Case 6:22-cv-00940-ADA Document 1 Filed 09/12/22 Page 1 of 69
`
`IN THE UNITED STATES DISTRICT COURT
`FOR THE WESTERN DISTRICT OF TEXAS
`WACO DIVISION
`
`
`
`TEXTILE COMPUTER SYSTEMS, INC.,
`
`
`Plaintiff,
`
`
`v.
`
`
`TRUIST BANK,
`
`
`
`CIVIL ACTION NO. 6:22-cv-940
`
`ORIGINAL COMPLAINT FOR
`PATENT INFRINGEMENT
`
`JURY TRIAL DEMANDED
`
`
`Defendant.
`
`
`
`
`
`
`
`ORIGINAL COMPLAINT FOR PATENT INFRINGEMENT
`
`Plaintiff Textile Computer Systems, Inc. (“Textile” or “Plaintiff”) files this original
`
`complaint against Defendant Truist Bank (“Truist”), alleging, based on its own knowledge as to
`
`itself and its own actions and based on information and belief as to all other matters, as follows:
`
`PARTIES
`
`1.
`
`Textile Computer Systems, Inc. is a corporation formed under the laws of the
`
`State of Texas, with a place of business at 6517 Springwood Court, Temple, Texas, 76502.
`
`2.
`
`3.
`
`Truist Bank is a state bank with places of business in San Antonio, Texas.
`
`Truist and its affiliates lead and are part of an interrelated group of companies
`
`which together comprise one of the country’s largest banking and financial service entities,
`
`including under the Truist and BB&T brands.
`
`4.
`
`Truist and its affiliates are part of the same corporate structure for the making,
`
`offering, and using of the accused instrumentalities in the United States, including in the State of
`
`Texas generally and this judicial district in particular.
`
`

`

`Case 6:22-cv-00940-ADA Document 1 Filed 09/12/22 Page 2 of 69
`
`5.
`
`Truist and its affiliates have common ownership and share advertising platforms,
`
`facilities, systems, and platforms, and accused instrumentalities and instrumentalities involving
`
`related technologies.
`
`6.
`
`Truist and its affiliates regularly contract with customers and other financial
`
`institutions and payment networks regarding equipment or services that will be provided by their
`
`affiliates on their behalf.
`
`7.
`
`Thus, Truist and its affiliates operate as a unitary business venture and are jointly
`
`and severally liable for the acts of patent infringement alleged herein.
`
`JURISDICTION AND VENUE
`
`8.
`
`This is an action for infringement of United States patents arising under 35 U.S.C.
`
`§§ 271, 281, and 284–85, among others. This Court has subject matter jurisdiction of the action
`
`under 28 U.S.C. § 1331 and § 1338(a).
`
`9.
`
`This Court has personal jurisdiction over Truist pursuant to due process and/or the
`
`Texas Long Arm Statute because, inter alia, (i) Truist has done and continues to do business in
`
`Texas; and (ii) Truist has committed and continues to commit acts of patent infringement in the
`
`State of Texas, including making and/or using the accused instrumentality in Texas, including by
`
`Internet and via branch offices and other branch locations, inducing others to commit acts of
`
`patent infringement in Texas, and/or committing a least a portion of any other infringements
`
`alleged herein.
`
`10.
`
`Venue is proper in this district pursuant to 28 U.S.C. § 1400(b). Venue is further
`
`proper because Truist has committed and continues to commit acts of patent infringement in this
`
`district. For example, Truist cardholders are issued debit and/or credit cards, and through using
`
`those debit and/or credit cards with certain digital payment systems, those cardholders make
`
`
`
`2
`
`
`
`

`

`Case 6:22-cv-00940-ADA Document 1 Filed 09/12/22 Page 3 of 69
`
`and/or use the accused instrumentalities in the district. Truist induces others to commit acts of
`
`patent infringement in Texas, and/or commit at least a portion of any other infringements alleged
`
`herein in this district. Truist has regular and established places of business in this district,
`
`including at least at 1313 SE Military Drive, San Antonio, Texas 78214 and at 1000 NW Loop
`
`410, San Antonio, Texas 78213:
`
`
`(Source: https://www.truist.com/branch/tx/san-antonio/78214/1313-se-military-dr)
`
`
`
`
`
`
`3
`
`
`
`

`

`Case 6:22-cv-00940-ADA Document 1 Filed 09/12/22 Page 4 of 69
`
`
`(Source: screenshot from Google Maps Street View)
`
`
`(Source: https://www.truist.com/branch/tx/san-antonio/78213/1000-nw-loop-410)
`
`
`
`
`4
`
`
`
`
`
`
`
`

