Secure Matrix LLC v. Penney OpCo LLC

I. Executive Summary and Procedural Information

• Parties & Counsel:
  • Plaintiff: Secure Matrix LLC (DE)
  • Defendant: Penney OpCo LLC (VA)
  • Plaintiff’s Counsel: Rabicoff Law LLC
• Case Identification: 2:25-cv-00004, E.D. Tex., 01/03/2025
• Venue Allegations: Venue is alleged to be proper based on Defendant maintaining an established place of business within the Eastern District of Texas.
• Core Dispute: Plaintiff alleges that Defendant infringes a patent related to multi-device systems and methods for user authentication and verification.
• Technical Context: The technology addresses secure user authentication for online services, such as e-commerce logins or payments, by using a secondary personal device to verify an interaction initiated on a primary device.
• Key Procedural History: The complaint does not mention any prior litigation, Inter Partes Review (IPR) proceedings, or licensing history related to the patent-in-suit.

Case Timeline

II. Technology and Patent(s)-in-Suit Analysis

U.S. Patent No. 8,677,116 - "Systems and methods for authentication and verification"

• Patent Identification: U.S. Patent No. 8,677,116, "Systems and methods for authentication and verification," issued March 18, 2014 (’116 Patent). (Compl. ¶8-9).

The Invention Explained

• Problem Addressed: The patent describes a "growing need to authenticate users" for accessing secured internet portals or performing online consumer transactions, seeking a method that is both "secure and fast." (’116 Patent, col. 1:19-29).
• The Patented Solution: The invention proposes a multi-device authentication system. A user attempting to access a "secured capability" (e.g., a website login) on a first computer is presented with a "reusable identifier" (e.g., a QR code). The user employs a second, personal electronic device (e.g., a smartphone) to capture this identifier and transmit it, along with "user verification information," to a remote verification server. This server evaluates the data from both sources to determine if the user is authorized and, if so, transmits an authorization signal to complete the interaction. (’116 Patent, Abstract; Fig. 2; col. 6:4-34).
• Technical Importance: This architecture aims to enhance security by using a trusted personal device as a second authentication factor, separating the verification step from the potentially less secure primary access point, while using "reusable identifiers" to simplify the process and reduce server-side computational load. (’116 Patent, col. 6:35-62).

Key Claims at a Glance

• The complaint asserts infringement of "one or more claims" without specifying them. (Compl. ¶11). Independent claim 1 is representative of the core method patent claims.
• The essential elements of independent claim 1 include:
  • Using a computer system to receive a first signal from a computer providing a secured capability, where the signal comprises a "reusable identifier" assigned for a "finite period of time".
  • Using the computer system to receive a second signal from a user's electronic device, where the signal comprises a copy of the "reusable identifier" and "user verification information".
  • Using a processor to evaluate, based on the first and second signals, whether the user is authorized.
  • In response to an authorization, transmitting a third signal with "authorization information" to the electronic device and/or the computer. (’116 Patent, col. 33:18-39).
• The complaint alleges infringement of at least the "Exemplary '116 Patent Claims," suggesting it may later assert other independent or dependent claims. (Compl. ¶11).

III. The Accused Instrumentality

Product Identification

• The complaint identifies the accused instrumentalities as the "Exemplary Defendant Products" detailed in Exhibit 2. (Compl. ¶11). However, Exhibit 2 was not filed with the complaint. Therefore, the specific accused products, methods, or services are not identified in the provided documents.

Functionality and Market Context

• The complaint alleges that the "Exemplary Defendant Products practice the technology claimed by the '116 Patent" and "satisfy all elements" of the asserted claims. (Compl. ¶16). It further alleges that these products are made, used, sold, and imported by the Defendant. (Compl. ¶11). The complaint does not provide specific details on the technical functionality or market context of the accused products.

IV. Analysis of Infringement Allegations

The complaint references claim charts in an unprovided "Exhibit 2" to support its infringement allegations. (Compl. ¶16-17). In the absence of the charts, the infringement theory is based on the complaint's narrative allegations.

