Proxense LLC v. Samsung Electronics Co Ltd

I. Executive Summary and Procedural Information

• Parties & Counsel:
  • Plaintiff: Proxense, LLC (Delaware)
  • Defendant: Samsung Electronics, Co., Ltd. (Republic of Korea) and Samsung Electronics America, Inc. (New York)
  • Plaintiff’s Counsel: Hecht Partners LLP; Susman Godfrey L.L.P.
• Case Identification: 6:21-cv-00210, W.D. Tex., 08/19/2022
• Venue Allegations: Venue is alleged to be proper as to Samsung Electronics, Co., Ltd. on the basis that it is not a resident of the United States and may be sued in any judicial district. Venue is alleged to be proper as to Samsung Electronics America, Inc. on the basis that it has committed acts of infringement and has a regular and established place of business in the Western District of Texas.
• Core Dispute: Plaintiff alleges that Defendant’s Samsung Pay mobile payment service and associated devices infringe three patents related to systems and methods for biometric user authentication for secure transactions.
• Technical Context: The technology at issue involves using biometric data, such as a fingerprint, stored on a secure, integrated device to verify a user's identity before wirelessly transmitting a unique code to a trusted authority to authenticate and complete a transaction.
• Key Procedural History: The complaint alleges that Plaintiff’s counsel sent a letter to Samsung on July 25, 2016, identifying the ’730 and ’905 patents, among others, and providing examples of alleged infringement, which forms the basis for Plaintiff's allegations of pre-suit knowledge and willful infringement. Subsequent to the filing of this complaint, Ex Parte Reexamination and Inter Partes Review proceedings resulted in the cancellation or disclaimer of all asserted claims of the ’905 and ’989 patents.

Case Timeline

Date	Event
2004-12-20	Earliest Priority Date for ’730, ’905, and ’989 Patents
2013-01-08	U.S. Patent No. 8,352,730 Issued
2015-09-01	Accused Samsung Devices Capable of Running Samsung Pay Released
2016-03-29	U.S. Patent No. 9,298,905 Issued
2016-07-25	Proxense Counsel Allegedly Notifies Samsung of Patents
2020-06-30	U.S. Patent No. 10,698,989 Issued
2022-08-19	Second Amended Complaint Filed

II. Technology and Patent(s)-in-Suit Analysis

U.S. Patent No. 8,352,730 - *Biometric Personal Data Key (PDK) Authentication*

Issued January 8, 2013

The Invention Explained

• Problem Addressed: The patent describes the drawbacks of conventional user authentication, which requires users to memorize credentials like passwords or PINs, or relies on physical access objects like keys that do not verify the identity of the person using them (’730 Patent, col. 1:24-42).
• The Patented Solution: The invention proposes an integrated device, or "biometric key," that securely and persistently stores a user's biometric data (e.g., a fingerprint) in a tamper-resistant format. To authenticate, the user provides a new biometric scan to the device. If the device verifies a match, it wirelessly transmits a unique device ID code and a secret decryption value to a trusted third-party authority, which then authenticates the key and grants the user access to a requested application, such as a financial account (’730 Patent, Abstract; col. 2:10-21). Figure 1 of the patent illustrates a portable handheld biometric key device (’730 Patent, Fig. 1).
• Technical Importance: The technology aimed to provide a secure and convenient authentication method that verifies the user's actual identity without relying on memory or easily compromised physical tokens (Compl. ¶¶23, 30).

Key Claims at a Glance

• The complaint asserts independent claims 1 (a method) and 8 (a device) (Compl. ¶100).
• Independent Claim 1 includes the elements of:
  • Persistently storing biometric data and a plurality of codes (including a device ID code and a secret decryption value) in a tamper-proof format on an integrated device.
  • Receiving scan data from a biometric scan in response to a verification request.
  • Comparing the scan data to the stored biometric data.
  • Wirelessly sending one or more codes to a third-party trusted authority for authentication if the data matches.
  • Receiving an access message from the authority allowing access to an application.
• Independent Claim 8 recites a device with corresponding components: a memory for storing the data and codes, a verification unit for performing the comparison and sending the codes, and a radio frequency communicator for receiving the access message.
• The complaint also asserts dependent claims 2, 5, 6, and 9 (Compl. ¶99).

U.S. Patent No. 9,298,905 - *Biometric Personal Data Key (PDK) Authentication*

Issued March 29, 2016

The Invention Explained

• Problem Addressed: The patent addresses the need for user verification systems that are not limited by the need to memorize credentials or the security flaws of simple access objects (’905 Patent, col. 1:33-55).
• The Patented Solution: The invention describes a system where an integrated device stores a user's biometric data and a device-specific ID code in a tamper-proof format. Upon receiving a request for verification, the device compares newly scanned biometric data to the stored data. If there is a match, the device wirelessly sends its ID code to a trusted authority, which authenticates it and sends back an access message, thereby allowing the user to complete a financial transaction (’905 Patent, Abstract; col. 2:8-28).
• Technical Importance: This invention builds on the concept of using a personal, biometrically-secured device to broker access to secure systems, a foundational concept for modern mobile payment platforms (Compl. ¶23).

