DCT

2:24-cv-00546

RFCyber Corp v. Costco Wholesale Corp

Log In

I. Executive Summary and Procedural Information

  • Parties & Counsel:
  • Case Identification: 2:24-cv-00546, E.D. Tex., 07/18/2024
  • Venue Allegations: Venue is based on Defendant's regular and established places of business within the Eastern District of Texas, as well as its transaction of business and alleged commission of infringing acts within the district.
  • Core Dispute: Plaintiff alleges that Defendant’s Costco App, which facilitates in-app payments, infringes a patent related to methods for securely funding and personalizing an "electronic purse" on a portable device.
  • Technical Context: The technology at issue pertains to secure mobile payment systems, specifically the architecture for enabling a portable device like a smartphone to securely interact with backend servers to manage and use a digital payment instrument.
  • Key Procedural History: The patent-in-suit is a continuation of an earlier patent and has survived two separate ex parte reexamination proceedings at the U.S. Patent and Trademark Office, with all claims confirmed as patentable in both instances. This procedural history may be relevant to the patent’s presumption of validity.

Case Timeline

Date Event
2006-09-24 Earliest Priority Date ('855 Patent)
2013-05-28 Issue Date (U.S. Patent No. 8,448,855)
2022-01-01 Approximate Date of First Alleged Infringement (Functionality launch)
2023-04-28 Issue Date (First Ex Parte Reexamination Certificate C1)
2024-07-18 Complaint Filing Date
2025-03-07 Issue Date (Second Ex Parte Reexamination Certificate C2)

II. Technology and Patent(s)-in-Suit Analysis

U.S. Patent No. 8,448,855 - "Method and Apparatus For Funding An Electronic Purse"

  • Patent Identification: U.S. Patent No. 8,448,855, "Method and Apparatus For Funding An Electronic Purse," issued May 28, 2013.

The Invention Explained

  • Problem Addressed: The patent identifies the security challenge of extending closed-loop contactless payment systems (e.g., transit cards) to open networks like the internet or cellular networks, where delivering authentication keys over a public domain network creates security risks ('855 Patent, col. 1:31-47).
  • The Patented Solution: The invention describes a system for securely funding and managing an "e-purse" on a portable device. The solution involves a specific architecture with multiple software components: a user-facing application ("midlet"), a secure "e-purse applet" residing on a smart card module, and an "emulator." This system uses a multi-layered security protocol to first "personalize" the e-purse by establishing secure channels with a backend server, and then to conduct secure transactions with a financial institution over an open network ('855 Patent, Abstract; col. 2:18-47; Fig. 4C).
  • Technical Importance: The described technology sought to provide a framework for a portable device to function as a secure, all-in-one digital wallet, bridging the security gap between isolated smart cards and the emerging world of mobile commerce ('855 Patent, col. 1:48-52).

Key Claims at a Glance

  • The complaint specifically asserts at least independent method Claim 9 ('855 Patent, col. 9:38-10:19; Compl. ¶15).
  • The essential elements of Claim 9 include:
    • Receiving a request from a portable device, which is initiated by a "midlet" after PIN verification.
    • The request itself is composed by an "e-purse applet" and sent over a wireless network to a server.
    • The server verifies the request with a bank account and initiates a fund transfer.
    • The server sends commands back to the portable device, causing an "emulator" to update a transaction log after the "midlet" verifies the commands' authenticity.
    • The method requires the "e-purse" to have been "personalized" through a two-stage security process: (1) establishing an initial security channel between a "card module" and an external Security Authentication Module ("SAM") to install the applet, and (2) creating a second security channel "on top of" the first to protect subsequent operations.
  • The complaint also contains general allegations of infringement of "one or more claims" of the '855 Patent (Compl. ¶14).

III. The Accused Instrumentality

Product Identification

  • The "Accused Products" are identified as "current and previous versions of the Costco App" for Android and iOS devices, along with the supporting "hardware and software" such as "Costco servers" (Compl. ¶9).

Functionality and Market Context

  • The accused functionality is the feature within the Costco App that allows users to make contactless payments at Costco locations (Compl. ¶9). As depicted in a screenshot from Costco's website, this involves a multi-step process where a user adds their "Costco Anywhere Visa® Card by Citi" to the app to enable it for in-store payment (Compl. p. 4). The complaint alleges that Costco servers receive requests from the mobile app, communicate with financial institutions to process payments, and send information back to the app, such as transaction history (Compl. ¶¶16-19). A screenshot from the app shows a list of "In-Warehouse" receipts, which the complaint maps to the claimed "transaction log" (Compl. p. 9).

