DCT

6:24-cv-00143

Proxense LLC v. Apple Inc

I. Executive Summary and Procedural Information

Parties & Counsel:
- Plaintiff: Proxense, LLC (Delaware)
- Defendant: Apple, Inc. (California)
- Plaintiff’s Counsel: Hecht Partners LLP
Case Identification: 6:24-cv-00143, W.D. Tex., 03/18/2024
Venue Allegations: Plaintiff alleges venue is proper in the Western District of Texas based on Defendant’s significant and continuous presence, including multiple retail stores, a major corporate campus in Austin with thousands of employees, and manufacturing partner facilities.
Core Dispute: Plaintiff alleges that Defendant’s devices and associated software services, including Apple Pay and Apple Passkeys, infringe six patents related to biometric user authentication and secure digital key management.
Technical Context: The technology at issue involves using biometric data, such as fingerprints or facial scans, to verify a user's identity on an electronic device, thereby authorizing secure transactions and access to digital services.
Key Procedural History: The complaint alleges that Plaintiff provided Defendant with pre-suit notice of five of the six patents-in-suit and the application leading to the sixth via a formal letter dated July 25, 2016. It further alleges Defendant had knowledge of the '905 Patent as of September 23, 2016, due to citing it in an Information Disclosure Statement during the prosecution of an Apple patent.

Case Timeline

Date	Event
2004-12-20	Earliest Priority Date ('905, '730, '954, '989 Patents)
2007-12-06	Earliest Priority Date ('188, '042 Patents)
2013-01-08	U.S. Patent No. 8,352,730 Issues
2013-09-10	Apple launches Touch ID with iPhone 5S
2014-02-04	U.S. Patent No. 8,646,042 Issues
2014-09-09	Apple launches Apple Pay with iPhone 6
2014-11-11	U.S. Patent No. 8,886,954 Issues
2015-06-02	U.S. Patent No. 9,049,188 Issues
2016-03-29	U.S. Patent No. 9,298,905 Issues
2016-07-25	Plaintiff allegedly sends notice letter to Defendant
2017-09-12	Apple launches Face ID with iPhone X
2020-06-30	U.S. Patent No. 10,698,989 Issues
2024-01-01	Apple launches Retina ID with Vision Pro (approx. date)
2024-03-18	Complaint Filed

II. Technology and Patent(s)-in-Suit Analysis

U.S. Patent No. 9,298,905 - "Biometric Personal Data Key (PDK) Authentication"

Patent Identification: U.S. Patent No. 9,298,905, "Biometric Personal Data Key (PDK) Authentication," issued March 29, 2016.

The Invention Explained

Problem Addressed: The patent describes conventional authentication methods as flawed because they require users to memorize credentials (e.g., passwords) or use physical access objects (e.g., key fobs) that authenticate the object but not the identity of the person holding it (US9298905B1, col. 1:40-67).
The Patented Solution: The invention proposes a method where an "integrated device" securely stores a user's biometric data (like a fingerprint) in a tamper-proof format. To authenticate, the user provides a new biometric scan. The device compares the new scan to the stored data. If they match, the device is verified as being in the possession of the legitimate user and then wirelessly transmits a device-specific ID code to a third-party authority to complete an authentication process (US 9,298,905 B1, col. 2:9-20; Fig. 4).
Technical Importance: This approach combines the security of biometrics with the convenience of a portable electronic key, aiming to provide strong user verification without relying on user memory or easily stolen passwords (Compl. ¶26).

Key Claims at a Glance

The complaint asserts independent method claim 1 (Compl. ¶106).
Claim 1 requires the following essential steps:
- Persistently storing biometric user data and a device-specific ID code on an integrated device in a tamper-proof format.
- Receiving biometric data from a user scan to verify the user.
- Comparing the scan data to the stored biometric data.
- If there is a match, wirelessly transmitting one or more codes, including the ID code, for authentication.
- Receiving an access message from a third-party trusted authority indicating the code was successfully authenticated, allowing the user to complete a financial transaction.
The complaint also asserts dependent claims 4, 5, and 7 (Compl. ¶106).

U.S. Patent No. 8,352,730 - "Biometric Personal Data Key (PDK) Authentication"

Patent Identification: U.S. Patent No. 8,352,730, "Biometric Personal Data Key (PDK) Authentication," issued January 8, 2013.

The Invention Explained

Problem Addressed: Similar to the '905 Patent, this patent addresses the weaknesses of authentication systems that rely on either user-memorized secrets or simple possession of an access object, which fail to verify the actual user's identity (US8352730B2, col. 1:24-48).
The Patented Solution: The invention describes a method where an integrated device stores a user's biometric data, a unique device ID code, and a secret decryption value in a tamper-proof format. After biometrically verifying the user by matching a live scan to the stored data, the device wirelessly transmits the ID code to an agent for authentication. Upon successful authentication by the agent, the device receives an "access message" that allows the user to access an application (US 8,352,730 B2, col. 2:1-12; Abstract).
Technical Importance: This patent outlines a complete, secure transaction loop where biometric identity verification on a local device is a prerequisite for initiating a remote authentication step with a trusted third party (Compl. ¶26).

