DCT

2:24-cv-00398

Factor2 Multimedia Systems LLC v. Regions Financial Corp

Log In
Key Events
Complaint
complaint

I. Executive Summary and Procedural Information

  • Parties & Counsel:
  • Case Identification: 2:24-cv-00398, E.D. Tex., 05/31/2024
  • Venue Allegations: Venue is alleged to be proper as Defendant maintains a regular and established place of business within the Eastern District of Texas and has committed alleged acts of infringement in the district.
  • Core Dispute: Plaintiff alleges that Defendant’s online banking platform and its associated user authentication systems infringe six patents related to methods for generating and verifying dynamic, single-use security codes.
  • Technical Context: The technology at issue is a form of two-factor authentication, a widely adopted security measure in the financial services industry designed to protect customer accounts from unauthorized access and fraud.
  • Key Procedural History: The complaint notes that all six patents-in-suit are members of the same patent family.

Case Timeline

Date Event
2001-08-29 Earliest Priority Date for all Patents-in-Suit
2012-10-02 U.S. Patent No. 8,281,129 Issued
2017-07-11 U.S. Patent No. 9,703,938 Issued
2017-07-19 U.S. Patent No. 9,727,864 Issued
2017-12-27 U.S. Patent No. 9,870,453 Issued
2018-09-25 U.S. Patent No. 10,083,285 Issued
2020-09-08 U.S. Patent No. 10,769,297 Issued
2024-05-31 Complaint Filed

II. Technology and Patent(s)-in-Suit Analysis

U.S. Patent No. 10,769,297 - “Centralized Identification and Authentication System and Method,” issued Sep. 8, 2020

The Invention Explained

  • Problem Addressed: The patent describes the security risks associated with the increasing use of e-commerce, where users must repeatedly provide confidential personal and financial information to various online entities, creating multiple points of vulnerability for data theft and fraud (ʼ297 Patent, col. 1:40-54).
  • The Patented Solution: The invention proposes a centralized authentication model. A trusted "Central-Entity" securely stores user information and, upon request, generates a dynamic, time-dependent "SecureCode." To authenticate with a third-party "External-Entity" (e.g., an online merchant), the user provides their username along with this temporary SecureCode. The External-Entity then forwards this "digital identity" to the Central-Entity for verification, a process that authenticates the user without exposing their underlying static credentials to the merchant (’297 Patent, Abstract; Fig. 2).
  • Technical Importance: This architecture centralizes trust and authentication logic, aiming to reduce the attack surface for consumers by minimizing the number of entities that handle their core sensitive data (’297 Patent, col. 3:56-62).

Key Claims at a Glance

  • The complaint identifies independent Claim 1 as representative of the patent family's system claims (Compl. ¶20).
  • Claim 1 of the ’297 Patent recites an authentication system comprising computing devices configured to perform operations including:
    • Electronically receiving a request for a "SecureCode" from a user's computing device.
    • Generating the SecureCode.
    • Electronically providing the SecureCode to the user, where the code is invalid after a predetermined time, invalid after one use, and valid only for authenticating that specific user.
    • Electronically receiving a "digital authentication request" which includes the SecureCode as part of the user's "digital identity."
    • Authenticating the user by evaluating the validity of the SecureCode included in the request.
  • The complaint asserts infringement of claims 1-29 (Compl. ¶122).

U.S. Patent No. 8,281,129 - “Direct Authentication System And Method Via Trusted Authenticators,” issued Oct. 2, 2012

The Invention Explained

  • Problem Addressed: The patent addresses the fundamental flaws in identity verification processes that rely on static, "secret" information like Social Security Numbers, which are often compromised. It notes that this reliance is a root cause of widespread identity theft and fraud (’129 Patent, col. 1:47-2:10).
  • The Patented Solution: The invention describes a "two-factor" authentication method leveraging a "trusted authenticator," such as a user's bank. When a user needs to authenticate with another "entity" (e.g., a merchant), the user requests a temporary "dynamic code" from their trusted authenticator. The user then provides both their static information and this dynamic code to the entity. The entity contacts the trusted authenticator, which verifies both pieces of information to confirm the user's identity, completing the authentication loop (’129 Patent, Abstract; col. 7:15-39).
  • Technical Importance: This approach leverages a pre-existing, high-trust relationship (e.g., with a financial institution) to enable secure authentication for transactions with other, potentially unknown entities, without requiring the user to establish new credentials.

Key Claims at a Glance

  • The complaint identifies independent Claim 1 as representative of the patent family's method claims (Compl. ¶21).
  • Claim 1 of the ’129 Patent recites a computer-implemented method to authenticate an individual in communication with an entity, comprising:
    • A "trusted-authenticators computer" electronically receiving a request for a "dynamic code" for the individual.
    • The trusted-authenticator's computer calculating the dynamic code, which is valid for a predefined time and becomes invalid after use.
    • The trusted-authenticator's computer electronically sending the dynamic code to the individual.
    • The trusted-authenticator's computer receiving an authentication request from the entity that includes user information and the dynamic code.
    • The trusted-authenticator's computer authenticating the individual's identity based on the user information and the dynamic code, and providing the result to the entity.
  • The complaint asserts infringement of claims 1-52 (Compl. ¶47).

