DCT

2:24-cv-00403

Factor2 Multimedia Systems LLC v. Washington Federal Bank

Log In
Key Events
Complaint
complaint

I. Executive Summary and Procedural Information

  • Parties & Counsel:
  • Case Identification: 2:24-cv-00403, E.D. Tex., 06/02/2024
  • Venue Allegations: Plaintiff alleges venue is proper because Defendant maintains a regular and established place of business in the Eastern District of Texas and has committed acts of infringement within the district.
  • Core Dispute: Plaintiff alleges that Defendant’s online and mobile banking platforms infringe six patents related to systems and methods for two-factor user authentication using dynamic, single-use codes.
  • Technical Context: The technology at issue addresses secure user identification for online transactions, a foundational component of digital security in the financial services industry and broader e-commerce.
  • Key Procedural History: The complaint states that all six Patents-in-Suit are members of the same patent family. No other significant procedural events, such as prior litigation or administrative challenges, are mentioned in the complaint.

Case Timeline

Date Event
2001-08-29 Earliest Priority Date for all Patents-in-Suit
2012-10-02 U.S. Patent No. 8,281,129 Issues
2017-07-11 U.S. Patent No. 9,703,938 Issues
2017-07-19 U.S. Patent No. 9,727,864 Issues
2017-12-27 U.S. Patent No. 9,870,453 Issues
2018-09-05 U.S. Patent No. 10,083,285 Issues
2020-08-19 U.S. Patent No. 10,769,297 Issues
2024-06-02 Complaint Filed

II. Technology and Patent(s)-in-Suit Analysis

U.S. Patent No. 10,769,297 - "Centralized Identification and Authentication System and Method"

Issued August 19, 2020 (Compl. ¶18).

The Invention Explained

  • Problem Addressed: The patent’s background section describes the security risks inherent in e-commerce, where customers must release confidential personal and financial information to merchants and service providers, noting that this identification method is "not only unsafe but also it is not fool proof" (’297 Patent, col. 1:40-52).
  • The Patented Solution: The invention proposes a centralized architecture where a "Central-Entity" securely stores a user's sensitive information. To authenticate with a third-party "External-Entity" (e.g., an online merchant), the user requests a temporary, dynamic "SecureCode" from the Central-Entity. The user then provides this single-use code, along with a username, to the External-Entity for verification by the Central-Entity, thereby authenticating the transaction without exposing static credentials like credit card or bank account numbers. (’297 Patent, Abstract; col. 3:1-38).
  • Technical Importance: This approach seeks to enhance e-commerce security by centralizing trust and replacing the transmission of persistent, high-value credentials with ephemeral, single-use tokens for authentication. (’297 Patent, col. 2:5-15).

Key Claims at a Glance

  • The complaint asserts independent Claim 1 (Compl. ¶20, ¶122).
  • The essential elements of Claim 1 include:
    • An authentication system with one or more computing devices configured to perform operations.
    • Electronically receiving a request for a "SecureCode" from a user's computing device.
    • Generating the SecureCode.
    • Providing the SecureCode to the user, where the code is invalid after a predetermined time, invalid after one use, and valid only for authenticating that user.
    • Receiving a digital authentication request that includes the user's digital identity and the SecureCode.
    • Authenticating the user by evaluating the validity of the SecureCode included in the request.
  • The complaint asserts infringement of claims 1-29, reserving the right to assert dependent claims (Compl. ¶122).

U.S. Patent No. 8,281,129 - "Direct Authentication System And Method Via Trusted Authenticators"

Issued October 2, 2012 (Compl. ¶13).

