United States District Court, N.D. Illinois, Eastern Division
MEMORANDUM OPINION AND ORDER
VIRGINIA M. KENDALL, District Judge.
Plaintiff Card Verification Solutions, LLC filed a patent infringement action pursuant to 35 U.S.C. § 271 against Defendant Citigroup Inc., alleging that Citigroup infringed United States Patent No. 5, 826, 245 ("the 245 Patent"). Specifically, Card Verification claims that Citigroup infringed its patented method for providing verification information for a transaction between an initiating party (e.g., a consumer) and a verification-seeking party (e.g., a merchant). Citigroup maintains that the 245 Patent is invalid and now moves to dismiss the Complaint under Fed.R.Civ.P. 12(b)(6) for failure to state a claim. Citigroup argues that the 245 Patent claims an abstract concept and therefore does not contain patentable subject matter required by 35 U.S.C. § 101. For the following reasons, Citigroup's Motion to Dismiss is denied.
The 245 Patent claims an invention for providing verification information for a transaction securely. Specifically, the 245 Patent discloses methods for passing confidential information over an unsecured network with reduced risk of it being captured by an untrusted party. (Dkt 1-1, 245 Patent, 1:34-36). The six independent claims of the 245 Patent are claims 1, 20, 21, 22, 23, and 24. Claim 1 is representative of the independent claims:
1. A method for giving verification information for a transaction between an initiating party and a verification-seeking party, the verification information being given by a third, verifying party, based on confidential information in the possession of the initiating party, the method comprising:
on behalf of the initiating party, generating first and second tokens each of which represents some but not all of the confidential information,
sending the first token electronically via a nonsecure communication network from the initiating party to the verification-seeking party,
sending the second token electronically via a nonsecure communication network from the initiating party to the verifying party,
sending the first token electronically via a nonsecure communication network from the verification-seeking party to the verifying party,
verifying the confidential information at the verifying party based on the first and second tokens, and sending the verification information electronically via a nonsecure communication network from the verifying party to the verification-seeking party.
(245 Patent, 4:15-37). Dependent claims 4 through 6 require the addition of randomly generated, identical tags to the first and second pieces of the confidential information. ( Id., 4:45-53). The addition of the tags completes the creation of the tokens. The verifying party proceeds to authenticate the transaction by associating the first and second tokens with each other based on the identical tags added to each token. ( Id., 4:54-60).
The tags are four-digit pseudorandom strings of numbers and characters. The same tag is added to both pieces of the confidential information (e.g, a credit card number), the tag being attached to the end of one piece and to the beginning of the other piece. This attachment procedure allows the verifying party to recognize which piece comes first in reconstructing the confidential information. ( Id., 2:60-67). The 245 Patent states that use of a pseudorandom tag reduces the chance that someone monitoring the output of the device (e.g., a computer) for the purpose of attempting to steal the confidential information will be able to predict what tag will be used. ( Id., 3:5-8). Using the claimed process prevents the verification-seeking party from ever receiving the entirety of the confidential information, instead only receiving a tagged piece and an approval code. The confidential information is never available as a whole except at the initiating party's computer and at the verifying party's portal. ( Id., 4:1-6).
The differences between the six independent claims are not material for the purpose of this opinion; but because Card Verification explicitly asserts claim 22 in its Complaint, the Court additionally identifies independent claim 22:
22. A method for use in relation to providing verification information for a transaction between an initiating party and a verification-seeking party, the verification information being given by a third, verifying party, based on confidential information ...