Key Claims at a Glance

The complaint asserts independent method claim 1 and independent system claim 15 (Compl. ¶122).
Claim 1 requires the following essential steps:
- Persistently storing biometric data, a device ID code, and a secret decryption value in a tamper-proof format on an integrated device.
- Receiving scan data from a biometric scan.
- Comparing the scan data to the stored biometric data.
- If there is a match, wirelessly sending codes (including the device ID) for authentication by an agent.
- Receiving an access message from the agent that allows the user to access an application.
The complaint also asserts dependent claims 2, 3, 5, 16, and 17 (Compl. ¶122).

U.S. Patent No. 8,886,954 - "Biometric Personal Data Key (PDK) Authentication"

Patent Identification: U.S. Patent No. 8,886,954, "Biometric Personal Data Key (PDK) Authentication," issued November 11, 2014.
Technology Synopsis: This patent, part of the same family as the '730 and '905 patents, discloses systems and methods for user authentication based on a portable device that stores biometric data. The technology involves capturing a live biometric scan, comparing it to the stored data, and upon a match, wirelessly transmitting a unique code to a trusted authority to gain access to a service (Compl. ¶26).
Asserted Claims: Independent claims 1 and 22 are asserted (Compl. ¶138).
Accused Features: The complaint alleges that Apple Pay functionality on various Apple devices infringes this patent (Compl. ¶139).

U.S. Patent No. 10,698,989 - "Biometric personal data key (PDK) authentication"

Patent Identification: U.S. Patent No. 10,698,989, "Biometric personal data key (PDK) authentication," issued June 30, 2020.
Technology Synopsis: This patent describes methods for verifying a user of a smartphone by persistently storing their biometric data and a unique ID code. After a successful biometric match, the smartphone wirelessly transmits the ID code to a third-party authority, which authenticates the code and enables a transaction (US10698989B2, Abstract). The claims specifically recite a "smartphone" as the integrated device.
Asserted Claims: Independent claim 1 is asserted (Compl. ¶154).
Accused Features: The complaint alleges that Apple Pay functionality on Apple smartphones infringes this patent (Compl. ¶155-156).

U.S. Patent No. 9,049,188 - "Hybrid Device Having a Personal Digital Key and Receiver-Decoder circuit and Methods of Use"

Patent Identification: U.S. Patent No. 9,049,188, "Hybrid Device Having a Personal Digital Key and Receiver-Decoder circuit and Methods of Use," issued June 2, 2015.
Technology Synopsis: This patent covers a "hybrid device" containing both an integrated "personal digital key" (PDK) for storing secure user information and a "receiver-decoder circuit" (RDC) for communication. This combination allows for secure, proximity-based authentication and interaction between the user's device and external systems (Compl. ¶27).
Asserted Claims: Independent claims 1 and 10 are asserted (Compl. ¶168).
Accused Features: The complaint alleges that Apple devices capable of using "Passkeys" for passwordless sign-in embody the claimed hybrid device (Compl. ¶168-170).

U.S. Patent No. 8,646,042 - "Hybrid Device Having a Personal Digital Key and Receiver-Decoder Circuit and Methods of Use"

Patent Identification: U.S. Patent No. 8,646,042, "Hybrid Device Having a Personal Digital Key and Receiver-Decoder Circuit and Methods of Use," issued February 4, 2014.
Technology Synopsis: As a related patent to the '188 Patent, this patent also describes a hybrid device with integrated PDK and RDC components. It focuses on the system configurations and methods of use for such a device, including communication within a proximity zone and enabling functions on external devices based on secure, local authentication (Compl. ¶27).
Asserted Claims: Independent claims 1 and 10 are asserted (Compl. ¶199).
Accused Features: The complaint alleges that Apple devices capable of using "Passkeys" infringe this patent by implementing an integrated PDK and RDC (Compl. ¶199-201).

