DCT

6:24-cv-00143

Proxense LLC v. Apple Inc

Log In
Key Events
Amended Complaint

I. Executive Summary and Procedural Information

  • Parties & Counsel:
  • Case Identification: 6:24-cv-00143, W.D. Tex., 10/31/2024
  • Venue Allegations: Plaintiff alleges venue is proper in the Western District of Texas based on Defendant's regular and established places of business in the district, including multiple corporate offices, retail stores such as the Apple Domain NORTHSIDE in Austin, and a Mac Pro manufacturing facility. The complaint also notes that key personnel for the accused Apple Pay service are located in Austin.
  • Core Dispute: Plaintiff alleges that Defendant’s devices incorporating biometric authentication (Touch ID, Face ID, Optic ID) and associated services, namely Apple Pay and the Passkeys/Sign in with Apple platform, infringe five patents related to secure biometric authentication and data communication.
  • Technical Context: The technology at issue involves methods for securely authenticating users on electronic devices, primarily for conducting financial transactions and enabling passwordless logins, a foundational element of the modern digital wallet and mobile device security market.
  • Key Procedural History: The complaint alleges that Defendant had pre-suit knowledge of the patents-in-suit. It cites a formal letter sent by Plaintiff to Defendant on or around July 25, 2016, identifying several of the asserted patents and related applications. The complaint also alleges that Defendant had knowledge of the asserted patent family as of May 2016, when it cited a related patent in an Information Disclosure Statement during the prosecution of its own patent. The original complaint in this matter was filed on March 18, 2024.

Case Timeline

Date Event
2004-12-20 Earliest Priority Date for ’730, ’954, and ’989 Patents
2007-12-06 Earliest Priority Date for ’289 and ’042 Patents
2013-01-08 U.S. Patent No. 8,352,730 Issues
2013-09-10 Apple introduces Touch ID with the iPhone 5S
2014-02-04 U.S. Patent No. 8,646,042 Issues
2014-09-09 Apple expands Touch ID to authenticate Apple Pay with iPhone 6
2014-11-11 U.S. Patent No. 8,886,954 Issues
2016-05-25 Apple allegedly cites related Proxense patent in an IDS
2016-07-25 Proxense allegedly sends notice letter to Apple
2017-06-13 U.S. Patent No. 9,679,289 Issues
2017-09-12 Apple introduces Face ID with the iPhone X
2020-06-30 U.S. Patent No. 10,698,989 Issues
2022-06-06 Apple announces Passkeys at WWDC 2022
2024-03-18 Original Complaint Filed
2024-10-31 First Amended Complaint Filed

II. Technology and Patent(s)-in-Suit Analysis

U.S. Patent No. 8,352,730 - *"Biometric Personal Data Key (PDK) Authentication"*

  • Patent Identification: U.S. Patent No. 8,352,730, issued January 8, 2013.

The Invention Explained

  • Problem Addressed: The patent’s background section describes the drawbacks of conventional user authentication methods, noting that credentials like passwords are difficult to remember and that physical access objects like keys do not verify the identity of the person using them, making them vulnerable to theft (’730 Patent, col. 1:26-52).
  • The Patented Solution: The invention proposes a self-contained "biometric key" device that solves these problems by persistently storing a user's biometric data (e.g., a fingerprint) in a tamper-proof format. To authenticate, the user first biometrically verifies their identity directly on the device. Upon successful verification, the device wirelessly transmits a code to an external authentication module, which in turn contacts a "trusted key authority" to validate the code and grant the user access to a secured application, such as a website or a keyless lock (’730 Patent, Abstract; col. 6:20-41; Fig. 3).
  • Technical Importance: The technology aims to provide a secure, two-factor authentication method combining something the user is (biometrics) with something the user has (the device), without requiring the user to memorize passwords or risk exposing biometric data to external networks (’730 Patent, col. 2:1-4).

Key Claims at a Glance

  • The complaint asserts independent method claim 1 and system claim 8, among others (Compl. ¶¶122, 131).
  • The essential elements of independent claim 1 include:
    • Persistently storing biometric data, a device ID code, and a secret decryption value in a tamper-proof format on an integrated device.
    • Receiving scan data from a biometric scan performed by the user.
    • Comparing the scan data to the stored biometric data on the device.
    • If the data matches, wirelessly sending a code (including the device ID) to an "agent" for authentication.
    • Receiving an "access message" from the agent that allows the user to access an application.
  • The complaint explicitly reserves the right to assert dependent claims (Compl. ¶122).

U.S. Patent No. 8,886,954 - *"Biometric Personal Data Key (PDK) Authentication"*

  • Patent Identification: U.S. Patent No. 8,886,954, issued November 11, 2014.

