DCT

7:25-cv-00137

Secure Matrix LLC v. H E B Grocery Co LP

Log In

I. Executive Summary and Procedural Information

  • Parties & Counsel:
  • Case Identification: 7:25-cv-00137, W.D. Tex., 03/21/2025
  • Venue Allegations: Plaintiff alleges venue is proper because Defendant has an established place of business in the district, has committed acts of patent infringement in the district, and Plaintiff has suffered harm there.
  • Core Dispute: Plaintiff alleges that Defendant’s unidentified products and services infringe a patent related to systems and methods for user authentication and verification.
  • Technical Context: The technology concerns secure, multi-factor authentication, often using a personal mobile device to verify a user's identity before granting access to a secured online capability, such as a website login or an e-commerce payment.
  • Key Procedural History: The complaint states that Plaintiff is the assignee of the patent-in-suit. No other procedural history, such as prior litigation or licensing, is mentioned.

Case Timeline

Date Event
2012-11-21 U.S. Patent No. 8,677,116 Priority Date (Prov. App. 61/729,266)
2014-03-18 U.S. Patent No. 8,677,116 Issued
2025-03-21 Complaint Filed

II. Technology and Patent(s)-in-Suit Analysis

U.S. Patent No. 8,677,116 - "Systems and methods for authentication and verification"

  • Patent Details: Issued March 18, 2014 (’116 Patent)

The Invention Explained

  • Problem Addressed: The patent identifies a "growing need to authenticate users trying to access a secured internet portal (e.g., website) or a real-world secured device" and a parallel need for "a secure and fast online electronic payment capability" ('116 Patent, col. 1:19-25).
  • The Patented Solution: The invention describes a three-party authentication system. A computer providing a "secured capability" (e.g., a web server) sends a "reusable identifier" (like a QR code) to a user's display and also to a separate verification server ('116 Patent, Fig. 2). The user employs an electronic device (e.g., a smartphone) to scan the identifier and send it, along with user verification information, to the verification server ('116 Patent, col. 6:20-24). This verification server then evaluates both signals to determine if the user is authorized and, if so, transmits an authorization signal to the original computer to grant access ('116 Patent, col. 6:30-34).
  • Technical Importance: The method aims to enhance security by separating the access request (on one device) from the verification action (on another device) while simplifying the user experience by using "reusable identifiers" that do not contain sensitive user- or transaction-specific information ('116 Patent, col. 6:35-45).

Key Claims at a Glance

  • The complaint asserts infringement of at least Claim 1 ('116 Patent, Compl. ¶11).
  • Independent Claim 1 requires:
    • A method of using a computer system to authenticate a user.
    • Receiving a first signal from a computer providing a secured capability, where the signal comprises a "reusable identifier" that is "assigned for use by the secured capability for a finite period of time."
    • Receiving a second signal from a user's electronic device, which comprises a copy of the reusable identifier and user verification information.
    • Using a processor to evaluate, based on the first and second signals, whether the user is authorized.
    • Transmitting a third signal with authorization information to the electronic device and/or the computer providing the secured capability.
  • The complaint states that the "Exemplary '116 Patent Claims" are identified in an attached exhibit, suggesting dependent claims may also be asserted (Compl. ¶11).

III. The Accused Instrumentality

Product Identification

The complaint does not specifically name any accused products, methods, or services in its main body (Compl. ¶¶1-19). It refers generally to "Defendant products identified in the charts incorporated into this Count below" and "Exemplary Defendant Products" (Compl. ¶11, ¶14). These charts are contained in Exhibit 2, which was not publicly filed with the complaint.

Functionality and Market Context

The complaint alleges that the "Exemplary Defendant Products practice the technology claimed by the '116 Patent" (Compl. ¶16). It also alleges that Defendant has made, used, sold, and imported these products and had its employees internally test and use them (Compl. ¶¶11-12). The complaint does not provide sufficient detail for analysis of the accused instrumentality's specific functionality or market context.

IV. Analysis of Infringement Allegations

The complaint’s infringement allegations are contained entirely within Exhibit 2, which was not provided with the filed complaint (Compl. ¶¶16-17). The complaint states that these charts compare the "Exemplary '116 Patent Claims to the Exemplary Defendant Products" and that the products "satisfy all elements" of the asserted claims (Compl. ¶16). Without access to this exhibit, a detailed element-by-element analysis is not possible.

No probative visual evidence provided in complaint.

