Searching over 5,500,000 cases.

Buy This Entire Record For $7.95

Download the entire decision to receive the complete text, official citation,
docket number, dissents and concurrences, and footnotes for this case.

Learn more about what you receive with purchase of this case.

StrikeForce Technologies, Inc. v. Gemalto, Inc.

United States District Court, D. Massachusetts

August 31, 2017




         In these intellectual property disputes, plaintiff StrikeForce Technologies, Inc., asserts infringement claims of U.S. Patents Nos. 8, 484, 698 (the '698 patent) and 8, 713, 701 (the '701 patent) against two sets of defendants: Gemalto, Inc., Gemalto N.V., and SafeNet, Inc. (collectively Gemalto); and Vasco Data Security, Inc. Given the similar subject matter, the parties elected to consolidate pre-trial proceedings. Accepting their proposal, the court bifurcated the Markman hearing and agreed to undertake pre-discovery claim construction of three groups of key disputed terms. See Markman v. Westview Instruments, Inc., 517 U.S. 370 (1996). The court received tutorials in the underlying technology and heard argument on August 30, 2017.


         Both the '698 and '701 patents are entitled “Multichannel Device Utilizing a Centralized Out-of-Band Authentication System (COBAS).” Both patents list Ram Pemmaraju as the sole inventor. The '698 patent was issued on July 9, 2013. The '701 patent was issued on April 29, 2014.

         The '701 patent's application is a continuation of the application that led to the issuance of the '698 patent.[1] Both patents are directed to “[a] multichannel security system . . . for granting and denying access to a host computer in response to a demand from an access-seeking individual and computer.” '698 patent, Abstract. According to the inventor, at the time of the invention, computer security “access control products authenticate[d] only the user and not the location.” Id. col. 2, ll. 40-41.

Typically, access-control security products [such as simple password, random password, and biometric systems] are in-band authentication systems with the data and the authentication information on the same network. Thus, upon accessing a computer, a computer prompt requests that you enter your password and, upon clearance, access is granted. In this example, all information exchanged is on the same network or in-band. The technical problem created thereby is that the hacker is in a self-authenticating environment.

Id. col. 2, ll. 31-36. Dialing back to the originating modem was a feasible means of location verification when computer networks could be accessed only through modems. See Id. col. 2, ll. 42-45. However, today's computer networks are typically accessible by modem-independent internet connections and “there is no necessary connection between the internet address and a location.” Id. col. 2, ll. 46-53.

         The asserted patents address the perceived security weakness through a “unique combination of user and host authentication.” Id. col. 4, ll. 34-35.

The security system of the present invention is out-of-band with respect to the host computer and is configured to intercept requests for access. The first step in controlling the incoming access flow is a user authentication provided in response to prompts for a user identification and password. After verification at the security system, the system operating in an out-of-band mode, uses telephone dialup for location authentication and user authentication via a password entered using a telephone keypad.

Id. col. 4, ll. 34-42. Figure 1A, reproduced below, exemplifies an embodiment of the invention in a wide area network (WAN) environment.

         (Image Omitted)

         Here the accessor is the computer equipment 22, including the central processing unit and the operating system thereof, and the person or user 24 whose voice is transmittable by the telephone 26 over telephone lines 28. The access network 30 is constructed in such a manner that, when user 24 requests access to a web page 32 located at a host computer or web server 34 through computer 22, the request-for-access is diverted by a router 36 internal to the corporate network 38 to an out-of-band security network 40. Authentication occurs in the out-of-band security network 40.

         Id. col. 6, ll. 33-43.

         The patents also disclose embodiments in local area network (LAN) and internet settings. The second embodiment is “applied to the intranet in which an internal accessor in a local area network seeks entry into a restricted portion of the host system.” Id. col. 5, ll. 46-48.

The access network 230 is constructed in such a manner that, when user 224 requests access to a high security database 232 located at a host computer 234 through computer 222, the request-for-access is diverted by a router 236 internal to the corporate network 238 to an out-of-band security network 240. Here the emphasis is upon right-to-know classifications within an organization rather than on avoiding entry by hackers.

Id. col. 12, ll. 43-50; see also Fig. 10. “Th[e third] embodiment describes the application of the security system to access over the Internet.” Id. col. 12, ll. 65-67.

The [is the] case of [a] user accessing a web application, such as an online banking application, (located on a web server 334) over the internet 330. The user from a computer 322 accesses the web application over an access channel and enters their USER Id. The web server 334 sends the USER ID to the security system 340, also referred to as the centralized out-of-band authentication system (COBAS). COBAS 340 proceeds with authenticating the user through the user's cellular telephone over an authentication channel. The security system 340 calls the access-seeking user at the cellular telephone 326. The user answers the phone and is prompted to enter a password for password verification and to enter a biometric identifier, such as a fingerprint. The security system 340 authenticates the user and sends the result to the web server 334. Upon a positive authentication and after disconnecting from the authentication channel, access is granted along the access channel to the USER'S PC device 322.

Id. col. 13, ll. 7-23; see also Fig. 11.[2]

         Claim 1 of each asserted patent is emblematic.

         '698 patent claim 1.

         A software method for employing a multichannel security system to control access to a computer, comprising the steps of:

receiving at an interception device in a first channel a login identification demand to access a host computer also in the first channel;
verifying the login identification;
receiving at a security computer in a second channel the demand for access and the login identification;
outputting from the security computer a prompt requesting transmission of data;
receiving the transmitted data at the security computer;
comparing the transmitted data to predetermined data; and
depending on the comparison of the transmitted and the predetermined data, outputting an instruction from the security computer to the host computer to grant access ...

Buy This Entire Record For $7.95

Download the entire decision to receive the complete text, official citation,
docket number, dissents and concurrences, and footnotes for this case.

Learn more about what you receive with purchase of this case.