280
Smart Authentication IP LLC v. CCP HF
Key Events
Amended Complaint
Table of Contents
amended complaint
I. Executive Summary and Procedural Information
- Parties & Counsel:
- Plaintiff: Smart Authentication IP, LLC (Texas)
- Defendant: CCP HF (Iceland)
- Plaintiff’s Counsel: KHEYFITS P.C.; Van Cleef Law Office
- Case Identification: 2:17-cv-00280, E.D. Tex., 06/02/2017
- Venue Allegations: Venue is alleged based on Defendant being a foreign entity, conducting business in the district, and committing the alleged acts of patent infringement within the district.
- Core Dispute: Plaintiff alleges that Defendant’s "EVE Online" video game and its associated online services infringe a patent related to multi-factor user authentication methods that utilize multiple communication channels.
- Technical Context: The technology concerns systems for verifying a user's identity for online services, where authentication relies on communications across different platforms (e.g., a website and a separate email account) to enhance security.
- Key Procedural History: The complaint asserts infringement of multiple claims of U.S. Patent No. 8,082,213. Subsequent to the filing of this complaint, this patent was the subject of an inter partes review (IPR) proceeding (IPR2017-02047). A certificate issued on February 27, 2020, confirmed the cancellation of claims 1-10 and 12-17. All claims asserted in this complaint were therefore cancelled, a development that fundamentally impacts the viability of the case as pleaded.
Case Timeline
| Date | Event |
|---|---|
| 2005-06-27 | U.S. Patent No. 8,082,213 Priority Date |
| 2011-12-20 | U.S. Patent No. 8,082,213 Issue Date |
| 2017-06-02 | First Amended Complaint Filing Date |
| 2017-09-01 | Inter Partes Review (IPR2017-02047) Filed |
| 2020-02-27 | IPR Certificate Issued, Cancelling Asserted Claims 1-10 and 12-17 |
II. Technology and Patent(s)-in-Suit Analysis
U.S. Patent No. 8,082,213 - "METHOD AND SYSTEM FOR PERSONALIZED ONLINE SECURITY" (Issued Dec. 20, 2011)
The Invention Explained
- Problem Addressed: The patent addresses the shortcomings of conventional authentication methods for electronic transactions. It notes that both simple password-based systems and stronger two-factor systems (like an ATM card and PIN) are vulnerable to increasingly sophisticated fraud, identity theft, and electronic eavesdropping (’213 Patent, col. 1:21-57).
- The Patented Solution: The invention describes a centralized "Authentication Service Provider" (ASP) that allows individual users to create and manage their own security rules, or "policies," for how they are authenticated (’213 Patent, col. 2:1-5). This system facilitates "variable-factor authentication" by interacting with the user across multiple, distinct communication media. For example, a user attempting to log in to a website (the first medium) might be required by their own pre-set policy to enter a code sent to their mobile phone (a second medium), with the ASP coordinating the process between the user and the website (’213 Patent, col. 3:20-25; Fig. 3).
- Technical Importance: The technology aimed to give users direct control over the complexity and context of their own authentication, creating a flexible security framework that could be tailored to specific risks, rather than relying on a static, one-size-fits-all approach (’213 Patent, Abstract).
Key Claims at a Glance
- The complaint asserts independent claims 1 (a system claim) and 12 (a method claim) (’213 Patent, col. 8:43, col. 10:14).
- Independent Claim 1 (System): The essential elements include:
- A user-authentication service running on one or more computer systems.
- The service is interconnected with an "authentication-service client" and a "user" via at least two communications media.
- The service comprises stored, user-specified authentication policies and user information.
- The service includes "account interface routines" allowing the user to manage their policies.
- The service includes "authentication-interface routines" that can employ "variable-factor authentication," where the user communicates with the service via a "third communications medium" different from the first two, and on a "user device different from that employed by the user to initiate the transaction."
- Independent Claim 12 (Method): The essential steps include:
- Receiving user-identifying information from an authentication-service client, where the client communicates with the user via a "first communications medium."
- Using that information to conduct an authentication procedure.
- The procedure involves sending information to the user through a "communications medium different from the first communications medium."
- Returning an authentication result to the client.
- The complaint also asserts dependent claims 3-5, 7-10, 13-15, and 16, and notes the right to assert others may be reserved (Compl. ¶19).
III. The Accused Instrumentality
Product Identification
The accused instrumentalities are Defendant CCP HF’s "EVE Online" video game, its related online portals such as eveonline.com, and associated mobile and desktop applications (Compl. ¶¶15, 19).
Functionality and Market Context
The complaint describes the accused products as utilizing a two-factor authentication system for user login (Compl. ¶15). A user first enters a username and password on a primary platform, such as a web browser. To complete the login, the user must then enter a "Verification Code" that CCP sends to the user's registered email address, which may be accessed on a separate device like a mobile phone (Compl. ¶15). The complaint alleges that users can manage authentication-related policies, such as setting up different methods for receiving the verification code (Compl. ¶16).
No probative visual evidence provided in complaint.
