DCT

1:24-cv-00337

Factor2 Multimedia Systems LLC v. Snap Inc

Log In

I. Executive Summary and Procedural Information

  • Parties & Counsel:
  • Case Identification: 1:24-cv-00337, W.D. Tex., 03/29/2024
  • Venue Allegations: Venue is alleged to be proper based on Defendant Snap Inc. maintaining a regular and established place of business within the Western District of Texas and committing acts of infringement in the district.
  • Core Dispute: Plaintiff alleges that Defendant’s Snapchat application, specifically its two-factor authentication functionality, infringes six patents related to systems and methods for secure user authentication using dynamic codes.
  • Technical Context: The patents address secure digital identity verification, a foundational technology for protecting user accounts and data across online services, social media, and e-commerce platforms.
  • Key Procedural History: The six patents-in-suit are all members of the same patent family, suggesting a shared technical disclosure and a coordinated prosecution strategy.

Case Timeline

Date Event
2004-10-05 Earliest Priority Date for ’864 and ’297 Patents
2005-02-07 Earliest Priority Date for ’129, ’938, ’453, and ’285 Patents
2012-10-02 U.S. Patent No. 8,281,129 Issues
2017-07-11 U.S. Patent No. 9,703,938 Issues
2017-07-19 U.S. Patent No. 9,727,864 Issues
2017-12-27 U.S. Patent No. 9,870,453 Issues
2018-09-25 U.S. Patent No. 10,083,285 Issues
2020-09-08 U.S. Patent No. 10,769,297 Issues
2024-03-29 Complaint Filed

II. Technology and Patent(s)-in-Suit Analysis

U.S. Patent No. 10,769,297 - “Centralized Identification and Authentication System and Method” (Issued Sep. 8, 2020)

The Invention Explained

  • Problem Addressed: The patent describes the increasing need for users to release confidential personal and financial information to conduct e-commerce, which is "not only unsafe but also it is not fool proof that the user is really the person he says he is" (’297 Patent, col. 1:40-51).
  • The Patented Solution: The invention proposes a centralized system (a "Central-Entity") that manages a user's identity and issues a dynamic, non-predictable, and time-dependent "SecureCode." A user provides this SecureCode, along with a username, to a third-party "External-Entity" (e.g., a merchant) to be authenticated. The External-Entity passes this information to the Central-Entity for validation, which then confirms or denies the user's identity without the External-Entity ever handling the user's underlying personal or financial data (’297 Patent, Abstract; col. 3:1-38).
  • Technical Importance: This architecture aims to enhance e-commerce security by centralizing trust and minimizing the distribution of static, sensitive user data to multiple online businesses (’297 Patent, col. 1:30-36).

Key Claims at a Glance

  • The complaint asserts at least claims 1-29 and specifically recites independent claim 1 (Compl. ¶¶ 20, 97).
  • Essential elements of independent claim 1 include:
    • An authentication system comprising computing devices configured to perform operations.
    • Electronically receiving a request for a "SecureCode" from a user's computing device.
    • Generating the SecureCode.
    • Electronically providing the SecureCode to the user, where the code is invalid after a predetermined time, invalid after one use, and only valid for authenticating that user.
    • Electronically receiving a digital authentication request from an "online computer system" which includes the user's digital identity and the SecureCode.
    • Authenticating the user by evaluating the validity of the included SecureCode.

U.S. Patent No. 8,281,129 - “Direct Authentication System And Method Via Trusted Authenticators” (Issued Oct. 2, 2012)

The Invention Explained

  • Problem Addressed: The patent background describes fraud and identity theft enabled by flawed authentication processes that rely on knowledge of supposedly secret personal information (like a Social Security Number) that can, in fact, be easily obtained by thieves (’129 Patent, col. 2:1-5).
  • The Patented Solution: The invention discloses a two-factor authentication method where a "trusted authenticator" (such as a bank) intermediates between an individual and an "entity" (such as a business) (’129 Patent, Fig. 1a). The individual requests a "dynamic code" from the trusted authenticator and provides it, along with static "user information," to the entity. The entity then sends an authentication request with this information to the trusted authenticator, which verifies the individual's identity and provides the result back to the entity (’129 Patent, Abstract; col. 6:49-65).
  • Technical Importance: The method leverages existing trust relationships (e.g., between a person and their bank) to create a more secure authentication framework for transactions with other, potentially unknown, entities.

