DCT

4:25-cv-00211

Factor2 Multimedia Systems LLC v. First Financial

Log In
Key Events
Complaint
complaint

I. Executive Summary and Procedural Information

  • Parties & Counsel:
  • Case Identification: 4:25-cv-211, N.D. Tex., 03/05/2025
  • Venue Allegations: Plaintiff alleges venue is proper in the Northern District of Texas because Defendant maintains a regular and established place of business in the district and has allegedly committed acts of infringement there.
  • Core Dispute: Plaintiff alleges that Defendant’s online and mobile banking platform, the "FFIN System," infringes six patents related to systems and methods for user authentication using dynamic, single-use security codes.
  • Technical Context: The patents address methods for enhancing computer network security, particularly for online transactions, by moving beyond static passwords to two-factor or dynamic code-based authentication systems.
  • Key Procedural History: The complaint notes that all six Patents-in-Suit are members of the same patent family. No other procedural history, such as prior litigation or administrative challenges to the patents, is mentioned.

Case Timeline

Date Event
2001-08-29 Earliest Priority Date for all Patents-in-Suit
2012-10-02 U.S. Patent No. 8,281,129 Issues
2017-07-11 U.S. Patent No. 9,703,938 Issues
2017-07-19 U.S. Patent No. 9,727,864 Issues
2017-12-27 U.S. Patent No. 9,870,453 Issues
2018-09-25 U.S. Patent No. 10,083,285 Issues
2020-09-08 U.S. Patent No. 10,769,297 Issues
2025-03-05 Complaint Filed

II. Technology and Patent(s)-in-Suit Analysis

U.S. Patent No. 8,281,129 - Direct Authentication System and Method Via Trusted Authenticators

The Invention Explained

  • Problem Addressed: The patent’s background describes the growing problem of online fraud and identity theft, which stems from the flawed assumption that sensitive personal information (like SSNs) can be kept secret and used for authentication. This makes conventional knowledge-based authentication insecure (’129 Patent, col. 1:46-2:6).
  • The Patented Solution: The invention proposes a two-factor authentication method involving three parties: an individual (user), an entity (e.g., a business), and a "trusted-authenticator" (e.g., the user's bank). To authenticate, the user obtains a temporary "dynamic code" from their trusted-authenticator and provides it, along with static user information, to the business. The business then contacts the trusted-authenticator to verify both pieces of information, confirming the user's identity without the business itself handling the core authentication logic (’129 Patent, Abstract; col. 11:45-12:1).
  • Technical Importance: This approach creates a decentralized trust model, allowing a user to leverage an existing trusted relationship (like with their bank) to securely authenticate with other, third-party entities without sharing core secrets.

Key Claims at a Glance

  • The complaint asserts independent claim 1 and dependent claims 2-52 (Compl. ¶32).
  • Essential elements of independent claim 1 include:
    • A trusted-authenticator's computer receiving a request from an individual for a dynamic code.
    • The computer calculating the dynamic code, which is valid for a predefined time and becomes invalid after use.
    • Sending the dynamic code to the individual.
    • Receiving an authentication request from an entity, which includes user information and the dynamic code provided to the entity by the individual.
    • Authenticating the individual's identity based on the user information and the dynamic code, and providing the result to the entity.
  • The complaint reserves the right to assert all claims 1-52 (Compl. ¶32).

U.S. Patent No. 10,769,297 - Centralized Identification and Authentication System and Method

The Invention Explained

  • Problem Addressed: The patent identifies the risk of users distributing confidential personal and financial information across numerous e-commerce sites. It notes a need for a system that allows users to prove their identity without repeatedly exposing this sensitive data (’297 Patent, col. 1:40-52).
  • The Patented Solution: The invention describes a centralized model where a "Central-Entity" manages user authentication. A user wanting to access an "External-Entity" (e.g., a merchant website) first requests a single-use "SecureCode" from the Central-Entity. The user provides their username and this SecureCode, which together form a "digital identity," to the External-Entity. The External-Entity passes this digital identity to the Central-Entity, which validates the code and authorizes the transaction, sending an approval or denial back (’297 Patent, Abstract; col. 3:1-38).
  • Technical Importance: This architecture centralizes the authentication process, meaning the user’s core credentials are not shared with each individual merchant, thereby reducing the points of potential data compromise.

Key Claims at a Glance

  • The complaint asserts independent claim 1 and dependent claims 2-29 (Compl. ¶52).
  • Essential elements of independent claim 1 include:
    • An online computer system receiving a request for a SecureCode from a user's computing device.
    • Generating the SecureCode.
    • Providing the SecureCode to the user, where the code is invalid after a predetermined time, invalid after one use, and only valid for that specific user.
    • Receiving a digital authentication request containing a digital identity that includes the SecureCode.
    • Authenticating the user by evaluating the validity of the SecureCode in the request.
  • The complaint reserves the right to assert all claims 1-29 (Compl. ¶52).

