DCT

2:24-cv-00094

RightQuestion LLC v. AT&T Inc

Log In

I. Executive Summary and Procedural Information

  • Parties & Counsel:
  • Case Identification: 2:24-cv-00094, E.D. Tex., 02/12/2024
  • Venue Allegations: Plaintiff alleges venue is proper in the Eastern District of Texas because AT&T maintains regular and established places of business in the district, including numerous retail stores and innovation centers, commits acts of infringement within the district, and has previously not contested venue in other patent cases in the forum.
  • Core Dispute: Plaintiff alleges that Defendant’s implementation of the STIR/SHAKEN call-authentication protocol on its telecommunications networks infringes three patents related to validating caller ID data.
  • Technical Context: The technology addresses the widespread telecommunications problem of caller ID "spoofing," where malicious actors falsify calling information to perpetrate fraud and distribute unwanted robocalls.
  • Key Procedural History: The complaint notes that the Federal Communications Commission (FCC) mandated that major voice-service providers implement the STIR/SHAKEN framework in their networks by a deadline of June 30, 2021, providing a regulatory background and timeline for the allegedly infringing activity.

Case Timeline

Date Event
2013-11-07 Earliest Priority Date for ’009, ’989, and ’132 Patents
2019-08-14 Alleged date of AT&T STIR/SHAKEN Implementation
2020-06-02 U.S. Patent No. 10,674,009 Issues
2021-05-11 U.S. Patent No. 11,005,989 Issues
2021-06-30 FCC Mandate Deadline for STIR/SHAKEN Implementation
2023-12-26 U.S. Patent No. 11,856,132 Issues
2024-02-12 Complaint Filed

II. Technology and Patent(s)-in-Suit Analysis

U.S. Patent No. 10,674,009 - "Validating Automatic Number Identification Data"

  • Issued: June 2, 2020

The Invention Explained

  • Problem Addressed: The patent’s background section identifies the challenge of determining the trustworthiness of information used to identify callers, such as Automated Number Identification (ANI), which can be "spoofed by unscrupulous entities," making it difficult for recipients to trust the presented caller ID (’009 Patent, col. 1:18-29).
  • The Patented Solution: The invention describes a verification system where a recipient of a call (a "callee") can request verification from a service provider. In response, the service provider transmits a message, using a separate "second communications channel," to the device associated with the observed caller ID. The device then sends a response, and the service provider evaluates this response to make a security determination about the call's authenticity (’009 Patent, Abstract; col. 3:7-20). This out-of-band challenge-response process is designed to confirm that the device making the call is genuinely associated with the phone number it claims to be using.
  • Technical Importance: This technology provides a framework for combating caller ID spoofing, a persistent problem that undermines the reliability of the public telephone network (Compl. ¶3, ¶4).

Key Claims at a Glance

  • The complaint asserts infringement of at least Claim 1 (Compl. ¶40).
  • Independent Claim 1 requires, in brief:
    • A verification service provider, using one or more processors, to:
    • Enroll a first device, which includes associating the device with a "device fingerprint" generated from its configuration information;
    • Store the device fingerprint;
    • Obtain information transmitted by a second device associated with a communications connection; and
    • Perform a security determination by determining if the obtained information matches a portion of the stored device fingerprint.

U.S. Patent No. 11,005,989 - "Validating Automatic Number Identification Data"

  • Issued: May 11, 2021

The Invention Explained

  • Problem Addressed: The patent addresses the same problem of spoofed ANI information, which creates high fraud risks and makes it difficult for organizations to trust caller identity (’989 Patent, col. 1:24-31).
  • The Patented Solution: The invention discloses a system configured to receive information about a call, where that information includes both a "value generated" based on data associated with the calling device and a "score" indicating the phone number's validity. The system performs a security determination by analyzing the score and verifying the value, and subsequently conveys an assurance or a failure notice to the call recipient (’989 Patent, Abstract). This method relies on assessing a pre-packaged validity score and a device-specific value to authenticate a call.
  • Technical Importance: This approach creates a mechanism for transmitting and verifying a combination of device-specific data and a validity assessment, intended to establish a chain of trust in telecommunications (Compl. ¶3, ¶4).

