Factor2 Multimedia Systems LLC v. Amazon.com Inc

I. Executive Summary and Procedural Information

• Parties & Counsel:
  • Plaintiff: Factor2 Multimedia Systems, LLC (Virginia)
  • Defendant: Amazon.com, Inc. (Delaware)
  • Plaintiff’s Counsel: DNL ZITO CASTELLANO
• Case Identification: 1:24-cv-00336, W.D. Tex., 03/29/2024
• Venue Allegations: Venue is alleged to be proper in the Western District of Texas because Defendant Amazon maintains a regular and established place of business in the district and has committed alleged acts of infringement there.
• Core Dispute: Plaintiff alleges that Defendant’s Amazon System, including its two-step user verification functionality, infringes six patents related to systems and methods for direct or centralized user authentication.
• Technical Context: The patents-in-suit relate to the field of multi-factor authentication, which enhances security for online access and transactions by requiring more than just a password.
• Key Procedural History: The complaint states that all six patents-in-suit are members of the same patent family. No prior litigation, licensing history, or post-grant proceedings involving these patents are mentioned in the complaint.

Case Timeline

Date	Event
2001-08-29	Earliest Patent Priority Date
2012-10-02	U.S. Patent No. 8,281,129 Issued
2017-07-11	U.S. Patent No. 9,703,938 Issued
2017-07-19	U.S. Patent No. 9,727,864 Issued
2017-12-27	U.S. Patent No. 9,870,453 Issued
2018-09-05	U.S. Patent No. 10,083,285 Issued
2020-08-19	U.S. Patent No. 10,769,297 Issued
2024-03-29	Complaint Filing Date

II. Technology and Patent(s)-in-Suit Analysis

U.S. Patent No. 8,281,129 - "Direct Authentication System and Method Via Trusted Authenticators"

• Patent Identification: U.S. Patent No. 8,281,129, "Direct Authentication System and Method Via Trusted Authenticators," issued October 2, 2012.

The Invention Explained

• Problem Addressed: The patent’s background section describes the problem of online fraud and identity theft, which stems from the flawed assumption that personal information like a Social Security Number can be kept secret and used as a sole basis for authentication when opening new accounts or accessing existing ones (ʼ129 Patent, col. 1:15-32).
• The Patented Solution: The invention proposes a "two-factor authentication" method that relies on a "trusted authenticator," such as a bank with which a user already has a relationship. To authenticate with a new business (an "entity"), the user provides two credentials: a "static key" (e.g., a password) and a "dynamic key" (e.g., a temporary code) that the user requests and receives from their trusted authenticator. The business then sends an authentication request with both keys to the trusted authenticator for verification, which confirms the user's identity back to the business (’129 Patent, col. 7:1-20; Fig. 2a).
• Technical Importance: This approach sought to improve online security by leveraging existing, trusted financial relationships to authenticate users for new transactions, rather than relying on static personal data that is easily compromised (’129 Patent, col. 4:1-12).

Key Claims at a Glance

• The complaint asserts independent claim 1 and its dependent claims (Compl. ¶36).
• Essential elements of independent claim 1 include:
  • A computer-implemented method to authenticate an individual in communication with an entity.
  • Receiving, at a trusted-authenticator's computer, a request for a dynamic code from the individual.
  • Calculating the dynamic code, which is valid for a predefined time and becomes invalid after being used.
  • Sending the dynamic code to the individual.
  • Receiving, at the trusted-authenticator's computer, an authentication request from the entity to authenticate the individual, where the request includes user information and the dynamic code.
  • Authenticating the individual's identity based on the user information and the dynamic code, and providing the result to the entity.

U.S. Patent No. 9,703,938 - "Direct Authentication System and Method Via Trusted Authenticators"

• Patent Identification: U.S. Patent No. 9,703,938, "Direct Authentication System and Method Via Trusted Authenticators," issued July 11, 2017.