Key Claims at a Glance

• The complaint asserts independent claims 1 (a method) and 9 (a device) (Compl. ¶130).
• Independent Claim 1 includes the elements of:
  • Persistently storing biometric data and a device-specific ID code in a tamper-proof format on an integrated device.
  • Receiving a request for biometric verification.
  • Receiving scan data from a biometric scan.
  • Comparing the scan data to the stored biometric data.
  • Wirelessly sending the ID code to a trusted authority if the data matches.
  • Receiving an access message from the authority that allows a financial transaction.
• Independent Claim 9 recites an integrated device with corresponding components: a persistent storage, a validation module, and a wireless transceiver for performing the claimed method steps.
• The complaint also asserts dependent claims 4, 5, 7, 10, and 12 (Compl. ¶120).

U.S. Patent No. 10,698,989 - *Biometric personal data key (PDK) authentication*

Issued June 30, 2020

Technology Synopsis

This patent discloses a method where a smartphone receives a unique ID code from a third-party authority during a provisioning process. The smartphone persistently stores this ID code along with the user's biometric data. Following a successful local biometric verification, the smartphone wirelessly sends the ID code to the authority for authentication, which, if successful, completes a transaction such as accessing a financial account (’989 Patent, Abstract; col. 2:7-34).

Asserted Claims

The complaint asserts claims 1-6, including independent claims 1 (a method) and 5 (a smartphone) (Compl. ¶142).

Accused Features

The complaint accuses Samsung Pay's system of provisioning EMV payment tokens from a Token Service Provider (TSP), storing them on the device, and transmitting them for authentication after a user provides a fingerprint or iris scan (Compl. ¶¶144-152).

III. The Accused Instrumentality

Product Identification

The accused products are the Samsung Pay mobile payment service and the Samsung devices on which it operates, including the Galaxy S6 and later smartphone models and the Galaxy Watch series (Compl. ¶¶41, 75).

Functionality and Market Context

• The complaint alleges that Samsung Pay turns a user's device into a digital wallet that facilitates contactless payments using either Near Field Communication (NFC) or Magnetic Secure Transmission (MST) technology (Compl. ¶¶42, 64). A high-level data flow for the fingerprint authentication process is shown in a diagram within the complaint (Compl. p. 12).
• User authentication is allegedly performed via fingerprint, PIN, or iris scan (Compl. ¶50). The complaint describes that biometric data is protected within a hardware-backed secure environment, identified as a Trusted Execution Environment (TEE) that runs a secure operating system ("Trusty") in parallel with the main Android OS (Compl. ¶¶44, 47). This architecture is intended to isolate sensitive data from the rest of the system (Compl. p. 13).
• The complaint alleges that Samsung Pay utilizes "tokenization," where a device-specific EMV payment token is used as a surrogate for a user's actual credit card number (Primary Account Number or PAN) (Compl. ¶¶55, 58). These tokens are provisioned by Token Service Providers (TSPs) like Visa and Mastercard and are stored in a secure element on the device (Compl. ¶¶58-59). The complaint provides a diagram illustrating the API calls between a merchant app and the Samsung Pay service during a transaction (Compl. p. 17).

IV. Analysis of Infringement Allegations

’730 Patent Infringement Allegations

Claim Element (from Independent Claim 1)	Alleged Infringing Functionality	Complaint Citation	Patent Citation
persistently storing biometric data of the user and a plurality of codes and other data values comprising a device ID code uniquely identifying the integrated device and a secret decryption value, in a tamper proof format...	Samsung devices allegedly store biometric user data (fingerprint/iris) and secret decryption values ("private key") within the Samsung Knox and Trusted Execution Environment (TEE), which is alleged to be a tamper-proof format. EMV payment tokens are alleged to be the device ID code.	¶¶101, 103	col. 4:5-13
responsive to receiving a request for a biometric verification of the user, receiving scan data from a biometric scan; comparing the scan data to the biometric data...	In response to a request from a merchant website or app, the Samsung device prompts for user authentication, receives fingerprint or iris scan data, and compares it to the stored biometric data to determine a match.	¶104	col. 4:1-5
responsive to a determination that the scan data matches the biometric data, wirelessly sending one or more codes from the plurality of codes and other data values...for authentication by an agent that is a third-party trusted authority...	After a successful biometric match, the Samsung device wirelessly transmits the EMV payment token (the alleged device ID code) via NFC or MST to the payment network for authentication by a Token Service Provider (TSP) like Visa or Mastercard (the alleged trusted authority).	¶¶105, 106	col. 4:13-16
responsive to authentication...by the agent, receiving an access message from the agent allowing the user access to an application...	After the TSP authenticates the token, the device allegedly receives a push notification with transaction details, which is characterized as the "access message" indicating the user has been allowed access to complete the payment.	¶107	col. 5:44-48