Key Claims at a Glance

  • The complaint asserts infringement of at least Claim 1 (Compl. ¶52).
  • Independent Claim 1 requires, in brief:
    • One or more processors configured to:
    • Receive information about a call including (1) a "value generated" based on information from the calling device, and (2) a "score generated for the calling device" indicating a phone number's validity;
    • Perform a security determination based on the score and by verifying the value; and
    • Perform at least one of conveying an "assurance" or a "failure to confirm" to the callee.

U.S. Patent No. 11,856,132 - "Validating Automatic Number Identification Data"

  • Issued: December 26, 2023
  • Technology Synopsis: The patent targets the problem of spoofed caller ID (’132 Patent, col. 1:27-34). Its solution involves a method where information pertaining to a call—including data about the callee's number, device information, and a "cryptographic element"—is received. A security determination is performed based on this cryptographic element, and a notification is then transmitted to the callee's device via a cellular network (’132 Patent, Abstract; Claim 1).
  • Asserted Claims: The complaint asserts at least Claim 1 (Compl. ¶64).
  • Accused Features: The complaint accuses AT&T's implementation of the STIR/SHAKEN protocol and/or Call Protect services on the AT&T Networks of infringement (Compl. ¶62).

III. The Accused Instrumentality

Product Identification

The accused instrumentalities are the "AT&T Networks" and their constituent components that provide security services, specifically including the implementation of the STIR/SHAKEN protocol and/or the "Call Protect" service (Compl. ¶38, ¶50, ¶62).

Functionality and Market Context

The complaint alleges that AT&T operates extensive telecommunications networks that provide voice services across the United States (Compl. ¶18). It is further alleged that AT&T implemented the STIR/SHAKEN protocol across these networks to comply with an FCC mandate designed to combat caller ID spoofing (Compl. ¶5, ¶6). STIR/SHAKEN is a set of technical standards that allows service providers to cryptographically sign and verify caller ID information for calls, thereby providing a level of trust in the displayed number (Compl. ¶2, ¶5).

IV. Analysis of Infringement Allegations

The complaint references claim chart exhibits that were not publicly filed with the complaint; therefore, the infringement allegations are summarized in prose based on the complaint's narrative.

  • '009 Patent Infringement Allegations: The complaint alleges that AT&T's implementation of STIR/SHAKEN infringes Claim 1 of the ’009 Patent (Compl. ¶38, ¶40). The narrative theory suggests that the STIR/SHAKEN process of assigning cryptographic keys/certificates to phone numbers constitutes the claimed "enrolling" of a device and creation of a "device fingerprint." The subsequent use of this cryptographic information to sign a call at the originating end and verify it at the terminating end is alleged to meet the claim limitations of obtaining information from a device and performing a security determination by matching it against stored data.
  • '989 Patent Infringement Allegations: The complaint alleges that AT&T's STIR/SHAKEN implementation infringes Claim 1 of the ’989 Patent (Compl. ¶50, ¶52). This theory appears to map the digitally signed "identity header" in a STIR/SHAKEN call to the claimed "value generated based at least in part on information associated with the calling device." It further appears to map the "attestation level" (e.g., A, B, or C), which indicates a carrier's confidence in the caller's right to use the number, to the claimed "score generated for the calling device... indicating a validity of a phone number." The verification of the signature and evaluation of the attestation level by the terminating network is alleged to constitute the claimed "security determination."
  • Identified Points of Contention:
    • Scope Questions: A central question for the '009 Patent may be whether the process of provisioning cryptographic certificates for use in STIR/SHAKEN falls within the patent's definition of creating a "device fingerprint." For the '989 Patent, a key dispute may concern whether the STIR/SHAKEN "attestation level" constitutes a "score generated for the calling device" that indicates "validity," as required by the claim.
    • Technical Questions: What evidence does the complaint provide that the STIR/SHAKEN attestation level is "generated for the calling device" itself, as opposed to being generated by the originating carrier's network infrastructure based on its relationship with a subscriber account? A related question is whether the cryptographic keys used in STIR/SHAKEN are sufficiently tied to a specific "device" to constitute a "device fingerprint."