The Invention Explained

• Problem Addressed: The patent identifies the vulnerability of knowledge-based authentication, where access to static personal information allows criminals to commit identity theft and fraud by opening new accounts in a victim's name (’938 Patent, col. 1:39-2:5).
• The Patented Solution: The invention describes a two-factor authentication system involving a user, a business, and a "trusted authenticator." The user requests and receives a time-sensitive, single-use "dynamic key" from the trusted authenticator. The user then provides this dynamic key, along with a "static key," to the business, which communicates with the trusted authenticator to verify the user's identity before proceeding with a transaction (’938 Patent, col. 7:21-44; Fig. 2a).
• Technical Importance: The claimed method aims to secure online interactions by combining something a user knows (static key) with something they temporarily possess (dynamic key), with verification handled by a separate, already-trusted entity (’938 Patent, col. 6:8-19).

Key Claims at a Glance

• The complaint asserts independent claim 1 and its dependent claims (Compl. ¶51).
• Essential elements of independent claim 1 of the ’938 Patent include:
  • A method for enhancing network security by authenticating a user during an electronic transaction with a computer system.
  • Receiving an electronic request for a dynamic code.
  • Generating a dynamic code that is valid for a predetermined time and becomes invalid after being used.
  • Providing the dynamic code to the user.
  • Receiving a request for authentication from the computer system, the request based on a digital identity that includes user-specific information and the dynamic code.
  • Authenticating the user based on the digital identity.
  • Providing the result of the authentication to the computer system.

U.S. Patent No. 9,727,864 - "Centralized Identification and Authentication System and Method"

• Patent Identification: U.S. Patent No. 9,727,864, "Centralized Identification and Authentication System and Method," issued July 19, 2017.
• Technology Synopsis: This patent describes a centralized system to address the risks of distributing personal and financial information across e-commerce sites (’864 Patent, col. 1:30-36). A "Central-Entity" creates and manages a "digital identity" for a user, consisting of a username and a dynamic, non-predictable "SecureCode," which the user obtains on-demand to authenticate with third-party merchants ("External-Entities") (’864 Patent, col. 2:23-37).
• Asserted Claims: The complaint alleges infringement of at least one claim but does not specify claim numbers for this patent (Compl. ¶15).
• Accused Features: The accused features are the authentication functions of the Amazon System (Compl. ¶12, 22).

U.S. Patent No. 9,870,453 - "Direct Authentication System and Method Via Trusted Authenticators"

• Patent Identification: U.S. Patent No. 9,870,453, "Direct Authentication System and Method Via Trusted Authenticators," issued December 27, 2017.
• Technology Synopsis: This patent discloses a two-factor authentication method designed to combat online fraud by leveraging a "trusted authenticator" (’453 Patent, col. 1:43-52). A user provides a business with both a static credential and a temporary "dynamic key" obtained from the trusted authenticator, which then verifies both credentials for the business to confirm the user's identity (’453 Patent, col. 7:25-48).
• Asserted Claims: Claims 1-26 (Compl. ¶66).
• Accused Features: The accused features are the authentication functions of the Amazon System (Compl. ¶12, 22).

U.S. Patent No. 10,083,285 - "Direct Authentication System and Method Via Trusted Authenticators"

• Patent Identification: U.S. Patent No. 10,083,285, "Direct Authentication System and Method Via Trusted Authenticators," issued September 5, 2018.
• Technology Synopsis: This patent describes a system to reduce identity theft by replacing easily compromised static credentials with a two-factor approach (’285 Patent, col. 1:43-55). The system uses a "trusted-authenticator" to issue a temporary "dynamic key" to a user upon request, which is then used alongside a "static key" for verification by a business conducting a transaction with the user (’285 Patent, col. 7:20-43).
• Asserted Claims: Claims 1-30 (Compl. ¶82).
• Accused Features: The accused features are the authentication functions of the Amazon System (Compl. ¶12, 22).

U.S. Patent No. 10,769,297 - "Centralized Identification and Authentication System and Method"

• Patent Identification: U.S. Patent No. 10,769,297, "Centralized Identification and Authentication System and Method," issued August 19, 2020.
• Technology Synopsis: The patent, identified as representative in the complaint, describes an authentication system where an online computer system generates a single-use, time-limited "SecureCode" for a user upon request (’297 Patent, Claim 1). The user submits this SecureCode as part of a "digital identity" to the online system, which then authenticates the user by evaluating the code's validity (Compl. ¶20; ’297 Patent, col. 5:44-6:34).
• Asserted Claims: Claims 1-29 (Compl. ¶97).
• Accused Features: The accused features are the authentication functions of the Amazon System (Compl. ¶12, 22).