The Invention Explained

  • Problem Addressed: As a continuation of the application leading to the ’730 Patent, this patent addresses the same problems of password memorization and the insecurity of physical authentication tokens (’954 Patent, col. 1:26-52).
  • The Patented Solution: The patented solution is functionally identical to that of the ’730 Patent. It describes a system where a portable device biometrically verifies a user and then wirelessly transmits a device-specific code to an external authentication unit. This unit validates the code with a trusted authority to grant access to an application, thereby separating the biometric verification step from the network-based authentication step (’954 Patent, Abstract; col. 6:21-42).
  • Technical Importance: The technical approach provides a framework for secure, wireless, and passwordless authentication that protects a user's biometric data by keeping it local to their personal device.

Key Claims at a Glance

  • The complaint asserts independent method claim 1 and system claim 12, among others (Compl. ¶¶138, 147).
  • The essential elements of independent claim 1 are substantively identical to claim 1 of the ’730 Patent, including steps for:
    • Persistently storing biometric data, a device ID, and a secret decryption value in a tamper-proof format.
    • Receiving and comparing biometric scan data.
    • Wirelessly sending a code to an "agent" for authentication upon a successful match.
    • Receiving an "access message" from the agent to allow access to an application.
  • The complaint explicitly reserves the right to assert dependent claims (Compl. ¶138).

U.S. Patent No. 10,698,989 - *"Biometric Personal Data Key (PDK) Authentication"*

  • Technology Synopsis: Belonging to the same family as the ’730 and ’954 patents, this patent describes a method for user authentication on a smartphone. The device persistently stores the user's biometric data and a unique ID code. After the smartphone biometrically verifies the user, it wirelessly transmits the ID code to a third-party trusted authority, which authenticates the code to complete a transaction, such as accessing a financial account or a keyless lock (’989 Patent, Abstract; col. 2:10-21).
  • Asserted Claims: Claims 1-6 are asserted, with Claim 1 being independent (Compl. ¶154).
  • Accused Features: The complaint accuses Apple Pay on smartphones, which allegedly stores biometric data in the Secure Enclave, verifies the user via Face ID or Touch ID, and then wirelessly transmits an EMV payment token (alleged to be the claimed "ID code") to complete a payment transaction (Compl. ¶¶156-159).

U.S. Patent No. 9,679,289 - *"Hybrid Device Having a Personal Digital Key and Receiver-Decoder circuit and Methods of Use"*

  • Technology Synopsis: This patent describes a "hybrid device" that integrates two key components: a Personal Digital Key (PDK) for securely storing user-specific data and a Receiver-Decoder Circuit (RDC) for wireless communication. The PDK and RDC are communicatively coupled, enabling the device to perform secure, authenticated functions such as enabling an application on an external device based on proximity or other authorization factors (’289 Patent, Abstract; col. 2:2-10).
  • Asserted Claims: Claims 1 and 11 are asserted, with both being independent (Compl. ¶168).
  • Accused Features: The complaint accuses Apple devices capable of using Passkeys, such as iPhones running recent iOS versions. These devices are alleged to be the claimed "hybrid device," where the secure storage for Passkey credentials functions as the PDK and the device's Wi-Fi/cellular/Bluetooth radios function as the RDC, with the two being coupled to enable secure cross-device authentication (Compl. ¶¶170, 183-185).

U.S. Patent No. 8,646,042 - *"Hybrid Device Having a Personal Digital Key and Receiver-Decoder Circuit and Methods of Use"*

  • Technology Synopsis: From the same family as the ’289 patent, this patent likewise describes a hybrid device integrating a PDK for secure data storage and an RDC for wireless communication. The internal coupling of these components allows the device to act as a secure authenticator, for instance by communicating with an external device to generate an authorization signal that enables a specific function or service (’042 Patent, Abstract; col. 2:2-10).
  • Asserted Claims: Claims 1 and 10 are asserted, with both being independent (Compl. ¶199).
  • Accused Features: The allegations for this patent are directed at Apple's Passkey-capable devices and mirror those made for the ’289 patent. The complaint alleges these devices embody the claimed hybrid device structure, with the Passkey credential storage acting as the PDK and the wireless radios acting as the RDC (Compl. ¶¶201, 209-211).

III. The Accused Instrumentality

Product Identification

  • The complaint names two primary groups of accused instrumentalities:
    1. Apple Pay and the Apple devices that support it, including iPhones (iPhone 6 and later), iPads, Apple Watches, and Mac computers (Compl. ¶62).
    2. Apple’s passwordless authentication architecture, including Apple ID, “Sign in with Apple,” and Passkeys, and the devices that support these features (e.g., those running iOS 16, iPadOS 16, macOS 13, or later) (Compl. ¶¶63, 89).

