Authentication method held patent-eligible at Alice Step Two
| October 14, 2021
CosmoKey Solutions GmbH & Co. v. Duo Security LLC
Decided on October 4, 2021
O’Malley, Reyna, and Stoll. Court opinion by Stoll. Concurring opinion by Reyna.
Summary
The United States District Court for the District of Delaware granted Duo’s motion for judgment on the pleadings under Rule 12(c), arguing that all claims of the patent in dispute are ineligible under 35 U.S.C. 101 as the claims are directed to the abstract idea of authentication and do not recite any patent-eligible inventive concept. On appeal, the Federal Circuit unanimously revered the district court decision, holding that the claims of the patent are patent-eligible under Alice Step Two because they recite a specific improvement to a particular computer-implemented authentication technique. Reyna concurred, arguing that he would resolve the dispute at Alice Step One, not Step Two.
Details
I. Background
(1) Patent in Dispute
CosmoKey Solutions GmbH & Co. (“CosmoKey’s”) owns U.S. Patent No. 9,246,903 (“the ’903 patent”), titled “Authentication Method” and purported to disclose an authentication method that is both low in complexity and high in security.
Claim 1 is the only independent claim of the ’903 patent and reads:
1. A method of authenticating a user to a transaction at a terminal, comprising the steps of:
transmitting a user identification from the terminal to a transaction partner via a first communication channel,
providing an authentication step in which an authentication device uses a second communication channel for checking an authentication function that is implemented in a mobile device of the user, as a criterion for deciding whether the authentication to the transaction shall be granted or denied, having the authentication device check whether a predetermined time relation exists between the transmission of the user identification and a response from the second communication channel,
ensuring that the authentication function is normally inactive and is activated by the user only preliminarily for the transaction,
ensuring that said response from the second communication channel includes information that the authentication function is active, and
thereafter ensuring that the authentication function is automatically deactivated.
(2) The District Court
CosmoKey brought a civil lawsuit against Duo Security, Inc. (“Duo”) for infringement of the ’903 patent at the United States District Court for the District of Delaware (“the district court”). Duo moved for judgment on the pleadings pursuant to Rule 12(c) of the Federal Rules of Civil Procedure, arguing that the claims of the ’903 patent are ineligible under 35 U.S.C. 101.
The district court agreed with Duo, holding that the patent claims were invalid. The district court reasoned that the claims “are directed to the abstract idea of authentication—that is, the verification of identity to permit access to transactions” at Alice Step One, and that “the [’]903 patent merely teaches generic computer functionality to perform the abstract concept of authentication; and it therefore fails Alice’s step two inquiry.” In so holding, the district court determined that the patent itself admits that “the detection of an authentication function’s activity and the activation by users of an authentication function within a predetermined time relation were well-understood and routine, conventional activities previously known in the authentication technology field.”
CosmoKey appealed the district court’s judgment.
II. The Federal Circuit
The Federal Circuit (“the Court”) unanimously revered the district court decision, holding that the claims of the patent are patent-eligible under Alice step two.
Before discussing Alice Steps One and Two, the Court referred to several cases in which the Court has previously considered the eligibility of various claims generally directed to authentication and verification under § 101. However, the Court compared the claims of the ’903 patent with none of those claims held patent-eligible or patent-ineligible. See Enfish, LLC v. Microsoft Corp., 822 F.3d 1327, 1334 (Fed. Cir. 2016) (“The Supreme Court has not established a definitive rule to determine what constitutes an “abstract idea” sufficient to satisfy the first step of the Mayo/Alice inquiry. … Rather, both this court and the Supreme Court have found it sufficient to compare claims at issue to those claims already found to be directed to an abstract idea in previous cases.”).
(1) Alice Step One
The Court stated that the critical question at Alice Step One for this case is whether the correct characterization of what the claims are directed to is either an abstract idea or a specific improvement in computer verification and authentication techniques.
Interestingly however, the Court stated that it needs not answer this question because even if the Court accepts the district court’s narrow characterization of the ’903 patent claims, the claims satisfy Alice step two.
The Court noted in footnote 3 that this very approach was followed in Amdocs (Israel) Ltd. v. Openet Telecom, Inc., 841 F.3d 1288, 1303 (Fed. Cir. 2016) (explaining that “even if [the claim] were directed to an abstract idea under step one, the claim is eligible under step two”).