`

`Case 6:22-cv-00940-ADA Document 1 Filed 09/12/22 Page 5 of 69
`
`
`
`
`(Source: screenshot from Google Maps Street View)
`
`BACKGROUND
`
`11.
`
`The patents-in-suit generally pertain to payment authorization technology used in
`
`payment networks used to process transactions from, for example, credit cards and debit cards.
`
`The technology disclosed by the patents was developed by Gopal Nandakumar, a Texas-based
`
`entrepreneur, software engineer, and prolific inventor with over 30 years of experience in the
`
`field of Information Management Systems.
`
`12.
`
`In 1987, after receiving Master’s Degrees from both the University of Madras,
`
`India and the Georgia Institute of Technology, Mr. Nandakumar formed Textile Computer
`
`Systems, Inc. (“Textile”) for the purpose of consulting and developing software for the textile
`
`industry. In 2005, Textile began transitioning into credit card transaction systems. In 2011,
`
`Textile began to develop and market the MySingleLink suite of applications.
`
`
`
`5
`
`
`
`

`

`Case 6:22-cv-00940-ADA Document 1 Filed 09/12/22 Page 6 of 69
`
`13.
`
`The Nandakumar patents are related to payment authorization technology. Mr.
`
`Nandakumar has been at the forefront of payment authorization, developing, disclosing, and
`
`patenting solutions for reducing fraud in credit and debit card transactions. Indeed, the
`
`Nandakumar patents (or the applications leading to them) have been cited during patent
`
`prosecution over a hundred times, including by numerous leading companies in the payment
`
`authorization industry such as ADP, Bank of America, Google, Groupon, IBM, Mastercard,
`
`NEC, Paypal, Visa, and Wells Fargo.
`
`THE TECHNOLOGY
`
`14.
`
`The patents-in-suit, U.S. Patent Nos. 8,505,079, 8,533,802, 10,148,659, and
`
`10,560,454 (collectively, the “Asserted Patents”), teach systems, including payment processing
`
`systems, for securely and effectively approving and processing specific credit card and/or debit
`
`card transactions. Through the specific use of servers, messaging gateways, and/or interfaces,
`
`these systems act to reduce credit card and/or debit card fraud and misuse through their use and
`
`validation of key strings, authentication credentials, transaction specific information, and
`
`transaction specific credentials. The technology in the Asserted Patents improves the underlying
`
`functionality of existing card processing infrastructure by minimizing fraud and data theft in the
`
`face of attacks on payment systems that continue to grow in their number and sophistication.
`
`15.
`
`The patented improvements are critical for implementing secure payment
`
`systems, especially in light of the many high-profile merchant data breaches that have led to
`
`increased credit and debit card fraud. For example, in 2006, TJX Companies, who owns retailers
`
`like TJMaxx and Marshall’s, was hit with a cyber attack that resulted in the theft of credit cards
`
`leading to over $100 million in fraud losses. In 2013, five people were indicted for attacking a
`
`number of retailers and financial institutions including NASDAQ, 7-Eleven, JCP, and others,
`
`
`
`6
`
`
`
`

`

`Case 6:22-cv-00940-ADA Document 1 Filed 09/12/22 Page 7 of 69
`
`stealing over 160 million cards. Also in 2013, the retailer Target suffered a data breach that
`
`resulted in 40 million debit and credit cards being compromised.
`
`16.
`
`One implementation of the technology claimed in the Asserted Patents has been
`
`described by EMVCo as “a global Payment Tokenisation ecosystem that overlays and
`
`interoperates with existing payment ecosystems to support digital commerce and new methods of
`
`payment” and as “enhanc[ing] the underlying security of digital payments by potentially limiting
`
`the risk typically associated with compromised, unauthorized or fraudulent use of PANs.”
`
`(Source: https://www.emvco.com/emv-technologies/payment-tokenisation/).
`
`17.
`
`The technology claimed in the Asserted Patents is far from conventional
`
`technology. The payment industry gathered and consulted experts who worked together over a
`
`number of years to develop infringing payment tokenisation systems. In other words, the
`
`technology claimed in the Asserted Patents was not existing or conventional technology that the
`
`payment industry had sitting on the shelf.
`
`18.
`
`Indeed, as recently as February of this year, EMVCo itself recognized that an
`
`implementation of the technology claimed in the Asserted Patents “provides a technology
`
`solution for protecting the PAN and securing digital and online payments”:
`
`
`
`7
`
`
`
`
`
`