Functionality and Market Context

  • The complaint describes Apple Pay as a mobile payment system that allows users to make secure contactless payments. It leverages on-device biometric sensors (Touch ID, Face ID) for user authentication. The complaint alleges that sensitive biometric data is processed and stored locally within a hardware component called the Secure Enclave, while a device-specific payment token (a Device Account Number, or DAN) is stored in a separate Secure Element. Upon successful biometric authentication, this token is transmitted via NFC to a payment terminal to initiate a transaction (Compl. ¶¶67-73). The complaint positions Apple Pay as a "key player in the market" with over 45 million users in the United States (Compl. ¶46).
  • The complaint describes Passkeys as Apple's implementation of the FIDO/WebAuthn open standard for passwordless authentication. This system uses public-key cryptography, where a device generates a unique key pair for each website or app. User authentication via biometrics unlocks the private key stored on the device to cryptographically sign an authentication challenge. This functionality can operate across devices, as illustrated by the complaint's description of a user scanning a QR code on a computer with their iPhone to sign into a website (Compl. ¶¶90, 94). The complaint presents a technical diagram illustrating this cross-device authentication process, which involves local key agreement and an encrypted CTAP (Client to Authenticator Protocol) operation (Compl. ¶94, Ex. 20).

IV. Analysis of Infringement Allegations

8,352,730 Patent Infringement Allegations

Claim Element (from Independent Claim 1) Alleged Infringing Functionality Complaint Citation Patent Citation
persistently storing biometric data of the user and a plurality of codes and other data values comprising a device ID code uniquely identifying the integrated device and a secret decryption value in a tamper proof format written to a storage element on the integrated device that is unable to be subsequently altered Apple devices with Apple Pay store biometric template data in the Secure Enclave and an EMV payment token (the "device ID code") in the Secure Element. The "secret decryption value" is alleged to be a shared pairing key between these components. This data is alleged to be stored in a tamper-proof format. ¶124, ¶126 col. 4:46-54
responsive to receiving a request for a biometric verification of the user, receiving scan data from a biometric scan When prompted to make a payment, the user performs a biometric scan (e.g., fingerprint or face scan), and the device's sensor captures the scan data. ¶127 col. 4:2-4
comparing the scan data to the biometric data to determine whether the scan data matches the biometric data The device's Secure Enclave compares the received scan data against the persistently stored biometric template data to determine if there is a match. ¶127 col. 4:4-6
responsive to a determination that the scan data matches the biometric data, wirelessly sending one or more codes from the plurality of codes and the other data values for authentication by an agent that is a third-party trusted authority... Upon a successful biometric match, the device wirelessly sends the EMV payment token to a payment terminal. The token is then authenticated by a network of entities, including a token service provider (TSP), which functions as the "agent." ¶128 col. 4:13-16
responsive to authentication of the one or more codes and the other data values by the agent, receiving an access message from the agent allowing the user access to an application... After the payment network authenticates the token and authorizes the transaction, the user's device receives a notification (e.g., a "Done" checkmark on the display), which is alleged to be the "access message" allowing access to an "application" (e.g., completing the purchase). ¶129, ¶130 col. 4:24-28

8,886,954 Patent Infringement Allegations

Claim Element (from Independent Claim 1) Alleged Infringing Functionality Complaint Citation Patent Citation
persistently storing biometric data of a user and a plurality of codes and other data values comprising a device ID code uniquely identifying the integrated device and a secret decryption value in a tamper proof format... Apple devices store biometric templates in the Secure Enclave and an EMV payment token ("device ID code") in the Secure Element. A shared pairing key is alleged to be the "secret decryption value." These are alleged to be stored in a tamper-proof manner. ¶140, ¶142 col. 4:46-54
responsive to receiving a request for biometric verification...receiving scan data from a biometric scan At payment, the user provides a fingerprint or face scan, and the device's sensor captures this scan data. ¶143 col. 4:2-4
comparing the scan data to the biometric data... The Secure Enclave compares the captured scan data to the stored biometric template to verify a match. ¶143 col. 4:4-6
responsive to a determination that the scan data matches the biometric data, wirelessly sending one or more codes...for authentication by an agent that is a third-party trusted authority... After verification, the device wirelessly transmits the EMV payment token. The token service provider and payment network act as the "agent" that authenticates the token. ¶144 col. 4:13-16
responsive to authentication...receiving an access message from the agent allowing the user access to an application Upon successful authentication and authorization by the payment network, the user's device displays a confirmation such as a "Done" checkmark, which is alleged to be the "access message." ¶145, ¶146 col. 4:24-28

