DCT
1:23-cv-00031
Rubin v. Kahoot ASA
I. Executive Summary and Procedural Information
- Parties & Counsel:
- Plaintiff: Aviel D. Rubin (Maryland)
- Defendant: Kahoot! ASA (Norway) and Kahoot Edu, Inc. (Texas)
- Plaintiff’s Counsel: The Davis Firm PC; Vasquez Benisek & Lindgren LLP
- Case Identification: Rubin v. Kahoot! ASA, 6:22-cv-00236, W.D. Tex., 03/03/2022
- Venue Allegations: Plaintiff alleges venue is proper in the Western District of Texas because Defendants conduct business in the district, have committed alleged acts of infringement there, and maintain a regular and established place of business in Austin, Texas.
- Core Dispute: Plaintiff alleges that Defendant’s game-based learning platform infringes a patent related to securing online transactions by splitting application data between two separate user devices.
- Technical Context: The technology concerns methods for enhancing cybersecurity in online applications, such as gaming or banking, by transmitting sensitive information to a user's secondary device (e.g., a smartphone) while displaying public information on a primary device (e.g., a computer).
- Key Procedural History: The complaint asserts U.S. Patent No. 9,064,376. Subsequent to the filing of this complaint, an Inter Partes Review (IPR) was instituted against the patent (IPR2023-00693). The proceeding resulted in the cancellation of claims 1-5, 9-10, 12-17, and 23-25, which includes all claims explicitly mapped in the complaint. This development presents a threshold question regarding the viability of the infringement claims as pleaded.
Case Timeline
| Date | Event |
|---|---|
| 2014-06-26 | Priority Date for U.S. Patent No. 9,064,376 |
| 2015-06-23 | Issue Date for U.S. Patent No. 9,064,376 |
| 2022-03-03 | Complaint Filed |
| 2023-03-10 | Inter Partes Review (IPR2023-00693) Filed against '376 Patent |
| 2024-12-24 | Certificate Issued for IPR confirming claim cancellations |
II. Technology and Patent(s)-in-Suit Analysis
- Patent Identification: U.S. Patent No. 9,064,376, "Utilization of Multiple Devices to Secure Online Transactions," issued June 23, 2015.
The Invention Explained
- Problem Addressed: The patent’s background section describes the risk of malware, such as Remote Access Trojans (RATs), compromising a user's device to steal sensitive information during online activities like gaming or banking. It notes that conventional security measures, including standard two-factor authentication, are often insufficient because they are "application-agnostic" and typically occur only at the beginning of a session, not throughout. (’376 Patent, col. 1:37-52, col. 2:32-36).
- The Patented Solution: The invention proposes a system that splits an application's functions across two devices that are used "persistently and/or continuously, during an online session." (’376 Patent, col. 2:35-39). For example, in an online poker game, non-sensitive information like the community cards would be displayed on a primary device (e.g., a computer), while sensitive information like the player's private "hole cards" would be transmitted separately and exclusively to a second device (e.g., a smartphone), thereby protecting it even if the primary device is compromised. (’376 Patent, col. 3:9-16; Fig. 5).
- Technical Importance: This approach aims to provide enhanced security by creating independent communication channels for different types of application-specific data during a live session, making it significantly harder for an attacker to capture all the information needed to compromise a transaction. (’376 Patent, col. 1:33-36).
Key Claims at a Glance
- The complaint asserts infringement of at least independent Claim 1. (Compl. ¶ 29).
- Essential elements of Claim 1 include:
- Electronically storing a set of information at a server.
- Identifying first and second subsets of that information, which are generated by and specific to the same application.
- Determining at the server if a first device and a second device, both operated by a single "first user," are accessible.
- Only if both devices are accessible, transmitting the first subset of information to the first device.
- Only if both devices are accessible, transmitting the second subset of information (which includes data not sent to the first device) to the second device.
- The complaint does not explicitly reserve the right to assert dependent claims.
III. The Accused Instrumentality
Product Identification
- The "Kahoot! System," an on-line, game-based learning platform. (Compl. ¶ 22).
Functionality and Market Context
- The complaint describes the Kahoot! system as a platform where a host (e.g., a teacher) uses a primary device to display a quiz question on a shared screen for all participants to see. (Compl. ¶ 24). This screen shows both the question and the possible answers. The complaint provides a screenshot of a question being displayed on this shared screen. (Compl. p. 7, top figure).
- Players use their own separate devices (e.g., smartphones) to join the game using a PIN and submit their answers by selecting color- and shape-coded buttons that correspond to the answers on the shared screen. (Compl. ¶¶ 23, 25). A screenshot in the complaint illustrates the player's view, showing only the response buttons without the question text. (Compl. p. 7, bottom figure).
- The complaint alleges the system is used as educational technology in schools and other institutions. (Compl. ¶ 22).