U.S. Patent No. 9,703,938 - Direct Authentication System and Method Via Trusted Authenticators

  • Technology Synopsis: Similar to the ’129 Patent, this patent describes a method for enhancing network security by authenticating a user via a "trusted authentication system." The system generates a dynamic code for the user, which is then used in a transaction with another computer system. The authentication is based on the user's specific information, the dynamic code, and the time of the request (’938 Patent, claim 1).
  • Asserted Claims: Claims 1-26 are asserted (Compl. ¶36).
  • Accused Features: The complaint alleges that the FFIN System's user authentication methods infringe the patent (Compl. ¶3, 22).

U.S. Patent No. 9,727,864 - Centralized Identification and Authentication System and Method

  • Technology Synopsis: Similar to the ’297 Patent, this patent describes a centralized authentication computer system. It generates non-predictable digital codes for users, which are then used to authenticate transactions with remote transaction computer systems. The system is designed to serve a plurality of users and transaction systems (’864 Patent, claim 1).
  • Asserted Claims: Claims 1-15 are asserted (Compl. ¶40).
  • Accused Features: The complaint alleges that the FFIN System's user authentication methods infringe the patent (Compl. ¶3, 22).

U.S. Patent No. 9,870,453 - Direct Authentication System and Method Via Trusted Authenticators

  • Technology Synopsis: This patent is directed to an authentication method where a user's electronic communication with an online entity is secured. An authentication system provides a "SecureCode" to the user. The online system receives this code and other user information, and then sends an authentication request to the authentication system to validate the user, after which the user is granted access (’453 Patent, claim 1).
  • Asserted Claims: Claims 1-26 are asserted (Compl. ¶44).
  • Accused Features: The complaint alleges that the FFIN System's user authentication methods infringe the patent (Compl. ¶3, 22).

U.S. Patent No. 10,083,285 - Direct Authentication System and Method Via Trusted Authenticators

  • Technology Synopsis: This patent describes a system for authenticating a user attempting to access an online system. The system provides a user-authentication code that is valid for a predetermined time and invalid after a first use. The online system uses this code and user-identification information to request authentication from a separate authentication system (’285 Patent, claim 1).
  • Asserted Claims: Claims 1-30 are asserted (Compl. ¶48).
  • Accused Features: The complaint alleges that the FFIN System's user authentication methods infringe the patent (Compl. ¶3, 22).

III. The Accused Instrumentality

Product Identification

  • The accused instrumentality is the "FFIN System" (Compl. ¶3).

Functionality and Market Context

  • The "FFIN System" is identified as Defendant’s platform for providing financial services to its customers. It includes the FFIN mobile application for iOS and Android devices, the website at https://FFIN.com, and the associated back-end systems and infrastructure (Compl. ¶22). The complaint alleges that this system provides authentication functionality for its users that infringes the patents-in-suit (Compl. ¶3, 12). The complaint does not provide further technical detail on the operation of the accused authentication features. No probative visual evidence provided in complaint.

IV. Analysis of Infringement Allegations

The complaint references an exemplary claim chart as Exhibit G for the ’297 Patent but does not provide the exhibit (Compl. ¶26). The following summaries are based on the narrative allegations in the complaint and the text of the asserted claims.

’129 Patent Infringement Allegations

Claim Element (from Independent Claim 1) Alleged Infringing Functionality Complaint Citation Patent Citation
receiving electronically a request for a dynamic code for the individual, which request is received from the individual by a trusted-authenticators computer... The FFIN System allegedly receives requests from its users for a dynamic, single-use authentication code. ¶3, ¶22, ¶25 col. 12:46-51
calculating by the trusted-authenticators computer the dynamic code for the individual... wherein the dynamic code is valid for a predefined time and becomes invalid after being used; The FFIN System’s back-end servers allegedly generate a time-sensitive, single-use code for the user. ¶3, ¶21, ¶25 col. 12:52-57
sending by the trusted-authenticator's computer electronically the dynamic code to the individual... The FFIN System allegedly transmits the generated dynamic code to the user's device (e.g., mobile phone). ¶3, ¶22, ¶25 col. 12:58-61
receiving by the trusted-authenticator's computer electronically an authentication request from the entity to authenticate the individual based on a user information and the dynamic code... The FFIN System allegedly receives the dynamic code back from the user, along with other credentials, to authenticate a login or transaction. ¶3, ¶21, ¶25 col. 12:62-67
authenticating by the trusted-authenticator's computer an identity of the individual... wherein the result of the authentication is provided to the entity. The FFIN System's servers allegedly validate the user’s identity based on the submitted code and credentials and grant or deny access accordingly. ¶3, ¶12, ¶25 col. 1:1-12:4