Identified Points of Contention

  • Scope Questions: The infringement theory for the ’730 and ’954 patents raises the question of whether the claim term "access message ... allowing the user access to an application" can be construed to cover a post-transaction confirmation notice (e.g., a "Done" checkmark). The patent specification describes the access message as a predicate to gaining access, suggesting a gatekeeping function, whereas the complaint alleges the confirmation of a completed payment is the "access message." A further question is whether the complex, multi-entity payment processing network (TSP, acquirer, issuer) collectively constitutes the "agent" or "third-party trusted authority" contemplated by the claims, which the patent figures depict as a single entity.
  • Technical Questions: For the ’289 and ’042 patents, a central technical question will be whether a standard smartphone architecture, which inherently includes processing/storage (for Passkeys) and wireless radios (for communication), constitutes the specific integrated "hybrid device" with coupled "PDK" and "RDC" components as claimed. The analysis may focus on whether the standard communication pathways between a device's main processor, secure storage, and its wireless transceivers meet the specific "coupling" and functional limitations of the claims.

V. Key Claim Terms for Construction

  • The Term: "access message" (from claim 1 of the ’730 and ’954 patents)

  • Context and Importance: The viability of the infringement allegations against Apple Pay hinges on this term's construction. Plaintiff's theory requires this term to be broad enough to encompass a transaction completion notification or a checkmark on the screen. Defendant may argue the term requires a credential or token that enables future access to a system, rather than confirming a past event.

  • Intrinsic Evidence for Interpretation:

    • Evidence for a Broader Interpretation: The claim language requires the message to "allow... access to an application." Plaintiff may argue that completing the purchase of goods is a form of "access" to the "application" of commerce, and the "Done" checkmark is the final step allowing this. The specification lists a broad range of "applications," including an "ATM machine" where completing a transaction could be seen as the "access." (’730 Patent, col. 5:44-48).
    • Evidence for a Narrower Interpretation: The patent's flowcharts and description suggest a gatekeeping function. Figure 7 shows step 740, "Send Access Message To The Application," as the step that grants access. The specification states that in response to successful authentication, the authentication module "sends a message to application 330, or otherwise allow access to the application" (’730 Patent, col. 6:38-40). This language suggests the message is a cause, not an effect, of access being granted.

  • The Term: "agent" (from claim 1 of the ’730 and ’954 patents)

  • Context and Importance: Plaintiff's theory identifies the "agent" as the distributed network of entities in the EMV payment ecosystem (TSP, payment network, issuer). Practitioners may focus on this term because the patent figures and description often refer to a singular "trusted key authority," raising a question of whether a multi-party system fits the claim.

  • Intrinsic Evidence for Interpretation:

    • Evidence for a Broader Interpretation: Claim 1 defines the agent by its function: performing "authentication" for a "third-party trusted authority." Plaintiff may argue that as long as the collection of entities performs this function, it meets the definition, regardless of how many parties are involved.
    • Evidence for a Narrower Interpretation: The patent consistently refers to a singular "trusted key authority" (e.g., element 320 in Fig. 3) that "verifies that a code from a biometric key is legitimate" (’730 Patent, col. 6:53-56). This could support an interpretation that the "agent" must be a single, designated entity, not a disparate and sequential chain of processors and banks.

VI. Other Allegations

Indirect Infringement

  • The complaint alleges inducement of infringement against Apple. It claims that by providing the Apple Pay and Passkeys software pre-installed on its devices, along with extensive documentation, user guides, and developer materials, Apple instructs and encourages end-users to perform the patented methods (Compl. ¶¶131, 147, 161, 217). The complaint also alleges contributory infringement on similar grounds (Compl. ¶¶132, 148, 162, 218).

Willful Infringement

  • The willfulness allegations are based on alleged pre-suit knowledge of the patents. The complaint specifically points to a July 2016 notice letter sent from Proxense to Apple identifying the patents and to Apple's own citation of a related patent family member in a May 2016 information disclosure statement filed with the USPTO (Compl. ¶¶56-58). The complaint further alleges that infringement continued willfully after the filing of the original complaint (Compl. ¶59).

VII. Analyst’s Conclusion: Key Questions for the Case

  • A core issue will be one of definitional scope and functional mapping: can the claim term “access message,” described in the patents as enabling access to an application, be construed to read on a post-transaction confirmation notice displayed by Apple Pay? Similarly, can the term “agent” be interpreted to cover the distributed, multi-entity EMV payment network, when the patent specification appears to describe a singular trusted authority?
  • A key technical question will be one of structural correspondence: for the patents directed to a "hybrid device," does a standard smartphone architecture implementing the open-standard Passkey protocol meet the specific claimed structure of an integrated "PDK" communicatively coupled to an "RDC," or is there a fundamental mismatch between the patented device and the accused general-purpose hardware?
  • An evidentiary question central to damages will be willfulness: what was the extent of Apple's knowledge following the 2016 notice letter and its own citation of a related patent, and will Plaintiff be able to demonstrate that any continued infringement was objectively reckless?