III. The Accused Instrumentality

Product Identification

• The "Amazon System and Apparatus," which includes the Amazon phone application as well as the associated back-end systems and network backbone (Compl. ¶22).

Functionality and Market Context

• The accused functionality is Amazon’s "Two-Step Verification" system used to authenticate users (Compl. ¶28, p. 9). The complaint alleges that when this feature is enabled, a user attempting to sign in first enters their email or phone number and is then prompted to request a One-Time Password (OTP) (Compl. ¶28, p. 8-9). A screenshot in the complaint shows the option to receive this OTP via text message (Compl. p. 9). After receiving the code, the user enters it to complete the sign-in process (Compl. ¶28, p. 11). The complaint alleges that these OTPs expire after a predetermined time and are invalid after one use, providing screenshots of error messages as evidence (Compl. ¶28, p. 10).

IV. Analysis of Infringement Allegations

’129 Patent Infringement Allegations

Claim Element (from Independent Claim 1)	Alleged Infringing Functionality	Complaint Citation	Patent Citation
receiving electronically a request for a dynamic code for the individual... by a trusted-authenticators computer...	Amazon’s system allegedly receives a request for an OTP when a user selects an option on the "Two-Step Verification" screen. The complaint includes a screenshot of the interface for requesting an OTP (p. 9).	¶28	col. 6:4-7
calculating... the dynamic code... wherein the dynamic code is valid for a predefined time and becomes invalid after being used;	Amazon’s backend system generates an OTP. The complaint alleges this OTP expires and is single-use, citing an error screen stating, "The One Time Password (OTP) you entered is not valid" (p. 10).	¶28	col. 6:8-12
sending by the trusted-authenticator's computer electronically the dynamic code to the individual...	Amazon’s system sends the generated OTP to the user's mobile device via SMS. A screenshot shows a series of received Amazon OTPs (p. 9).	¶28	col. 6:13-15
receiving by the trusted-authenticator's computer electronically an authentication request from the entity to authenticate the individual based on a user information and the dynamic code...	Amazon’s system receives the authentication request when the user submits their credentials and the received OTP on the sign-in screen (p. 11).	¶28	col. 6:16-22
authenticating by the trusted-authenticator's computer an identity of the individual based on the user information and the dynamic code... wherein the result of the authentication is provided to the entity.	Amazon’s backend system validates the submitted OTP. Successful authentication grants the user access to their account, as evidenced by a "Login & Security" settings screen (p. 12).	¶28	col. 6:23-28

’938 Patent Infringement Allegations

Claim Element (from Independent Claim 1)	Alleged Infringing Functionality	Complaint Citation	Patent Citation
receiving... an electronic request for a dynamic code for the user;	A user requests an OTP from Amazon's system via the "Two-Step Verification" interface (p. 9).	¶28	col. 13:6-8
generating... a dynamic code for the user... wherein the dynamic code is valid for a predetermined time, and becomes invalid after being used;	Amazon’s system generates an OTP that the complaint alleges is time-limited and single-use, citing error messages as proof of invalidity after time or use (p. 10).	¶28	col. 13:9-13
providing by the computer of the trusted authentication system said generated valid dynamic code to the user...	The OTP is provided to the user via SMS, as depicted in a screenshot of a mobile phone's messaging application (p. 9).	¶28	col. 13:14-16
receiving electronically... a request for authenticating the user from the computer system based on a digital identity including user specific information and the dynamic code...	Amazon’s system receives the user's credentials and the entered OTP when the user attempts to sign in (p. 11).	¶28	col. 13:17-22
authenticating the user during the transaction based on the digital identity...	Amazon's system validates the submitted OTP to confirm the user's identity and grant access.	¶28	col. 13:23-25