Key Claims at a Glance

  • The complaint asserts at least claims 1-52 and specifically recites independent claim 1 (Compl. ¶¶ 21, 36).
  • Essential elements of independent claim 1 include:
    • A computer-implemented method to authenticate an individual in communication with an entity.
    • Receiving a request for a "dynamic code" for the individual at a "trusted-authenticators computer."
    • Calculating the dynamic code, which is valid for a predefined time and becomes invalid after being used.
    • Sending the dynamic code to the individual.
    • Receiving an authentication request from the entity to authenticate the individual, based on user information and the dynamic code.
    • Authenticating the individual's identity based on the user information and the dynamic code and providing the result to the entity.

Multi-Patent Capsules

  • U.S. Patent No. 9,703,938, “Direct Authentication System and Method Via Trusted Authenticators” (Issued Jul. 11, 2017)

    • Technology Synopsis: This patent, a continuation of the ’129 patent, describes a two-factor authentication method where a trusted authenticator generates a dynamic code for a user. The user provides this code to a computer system, which then uses it to authenticate the user during an electronic transaction (’938 Patent, Abstract). The claims focus on the method from the perspective of the trusted authentication system.
    • Asserted Claims: At least claims 1-26 (Compl. ¶ 51).
    • Accused Features: The Snapchat two-factor authentication system (Compl. ¶ 22).

  • U.S. Patent No. 9,727,864, “Centralized Identification and Authentication System and Method” (Issued Jul. 19, 2017)

    • Technology Synopsis: This patent describes a centralized authentication system where a "Central-Entity" provides a user with a dynamic "SecureCode." The user presents this code as part of a digital identity to an "External-Entity" (e.g., a merchant), which relies on the Central-Entity to perform the identification and authentication (’864 Patent, Abstract).
    • Asserted Claims: The complaint does not specify claim numbers for this patent but alleges infringement of one or more claims (Compl. ¶ 2).
    • Accused Features: The Snapchat two-factor authentication system (Compl. ¶ 22).

  • U.S. Patent No. 9,870,453, “Direct Authentication System and Method Via Trusted Authenticators” (Issued Dec. 27, 2017)

    • Technology Synopsis: As a continuation of the ’938 patent, this patent covers an authentication method where a user engaging in an electronic communication receives a dynamic "SecureCode" from an authentication system. The method involves providing this SecureCode to an online system, which then sends an authentication request back to the authentication system to validate the user (’453 Patent, Abstract).
    • Asserted Claims: At least claims 1-26 (Compl. ¶ 66).
    • Accused Features: The Snapchat two-factor authentication system (Compl. ¶ 22).

  • U.S. Patent No. 10,083,285, “Direct Authentication System and Method Via Trusted Authenticators” (Issued Sep. 25, 2018)

    • Technology Synopsis: This patent, a continuation of the ’453 patent, describes a two-factor authentication system utilizing a trusted authenticator. The invention focuses on the process of receiving user authentication information (including a dynamic code) at an online system and forwarding a request to an authentication system to validate the user's identity (’285 Patent, Abstract; col. 13:1-14:14).
    • Asserted Claims: At least claims 1-30 (Compl. ¶ 82).
    • Accused Features: The Snapchat two-factor authentication system (Compl. ¶ 22).

III. The Accused Instrumentality

Product Identification

  • The "Snapchat System and Apparatus," which includes the consumer-facing mobile application as well as the "back end systems and backbone which provides access and functionality to Snapchat and distributes content and authenticates users" (Compl. ¶ 22).