`

`Case 6:22-cv-00940-ADA Document 1 Filed 09/12/22 Page 8 of 69
`
`(Source: https://www.emvco.com/wp-content/uploads/documents/Quick-Resource_How-EMV-
`
`Specifications-Support-Online-Commerce.pdf)
`
`19.
`
`That same EMVCo document notes that “In today’s connected world, protecting
`
`data can be challenging. A particularly sensitive piece of payment data when shopping online is
`
`the primary account number (PAN) – the number on payment cards that is used to make
`
`purchases” and that EMVCo’s payment tokenization “enhances the underlying security of digital
`
`and online payments by limiting the risk of the PAN being compromised or used fraudulently /
`
`without authorization.” The document also states that the “Payment Tokenisation Specification
`
`provides an interoperable Technical Framework.” (Source: https://www.emvco.com/wp-
`
`content/uploads/documents/Quick-Resource_How-EMV-Specifications-Support-Online-
`
`Commerce.pdf)
`
`20.
`
`One of the asserted patents, the 079 Patent, was challenged in an Inter Partes
`
`Review proceeding before the Patent and Trademark Office (“PTO”). The PTO found that the
`
`challenger, Unified Patents Inc., was unable to show that one element, the “key string” as
`
`claimed in the 079 Patent claims and as construed by the PTO, was in the prior art at all, much
`
`less it being conventional or widespread. The PTO thus confirmed the patentability of all
`
`challenged claims of the 079 Patent.
`
`
`
`8
`
`
`
`

`

`Case 6:22-cv-00940-ADA Document 1 Filed 09/12/22 Page 9 of 69
`
`COUNT I
`
`INFRINGEMENT OF U.S. PATENT NO. 8,505,079
`
`21.
`
`On August 6, 2013, United States Patent No. 8,505,079 (“the 079 Patent”) was
`
`duly and legally issued by the United States Patent and Trademark Office for an invention
`
`entitled “Authentication System and Related Method.”
`
`22.
`
`Textile is the owner of the 079 Patent, with all substantive rights in and to that
`
`patent, including the sole and exclusive right to prosecute this action and enforce the 079 Patent
`
`against infringers, and to collect damages for all relevant times.
`
`23.
`
`Truist offers debit and/or credit cards, such as the Truist Debit Cards and the
`
`Truist Visa Credit Cards, that are used with a Truist authentication system that authenticates the
`
`identity of a Truist card holder in a request to pay a merchant for a transaction (the “Accused
`
`Instrumentality”). The Truist card authentication system is implemented, in part, via EMVCo
`
`compliant tokens that are used in the transaction instead of the user’s debit and/or credit card
`
`number so that the user’s debit and/or credit card number is never transmitted or otherwise
`
`provided to the merchant thereby preventing the user’s debit and/or credit card number from
`
`being deliberately or unintentionally transferred from the merchant to a third-party such as
`
`through hacking, spoofing, or other man-in-the-middle vulnerabilities, for example. The
`
`requests are initiated by account holders via their smartphones, typically at an NFC (near field
`
`communication) merchant terminal and use those tokens, which are generated and communicated
`
`to the user’s smartphone by the system, and wherein each account held by the user has its own
`
`token.
`
`
`
`9
`
`
`
`

`

`Case 6:22-cv-00940-ADA Document 1 Filed 09/12/22 Page 10 of 69
`
`(Source: https://www.truist.com/digital-banking/contactless-payments)
`
`
`
`
`
`10
`
`
`
`
`
`
`
`

`

`Case 6:22-cv-00940-ADA Document 1 Filed 09/12/22 Page 11 of 69
`
`
`
`
`
`(Source: https://www.truist.com/digital-banking/contactless-payments)
`
`(Source: https://www.truist.com/digital-banking/contactless-payments)
`
`
`
`11
`
`
`
`

`

`Case 6:22-cv-00940-ADA Document 1 Filed 09/12/22 Page 12 of 69
`
`
`
`
`
`…
`
`(Source: https://www.truist.com/money-mindset/principles/protecting-what-matters/protecting-
`
`personal-data)
`
`
`
`12
`
`
`
`

`

`Case 6:22-cv-00940-ADA Document 1 Filed 09/12/22 Page 13 of 69
`
`Case 6:22-cv-00940-ADA Document1 Filed 09/12/22 Page 13 of 69
`
`5.1.1 Provisioning to Device-Centric Wallets
`
`Figure5illustrates the token provisioning process for transactions that use an NFC-enabled mobile
`phone with a device-centric digital wallet.
`
`i
`
`\uir
`
`Ac count Status
`ie
`ry
`ry
`pw =
`r
`(with Full ID&V)
`Issuer
`
`
`
`Token
`_
`Service
`PAN
`| Provider
`
`1—
`
`NFC-Enabled
`Mobile Phone
`.
`.
`with Device-
`Centric Wallet
`
`Payment
`ven
`a
`6
`——.
`
`visa @
`DISC@VER
`hy
`=
`‘
`
`_
`
`-
`
`T
`
`Figure 5. Token Provisioning for an NFC-Enabled Phone with a Device-Centric Wallet
`
`During provisioning, the following steps occur:
`
`1. When the cardholder initiates a request to register a card, the digital wallet application issues a
`
`
`
`request to the TSP to enroll and provision the card.
`
`
`
`13
`
`
`
`