IV. Analysis of Infringement Allegations
'213 Patent Infringement Allegations (Claim 1)
| Claim Element (from Independent Claim 1) | Alleged Infringing Functionality | Complaint Citation | Patent Citation |
|---|---|---|---|
| A user-authentication service comprising one or more computer systems, stored user-authentication policies specified by the user, account interface routines by which the user specifies, modifies, adds, and deletes user-authentication policies... | CCP's products and services allegedly constitute a user authentication service with computer systems, stored policies specified by the user, and account interface routines for managing those policies (Compl. ¶20). | ¶20 | col. 8:43-54 |
| ...the authentication-service client submits an authentication request...through the first communications medium or through a second communications medium... | The user initiates a transaction with the authentication-service client (e.g., CCP's website) via a first medium (Internet via a browser) or a second medium (mobile application) (Compl. ¶20). | ¶20 | col. 8:58-60 |
| ...the user communicates with the user-authentication service through a third communications medium...and a user device different from that employed by the user to initiate the transaction with the authentication-service client. | During authentication, the user communicates with the service through a third medium (e.g., receiving a verification code via email) on a device (e.g., a mobile phone) different from the one used to initiate the transaction (e.g., a personal computer) (Compl. ¶20). | ¶20 | col. 8:65 - col. 9:2 |
'213 Patent Infringement Allegations (Claim 12)
| Claim Element (from Independent Claim 12) | Alleged Infringing Functionality | Complaint Citation | Patent Citation |
|---|---|---|---|
| A method for authenticating...a user...to an authentication-service client that communicates with the user...through a first communications medium... | CCP’s authentication client (e.g., the eveonline.com website) communicates with the user via a first medium (the Internet via a browser) (Compl. ¶28). | ¶28 | col. 10:14-18 |
| ...receiving user-identifying information from the authentication-service client... | CCP’s authentication service receives user-identifying information, such as the user’s CCP "Username" (Compl. ¶28). | ¶28 | col. 10:19-20 |
| ...using the user-identifying information...to carry out an authentication procedure...by sending information to the user...through a communications medium different from the first communications medium... | The service uses the username to send a verification code via email, which is alleged to be a communication medium different from the Internet browser used to initiate the login (Compl. ¶28). | ¶28 | col. 10:21-27 |
| ...returning an authentication result to the authentication-service client. | After the procedure, CCP's user authentication service returns an authentication result to the client (Compl. ¶28). | ¶28 | col. 10:28-30 |
- Identified Points of Contention:
- Scope Questions: A central question for claim construction would be whether the accused system's components map to the patent's specific architectural requirements. For example, for Claim 1, does the use of a web browser on a PC (first medium) and an email client on a phone (third medium) satisfy the claim's requirement for three distinct "communications media"? The interpretation of what constitutes a distinct "medium" would be a focal point of dispute.
- Technical Questions: A key factual question is whether the accused system’s functionality meets the definition of "user-authentication policies specified by the user". The complaint alleges users can set up methods for receiving a code (Compl. ¶16), but the court would need to determine if this offers the kind of granular, rule-based control over authentication events, times, and locations described in the patent's specification (’213 Patent, Fig. 5, col. 4:31-40).
V. Key Claim Terms for Construction
- The Term: "communications medium"
- Context and Importance: The infringement theory for both asserted independent claims hinges on the use of multiple, different "communications media". The defendant would likely argue for a narrow construction requiring distinct network types (e.g., internet vs. cellular network), while the plaintiff would likely advocate for a broader view where different applications or protocols (e.g., HTTPS vs. SMTP) on the same underlying network qualify as distinct media.
- Intrinsic Evidence for a Broader Interpretation: The specification lists "soft devices, such as an instant messaging account, or an email account" as examples of things the service can interface with, suggesting application-level distinctions may suffice (’213 Patent, col. 3:44-46).
- Intrinsic Evidence for a Narrower Interpretation: The primary embodiment described involves "a combination of the Internet and a cell phone," which could suggest that the term was intended to mean technologically separate communication infrastructures, not just different software applications running over the internet (’213 Patent, col. 3:23-25).
- The Term: "user-authentication policies specified by the user"
- Context and Importance: This term is critical to Claim 1 and defines the required level of user control. Practitioners may focus on this term because the infringement case depends on showing that CCP’s system provides more than just a simple on/off setting for two-factor authentication.
- Intrinsic Evidence for a Broader Interpretation: The claim language itself does not mandate a high level of complexity, so enabling or disabling a feature could arguably be "specifying" a policy.
- Intrinsic Evidence for a Narrower Interpretation: The patent's specification provides a detailed example of a policy that includes complex rules based on time of day, transaction type, and geographic location (’213 Patent, Fig. 5, col. 4:31-40). A court may find that this detailed example limits the scope of "policy" to a more sophisticated, user-defined rule set than what the accused system allegedly offers.
VI. Other Allegations
- Indirect Infringement: The complaint alleges that CCP induced infringement by providing customers with "instructions, manuals, and technical assistance" that direct them to use the accused authentication systems in an infringing manner (Compl. ¶32).
- Willful Infringement: Willfulness is alleged based on CCP's knowledge of the ’213 Patent, purportedly established at least as of the filing of the original complaint in the action (Compl. ¶17).
VII. Analyst’s Conclusion: Key Questions for the Case
- Case Viability Post-IPR: The foremost issue is the legal consequence of the inter partes review decision that cancelled all patent claims asserted in the complaint. With the entire asserted basis of the infringement action invalidated, the central question is whether any viable cause of action remains. This procedural development appears dispositive and likely moots the substantive technical arguments.
- Definitional Scope: Assuming the claims were valid, a core issue would be one of claim construction: can the term "communications medium" be interpreted broadly enough to read on different software applications (e.g., a web browser and an email client) that may operate over the same underlying network, or does it require fundamentally separate network infrastructures as suggested by some examples in the patent?
- Degree of User Control: An essential evidentiary question would be one of functional sufficiency: does the accused system's feature allowing a user to select a method for receiving a verification code rise to the level of "specifying, modifying, adding, and deleting user-authentication policies" as required by Claim 1 and as contemplated by the detailed examples in the patent's specification?
Analysis metadata