III. The Accused Instrumentality

Product Identification: The complaint identifies two main sets of accused instrumentalities:
1. Apple Pay: A mobile payment and digital wallet service (Compl. ¶62).
2. Apple Passkeys / Apple ID: A passwordless sign-in architecture based on the FIDO/WebAuthn standard (Compl. ¶63, 89-90).
  These services are implemented on a range of Apple hardware, including iPhones, iPads, Macs, Apple Watches, and the Vision Pro, running operating systems like iOS, macOS, and visionOS (Compl. ¶62-63).
Functionality and Market Context:
- Apple Pay allows users to make payments by holding a compatible Apple device near a contactless payment terminal. The transaction is authenticated on the device using biometrics (Touch ID, Face ID, or Optic ID). The complaint alleges this process utilizes a "Secure Enclave," a dedicated secure subsystem integrated into Apple's chips, to store biometric templates and manage authentication (Compl. ¶68-69). A graphical overview of the secure enclave is provided in the complaint, illustrating its isolation from the main application processor (Compl. ¶69, Exhibit 32). The complaint alleges that Apple Pay uses EMV payment tokens, which are device-specific numbers that replace actual credit card numbers to secure transactions (Compl. ¶73-77).
- Apple Passkeys are designed to replace passwords for signing into apps and websites. A user's device ("authenticator") generates a public/private key pair. The user verifies their identity on the device using biometrics, which unlocks the private key to sign an authentication request from a relying party (e.g., a website) (Compl. ¶90-91). The complaint includes a diagram illustrating the cross-device sign-in process, showing an encrypted communication channel between a client (e.g., a Mac) and an authenticator (e.g., an iPhone) (Compl. ¶94, Exhibit 20).

IV. Analysis of Infringement Allegations

U.S. Patent No. 9,298,905 Infringement Allegations

Claim Element (from Independent Claim 1)	Alleged Infringing Functionality	Complaint Citation	Patent Citation
a method, comprising: persistently storing biometric user data of a legitimate user and a device specific ID code on an integrated device in a tamper proof format...	Apple's Secure Enclave processes, encrypts, and stores Touch ID and Face ID template data. The Secure Element stores a unique, device-specific EMV payment token (a "Device Account Number").	¶108, ¶109	col. 2:11-15
responsive to receiving a request for a biometric verification of a user, receiving biometric data from a biometric scan of a user to verify the user;	When a user initiates an Apple Pay transaction, they are prompted to use Face ID or Touch ID. The device's sensor captures the biometric image and transmits it to the Secure Enclave.	¶110, ¶70	col. 2:15-17
comparing the scan data from the biometric scan to the biometric data;	The Secure Enclave compares the received scan data against the stored biometric template to determine if there is a match.	¶111, ¶71	col. 2:17-18
responsive to a determination that the scan data from the biometric scan matches the biometric data, wirelessly transmitting one or more codes, including the device specific ID code, for authentication;	After a successful biometric match, the device wirelessly transmits the EMV payment token (the alleged ID code) to a payment terminal via NFC.	¶112, ¶73	col. 2:18-20
and receiving an access message from a third-party trusted authority indicating that the third-party trusted authority successfully authenticated the ID code, the user being allowed to complete a financial transaction.	After the payment network and token service provider (the alleged trusted authority) validate the token, the user's device receives a push notification confirming the transaction, which the complaint defines as the access message.	¶113, ¶114	col. 2:21-25

Identified Points of Contention:
- Scope Questions: A central question may be whether a "push notification" confirming a completed purchase (Compl. ¶114) performs the function of an "access message... allowing the user to complete a financial transaction" as required by the claim. The defense may argue the transaction is already complete or authorized before the notification is received, whereas the claim language suggests the message is a prerequisite for completion.
- Technical Questions: The analysis may focus on whether the multi-party EMV payment ecosystem, involving merchants, acquirers, payment networks (e.g., Visa), and token service providers (TSPs), aligns with the patent's more direct architecture of an "integrated device" communicating with a "third-party trusted authority." The court may need to determine if a TSP functions as the claimed "authority" and if the overall process maps to the claimed steps.

U.S. Patent No. 8,352,730 Infringement Allegations

Claim Element (from Independent Claim 1)	Alleged Infringing Functionality	Complaint Citation	Patent Citation
persistently storing biometric data of the user and a plurality of codes and other data values comprising a device ID code uniquely identifying the integrated device and a secret decryption value, in a tamper proof format...	Apple's Secure Enclave stores biometric template data. The Secure Element stores the EMV payment token (the alleged device ID code). A shared pairing key provisioned during manufacturing acts as a secret decryption value for communication between the Secure Enclave and Secure Element.	¶124-¶126	col. 8:14-20
responsive to receiving a request for a biometric verification of the user, receiving scan data from a biometric scan;	A user authenticates a purchase with a fingerprint or retina scan, which is captured by the device's sensor.	¶127	col. 8:21-23
comparing the scan data to the biometric data to determine whether the scan data matches the biometric data;	The scan data is compared with the stored biometric data on the device to determine if there is a match.	¶127	col. 8:24-26
responsive to a determination that the scan data matches the biometric data, wirelessly sending one or more codes from the plurality of codes and other data values for authentication by an agent...	After a successful match, the device wirelessly transmits the EMV payment token (the alleged device ID code) to be authenticated by an agent (e.g., a token service provider).	¶128	col. 8:27-31
and receiving an access message from the agent allowing the user access to an application...	After authentication by the token service provider, a push notification (the alleged access message) is sent to the device, indicating the user has been allowed access to complete the transaction.	¶129, ¶130	col. 8:32-34