Functionality and Market Context

  • The complaint targets Snapchat’s two-factor authentication (2FA) feature. According to the complaint, this feature "adds a step to the login process" to protect account security (Compl. ¶ 28, p. 8). When a user enables "SMS Verification," Snapchat sends a temporary "Login Code" via SMS text message, which the user must enter to log in from a new device (Compl. ¶ 28, p. 8). A screenshot provided in the complaint shows the user interface for setting up 2FA via SMS (Compl. ¶ 28, p. 8). This type of security feature is common for major online platforms to prevent unauthorized account access.

IV. Analysis of Infringement Allegations

10,769,297 Patent Infringement Allegations

Claim Element (from Independent Claim 1) Alleged Infringing Functionality Complaint Citation Patent Citation
while the online computer system is connected to the computing device of the user...electronically receiving a request for a SecureCode; A user initiates the login process on their device, which sends a request to Snap's online system for a verification code. ¶28, p. 9 col. 12:47-52
generating the SecureCode; Snap's online computer system generates a "Snapchat 2FA Code" for the user. A screenshot shows the resulting SMS message containing the code (Compl. ¶28, p. 9). ¶28, p. 9 col. 12:53-54
while the online computer system is connected...electronically providing to the user the SecureCode...wherein: the SecureCode is invalid after a predetermined time passes, Snap's system sends the code to the user's device via SMS. The complaint alleges the code becomes invalid after a "minute countdown" passes, providing a screenshot of a failed attempt (Compl. ¶28, p. 10). ¶28, p. 10 col. 12:55-62
the SecureCode is invalid after one use of the SecureCode for authentication, The complaint describes a scenario where a user successfully logs in with a code, logs out, and then fails to log in again using the same code, which is shown as "Incorrect code" (Compl. ¶28, p. 11). ¶28, p. 11 col. 12:62-64
electronically receiving from the online computer system a digital authentication request for authenticating the user, wherein...the digital identity includes the SecureCode; The user enters their username and the received SecureCode into the app, which comprises the authentication request sent to Snap's system. ¶28, p. 11 col. 12:67-col. 13:6
authenticating the user by evaluating a validity of the SecureCode included in the digital authentication request. The Snap system validates that the username and SecureCode match and that the code is valid, thereby authenticating the user to log in. ¶28, p. 11 col. 13:7-11

8,281,129 Patent Infringement Allegations

Claim Element (from Independent Claim 1) Alleged Infringing Functionality Complaint Citation Patent Citation
receiving electronically a request for a dynamic code for the individual...by a trusted-authenticators computer When a user logs in from a new device with 2FA enabled, Snap's backend system ("trusted-authenticators computer") receives a request for a verification code. ¶28, p. 9 col. 12:47-51
calculating by the trusted-authenticators computer the dynamic code...wherein the dynamic code is valid for a predefined time and becomes invalid after being used; Snap's system generates a temporary code. The complaint provides screenshots showing the code expires after a set time and is invalid after one use (Compl. ¶28, pp. 10-11). ¶28, pp. 10-11 col. 12:51-56
sending by the trusted-authenticator's computer electronically the dynamic code to the individual Snap's system sends the generated code to the user's mobile number via SMS. A screenshot depicts the SMS message with the "Snapchat 2FA Code" (Compl. ¶28, p. 9). ¶28, p. 9 col. 12:57-59
receiving by the trusted-authenticator's computer electronically an authentication request from the entity...based on a user information and the dynamic code Snap's system (acting as both "entity" and "trusted-authenticator") receives the user-entered code and associated username for verification. ¶28, p. 11 col. 12:60-65
authenticating by the trusted-authenticator's computer an identity of the individual based on the user information and the dynamic code Snap's system confirms the validity of the code and its association with the user's account, thereby authenticating the login attempt. ¶28, p. 11 col. 13:1-6

Identified Points of Contention

  • Scope Questions: The claims of both the ’297 and ’129 patents may be interpreted to describe an architecture with at least two distinct parties: an "online computer system" and an "authentication system" (’297 Patent), or an "entity" and a "trusted-authenticator" (’129 Patent). The complaint alleges that Snap's integrated system, which authenticates its own users for its own service, meets these limitations. A potential point of contention will be whether these claim terms can be construed to cover a single, vertically integrated service provider acting as both the entity requiring authentication and the authenticator providing it.
  • Technical Questions: The complaint alleges that codes are invalid after one use and after a predetermined time, supported by screenshots (Compl. ¶¶ 28, pp. 10-11). A technical question for the court may be what evidence demonstrates that Snap's system is specifically "configured" to perform these functions as required by the claims, versus these outcomes being incidental effects of a standard session-based login process.