’297 Patent Infringement Allegations

Claim Element (from Independent Claim 1) Alleged Infringing Functionality Complaint Citation Patent Citation
while the online computer system is connected to the computing device of the user... electronically receiving a request for a SecureCode; The FFIN System allegedly operates as an online computer system that receives requests for security codes from users' devices. ¶3, ¶22, ¶25 col. 12:50-54
generating the SecureCode; The FFIN System's back-end servers allegedly generate a SecureCode for user authentication. ¶3, ¶20, ¶25 col. 6:1-5
...electronically providing to the user the SecureCode... wherein: the SecureCode is invalid after a predetermined time passes, the SecureCode is invalid after one use... and the SecureCode is only valid for authenticating the user; The FFIN System allegedly transmits the SecureCode to the user, and this code is alleged to be time-limited, single-use, and user-specific. ¶3, ¶20, ¶25 col. 12:55-64
...electronically receiving from the online computer system a digital authentication request... wherein: the digital authentication request comprises a digital identity of the user, and the digital identity includes the SecureCode; The FFIN System allegedly receives an authentication request from the user that includes the previously generated SecureCode. ¶3, ¶20, ¶25 col. 13:1-6
...authenticating the user by evaluating a validity of the SecureCode included in the digital authentication request. The FFIN System allegedly authenticates the user by validating the submitted SecureCode. ¶3, ¶12, ¶25 col. 13:7-11

Identified Points of Contention

  • Scope Questions: The ’129 Patent describes a three-party system with a distinct "entity" and "trusted-authenticator." A central question may be whether Defendant's FFIN System, which appears to authenticate its own users for its own services, can meet the claim limitations requiring separate roles. Similarly, the ’297 Patent’s "Central-Entity" and "External-Entity" architecture raises the question of whether a self-contained banking platform performs the claimed method.
  • Technical Questions: The complaint makes conclusory allegations about the FFIN System's functionality. A key technical question will be what evidence demonstrates that the codes generated by the FFIN System meet the specific invalidation criteria required by the claims, such as being strictly "invalid after one use" and "invalid after a predetermined time passes" (’297 Patent, claim 1).

V. Key Claim Terms for Construction

The Term: "trusted-authenticator" (’129 Patent, claim 1)

  • Context and Importance: This term appears central to the architecture of the ’129 Patent. The infringement analysis may depend on whether a "trusted-authenticator" must be a third-party entity separate from the "entity" a user is transacting with, or if a single organization can perform both roles. Practitioners may focus on this term because the complaint accuses an integrated system (FFIN) of infringing claims that appear to describe a multi-party, decentralized architecture.
  • Intrinsic Evidence for Interpretation:
    • Evidence for a Broader Interpretation: The claims do not explicitly state that the "trusted-authenticator" and the "entity" must be different, legally distinct organizations. One might argue that different computer systems within the same organization could fulfill these roles.
    • Evidence for a Narrower Interpretation: The specification describes the trusted-authenticator as "an entity that already knows the individual" and has an established trusted relationship, such as a bank, which is then leveraged to authenticate for a different "business" (’129 Patent, col. 8:31-37). The figures also depict the "Business" (20) and "Trusted-Authenticator" (30) as separate boxes, suggesting they are distinct actors (’129 Patent, Fig. 2a).

The Term: "online computer system" (’297 Patent, claim 1)

  • Context and Importance: The scope of this term defines the infringing apparatus. The dispute may turn on whether the "online computer system" refers to a single, monolithic system operated by one party (like the accused FFIN System), or if it requires the coordinated operation of multiple systems, potentially from the "Central-Entity" and "External-Entity" described in the specification.
  • Intrinsic Evidence for Interpretation:
    • Evidence for a Broader Interpretation: Claim 1 recites "an authentication system... comprising one or more computing devices configured to perform operations," which could be read to cover a single, integrated platform that performs all the recited steps.
    • Evidence for a Narrower Interpretation: The specification consistently describes a "Central-Entity" that provides authentication-as-a-service for a separate "External-Entity" (’297 Patent, col. 3:1-16). The patent explains that a key purpose is to prevent users from distributing financial information to multiple businesses, which implies the "online computer system" in the claim encompasses this multi-entity architecture (’297 Patent, col. 3:56-61).

VI. Other Allegations

  • Indirect Infringement: The complaint does not plead specific facts to support claims of induced or contributory infringement, such as knowledge of the patents combined with actions encouraging infringement by others.
  • Willful Infringement: The complaint does not allege facts supporting pre-suit knowledge of the patents or egregious conduct that would typically underpin a claim for willful infringement. However, the prayer for relief seeks enhanced damages pursuant to 35 U.S.C. § 284, preserving the issue for later stages of litigation (Compl. ¶B, p. 11).

VII. Analyst’s Conclusion: Key Questions for the Case

  • A core issue will be one of architectural scope: Can the patent claims, which describe multi-party authentication frameworks involving distinct "trusted-authenticators" or "Central-Entities," be construed to read on the accused FFIN System, which appears to be an integrated platform authenticating its own users for its own services?
  • A key evidentiary question will be one of functional mapping: The complaint provides high-level infringement allegations. The case may turn on whether discovery produces technical evidence showing that the FFIN System's security codes and authentication protocols perform the specific functions claimed, including the precise conditions for invalidation (e.g., single-use and time-based expiration) recited in the independent claims.