Identified Points of Contention:
- Scope Questions: Similar to the '905 Patent, the definition of "access message" will be critical. Does a post-facto transaction notification function as a message that "allow[s] the user access to an application"? The complaint appears to equate completing a financial transaction with accessing an application.
- Technical Questions: The infringement theory hinges on mapping specific hardware and software components of Apple's ecosystem to the claim terms. A key question will be whether the "shared pairing key" used for secure communication between internal chips (Compl. ¶126) constitutes the "secret decryption value" stored alongside the biometric data and device ID, as contemplated by the patent.

V. Key Claim Terms for Construction

The Term: "access message" (from '905 Claim 1; '730 Claim 1)
Context and Importance: This term appears at the final step of the asserted method claims and is critical to defining the completion of the authentication loop. The complaint alleges that a "push notification" detailing a transaction after purchase constitutes this "access message" (Compl. ¶114, ¶130). The viability of the infringement claim may depend on whether this construction is adopted.
Intrinsic Evidence for Interpretation:
- Evidence for a Broader Interpretation: The specification of the '730 patent states the trusted authority "sends an access message to the application to allow user access and/or provide additional information from the profile" ('730 Patent, col. 7:40-43). This language could be argued to encompass a variety of message types, including confirmations.
- Evidence for a Narrower Interpretation: The patent's abstract describes the access message as "allowing the user to access an application," and Figure 4 shows the "Allow Access To The Application" step as the final outcome ('730 Patent, Abstract; Fig. 4, block 470). This may suggest the message is a gatekeeping signal that enables access, rather than a confirmation that access has already occurred.
The Term: "personal digital key" ("PDK") (from '188 Claim 1; '042 Claim 1)
Context and Importance: The infringement allegations against the '188 and '042 patents depend on construing Apple devices that use Passkeys as containing an "integrated personal digital key" (Compl. ¶170, ¶201). Practitioners may focus on this term because Apple's Passkey system is based on an open industry standard (WebAuthn), and the defense will likely argue this architecture is fundamentally different from the proprietary "PDK" described in the patents.
Intrinsic Evidence for Interpretation:
- Evidence for a Broader Interpretation: The patents define a PDK broadly as a device component that includes "a controller and memory for storing information particular to a user" and can be accessed via an external "access key" ('188 Patent, col. 6:23-27). This broad functional definition could be argued to read on any secure element that stores user credentials (like a private key for a passkey) and releases them only upon receiving a valid request (e.g., from a relying party).
- Evidence for a Narrower Interpretation: The detailed description and figures often depict the PDK as a distinct, portable hardware item, such as a modified key fob ('730 Patent, col. 4:63-65), that communicates with a separate "sensor." This could support an argument that the term requires a specific hardware architecture not present in Apple's integrated devices, where the "authenticator" functionality is deeply embedded in the device's main system-on-chip.

VI. Other Allegations

Indirect Infringement: The complaint alleges inducement of infringement by Apple providing pre-installed software (Apple Pay) and a "substantial knowledge base" instructing customers on how to use the infringing features (Compl. ¶115, ¶147). Contributory infringement is also alleged on the basis that Apple provides the software necessary to practice the claimed methods (Compl. ¶116, ¶148).
Willful Infringement: Willfulness is alleged based on pre-suit knowledge. The complaint cites a formal notice letter sent to Apple on July 25, 2016, as well as Apple's citation of the '905 patent in an Information Disclosure Statement during the prosecution of its own patent application, as evidence of actual knowledge of the patents and the infringing nature of its activities (Compl. ¶56-58).

VII. Analyst’s Conclusion: Key Questions for the Case

A core issue will be one of claim scope and mapping: Does the sequence of operations in modern, multi-party payment and identity standards (EMV tokenization and FIDO/WebAuthn) map onto the specific, sequential steps recited in the asserted claims? The dispute may focus on whether elements like a "push notification" or a "relying party ID" are the legal and technical equivalents of the patents' "access message" and "access key."
A second central question will be one of definitional breadth: Can the term "personal digital key," which the patents describe as a distinct component, be construed broadly enough to read on the integrated secure processing architecture (e.g., the Secure Enclave) that Apple uses to implement its Passkey and Apple Pay functionalities across its devices?
Finally, a key question for willfulness and damages will be the effect of pre-suit knowledge: What weight will be given to the 2016 notice letter and the IDS citation alleged in the complaint? The determination of when Apple knew or should have known about the patents will be central to assessing the deliberateness of the alleged infringement.