V. Key Claim Terms for Construction

  • The Term: "authentication system" and "online computer system" (from Claim 1 of ’297 Patent)

  • Context and Importance: Claim 1 describes the "authentication system" generating and providing a code, and later receiving an authentication request from the "online computer system." This language suggests two separate, communicating components. The infringement case may depend on whether Snap's monolithic backend can be conceptually divided to meet these distinct limitations, or if the terms can be construed broadly enough to read on a single, integrated system.

  • Intrinsic Evidence for Interpretation:

    • Evidence for a Broader Interpretation: The patent defines a "Central-Entity" as the authenticator and an "External-Entity" as the online system, but states the invention relates to a "system and method," which may suggest a functional rather than strictly structural division (’297 Patent, col. 2:57-62; col. 3:1-15).
    • Evidence for a Narrower Interpretation: Figure 2 of the ’297 patent depicts the "User," "External-Entity," and "Central-Entity" as three distinct blocks connected by a communication network, which may support an interpretation requiring separate, non-integrated entities (’297 Patent, Fig. 2).

  • The Term: "entity" and "trusted-authenticator's computer" (from Claim 1 of ’129 Patent)

  • Context and Importance: Claim 1 recites a method for authenticating an individual "in communication with an entity," where a "trusted-authenticator's computer" performs the key steps of calculating, sending, and authenticating a dynamic code. The authenticator receives the request "from the entity." Practitioners may focus on whether the "entity" and the "trusted-authenticator" must be different organizations. The complaint's theory appears to require construing Snap as both the entity and the authenticator.

  • Intrinsic Evidence for Interpretation:

    • Evidence for a Broader Interpretation: The claims do not explicitly state that the entity and the trusted-authenticator must be separate legal or corporate entities. A party could argue that different server clusters within a single company could functionally operate as a distinct "entity" and "trusted-authenticator."
    • Evidence for a Narrower Interpretation: The specification describes the trusted-authenticator as a party with a pre-existing trusted relationship, such as a "bank or other financial institution," which authenticates a user for a different "business," implying two separate parties (’129 Patent, col. 8:1-15; Fig. 1a).

VI. Other Allegations

  • Indirect Infringement: The complaint alleges induced infringement under 35 U.S.C. §271(b), stating that Snap "knowingly and intentionally actively induced others" (i.e., Snapchat users) to infringe by "providing software through which its customers practice the claimed methods" (Compl. ¶ 24). The complaint references Snap's support page explaining how to set up 2FA, which may be presented as evidence of instructional inducement (Compl. ¶ 28, p. 8).
  • Willful Infringement: The complaint alleges that "Defendants' infringement has been willful since at least as early as they became aware of the Patents-in-Suit" (Compl. ¶ 32). The complaint does not, however, allege any specific facts related to pre-suit knowledge, such as prior correspondence or citation in other matters.

VII. Analyst’s Conclusion: Key Questions for the Case

  • A core issue will be one of architectural scope: can the claim language describing a multi-party authentication framework (e.g., a "Central-Entity" authenticating for an "External-Entity," or a "trusted-authenticator" authenticating for an "entity") be construed to cover an integrated system where a single company, Snap, authenticates its own users for access to its own service? The resolution of this question will likely determine whether the accused system's architecture falls within the scope of the claims.
  • A second key question will be one of definitional mapping: does Snap's backend system, in its entirety or in part, meet the specific definitions of a "trusted-authenticator's computer" or an "authentication system" as understood in the context of the patent specifications? The patents frame these authenticators as entities leveraging a pre-existing trust relationship (like a bank), and the court will need to determine if Snap's relationship with its own users qualifies in the manner required by the claims.