Multi-Patent Capsule: U.S. Patent No. 9,703,938

  • Patent Identification: U.S. Patent No. 9,703,938, "Direct Authentication System and Method Via Trusted Authenticators," issued July 11, 2017.
  • Technology Synopsis: This patent, similar to the ’129 Patent, describes a two-factor authentication method where a user obtains a temporary "dynamic code" from a "trusted authenticator" to securely verify their identity during an electronic transaction with a separate "computer system" or entity.
  • Asserted Claims: Independent claims 1 and 16 are asserted (Compl. ¶62).
  • Accused Features: The accused features are Defendant's online and mobile banking authentication systems and methods (Compl. ¶¶ 3, 22).

Multi-Patent Capsule: U.S. Patent No. 9,727,864

  • Patent Identification: U.S. Patent No. 9,727,864, "Centralized Identification and Authentication System and Method," issued July 19, 2017.
  • Technology Synopsis: This patent, similar to the ’297 Patent, describes a centralized authentication system where a "Central-Entity" generates a "SecureCode" for a user. The user provides this code as part of a "digital identity" to an "External-Entity," which relies on the Central-Entity for verification, thereby increasing security in e-commerce.
  • Asserted Claims: Independent claim 1 is asserted (Compl. ¶77).
  • Accused Features: The accused features are Defendant's online and mobile banking authentication systems and methods (Compl. ¶¶ 3, 22).

Multi-Patent Capsule: U.S. Patent No. 9,870,453

  • Patent Identification: U.S. Patent No. 9,870,453, "Direct Authentication System and Method Via Trusted Authenticators," issued Dec. 27, 2017.
  • Technology Synopsis: This patent, sharing a specification with the ’129 and ’938 patents, discloses a two-factor authentication method using a dynamic code generated by a trusted authenticator to verify a user's identity to another entity during an electronic communication.
  • Asserted Claims: Independent claims 1, 11, and 18 are asserted (Compl. ¶92).
  • Accused Features: The accused features are Defendant's online and mobile banking authentication systems and methods (Compl. ¶¶ 3, 22).

Multi-Patent Capsule: U.S. Patent No. 10,083,285

  • Patent Identification: U.S. Patent No. 10,083,285, "Direct Authentication System and Method Via Trusted Authenticators," issued Sep. 25, 2018.
  • Technology Synopsis: Continuing the same theme as the ’129 patent family, this patent claims methods and systems for authentication where an "online system" receives a "user-authentication code" that is configured to be valid for a predetermined time and invalid after a first use.
  • Asserted Claims: Independent claims 1 and 16 are asserted (Compl. ¶107).
  • Accused Features: The accused features are Defendant's online and mobile banking authentication systems and methods (Compl. ¶¶ 3, 22).

III. The Accused Instrumentality

  • Product Identification: The accused instrumentality is identified as the "Regions System and Apparatus" or "Accused Product," which encompasses at least the internet website www.regions.com and the associated back-end systems that provide functionality and authenticate users (Compl. ¶22).
  • Functionality and Market Context: The complaint describes the Accused Product as a financial services platform that allows users to log into online accounts (Compl. ¶29). The relevant functionality is its two-factor or multi-factor authentication process. This process allegedly involves sending a user a "one-time code," referred to by Plaintiff as a "SecureCode," via SMS text message or email after the user enters their username. The user must then enter this code to complete the login process and access their account (Compl. ¶30). A screenshot provided in the complaint from Defendant's website explains that this "one-time code" is sent to a user's mobile phone and may "only be active for a short period of time" (Compl. p. 10).

