Secure Matrix LLC v. McCoy Corp

I. Executive Summary and Procedural Information

• Parties & Counsel:
  • Plaintiff: Secure Matrix LLC (DE)
  • Defendant: McCoy Corporation (TX)
  • Plaintiff’s Counsel: Rabicoff Law LLC
• Case Identification: 7:25-cv-00139, W.D. Tex., 05/12/2025
• Venue Allegations: Venue is asserted based on Defendant having an established place of business in the Western District of Texas and having allegedly committed acts of patent infringement in the district.
• Core Dispute: Plaintiff alleges that Defendant’s products and services infringe a patent related to multi-factor user authentication systems.
• Technical Context: The lawsuit concerns secure authentication methods that use a combination of a website-provided identifier and separate user-device verification to grant access, aiming to improve security over traditional password-based systems.
• Key Procedural History: The complaint is a First Amended Complaint. Plaintiff alleges that Defendant gained actual knowledge of the infringement allegations upon service of the Original Complaint on March 21, 2025, which forms the basis for the post-suit willfulness claim.

Case Timeline

II. Technology and Patent(s)-in-Suit Analysis

U.S. Patent No. 8,677,116 - Systems and methods for authentication and verification

• Patent Identification: U.S. Patent No. 8,677,116, issued March 18, 2014.

The Invention Explained

• Problem Addressed: The patent describes conventional authentication methods, such as username and password combinations, as being "ineffective and vulnerable to security breaches" (Compl. ¶10). These prior art systems were flawed because they relied on users remembering multiple complex passwords, leading to high customer support costs, and used static, single-factor mechanisms that were easily compromised ('116 Patent, col. 32:63-33:9).
• The Patented Solution: The invention proposes a multi-factor authentication system where a user's interaction with a "secured capability" (e.g., a website) is verified by a separate server ('116 Patent, Abstract). The system receives a first signal from the website containing a "reusable identifier" valid for a "finite period of time," and a second signal from the user's electronic device (e.g., a smartphone) containing a copy of that identifier plus "user verification information" ('116 Patent, col. 33:18-30). A processor then evaluates both signals to determine if the user is authorized ('116 Patent, col. 33:30-34).
• Technical Importance: This approach is presented as an improvement that can provide "a level of safety over a million times greater than systems that utilize just a login and password" by separating the authentication channels ('116 Patent, col. 33:3-4).

Key Claims at a Glance

• The complaint asserts infringement of at least Claim 1 ('116 Patent, Claim 1; Compl. ¶¶13, 22).
• Independent Claim 1 requires a method of using a computer system to:
  • receive a first signal from a computer providing a secured capability, the signal comprising a reusable identifier assigned for use for a finite period of time;
  • receive a second signal from an electronic device being used by the user, the signal comprising a copy of the reusable identifier and user verification information;
  • use a processor to evaluate, based on the signals, whether the user is authorized; and
  • transmit a third signal with authorization information in response to a positive evaluation.
• The complaint reserves the right to assert other claims, including under the doctrine of equivalents (Compl. ¶25).

III. The Accused Instrumentality

Product Identification

• The complaint refers to "Exemplary Defendant Products" but does not name any specific product, method, or service in its text (Compl. ¶25). It states these products are identified in charts incorporated by reference and in an "Exhibit 2," which was not publicly filed with the complaint (Compl. ¶¶25, 30).

Functionality and Market Context

• The complaint alleges that the accused products practice the claimed authentication technology by implementing a system that provides multiple layers of security protection using a reusable identifier framework (Compl. ¶¶14, 30). The complaint does not provide sufficient detail for analysis of the specific functionality or market context of the accused products.

IV. Analysis of Infringement Allegations

No probative visual evidence provided in complaint.

The complaint alleges infringement of at least Claim 1 of the '116 Patent, summarizing the theory in narrative form (Compl. ¶22).

