DCT
3:23-cv-00853
Secure NFC PTY. LTD. v. MasterCard Incorporated
I. Executive Summary and Procedural Information
- Parties & Counsel:
- Plaintiff: Secure NFC PTY. LTD. (Australian corporation)
- Defendant: Mastercard Incorporated (Delaware corporation)
- Plaintiff’s Counsel: Whitestone Law
- Case Identification: 1:23-cv-1717, E.D. Va., 12/14/2023
- Venue Allegations: Venue is alleged to be proper based on Defendant Mastercard maintaining a regular and established place of business within the Eastern District of Virginia.
- Core Dispute: Plaintiff alleges that Defendant’s Masterpass mobile payment system infringes a patent related to methods for partitioning a secure element in a Near Field Communication (NFC) device to support multiple card issuers.
- Technical Context: The lawsuit concerns the foundational architecture for enabling a single mobile device to securely store and use virtual credit cards from multiple different banks or financial institutions for contactless payments.
- Key Procedural History: The complaint alleges that Defendant was made aware of the patent-in-suit prior to the lawsuit and continued its allegedly infringing activities, which forms the basis for the willfulness allegation.
Case Timeline
| Date | Event |
|---|---|
| 2012-04-17 | ’971 Patent Priority Date |
| 2016-06-21 | ’971 Patent Issue Date |
| 2023-12-14 | Complaint Filing Date |
II. Technology and Patent(s)-in-Suit Analysis
U.S. Patent No. 9,374,712 - "Multi-issuer secure element partition architecture for NFC enabled devices"
The Invention Explained
- Problem Addressed: The patent describes a problem in the early-2010s mobile payment space where existing security methodologies for NFC-enabled devices did not permit the secure coexistence of multiple payment cards from different issuers on a single device ('971 Patent, col. 1:50-60). A consumer with cards from several different banks could not consolidate them into one digital wallet on their phone.
- The Patented Solution: The invention proposes an architecture that creates multiple, distinct "secure element partitions" within a single secure hardware element (like a micro-SD card or SIM card) on an NFC device ('971 Patent, col. 2:1-6). Each partition is allocated to a specific card issuer and contains its own access rules and cryptographic keys, effectively creating separate, firewalled secure environments on the same chip. This is managed by a system including a "secure element partition manager" and an "access control enforcer" ('971 Patent, col. 2:50-55; Fig. 2). This architecture allows multiple, competing financial institutions to securely place their virtual cards on a single consumer device.
- Technical Importance: This approach addresses a key logistical and security hurdle to the widespread adoption of multi-card mobile wallets, by providing a standardized way to manage and isolate data from competing issuers on a single trusted hardware platform. (’971 Patent, col. 1:12-18).
Key Claims at a Glance
- The complaint asserts infringement of claims 1-12 (Compl. ¶10). Independent claim 1 is the focus of the complaint's allegations.
- The essential elements of independent claim 1 include:
- A method for providing secure element partitions for an NFC enabled device for a plurality of card issuers, comprising:
- creating in a secure element... a plurality of secure element partitions;
- allocating said secure element partitions... to the respective card issuers;
- providing in the secure element for a plurality of the secure element partitions respectively one or more application security domains;
- wherein the secure element partitions include an "access rule application master" with access rules and a "unique smart-card security table of random keys" for each issuer;
- and wherein the application security domains include an application, an "access rule application client," and an "application register containing identities of the card issuers that share the application."
- The complaint does not explicitly reserve the right to assert other claims, but its assertion of claims 1-12 implies that dependent claims are also at issue (Compl. ¶29).
III. The Accused Instrumentality
Product Identification
- The accused instrumentality is Defendant's "Masterpass system" and "Masterpass application," a service and software for mobile devices (Compl. ¶3, 9).
Functionality and Market Context
- The complaint describes Masterpass as a system that enables mobile device payments, which allegedly uses a method that infringes the ’971 patent (Compl. ¶9). Visual evidence provided in the complaint depicts the Masterpass application on a smartphone being used to make a contactless payment at a point-of-sale terminal. This image shows a successful transaction for a virtual "MasterCard" card stored in the Masterpass digital wallet (Compl. p. 4). The complaint alleges that the Masterpass system includes functionality for identifying different wallets via a "WalletId" (Compl. p. 5), managing payment tokens and cryptograms (Compl. p. 6), and facilitating a multi-step authentication and transaction process involving the consumer, merchant, and Masterpass service (Compl. p. 5).
