A Rule 12 motion to dismiss was granted where patent claims directed to “authenticating a user to a transaction at a terminal” failed the 35 U.S.C. § 101 and Alice/Mayo patent-eligibility test. Money and Data Protection Lizenz GMPH & Co. KG v. Duo Security, Inc., Civil Action No. 18-1477-CFC (D. Del. June 24, 2020). Notably, the plaintiff attempted to rely on a purported improvement to computing technology that the court discounted because the purported improvement to network authentication processes, the court said, could be performed mentally.
Claim 1 of U.S. Patent No. 9,246,903 recites:
A method of authenticating a user to a transaction at a terminal, comprising the steps of:
transmitting a user identification from the terminal to a transaction partner via a first communication channel,
providing an authentication step in which an authentication device uses a second communication channel for checking an authentication function that is implemented in a mobile device of the user,
as a criterion for deciding whether the authentication to the transaction shall be granted or denied, having the authentication device check whether a predetermined time relation exists between the transmission of the user identification and a response from the second communication channel,
ensuring that the authentication function is normally inactive and is activated by the user only preliminarily for the transaction,
ensuring that said response from the second communication channel includes information that the authentication function is active, and
thereafter ensuring that the authentication function is automatically deactivated.
The court thought that the analysis under Alice step one to be easy enough, finding the ’903 patent claims “directed to the abstract idea of authentication-–that is, the verification of identity to permit access to transactions.” The closest analog was Prism Techs. LLC v. T-Mobile USA, Inc., (Fed. Cir. 2017), where claims were “directed to the abstract idea of ‘providing restricted access to resources.’”
Under Alice step two, the court found merely the application of generic computing technology to the abstract idea. The plaintiff argued that the claimed invention "improves computer-related technology by increasing the efficiency of a networked authentication process, saving cost, and relieving much of the burden on the user." This purported improvement, the plaintiff said, had no manual analog because a person could not “mentally or manually check for an activated authentication function in a mobile device over a second communication channel.”
The court was not persuaded, noting that a person could “‘mentally or manually’ obtain activation information in a register or database.” This was precisely how the ’903 patent worked, “i.e., by obtaining the device's identifier, location, and state-of-activation information from a mobile network Home Location Register (HLR).” Thus, rather than teaching “a technical solution that enables a computer to access” a registry, the patent simply taught “the idea of data gathering from an HLR,” i.e., “a mental process that a person can perform by reading records from a database.”