IV. Analysis of Infringement Allegations
’376 Patent Infringement Allegations
| Claim Element (from Independent Claim 1) | Alleged Infringing Functionality | Complaint Citation | Patent Citation |
|---|---|---|---|
| electronically storing a set of information at a server | The Kahoot! server stores quiz information, including questions, answers, player names, and session tokens. | ¶32 | col. 16:19-20 |
| identifying a first subset of the information and identifying a second subset of the information, wherein the first and second subsets of information are generated by the same application at the server and are specific to that application | The quiz application on the server generates a first subset (questions and answers) and a second subset (a unique session token for each player). | ¶33 | col. 16:21-25 |
| determining at the server whether both a first device...and a second device also in possession of and being directly operated by the first user are accessible...based on the first user being logged into the application at both...devices | In a scenario where a host tests their own quiz, the server determines both the host's device (first device) and the host's mobile device (second device) are accessible because the user is logged into their hosting account and has joined the quiz with a code. | ¶34 | col. 16:26-33 |
| if and only if both the first and second devices are determined to be accessible by the server, then: transmitting a first subset of the information to the first device from the server | If both of the host's devices are accessible, the Kahoot! server transmits the questions and answers to the host's shared screen (first device). | ¶35 | col. 16:34-38 |
| and transmitting a second subset of the information to the second device...wherein the second subset...includes information not transmitted to the first device. | The server transmits a unique session token to the host's mobile device (second device), which is not transmitted to the shared screen. The complaint includes a screenshot showing an "x-kahoot-session-token" in a response header. (Compl. p. 12). | ¶35 | col. 16:39-43 |
- Identified Points of Contention:
- Scope Questions: A central question is whether the Kahoot! architecture, designed for interactive gameplay, constitutes a method for "securing online transactions" as contemplated by the patent. The patent's specification focuses heavily on protecting confidential data like poker cards or bank balances from malware. The complaint's theory focuses on the separation of questions (publicly displayed) from session tokens. This raises the question of whether a session token constitutes the type of "sensitive information" the patent aims to protect.
- Technical Questions: The infringement theory hinges on a specific use case where a single user (the host) operates both the primary display and a player device to test their own quiz (Compl. ¶34). It is a question for the court whether this specific scenario is sufficient to meet the claim limitation of "a first user" operating both devices, or if this represents a contrived reading of the claim in a system primarily designed for one-to-many interaction.
V. Key Claim Terms for Construction
The Term: "specific to that application"
Context and Importance: This term is critical for distinguishing the claimed invention from the prior art, particularly generic two-factor authentication, which the patent describes as "application-agnostic." (ʼ376 Patent, col. 2:33-34). The infringement analysis may turn on whether the "session token" alleged in the complaint is considered "specific" to the quiz application in the manner taught by the patent (e.g., analogous to poker hole cards), or if it is a more general authentication/session management mechanism.
Intrinsic Evidence for Interpretation:
- Evidence for a Broader Interpretation: The patent itself describes splitting various "application-specific components," including functions like checking an account balance or designating a payee in bill pay, suggesting the term is not limited to just one type of data. (’376 Patent, col. 9:41-47).
- Evidence for a Narrower Interpretation: The patent’s examples consistently involve information that has intrinsic value or confidentiality (poker cards, bank details, medical records). (’376 Patent, col. 2:56-58, col. 8:31-32, col. 10:24-28). This could support a narrower construction requiring the "specific" information to be substantively related to the core purpose of the transaction, not merely a technical artifact like a session token.
The Term: "a first user"
Context and Importance: Claim 1 requires that "a first user" is "in possession of and being directly operated by" both the first and second devices. The complaint's infringement theory relies on a scenario where the game host is also acting as a player to test their own quiz. (Compl. ¶ 34). The viability of the infringement claim depends on whether this scenario falls within the proper construction of the claim, which was written in the context of a single user securing their own personal data (e.g., their own bank account or their own poker hand).
Intrinsic Evidence for Interpretation:
- Evidence for a Broader Interpretation: The claim language uses the open-ended article "a," which could be argued to cover any situation where a single person is, for any reason, operating both devices.
- Evidence for a Narrower Interpretation: The patent's detailed description consistently frames the invention as a way for an individual to secure their personal transactions. The problem being solved is an attacker stealing a single victim's money or information. (’376 Patent, col. 1:40-46). This context suggests "a first user" refers to the end-user whose data is at risk, not necessarily a game administrator in a test mode.
VI. Other Allegations
- Indirect Infringement: The complaint does not plead a separate count for indirect infringement and does not allege specific facts to support the knowledge and intent elements required for such a claim (e.g., providing instructions to users to infringe).
- Willful Infringement: The complaint makes a request for enhanced damages in its prayer for relief but does not allege any facts in the body of the complaint, such as pre-suit notice or knowledge of the patent, that would form the basis for a willfulness finding. (Compl. p. 13, ¶e).
VII. Analyst’s Conclusion: Key Questions for the Case
- Mootness: The most significant issue is procedural. Given that the sole patent claim analyzed in the complaint (Claim 1) was cancelled in a subsequent IPR proceeding, a threshold question for the court will be whether the Plaintiff's case is moot and should be dismissed.
- Purpose and Scope: Should the claims survive, a core issue will be one of definitional scope: can a patent explicitly directed at "securing online transactions" against malware by separating sensitive data be construed to cover the Kahoot! architecture, which separates quiz questions from answer buttons as a feature of its user interface and gameplay design?
- Factual Premise for Infringement: A key evidentiary question will be one of operative reality: is the infringement theory, which relies on the specific scenario of a host testing their own quiz, representative of the Kahoot! system's operation? The court will have to determine if this use case is sufficient to meet the "single user" limitation of the claim or if there is a fundamental mismatch with the system's primary one-to-many operational model.