IV. Analysis of Infringement Allegations

10,769,297 Patent Infringement Allegations

Claim Element (from Independent Claim 1) Alleged Infringing Functionality Complaint Citation Patent Citation
An authentication system for enhancing computer network security by authenticating a user in an electronic communication between a computing device of the user and an online computer system... Defendant provides online banking services through its website, which constitutes an authentication system for electronic communication between a user's device and Defendant's online computer system. ¶29 col. 5:46-51
while the online computer system is connected to the computing device of the user via a communication network, electronically receiving a request for a SecureCode; After a user enters their username and initiates login, Defendant's online system receives a request for a "SecureCode," which Defendant refers to as a "one-time code." ¶30 col. 5:29-33
generating the SecureCode; Defendant's online computer system generates the "one-time code" for the user. ¶31 col. 5:33-35
...electronically providing to the user the SecureCode... Defendant's system sends the generated code to the user via SMS text, email, or other electronic methods. ¶32 col. 5:36-39
wherein: the SecureCode is invalid after a predetermined time passes, Defendant's website allegedly states that the "one-time code" will "only be active for a short period of time," and an expired code is rejected. ¶33 col. 6:20-21
the SecureCode is invalid after one use of the SecureCode for authentication, and The system allegedly uses a "one-time code" that is valid for only one use. ¶34 col. 6:21-23
the SecureCode is only valid for authenticating the user; and The generated code is allegedly specific to the particular user attempting to log in. ¶35 col. 6:23-24
...electronically receiving from the online computer system a digital authentication request for authenticating the user...the digital identity includes the SecureCode; and Defendant's system receives the user's digital identity, which includes the user's username and the provided SecureCode. ¶¶36-38 col. 6:3-5
...authenticating the user by evaluating a validity of the SecureCode included in the digital authentication request. The Defendant's authentication system validates the login by confirming that the submitted SecureCode is valid for that particular username. ¶39 col. 6:6-9

8,281,129 Patent Infringement Allegations

The complaint does not provide sufficient detail for a claim-chart analysis of the ’129 Patent. The complaint alleges that Defendant's system infringes by operating as both the "entity" the user is authenticating to and the "trusted-authenticator" that provides the dynamic code for that authentication (Compl. ¶¶ 21-22).

Identified Points of Contention:

  • Scope Questions: For the ’129 patent family, a central question may be whether the claimed model of an "entity" and a "trusted-authenticator" requires two separate, distinct parties. The patent figures depict them as separate blocks (’129 Patent, Figs. 1a, 1b). The dispute may focus on whether the claims can read on a two-party scenario where a single organization (Regions Bank) acts as both the entity being accessed and the authenticator issuing the code.
  • Technical Questions: A key factual question will be whether the accused "one-time code" meets all specific limitations of the claimed "SecureCode" or "dynamic code," such as the precise mechanisms for invalidation (e.g., after one use and after a set time). The complaint cites a screenshot explaining Defendant's "one-time code" system, which may serve as evidence on this point (Compl. p. 11).

V. Key Claim Terms for Construction

  • The Term: "trusted-authenticator's computer" / "entity" (from ’129 Patent, Claim 1)
    • Context and Importance: The relationship between these two terms is central to the infringement theory for the ’129 patent family. Practitioners may focus on whether the claims require these to be distinct systems controlled by different legal entities, or if a single entity's integrated system can satisfy both limitations. The outcome of this construction could determine whether a two-party system like a bank authenticating its own user infringes.
    • Intrinsic Evidence for Interpretation:
      • Evidence for a Narrower Interpretation: The specification's figures consistently depict the "Individual," "Business" (the entity), and "Trusted-Authenticator" as three distinct components, which could support an interpretation requiring structural or organizational separation (’129 Patent, Figs. 1a, 2a). The description of the invention often frames the problem in terms of a user authenticating to a business with the help of a separate trusted party, such as their bank (’129 Patent, col. 4:46-51).
      • Evidence for a Broader Interpretation: The claims themselves do not explicitly state that the "entity" and the "trusted-authenticator" must be different legal persons or operate on non-collocated computer systems. An argument for a broader reading might suggest that the terms define functional roles, and a single system could functionally perform the roles of both receiving an authentication request (as an "entity") and providing a dynamic code (as a "trusted-authenticator").

VI. Other Allegations

  • Indirect Infringement: The complaint alleges inducement by providing software and user-facing instructions (e.g., website prompts) that allegedly guide customers to perform the claimed authentication methods (Compl. ¶24). Contributory infringement is alleged on the basis that Defendant supplies a material part of the infringing system (its back-end authentication technology) that is not a staple article of commerce and has no substantial non-infringing use (Compl. ¶25).
  • Willful Infringement: Willfulness is alleged based on Defendant's awareness of the Patents-in-Suit, with the complaint stating infringement "has been willful since at least as early as they became aware of the Patents-in-Suit" (Compl. ¶43). This allegation appears to be based on post-filing knowledge rather than pre-suit notice.

VII. Analyst’s Conclusion: Key Questions for the Case

  • A core issue will be one of definitional scope: can the patent claims describing a system with a distinct "entity" and "trusted authenticator" be construed to cover an integrated, two-party scenario where a single company (the Defendant bank) fulfills both roles for its own customers?
  • A central question of claim construction will be how the terms "online computer system" and "computing device of the user" in the ’297 patent family are interpreted, and whether the Defendant's client-server architecture can be mapped cleanly onto these claimed system components.
  • A key evidentiary question will be whether the functionality of the accused "one-time code," as implemented in Defendant's system, meets every specific limitation of the claimed "SecureCode" or "dynamic code," particularly the dual conditions for invalidation (i.e., after one use and after a predetermined time).