'116 Patent Infringement Allegations

• Identified Points of Contention:
  • Scope Questions: A central question may be whether the accused system's tokens or identifiers meet the patent's definition of a "reusable identifier." The patent distinguishes this term from identifiers containing user-specific information and from "one-time-use" identifiers (Compl. ¶¶15, 20; '116 Patent, col. 6:35-41). The analysis will depend on the specific data structure and lifecycle of the identifiers used by Defendant's system.
  • Technical Questions: The complaint alleges the accused identifier is assigned for a "finite period of time" (Compl. ¶22). A technical dispute may arise over how this temporal limitation is implemented in the accused system and whether that implementation matches the methods described in the patent, such as timestamp comparison or "round robin usage" where an identifier is deleted after a time period so it can be reused ('116 Patent, col. 13:28-45).

V. Key Claim Terms for Construction

The Term: "reusable identifier"

• Context and Importance: This term is the core of the claimed invention, distinguishing it from prior art single-use tokens. Its construction will be critical, as the infringement analysis depends on whether the accused system's authentication token qualifies as "reusable" in the manner contemplated by the patent. Practitioners may focus on this term because the patent's specification repeatedly emphasizes that the identifier does not contain "user-specific or transaction-specific information" ('116 Patent, col. 32:56-58).
• Intrinsic Evidence for Interpretation:
  • Evidence for a Broader Interpretation: The claim language itself does not explicitly forbid the inclusion of user-specific data, only requiring the identifier to be "reusable." The term "reusable" is defined in the specification as an identifier that "can be used more than once" and is "not unique to one particular user or transaction" ('116 Patent, col. 9:8-12), which could be interpreted broadly.
  • Evidence for a Narrower Interpretation: The specification provides context suggesting a narrower meaning, stating that "by using reusable identifiers that do not include user specific or transaction specific information, certain embodiments described herein can advantageously provide a universal login" ('116 Patent, col. 32:56-60). Further, embodiments describe a "round robin usage" where identifiers are sequentially used and recycled, which may imply a more structured system than any generic session token ('116 Patent, col. 9:41-44).

The Term: "assigned for use... for a finite period of time"

• Context and Importance: This limitation is central to the claimed security protocol, as it aims to prevent replay attacks (Compl. ¶21). The outcome of the case may depend on whether the lifecycle of the accused system's identifier (e.g., a session token that expires upon logout or inactivity) meets this temporal requirement.
• Intrinsic Evidence for Interpretation:
  • Evidence for a Broader Interpretation: The term "finite period" is broad on its face and could encompass any non-infinite duration, such as the length of a user session.
  • Evidence for a Narrower Interpretation: The specification describes specific implementations, such as a "predetermined period of time (e.g., one or more minutes, one or more hours, one or more days)" ('116 Patent, col. 9:42-46). Another embodiment describes a system that compares the receipt times of the two signals and authorizes the user only if the "time differential is less than or equal to the finite and predetermined period of time" ('116 Patent, col. 13:33-38). This could support a narrower construction requiring a specific, pre-set validity window rather than an indefinite session.

VI. Other Allegations

• Indirect Infringement: The complaint alleges inducement of infringement, stating that Defendant distributes "product literature and website materials" that instruct end users on how to use the accused products in an infringing manner (Compl. ¶28).
• Willful Infringement: Willfulness is alleged based on Defendant's continued infringement despite having "actual knowledge" of the '116 patent since at least the service of the original complaint on March 21, 2025 (Compl. ¶¶27-28).

VII. Analyst’s Conclusion: Key Questions for the Case

• A core issue will be one of definitional scope: can the term "reusable identifier", which the patent repeatedly describes as being free of user-specific data, be construed to read on the specific authentication tokens used in Defendant's system? The answer will likely depend on whether the tokens are merely session-based or part of a more structured, non-personalized "round robin" system as described in the patent's specification.
• A key evidentiary question will be one of temporal functionality: does the accused system's method for expiring identifiers meet the "assigned for use for a finite period of time" limitation? The case may turn on whether a standard session timeout is sufficient, or if the patent requires a more explicit, pre-determined validity window to be assigned to the identifier at the start of the authentication process.
• A third question concerns proof of operation: given the high-level allegations, Plaintiff will need to produce evidence demonstrating that Defendant's system technically operates by receiving and evaluating two distinct signals—one from the service and one from the user's device—in the specific manner claimed, rather than through a more integrated or conventional authentication flow.