IV. Analysis of Infringement Allegations
’971 Patent Infringement Allegations
| Claim Element (from Independent Claim 1) | Alleged Infringing Functionality | Complaint Citation | Patent Citation |
|---|---|---|---|
| creating in a secure element of the NFC enabled device a plurality of secure element partitions; | The Masterpass system's operation on a mobile device to facilitate a contactless payment, as depicted in a photograph of a transaction. | ¶20, p. 4 | col. 9:25-28 |
| allocating said secure element partitions of the secure element to the respective card issuers; | The use of a "ConnectedMerchantsRequest.WalletId" described as a "Partition name MasterPass uses to identify the wallet." | ¶20, p. 5 | col. 9:29-31 |
| providing in the secure element for a plurality of the secure element partitions respectively one or more application security domains; | The user interface flow of the Masterpass mobile checkout feature, including screens for selecting a payment method and confirming payment. | ¶20, p. 5 | col. 9:32-36 |
| wherein the secure element partitions include respectively an access rule application master having access rules and control data of the respective card issuer... | A process flowchart depicting interactions between a Consumer, Merchant, Service Provider, and Masterpass to request and pass pairing tokens and access tokens. | ¶20, p. 5 | col. 9:37-43 |
| ...and a unique smart-card security table of random keys generated by the respective card issuer to protect that card issuer's NFC cards, and | The use of a "tokenization.cryptogram.unpredictableNumber," which is described as a "random number generated by the merchant, service provider, or, if null, by Masterpass." | ¶20, p. 6 | col. 9:40-43 |
| the one or more application security domains corresponding to a respective secure element partition include respectively an application, an access rule application client having a set of access rules and control data and an application register containing identities of the card issuers that share the application with the card issuer to whom the respective secure element partition is allocated. | The use of Universal Cardholder Authentication Field (UCAF) data, which allegedly contains an "application cryptogram, application transaction counter (ATC), unpredictable number, and cryptogram version." | ¶20, p. 6 | col. 9:44-52 |
Identified Points of Contention
- Architectural Equivalence: A central question will be whether the accused Masterpass system, which appears to be a client-server cloud-based architecture, implements the specific device-centric "secure element partitions" described in the patent. The complaint maps high-level system interactions (Compl. p. 5) and data fields (Compl. p. 6) to specific architectural components of the claim, and the court may need to determine if this mapping is technically and legally sound.
- Scope Questions: The infringement read may depend on whether a "WalletId" (Compl. p. 5) can be considered an "allocation" of a "secure element partition," or if a dynamically generated "unpredictableNumber" (Compl. p. 6) meets the limitation of a "unique smart-card security table of random keys."
- Technical Questions: It is not clear from the complaint what evidence demonstrates that the accused Masterpass system actually creates distinct "partitions" within a "secure element" on the device itself, as opposed to managing accounts on a remote server. The complaint does not provide sufficient detail for analysis of the precise structure of the alleged "access rule application master" or "access rule application client" within the Masterpass system.
V. Key Claim Terms for Construction
The Term: "secure element partition"
Context and Importance: This term is the central concept of the invention. Its construction will determine whether the claims cover any logical separation of issuer data on a device or are limited to the specific hardware-based partitioning architecture described in the patent's embodiments. Practitioners may focus on this term because the plaintiff's case appears to depend on a broad interpretation that reads on Masterpass's alleged functionality.
Intrinsic Evidence for Interpretation:
- Evidence for a Broader Interpretation: The claim language itself recites "creating in a secure element... a plurality of secure element partitions" (col. 9:26-27) without specifying the precise mechanism, which may support an interpretation covering various methods of logically isolating data.
- Evidence for a Narrower Interpretation: The specification repeatedly describes the partitions in the context of a specific "multi-partition Secure Element (SE)" architecture (e.g., SE 60 in Fig. 2), managed by specific software modules like the "SE partition manager 48" and "SE partition loader 50" ('971 Patent, col. 4:15-24). This could support a narrower construction tied to this disclosed structure.
The Term: "access rule application master"
Context and Importance: This term defines a key control component within each claimed partition. The infringement analysis for this element relies on a high-level flowchart of the Masterpass system (Compl. p. 5). The viability of the infringement claim may turn on whether that flowchart actually depicts a structure meeting the definition of an "access rule application master."
Intrinsic Evidence for Interpretation:
- Evidence for a Broader Interpretation: The claim requires this component to have "access rules and control data" ('971 Patent, col. 9:39-40), a relatively general description that could potentially encompass a variety of access control systems.
- Evidence for a Narrower Interpretation: The specification shows the "access rule application master (ARA-M) 64" as a distinct component within each SE partition (Fig. 2), which "stores access rules and control data of the respective card issuer" ('971 Patent, col. 4:33-37). An argument could be made that the term requires a dedicated, issuer-specific rules engine located within the partition itself, not a generalized, service-level process.
VI. Other Allegations
- Indirect Infringement: The complaint alleges active inducement by asserting that Mastercard provides software and instructions (e.g., through its application) that cause its customers to use the infringing Masterpass system (Compl. ¶16, 30). Contributory infringement is alleged on the basis that Mastercard supplies the Masterpass system, which is a material part of the claimed invention and is not a staple article of commerce suitable for substantial non-infringing use (Compl. ¶16, 31).
- Willful Infringement: The complaint alleges willfulness based on Mastercard having been "made aware of the '712 Patent" prior to the suit and having "refused to cease selling products or to engage in further attempts to reach a business resolution" (Compl. ¶26).
VII. Analyst’s Conclusion: Key Questions for the Case
This case will likely center on fundamental questions of technological mapping and claim scope. The key issues for the court will be:
A core issue will be one of architectural equivalence: Does the Masterpass system's architecture, which appears to rely on API calls, tokens, and cloud services, actually embody the on-device, hardware-based "secure element partition" structure recited in claim 1? Or is the complaint's mapping of Masterpass features to claim elements an oversimplification of two fundamentally different security models?
A second key issue will be one of definitional scope: Can terms like "secure element partition" and "access rule application master," which are described with specific structural details in the patent's specification and figures, be construed broadly enough to read on the more abstract processes and data fields of the accused Masterpass system?
An evidentiary question will be one of functional proof: Can the plaintiff provide evidence beyond high-level flowcharts and API documentation to demonstrate that the accused Masterpass system's internal software components actually perform the specific functions of the "access rule application client," "application register," and "smart-card security table" as required by the patent claims?