(2) Alice Step Two
The district court recognized that the specification indicates that the “difference between [the] prior art methods and the claimed invention is that the [’]903 patent’s method ‘can be carried out with mobile devices of low complexity’ so that ‘all that has to be required from the authentication device function is to detect whether or not this function is active’” and that “the only activity that is required from the user for authentication purposes is to activate the authentication function at a suitable timing for the transaction.” But the district court cited column 1, lines 15–53 of the specification as purportedly admitting that detection of activation of an authentication function’s activity and the activation by users of an authentication function within a pre-determined time relation were “well-understood and routine, conventional activities previously known in the authentication technology field” (emphasis added).
The Court criticized the district court’s reliance on column 1, lines 15–53 as misplaced. The Court stated that, while column 1, lines 30–46 describes three prior art references, none teach the recited claim steps, and read in context, the rest of the passage cited by the district court makes clear that the claimed steps were developed by the inventors, are not admitted prior art, and yield certain advantages over the described prior art (emphasis added).
Duo also argued that using a second communication channel in a timing mechanism and an authentication function that is normally inactive, activated only preliminarily, and automatically deactivated is itself an abstract idea and thus cannot contribute to an inventive concept, and far from concrete (emphasis added). The Court disagreed, stating that the claim limitations are more specific and recite an improved method for overcoming hacking by ensuring that the authentication function is normally inactive, activating only for a transaction, communicating the activation within a certain time window, and thereafter ensuring that the authentication function is automatically deactivated (emphasis added). Referring to the Court’s recognition in Ancora Techs., Inc. v. HTC Am., Inc., 908 F.3d 1343 (Fed. Cir. 2018) that improving computer or network security can constitute “a non-abstract computer-functionality improvement if done by a specific technique that departs from earlier approaches to solve a specific computer problem,” the Court emphasized that, as the specification itself makes clear, the claims recite an inventive concept by requiring a specific set of ordered steps that go beyond the abstract idea identified by the district court and improve upon the prior art by providing a simple method that yields higher security (emphasis added).
II. Concurring Opinion
Judge Reyna’s concurrence challenged the Court’s approach of accepting the district court’s analysis under Alice step one and resolving the case under Alice step two. Judge Reyna argues that Alice Step two comes into play only when a claim has been found to be directed to patent-ineligible subject matter. He concluded that, employing step one, the claims at issue are directed to patent-eligible subject matter because, as the Court opinion stated, “[t]he ’903 Patent claims and specification recite a specific improvement to authentication that increases security, prevents unauthorized access by a third party, is easily implemented, and can advantageously be carried out with mobile devices of low complexity,” which is a step-one rationale.
Takeaway
· In the Alice inquiry, courts may assume that the claim in question does not pass Alice Step One without detailed analysis, and immediately move on to Alice Step Two.
· At both Alice Steps One and Two, the Court almost always inquires about improvements, i.e., the claimed advance over the prior art (“Under Alice step one, we consider “what the patent asserts to be the ‘focus of the claimed advance over the prior art.’”; “Turning then to Alice step two, we “consider the elements of each claim both individually and ‘as an ordered combination’ to determine whether the additional elements ‘transform the nature of the claim’ into a patent-eligible ap- plication.” … In computer-implemented inventions, the computer must perform more than “well-understood, routine, conventional activities previously known to the industry.””) (emphasis added). This approach may appear different from the views of the Supreme Court and the USPTO. See Mayo Collaborative Services v. Prometheus Laboratories, Inc., 132 S.Ct. 1289, 1304 (2012) (“We recognize that, in evaluating the significance of additional steps, the § 101 patent-eligibility inquiry and, say, the § 102 novelty inquiry might sometimes overlap. But that need not always be so.””); MPEP 2106.04(d)(1) (“[T]he improvement analysis at Step 2A [(Alice Step One)] Prong Two differs in some respects from the improvements analysis at Step 2B [(Alice Step Two)]. Specifically, the “improvements” analysis in Step 2A determines whether the claim pertains to an improvement to the functioning of a computer or to another technology without reference to what is well-understood, routine, conventional activity.”) (emphasis added).