Identified Points of Contention

Based on the patent language and the general nature of the dispute, the infringement analysis will likely raise several questions.

  • Technical Questions: A primary question will be whether the accused system uses an identifier that is truly "reusable" as described in the patent—meaning it lacks user- or transaction-specific data—and whether that identifier is explicitly "assigned for use... for a finite period of time" as required by the claim. Evidence will be needed to show that the accused system separately receives a "first signal" at a verification server and a "second signal" from the user's device, as opposed to a more conventional two-party authentication flow.
  • Scope Questions: The case may explore the scope of what constitutes a "reusable identifier." The patent heavily features QR codes as an example ('116 Patent, col. 9:50-57), but the claim language is broader. The analysis will question whether the specific token, cookie, or other identifier used in the accused system falls within the claim's scope as interpreted in light of the specification.

V. Key Claim Terms for Construction

"reusable identifier"

  • Context and Importance: This term is the core of the invention. Its definition will be critical to determining infringement. The patent distinguishes its "reusable identifier" from single-use or user-specific tokens found in conventional systems ('116 Patent, col. 9:11-22). Practitioners may focus on this term because its scope will determine whether a wide range of modern authentication tokens, which may be session-specific but not user-specific, are covered.
  • Intrinsic Evidence for Interpretation:
    • Evidence for a Broader Interpretation: The claim itself does not limit the identifier to a specific format (e.g., a QR code). The specification notes that the identifier "does not contain user-specific or interaction-specific information" ('116 Patent, col. 33:40-42), which could be argued to cover any non-personalized token used to initiate an authentication session.
    • Evidence for a Narrower Interpretation: The specification repeatedly uses QR codes as the primary embodiment ('116 Patent, col. 9:50-65) and contrasts the invention with systems where "a smartphone sends login or payment information to a webserver" ('116 Patent, col. 9:19-22). This could support a narrower construction limited to identifiers that are visually presented and scanned, or at least function in a similar three-party flow.

"assigned for use by the secured capability for a finite period of time"

  • Context and Importance: This limitation in Claim 1 imposes a temporal constraint on the identifier's validity. The infringement analysis will depend on whether the accused system's identifiers have a defined, limited lifespan that is "assigned" as part of the security process.
  • Intrinsic Evidence for Interpretation:
    • Evidence for a Broader Interpretation: A party could argue this language covers any session token that expires automatically after a set duration, a common practice in web security. The specification mentions "a finite and predetermined period of time (e.g., one or more minutes, one or more hours, one or more days)" ('116 Patent, col. 9:42-44), suggesting flexibility.
    • Evidence for a Narrower Interpretation: The context of "round robin usage" ('116 Patent, col. 9:40) and using a "predefined and previously generated list" of identifiers ('116 Patent, col. 9:22-24) could suggest a more structured system where identifiers are explicitly activated and deactivated from a pool for set periods, rather than just being session tokens that passively expire.

VI. Other Allegations

  • Indirect Infringement: The complaint alleges induced infringement, stating that Defendant distributes "product literature and website materials" that instruct end users on how to use the products in a manner that infringes the '116 Patent (Compl. ¶14).
  • Willful Infringement: The complaint alleges willful infringement based on knowledge obtained from the service of the complaint itself, stating Defendant "continues to make, use, test, sell, offer for sale, market, and/or import" the accused products despite "actual knowledge" (Compl. ¶¶13-14). No pre-suit knowledge is alleged.

VII. Analyst’s Conclusion: Key Questions for the Case

  1. An Evidentiary Question: Given that the complaint's infringement allegations are made exclusively by reference to an unprovided exhibit, a threshold issue will be whether the complaint provides sufficient factual matter to state a plausible claim for relief under the standards of Iqbal and Twombly, or if it is a "bare bones" pleading that fails to give adequate notice of the specific infringement theory.
  2. A Question of Temporal Scope: The case will likely hinge on the claim construction and factual characterization of the phrase "assigned for use... for a finite period of time." The court will need to determine if this requires a system of actively managed, time-limited identifiers from a predefined pool, as some parts of the specification suggest, or if it can read on the common practice of session tokens that passively expire.
  3. A Question of Technical Operation: A core issue will be whether the accused system meets the three-party architecture required by the claims. The plaintiff must prove not only that a "reusable identifier" is used, but that it is part of a system where a "first signal" is sent from the secured computer to a verification server and a "second signal" is sent from the user's device to that same verification server for evaluation.