Update: As predicted in the below article, Auth Token expanded its litigation campaign, targeting additional banks and financial institutions. As of November 11, 2021, Auth Token has now filed 28 different patent infringement lawsuits.
While banks and financial institutions have long been the subject of patent lawsuits, they have been increasingly targeted this year by a number of non-practicing entities. Non-practicing entities are those that acquire patents but do not actually practice the patented inventions. They are commonly referred to as “patent trolls.” In a recent spate of filings in early November, one such entity—Auth Token LLC—has continued its patent campaign against banks and financial institutions.
Auth Token is a Delaware LLC, based in New York, that has been asserting two patents—U.S. Patent Nos. 8,375,212 and 8,688,990—both entitled “Method for personalizing an authentication token.” Records at the U.S. Patent and Trademark Office (“USPTO”) show the patents as assigned to Prism Technologies LLC. Prism Technologies LLC is a subsidiary of Prism Technologies Group, Inc., which is a non-practicing entity that is publicly traded as an over-the-counter (OTC), penny stock. One may have expected an assignment of the patents to Auth Token to have been recorded at the USPTO, as is normal practice, although it is not technically required. The lack of a recorded assignment may prompt a defendant sued on the patents to raise the question of whether Auth Token has the rights necessary to assert the patents.
The Auth Token patents describe an authentication token using a smart card that an organization would issue to its customer, the smart card having a processor for executing a software application that is responsive to a user input to generate a one-time password as an output. In 2021, Auth Token has asserted the patents in 22 different lawsuits. Recent targets, including a number of which were just sued in early November 2021, include banks and other financial institutions such as American Express. In particular, Auth Token appears to be asserting infringement against EMV cards, which is a payment method based on a technical standard, with EMV standing for “Europay, Mastercard, and Visa.” This is the “chip card” that many consumers are using now, where you insert your credit card into a card reader instead of swiping it.
Most of the lawsuits have been filed very recently, and many defendants have not responded yet. Notably, however, one defendant filed a motion for judgment on the pleadings at the end of October alleging the patents are ineligible for patenting under § 101. We’ve written previously on the current status of § 101 challenges, which have proven to substantially limit the types of inventions eligible for patenting in the United States.
Impact on banks and financial institutions
It remains to be seen whether the § 101 motion will gain any traction and be granted. It’s also possible that Auth Token will attempt to quickly settle with the defendant to prevent the motion from being ruled on by the District of Delaware. But in the meantime, if you are a bank or financial institution that issues EMV cards, Auth Token may soon be targeting you.
If your organization is served with a lawsuit, whether by Auth Token or another non-practicing entity targeting banking and financial institutions, Thompson Coburn is available to help.
Tony Blum is a partner in Thompson Coburn’s Intellectual Property practice group.