The Invention Explained

  • Problem Addressed: The patent family’s background describes the fundamental flaw in authentication processes that rely on supposedly "secret" personal information (like a Social Security Number), which is often obtainable by fraudsters, leading to identity theft. (’129 Patent, col. 1:48-62). Proposed solutions, such as a new government-run identity database, are identified as potentially burdensome and raising privacy concerns (’129 Patent, col. 4:56-62).
  • The Patented Solution: The invention proposes a decentralized authentication method that leverages existing trust relationships. A user authenticates to a third-party "entity" (e.g., a merchant) by using a "trusted-authenticator" (e.g., the user's bank). The system employs two factors: a "static key" (something the user knows, like a password) and a "dynamic key" (a temporary code the user receives from their trusted-authenticator for that specific transaction). The entity receives both keys from the user and forwards them to the trusted-authenticator for verification. (’129 Patent, Abstract; col. 7:19-41).
  • Technical Importance: This method aims to provide strong, two-factor authentication by leveraging existing, trusted financial relationships, thereby avoiding the creation of a new, centralized identity bureaucracy while still preventing fraud. (’129 Patent, col. 4:50-54).

Key Claims at a Glance

  • The complaint asserts independent Claim 1 (Compl. ¶21, ¶47).
  • The essential elements of Claim 1, a computer-implemented method, include:
    • A trusted-authenticator's computer receiving a request for a dynamic code from an individual.
    • Calculating the dynamic code, which is valid for a predefined time and becomes invalid after use.
    • Sending the dynamic code to the individual.
    • The trusted-authenticator's computer receiving an authentication request from an entity, which includes user information and the dynamic code provided by the individual to the entity.
    • Authenticating the individual's identity based on the user information and the dynamic code, and providing the result to the entity.
  • The complaint asserts infringement of claims 1-52, reserving the right to assert dependent claims (Compl. ¶47).

U.S. Patent No. 9,703,938 - "Direct Authentication System And Method Via Trusted Authenticators"

Issued July 11, 2017 (Compl. ¶14).

Technology Synopsis: As part of the same family as the ’129 Patent, this patent addresses identity theft through a two-factor authentication method utilizing a trusted third party, such as a bank. The system authenticates a user for a transaction with an entity by verifying both a static credential and a transaction-specific dynamic code provided by the user. (’938 Patent, Abstract).
Asserted Claims: Claims 1-26 are asserted (Compl. ¶62).
Accused Features: The complaint accuses WaFd’s two-factor authentication systems for its online and mobile banking platforms (Compl. ¶¶22, 27).

U.S. Patent No. 9,727,864 - "Centralized Identification and Authentication System and Method"

Issued July 19, 2017 (Compl. ¶15).

Technology Synopsis: Related to the ’297 Patent, this patent describes a centralized authentication model where a "Central-Entity" generates a dynamic, time-dependent "SecureCode" for a user. The user presents this code to an "External-Entity" for verification, allowing authentication to occur without the direct transmission of the user's underlying sensitive financial or personal data. (’864 Patent, Abstract).
Asserted Claims: Claims 1-15 are asserted (Compl. ¶77).
Accused Features: The complaint accuses WaFd’s centralized two-factor authentication systems used in its digital banking services (Compl. ¶¶22, 27).

U.S. Patent No. 9,870,453 - "Direct Authentication System and Method Via Trusted Authenticators"

Issued December 27, 2017 (Compl. ¶16).

Technology Synopsis: This patent belongs to the same family as the ’129 and ’938 Patents and discloses a similar two-factor authentication system. The technology relies on a trusted authenticator to verify a user's identity based on a combination of static information and a dynamic, single-use "SecureCode" generated for a specific transaction. (’453 Patent, Abstract).
Asserted Claims: Claims 1-26 are asserted (Compl. ¶92).
Accused Features: The complaint targets WaFd’s two-factor authentication systems for its online and mobile banking platforms (Compl. ¶¶22, 27).

U.S. Patent No. 10,083,285 - "Direct Authentication System and Method Via Trusted Authenticators"

Issued September 5, 2018 (Compl. ¶17).

Technology Synopsis: Continuing the technology of the ’129 patent family, this patent describes a method for secure authentication using a "two-factor" system. A trusted authenticator validates a user's identity for a third-party transaction by confirming both a static credential (what the user knows) and a dynamic, temporary code (what the user receives). (’285 Patent, Abstract).
Asserted Claims: Claims 1-30 are asserted (Compl. ¶107).
Accused Features: The complaint accuses WaFd’s two-factor authentication systems used in its digital banking services (Compl. ¶¶22, 27).