Identified Points of Contention

• Scope Questions: A central question may be whether the claimed terms "trusted-authenticator" and "entity" require two separate and distinct parties. The patents' figures and claim language (e.g., "receiving... a request from the entity") consistently suggest a three-party architecture (user, entity/business, trusted authenticator) (’129 Patent, Fig. 1a, Claim 1). The complaint accuses a two-party system where Amazon allegedly acts as both the "entity" the user is transacting with and the "trusted-authenticator" that provides and validates the code. The defense may argue that such a two-party system falls outside the scope of the claims.
• Technical Questions: The complaint relies on screenshots of a generic error message ("The One Time Password (OTP) you entered is not valid") to support the claim limitations that the code is "invalid after a predetermined time passes" and "invalid after one use" (Compl. p. 10). The question will be what evidence demonstrates that these specific conditions, as opposed to other potential errors (e.g., mistyping the code), are the actual cause of the invalidity asserted in the complaint.

V. Key Claim Terms for Construction

• The Term: "trusted-authenticator"

• Context and Importance: This term's construction is critical to the infringement analysis. If the term is construed to require an entity separate from the "entity" with which the user is communicating, Plaintiff's theory that Amazon is both may be difficult to sustain. Practitioners may focus on this term because the patents' disclosures consistently depict the "business" (entity) and "trusted-authenticator" as distinct parties.

• Intrinsic Evidence for Interpretation:

  • Evidence for a Broader Interpretation: The specification provides a functional definition: "an entity that already knows the individual, maintains personal information about that individual, and has established a trusted relationship with that person" (’129 Patent, col. 4:42-46). This language does not explicitly forbid the "entity" from also meeting this definition and serving as its own "trusted-authenticator."
  • Evidence for a Narrower Interpretation: Claim 1 of the ’129 Patent recites "receiving by the trusted-authenticator's computer electronically an authentication request from the entity." This phrasing suggests a communication flow between two separate parties. The patent figures, such as Figure 2a, also depict "Business" (20) and "Trusted-Authenticator" (30) as separate structural elements (’129 Patent, Fig. 2a).

• The Term: "dynamic code is... invalid after being used"

• Context and Importance: This limitation requires proof that the accused OTP is programmatically invalidated after a single successful use. The complaint’s evidence for this is an error screen that appears on a subsequent attempt (Compl. p. 10). The definition of "invalid after being used" will be important for determining what level of proof is required.

• Intrinsic Evidence for Interpretation:

  • Evidence for a Broader Interpretation: The patent does not appear to specify a particular technical mechanism for invalidation. A system that simply does not accept the same code twice for the same authentication event could be argued to meet this limitation, regardless of the underlying software logic.
  • Evidence for a Narrower Interpretation: The specification describes the dynamic key in the context of preventing fraud where credentials might be captured by a "keystroke logger" (’129 Patent, col. 11:29-37). This suggests the invalidation must be robust enough to defeat such an attack, perhaps implying an immediate and affirmative invalidation in the system's database upon first use, a specific technical operation that must be proven.

VI. Other Allegations

• Indirect Infringement: The complaint alleges active inducement, stating that Defendant provides software and instructions that encourage its customers to use the accused two-step verification methods (Compl. ¶24). It further alleges contributory infringement on the basis that Defendant supplies a material part of the infringing system (the Amazon System itself) that is not a staple article of commerce and has no substantial non-infringing use (Compl. ¶25).
• Willful Infringement: The complaint alleges that Defendant's infringement has been willful "since at least as early as they became aware of the Patents-in-Suit" (Compl. ¶32). This is a general allegation that does not specify any pre-suit knowledge by Defendant.

VII. Analyst’s Conclusion: Key Questions for the Case

• A core issue will be one of structural scope: does the claim language, particularly the terms "entity" and "trusted-authenticator," require a three-party system where the business a user interacts with is separate from the entity that generates and verifies the authentication code? Or can the claims be construed to cover a two-party system where a single company like Amazon performs both roles for its own users?
• A key evidentiary question will be one of functional proof: what technical evidence will be required to demonstrate that Amazon's OTPs meet the specific claim limitations of being "invalid after a predetermined time" and "invalid after one use"? Will the generic error messages provided in the complaint be sufficient, or will more direct evidence of the accused system's internal operations be necessary?