The complaint's narrative theory of infringement asserts that the unspecified "Exemplary Defendant Products" perform the steps of the claimed authentication method. (Compl. ¶11, ¶16). This suggests Plaintiff's position is that when a user authenticates via Defendant's systems, those systems necessarily perform the claimed steps of: (1) generating or using a "reusable identifier" for the transaction; (2) receiving signals from different devices corresponding to that identifier and user verification data; (3) processing these signals to determine authorization; and (4) transmitting an authorization confirmation. (Compl. ¶11, ¶16). The complaint provides no specific facts regarding the architecture or operation of the accused systems.

No probative visual evidence provided in complaint.

Identified Points of Contention

• Scope Questions: A primary issue may be whether the identifiers used in Defendant's authentication system meet the definition of a "reusable identifier" that is "assigned for use by the secured capability for a finite period of time," as required by claim 1. The interpretation of "reusable" will be critical, as the patent contrasts it with "one-time-use" identifiers. (’116 Patent, col. 9:8-20).
• Technical Questions: A key evidentiary question is whether Defendant’s system utilizes the two-device, three-signal communication architecture described in the patent. The complaint does not allege any facts to suggest that Defendant's authentication process involves a user employing a second device (like a smartphone) to scan or receive an identifier from a first device (like a PC browser) to initiate verification.

V. Key Claim Terms for Construction

• The Term: "reusable identifier"

  • Context and Importance: This term is foundational to the claimed invention. Its construction will likely determine whether the patent's scope can read on modern authentication tokens or protocols allegedly used by the Defendant, or if it is limited to the specific embodiments disclosed.
  • Intrinsic Evidence for Interpretation:
    • Evidence for a Broader Interpretation: The specification states the identifier "does not contain user-specific or interaction-specific information," which could support construing it as any generic token that initiates a transaction. (’116 Patent, col. 6:37-39). The patent also refers to it as a "transaction start indicator" or "TSSID." (’116 Patent, col. 8:56-57).
    • Evidence for a Narrower Interpretation: The specification repeatedly uses a QR code as the primary example of the identifier, which a user's mobile device scans from another screen. (’116 Patent, Fig. 7; col. 9:51-57). A party could argue the term should be construed in light of this embodiment, or limited to identifiers that are "premade" and selected from a list in a "round robin" fashion, as also described. (’116 Patent, col. 9:1-20).

• The Term: "user verification information"

  • Context and Importance: This term defines what the user's second device must provide to the verification server alongside the identifier copy. Its scope is critical for determining what constitutes a valid verification under the claims.
  • Intrinsic Evidence for Interpretation:
    • Evidence for a Broader Interpretation: The specification provides a broad definition, stating it can include information "specific to the user" (e.g., name, email) or information "specific to the first electronic device" (e.g., a hardware ID or character string). (’116 Patent, col. 12:5-14).
    • Evidence for a Narrower Interpretation: The patent describes a "second association" in a database that links this information to "verified users authorized to access" the secured capability. (’116 Patent, col. 7:56-61; col. 12:22-35). A party may argue that this implies the "user verification information" must be more than just a device fingerprint; it must be data that is actively checked against a pre-existing record of an authorized user.

VI. Other Allegations

Indirect Infringement

• The complaint alleges induced infringement, stating that Defendant distributes "product literature and website materials inducing end users...to use its products in the customary and intended manner that infringes the '116 Patent." (Compl. ¶14). The complaint references the unprovided Exhibit 2 as containing this evidence. (Compl. ¶14).

Willful Infringement

• The complaint alleges "Actual Knowledge of Infringement" arising from the service of the complaint itself. (Compl. ¶13). It further alleges that Defendant's infringement has continued post-filing despite this knowledge, which forms a basis for a claim of post-suit willful infringement and potential enhanced damages. (Compl. ¶14).

VII. Analyst’s Conclusion: Key Questions for the Case

• A core issue will be one of definitional scope: can the term "reusable identifier", which is heavily illustrated in the patent as a visually scanned QR code in a two-device interaction, be construed to cover the authentication tokens or other security mechanisms allegedly used in Defendant's e-commerce systems, which may operate without such an explicit multi-device user action?
• A key evidentiary question will be one of architectural mapping: given the lack of factual detail in the complaint, the case will depend on whether Plaintiff can produce evidence in discovery showing that Defendant's system architecture mirrors the specific three-signal communication flow between a primary computer, a secondary user device, and a verification server, as required by the asserted claims.