IV. Analysis of Infringement Allegations

'855 Patent Infringement Allegations

Claim Element (from Independent Claim 9) Alleged Infringing Functionality Complaint Citation Patent Citation
receiving a request from a portable device; Costco servers receive a request from mobile devices running the Costco App when a user performs a contactless or online purchase (Compl. ¶16). A visual from the complaint shows the in-app screen for "Digital Payments," which is used to "Pay in-warehouse using the app" (Compl. p. 7). ¶16 col. 9:40-41
verifying the request with an account in a bank across a network; Upon receiving a request for funds, the Costco App servers "initiate a fund transfer request for the requested funds with the institution administering the user's Costco credit card account," which implies verification of the request (Compl. ¶17). ¶17 col. 9:42-43
initiating a fund transfer request by a server with a financial institution administrating the e-purse when the request is successfully verified; Upon verifying the fund request, the Costco App servers initiate a fund transfer request with the financial institution that administers the user's account (Compl. ¶18). ¶18 col. 9:44-47
sending commands to the portable device to cause an emulator in the portable device to update a transaction log in the portable device after an authenticity of the commands is verified by a midlet in the portable device... Costco servers are alleged to send commands to the user's phone, causing an "emulator" (a portion of the Costco App for logging transactions) to update a "transaction log" (the user's purchase history). Authenticity is allegedly verified by the "midlet" (the Costco application) via an SSL/TLS certificate (Compl. ¶19, p. 8). The complaint provides a screenshot of an "In-Warehouse Receipt" as an example of the transaction log (Compl. p. 9). ¶19 col. 9:48-54
...wherein the request is a response composed by an e-purse applet after the e-purse applet receives an initial request from the midlet in the portable device and an PIN is entered by a user of the portable device and verified, the request is sent over a wireless network to the server... The complaint alleges the request to the server is composed by an "e-purse applet" (the software representation of a saved Costco card) after an initial request from the "midlet" (the Costco App). A "PIN" (e.g., Face ID, password, or fingerprint) is entered and verified by the user (Compl. ¶20). A visual from the complaint shows the app's sign-in screen, which includes an option for Face ID (Compl. p. 9). ¶20 col. 10:1-8
...and wherein the e-purse in the portable device has been personalized by operations including: establishing an initial security channel between the card module and an e-purse security authentication module (SAM) external to the card module to install and personalize the e-purse applet in the card module, and creating a security channel on top of the initial security channel to protect subsequent operations... Personalization is alleged to occur when a user saves a card. This allegedly includes establishing an "initial security channel" (e.g., SSL/TLS) between a "card module" (secure memory area) and a "SAM" (server security module). A second channel is allegedly created "on top" via another layer of encryption (e.g., a device fingerprint) (Compl. ¶¶21-22). ¶¶21-22 col. 10:9-19
  • Identified Points of Contention:
    • Scope Questions: A primary area of dispute may be whether the terminology of the '855 Patent, such as "e-purse applet", "midlet", and "card module", can be read to cover the corresponding components of a modern smartphone application architecture as alleged in the complaint. The defense may argue these terms are tied to the specific JavaCard and J2ME mobile environments described in the patent's specification.
    • Technical Questions: The infringement theory relies on mapping the accused system's general security protocols (e.g., SSL/TLS and device-level encryption) to the patent's specific two-layer security claim for personalization. A key technical question will be whether the accused system's operation performs the same function in the same way as the patent's more detailed description of creating security channels using application security domains and transformed keys ('855 Patent, col. 7:1-16).

V. Key Claim Terms for Construction

  • The Term: "e-purse applet"

  • Context and Importance: The complaint equates this term with "the software representation of a Costco card and/or other saved payment methods" (Compl. ¶20). The viability of the infringement case hinges on whether this software component in a modern app meets the definition of an "e-purse applet", a term central to the asserted claim.

  • Intrinsic Evidence for Interpretation:

    • Evidence for a Broader Interpretation: The patent abstract describes the invention in general terms of an "e-purse" on a "portable device," which may support a broader reading not limited to a specific implementation ('855 Patent, Abstract).
    • Evidence for a Narrower Interpretation: The specification repeatedly describes the "e-purse applet" in a specific context, stating it is "built on top of the global platform and implemented as an applet in SMX [a SmartMX module]" and runs on a "JavaCard" ('855 Patent, col. 5:7-9). This may support an argument that the term is limited to an applet running in a hardware-based secure element.

  • The Term: "midlet"

  • Context and Importance: The complaint alleges the "Costco App" itself is the "midlet" (Compl. ¶20). Practitioners may focus on this term because "MIDlet" is a term of art from the Java ME (J2ME) platform prevalent when the patent was filed, and the interpretation will determine if a modern native iOS or Android app falls within the claim's scope.

  • Intrinsic Evidence for Interpretation:

    • Evidence for a Broader Interpretation: The specification describes a "midlet" as a "software component suitable for being executed on a portable device" and gives an "executable application on a PDA device" as an alternative example, suggesting it is not strictly limited to Java ('855 Patent, col. 5:18-22).
    • Evidence for a Narrower Interpretation: The detailed description implements the "midlet" as a component on a "Java cellphone" ('855 Patent, col. 5:21). This context could be used to argue the term should be construed more narrowly to the specific mobile application platforms of that era.

VI. Other Allegations

  • Indirect Infringement: The complaint alleges inducement of infringement under § 271(b), asserting that Costco provides instructions, marketing, and documentation that encourage customers to use the Costco App in an infringing manner with knowledge and intent (Compl. ¶23). It also alleges contributory infringement under § 271(c), stating that the accused components are not staple articles of commerce and are especially adapted for use in the infringement (Compl. ¶24).
  • Willful Infringement: Willfulness is alleged based on Costco's purported "knowledge of the '855 Patent and with the intent, or willful blindness" that its actions would cause infringement (Compl. ¶23). The complaint does not specify whether this knowledge is alleged to be pre-suit or post-suit.

VII. Analyst’s Conclusion: Key Questions for the Case

  • A core issue will be one of terminological mapping: can the specific claim terms "midlet", "e-purse applet", and "emulator", which are rooted in the early 2000s mobile technology stack described in the patent, be construed to read on the components of a modern, native iOS/Android application and its associated cloud backend?
  • A second central question will be one of technical scope: does the accused system's use of standard, layered security protocols like SSL/TLS and app-level data encryption meet the claim limitation requiring a two-step personalization process of "establishing an initial security channel" and then "creating a security channel on top," or is that limitation constrained to the more specific key-generation and transformation processes detailed in the patent's specification?
  • Finally, a key procedural factor will be the impact of reexamination: how will the patent’s successful navigation of two separate ex parte reexaminations—where all claims were confirmed patentable—affect the strength of the statutory presumption of validity against any invalidity challenges raised by the defendant?