No probative visual evidence provided in complaint.

V. Key Claim Terms for Construction

  • Term from the '009 Patent: "device fingerprint"

    • Context and Importance: The infringement case for the ’009 Patent may depend on whether the cryptographic certificates and keys used by AT&T for STIR/SHAKEN authentication qualify as a "device fingerprint." Practitioners may focus on this term because a narrow interpretation tied to physical hardware identifiers could present a challenge to the infringement theory, whereas a broader definition including any unique set of data associated with a device or its software could support it.
    • Intrinsic Evidence for a Broader Interpretation: The specification states that a fingerprint can be "created from a combination of device settings, installed applications, system or application software versions, or contact list stored on the phone," suggesting a basis in software and configuration data rather than just hardware (’009 Patent, col. 9:30-35).
    • Intrinsic Evidence for a Narrower Interpretation: The specification also provides examples of a fingerprint including "embedded hardware identifiers" and "a user-added hardware identifier like an SD Card," which could be used to argue for a construction requiring a connection to a physical component of the device (’009 Patent, col. 9:26-30).

  • Term from the '989 Patent: "score generated for the calling device, the score indicating a validity of a phone number"

    • Context and Importance: Plaintiff's infringement theory appears to equate the STIR/SHAKEN "attestation level" with this claimed "score." The viability of the infringement claim may turn on whether a court construes this multi-level indicator of carrier confidence (e.g., Full Attestation 'A', Partial 'B', Gateway 'C') as a "score" that indicates "validity" within the meaning of the patent.
    • Intrinsic Evidence for a Broader Interpretation: The patent specification, incorporated by reference, discusses creating a "single validity score" from a variety of factors, which may support an argument that the tiered attestation levels function as a type of score (’009 Patent, col. 9:35-40).
    • Intrinsic Evidence for a Narrower Interpretation: The claim requires the score to be "generated for the calling device." A defense may argue that the STIR/SHAKEN attestation level is generated by the service provider's network based on its business relationship with the subscriber, not "for the calling device" itself. The specification refers to a "device verification score," which could suggest the score is more closely tied to the device's characteristics (’009 Patent, col. 10:8-9).

VI. Other Allegations

  • Indirect Infringement: The complaint alleges both induced and contributory infringement. It asserts inducement by alleging AT&T provides its networks and supports the STIR/SHAKEN protocol, thereby causing its customers and other interconnected voice-service providers to directly infringe (Compl. ¶42, ¶54, ¶66). It alleges contributory infringement by claiming the accused network components are material to the invention, are not staple articles of commerce, and are known by AT&T to be especially adapted for infringing use (Compl. ¶45, ¶57, ¶69).
  • Willful Infringement: The complaint alleges willfulness based on AT&T having knowledge of the patents "at least as of the filing date of this Complaint" or having "willfully blinded itself as to the existence" of the patents (Compl. ¶43, ¶55, ¶67). The allegations primarily anchor the knowledge requirement to the date the lawsuit was filed.

VII. Analyst’s Conclusion: Key Questions for the Case

  • A core issue will be one of definitional scope: can the patent term "device fingerprint" be construed to cover the cryptographic certificates used in the industry-standard STIR/SHAKEN protocol, and can the protocol's carrier-assigned "attestation level" be construed as the claimed "score generated for the calling device"?
  • A key technical question will be one of locus of operation: does the functionality of the accused STIR/SHAKEN protocol occur "for the calling device" itself, as required by certain claim limitations, or is it a network-level function based on subscriber information, which may create a technical mismatch with the patent's specific teachings?