III. The Accused Instrumentality

Product Identification

The accused instrumentality is the "WaFd System and Apparatus," which encompasses the defendant's websites (including www.wafdbank.com and online.wafdbank.com), the "Mobiliti" mobile platform, the "WaFd Treasury Token app," and the associated back-end systems that provide functionality and user authentication (Compl. ¶22).

Functionality and Market Context

The accused system provides digital banking services to WaFd's customers (Compl. ¶29). To secure user accounts, the system employs a two-factor (or multi-factor) authentication process. During login, the system sends a "verification code" via SMS or email, or a "one-time passcode" via the Treasury Token App, to the user. The user must then enter this code into the website or mobile app to gain access, a process alleged to practice the claimed authentication methods (Compl. ¶¶30-32).

IV. Analysis of Infringement Allegations

No probative visual evidence provided in complaint.

10,769,297 Patent Infringement Allegations

Claim Element (from Independent Claim 1) Alleged Infringing Functionality Complaint Citation Patent Citation
An authentication system for enhancing computer network security by authenticating a user... comprising one or more computing devices configured to perform operations comprising: WaFd provides services through websites and mobile applications that comprise an authentication system for users to log into their accounts. ¶29 col. 1:30-36
while the online computer system is connected to the computing device of the user via a communication network, electronically receiving a request for a SecureCode; When a user attempts to sign in with two-factor authentication, the WaFd online computer system receives a request for a "verification code." ¶30 col. 6:45-52
generating the SecureCode; The WaFd online computer system generates a "verification code" or a "one-time passcode." ¶31 col. 6:53-55
electronically providing to the user the SecureCode... wherein: the SecureCode is invalid after a predetermined time passes, The system sends the code to the user, and the code is available only for a limited time and is rejected if not used within that time. ¶32, ¶33 col. 6:55-63
the SecureCode is invalid after one use of the SecureCode for authentication, and The code is for "one use by a particular user" and is rejected by the website if it has already been used. ¶34 col. 6:63-65
the SecureCode is only valid for authenticating the user; and The code is generated for the specific user attempting to log in and is not valid for a different user. ¶35 col. 7:1-3
electronically receiving from the online computer system a digital authentication request for authenticating the user, wherein: the digital authentication request comprises a digital identity of the user, and the digital identity includes the SecureCode; and The WaFd authentication system receives a digital authentication request including the user's username and the SecureCode. ¶36, ¶37 col. 7:4-9
authenticating the user by evaluating a validity of the SecureCode included in the digital authentication request. After receiving the digital identity, the WaFd system validates the login if the SecureCode is valid for that particular user. ¶39 col. 7:10-14

8,281,129 Patent Infringement Allegations

Claim Element (from Independent Claim 1) Alleged Infringing Functionality Complaint Citation Patent Citation
receiving electronically a request for a dynamic code for the individual, which request is received from the individual by a trusted-authenticators computer... WaFd's back-end computer system (alleged trusted-authenticator) receives a request for a "verification code" when a user initiates a login from their device. ¶30 col. 9:59-64
calculating by the trusted-authenticators computer the dynamic code for the individual... wherein the dynamic code is valid for a predefined time and becomes invalid after being used; WaFd's system generates the time-limited and single-use "verification code." ¶31, ¶33, ¶34 col. 10:1-5
sending by the trusted-authenticator's computer electronically the dynamic code to the individual... WaFd's system electronically sends the generated code to the user via SMS, email, or an application. ¶32 col. 10:6-9
receiving by the trusted-authenticator's computer electronically an authentication request from the entity to authenticate the individual based on a user information and the dynamic code... WaFd's back-end system receives the username and entered verification code from the user's device (the alleged entity). ¶36, ¶37 col. 10:10-17
authenticating by the trusted-authenticator's computer an identity of the individual based on the user information and the dynamic code... wherein the result of the authentication is provided to the entity. WaFd's system validates the credentials, and the result (authentication success or failure) is provided back to the user's device, granting or denying access. ¶39 col. 10:18-23