’905 Patent Infringement Allegations

Claim Element (from Independent Claim 1)	Alleged Infringing Functionality	Complaint Citation	Patent Citation
persistently storing...biometric user data, and a device-specific ID code...in a tamper proof format on an integrated device...	Samsung devices allegedly store biometric data in the TEE utilizing Samsung Knox. The EMV payment token, provisioned from a TSP, is alleged to be the device-specific ID code.	¶122	col. 2:11-17
receiving a request for biometric verification of a user...	The device receives a request for user verification via a push notification from a merchant website or an API call from a merchant app.	¶¶124, 125	col. 2:23-26
wirelessly sending the device specific ID code to a third-party trusted authority...	After user authentication, the device wirelessly transmits the EMV payment token to the payment network, which is then routed to the TSP (the alleged trusted authority) for authentication.	¶127	col. 2:32-35
responsive to an ID code has been authenticated by a third-party trusted authority, receiving an access message from the third-party trusted authority, the access message allowing a user to complete a financial transaction.	After the TSP authenticates the token, the user is allowed to complete the transaction, and the device receives a push notification confirming the purchase, which is alleged to be the access message.	¶129	col. 2:36-41

Identified Points of Contention

• Scope Questions: A central question may be whether an "EMV payment token," which is specific to a payment card on a device and can be temporary, meets the claimed definition of a "device ID code" or "device-specific ID code" that "uniquely identif[ies] the integrated device." The analysis may explore whether the patents require an identifier for the physical hardware itself, rather than a payment credential.
• Technical Questions: The infringement theory characterizes a post-transaction "push notification" as the claimed "access message" that "allow[s]" a transaction or access. A point of contention could be whether this notification is an enabling message, as the claims may require, or merely a confirmation of a transaction that has already been authorized and completed by the payment network.

V. Key Claim Terms for Construction

The Term: "device ID code" / "device-specific ID code"

• Context and Importance: This term is central to the infringement allegations, which equate it with an EMV payment token. Practitioners may focus on this term because its construction will determine whether the temporary, payment-card-specific tokens used in Samsung Pay fall within the scope of a claim limitation that may imply a more permanent, hardware-based identifier.
• Intrinsic Evidence for Interpretation:
  • Evidence for a Broader Interpretation: The specification describes the code in general terms as a "device identifier (ID)" without strictly limiting it to a hardware serial number, which could support an argument that any unique code assigned to the device for a transaction qualifies (’905 Patent, col. 2:12-13).
  • Evidence for a Narrower Interpretation: The phrase "uniquely identifying the integrated device" could be interpreted to mean identifying the physical device itself, distinguishing it from all other devices, which may favor a narrower construction limited to a permanent hardware identifier rather than a provisioned payment token (’905 Patent, Abstract).

The Term: "tamper proof format"

• Context and Importance: The complaint alleges that Samsung’s use of its Knox security platform and a Trusted Execution Environment (TEE) satisfies this limitation. The dispute will likely center on whether this software- and hardware-based secure enclave meets the patent’s definition of "tamper proof."
• Intrinsic Evidence for Interpretation:
  • Evidence for a Broader Interpretation: The patents describe the format as one where data "cannot be subsequently altered," which could be read to cover sophisticated, layered security architectures like the TEE that are designed to prevent unauthorized modification (’730 Patent, col. 8:19-20).
  • Evidence for a Narrower Interpretation: The specification discloses that the persistent storage can include "a memory element that can be written to once but cannot subsequently be altered," such as a ROM element (’730 Patent, col. 4:45-49). This language may be used to argue for a stricter, physical "write-once" requirement that a general-purpose secure enclave does not meet.

VI. Other Allegations

Indirect Infringement

The complaint alleges inducement of infringement based on Samsung’s creation and maintenance of a "substantial knowledge base" that encourages infringing use (Compl. ¶82). This includes advertising materials touting the biometric and tokenization features, as well as instructions and developer guides teaching consumers and merchants how to use and integrate Samsung Pay (Compl. ¶¶83-85). A Samsung marketing page describing these security layers is included as evidence (Compl. p. 30). Contributory infringement is also alleged on the basis that the Samsung Pay app is especially made for infringement and has no substantial non-infringing use (Compl. ¶¶87, 109, 113).

Willful Infringement

The willfulness allegation is predicated on alleged pre-suit knowledge of the patents. The complaint cites a July 25, 2016 letter sent to Samsung Pay's global co-general managers that allegedly identified the ’730 and ’905 patents and provided "examples of the relationship between Proxense's claimed inventions and Samsung's products" (Compl. ¶¶37, 39, 110).

VII. Analyst’s Conclusion: Key Questions for the Case

• A core issue will be one of definitional scope: can the term "device-specific ID code," as described in the patents, be construed to cover the EMV payment tokens used by Samsung Pay? The case may turn on whether the claims require an identifier for the physical device itself or if a temporary, payment-card-specific token provisioned to that device suffices.
• A central procedural question will be the viability of the asserted claims: given that all asserted claims of the ’905 and ’989 patents were cancelled or disclaimed in post-filing administrative proceedings, a key issue will be what legal effect these cancellations have on the continuation of the case with respect to those two patents.
• A key evidentiary question will be one of functional operation: does the post-authorization "push notification" in Samsung Pay perform the function of an "access message" that "allow[s]" a transaction to be completed, as required by the claims, or is it a post-facto confirmation that arrives after access has already been granted and the transaction concluded by the payment network?