CosmoKey Solutions Gmbh & Co. KG v. Duo Security LLC et al.
Docket No. 2020-2043 (https://cafc.uscourts.gov/opinions-orders/20-2043.OPINION.10-4-2021_1843694.pdf)
O’MALLEY, REYNA, STOLL
October 4, 2021
Brief Summary: DC decision finding CosmoKey’s claims unpatentable under section 101 reversed (e.g., “the particular arrangement of steps in claim 1 provides a technical improvement”).
Summary: CosmoKey appealed DC decision that the claims of US 9,246,903 “are directed to abstract ideas and fail to provide an inventive concept”. The ‘903 patent claims methods of “authenticating a user to a transaction at a terminal”. Under “step one of the Alice two-step framework for determining patent eligibility” (US, 2014), the DC concluded the ‘903 claims to be “directed to the abstract idea of authentication—that is, the verification of identity to permit access to transactions” as in Prism (FC 2017 (“where we determined that the patent claims were invalid because they were ‘directed to the abstract idea of ‘providing restricted access to resources’”). Under Alice’s step two, the DC “concluded that ‘the [’]903 patent merely teaches generic computer functionality to perform the abstract concept of authentication’” (e.g., “the patent itself admits that ‘the detection of an authentication function’s activity and the activation by users of an authentication function within a pre-determined time relation were wellunderstood and routine, conventional activities previously known in the authentication technology field.’”) The FC panel reviewed the decision de novo (Interval Licensing, FC 2018), finding “[t]he critical question” to be “whether this correct characterization of what the claims are directed to is either an abstract idea or a specific improvement in computer verification and authentication techniques” (Solutran, FC 2019 (“Under Alice step one, we consider ‘what the patent asserts to be the ‘focus of the claimed advance over the prior art.’”), citing Affinity Labs, FC 2016). The FC panel was “not convinced” that the claims are “directed to the abstract idea of authentication” under Alice step one (are the claims directed to “a specific improvement in computer verification and authentication techniques”?) but did not answer that question as it found the claims satisfied Alice step two (Amdocs, FC 2016). Under Alice step two, the FC panel “consider[s] the elements of each claim both individually and ‘as an ordered combination’ to determine whether the additional elements ‘transform the nature of the claim’ into a patent-eligible application”. It explained that “[i]n computer-implemented inventions, the computer must perform more than ‘well-understood, routine, conventional activities previously known to the industry’… and cannot simply be an instruction to implement or apply the abstract idea on a computer” (BASCOM, FC 2016). The FC panel disagreed with the DC, finding instead that “[t]he ’903 patent claims and specification recite a specific improvement to authentication that increases security, prevents unauthorized access by a third party, is easily implemented, and can advantageously be carried out with mobile devices of low complexity”, “discloses a technical solution to a security problem in networks and computers”, the prior art described in the ‘903 specification do not “teach the recited claim steps”, and “the patent specification describes how the particular arrangement of steps in claim 1 provides a technical improvement over conventional authentication methods” (Ancora, FC 2018 (claims patentable as “specific non-abstract computer-functionality improvement addressing the “vulnerability of license-authorization software to hacking.”) The DC judgment was therefore reversed.