Identified Points of Contention

  • Architectural Scope: A primary question for the '129 Patent and its family may be whether the claim language, which recites an "individual," an "entity," and a "trusted-authenticator," can read on the accused system. In WaFd's implementation, WaFd appears to function as both the "entity" (the service provider) and the "trusted-authenticator" (the code generator/verifier). The litigation may explore whether the claims require these to be separate and distinct systems or organizations.
  • Functional Scope: The infringement analysis for the '297 Patent may raise the question of whether WaFd's system architecture meets the claim limitation of "receiving from the online computer system a digital authentication request." If the user's device sends the request, and the WaFd "online computer system" receives it, the court may need to determine if the system is, as claimed, receiving a request "from" itself.

V. Key Claim Terms for Construction

The Term: "dynamic code" / "SecureCode"

  • Context and Importance: This term is the technological core of all asserted patents. The infringement case depends on whether WaFd's "verification code" or "one-time passcode" is equivalent to the claimed "dynamic code." Practitioners may focus on this term because its construction will determine if the accused functionality falls within the patent's scope.
  • Intrinsic Evidence for Interpretation:
    • Evidence for a Broader Interpretation: The specification of the related ’285 Patent defines "dynamic key" broadly as "SecureCode which is a key or information that is variable" (’285 Patent, col. 8:51-52), suggesting it could encompass any non-static code used for authentication.
    • Evidence for a Narrower Interpretation: The claims themselves narrow the term by requiring that the code be "valid for a predefined time and becomes invalid after being used" (’129 Patent, Claim 1) or "invalid after one use" (’297 Patent, Claim 1). These functional limitations will be central to the construction.

The Term: "entity" (as recited in the ’129 Patent family)

  • Context and Importance: The claims of the ’129 Patent describe an interaction among an "individual," an "entity," and a "trusted-authenticator." The term's definition is critical because in the accused system, WaFd arguably serves as both the "entity" and the "trusted-authenticator." A narrow construction requiring distinct organizations could present a challenge to the infringement allegations.
  • Intrinsic Evidence for Interpretation:
    • Evidence for a Broader Interpretation: The patents do not explicitly state that the "entity" and "trusted-authenticator" must be separate corporate bodies or reside on physically distinct hardware. Plaintiff may argue they are distinct logical systems, even if operated by the same company.
    • Evidence for a Narrower Interpretation: The patent figures consistently depict the "Business" (entity) and "Trusted-Authenticator" as separate blocks, suggesting they are distinct actors (’129 Patent, Figs. 1a, 2a). The specification also frames the problem in the context of a user interacting with a new business by leveraging a preexisting relationship with a bank, implying separate organizations (’129 Patent, col. 7:5-17).

VI. Other Allegations

Indirect Infringement

The complaint alleges inducement of infringement by asserting that Defendant provides its customers with software and instructions (e.g., via its website and mobile apps) that direct them to perform the steps of the patented methods (Compl. ¶24). It further alleges contributory infringement on the basis that Defendant supplies a material part of the infringing system—the authentication technology—which is not a staple article of commerce and is especially adapted for infringement (Compl. ¶25).

Willful Infringement

The complaint alleges that Defendant's infringement has been willful "since at least as early as they became aware of the Patents-in-Suit" (Compl. ¶43). This allegation appears to be based on post-suit knowledge, as no facts suggesting pre-suit notice or knowledge are provided.

VII. Analyst’s Conclusion: Key Questions for the Case

  • A core issue will be one of architectural scope: can the claims of the '129 patent family, which appear to describe a three-party authentication framework (user, entity, trusted-authenticator), be construed to cover the accused two-party system where WaFd Bank acts as both the service provider and the authenticator?
  • A second key issue will be one of definitional equivalence: does the "verification code" generated by the WaFd apparatus meet all functional limitations of the claimed "dynamic code" or "SecureCode," specifically the requirements that it become invalid after a predetermined time and a single use?
  • A third question will be one of infringement locus: for the asserted method claims, the court will need to determine whether the actions of WaFd, its systems, and its end-users, when combined, satisfy every step of a claimed method within the United States, and whether WaFd's actions rise to the level of inducing or contributing to its users' direct infringement.