`

`Case 6:22-cv-00940-ADA Document 1 Filed 09/12/22 Page 14 of 69
`
`(Source: https://www.uspaymentsforum.org/wp-content/uploads/2019/06/EMV-Payment-
`
`Tokenization-Primer-Lessons-Learned-FINAL-June-2019.pdf)
`
`
`
`
`
`14
`
`
`
`

`

`Case 6:22-cv-00940-ADA Document 1 Filed 09/12/22 Page 15 of 69
`
`Case 6:22-cv-00940-ADA Document1 Filed 09/12/22 Page 15 of 69
`
`5.1.2 Transaction Processing (POS Contactless, Device-Centric Wallet)
`
`Figure6illustrates the processing for in-store EMV contactless transactions using an NFC-enabled
`mobile phone with a device-centric digital wallet at a POS.
`
`
`
`Figure 6. Processing a Contactless EMV Transaction Using an NFC-Enabled Device-Centric Digital Wallet
`
`
`
`During the transaction, the following steps occur:
`
`
`
`15
`
`
`
`

`

`Case 6:22-cv-00940-ADA Document 1 Filed 09/12/22 Page 16 of 69
`
`
`
`(Source: https://www.uspaymentsforum.org/wp-content/uploads/2019/06/EMV-Payment-
`
`Tokenization-Primer-Lessons-Learned-FINAL-June-2019.pdf)
`
`24.
`
`The Accused Instrumentality includes an authentication system for authenticating
`
`the identity of a requester of access by an unauthorized service client to a secured resource. For
`
`example, a Truist account holder requests Truist to provision a specific Truist debit and/or credit
`
`card for use on his or her mobile device. The account holder can then request for payment to be
`
`made to a specific merchant in a specific amount for a specific transaction from a specific Truist
`
`card account of the account holder using his or her smartphone when near the NFC merchant
`
`terminal at a checkout counter. In initiating the request, the account holder’s smartphone receives
`
`
`
`16
`
`
`
`

`

`Case 6:22-cv-00940-ADA Document 1 Filed 09/12/22 Page 17 of 69
`
`certain transaction specific information from the merchant terminal, which is incorporated into a
`
`cryptogram generated by the smartphone that it transmits to the merchant’s terminal, along with
`
`the token value, for forwarding to a messaging gateway. The merchant also inputs into the
`
`request the token value that was transmitted from the user’s smartphone to the merchant’s
`
`terminal using NFC. Thus, the request messages will include both the transaction specific
`
`cryptogram as well as token and transaction specific information sent, some of which was used
`
`in making the cryptogram.
`
`25.
`
`The Accused Instrumentality comprises a messaging gateway having a first set of
`
`instructions embodied in a computer readable medium, said first set of instructions operable to
`
`receive from a requester purporting to be an authorized user of a secured resource a request for
`
`access by an unauthorized service client to said secured resource. For example, the Accused
`
`Instrumentality includes a messaging gateway that is programmed to receive requests initiated by
`
`Truist card account holders for provisioning a specific Truist debit and/or credit card for use on
`
`their mobile devices. The messaging gateway is also programmed to receive requests initiated
`
`by Truist card account holders for payment to be made to a specific merchant in a specific
`
`amount for a specific transaction from a specific Truist card account of the account holder. This
`
`messaging gateway is either hosted directly by Truist or through an agent with whom Truist has
`
`contracted to receive the messages.
`
`26.
`
`The Accused Instrumentality includes a server in secure communication with said
`
`messaging gateway, said server having a second set of instructions embodied in a computer
`
`readable medium operable to determine a key string known to both said secured resource and the
`
`authorized user said requestor purports to be, said key string being adapted to provide a basis for
`
`authenticating the identity of said requester. For example, behind the firewall of the messaging
`
`
`
`17
`
`
`
`

`

`Case 6:22-cv-00940-ADA Document 1 Filed 09/12/22 Page 18 of 69
`
`gateway and in secure communication therewith is an authorization server that processes the
`
`received request to identify the token value sent for the account selected to be charged that was
`
`passed from the authorized user to the merchant terminal via the NFC communication link.
`
`From the token value, the server can look up the debit and/or credit card account number. The
`
`authorization server is either hosted directly by Truist or through an agent with whom Truist has
`
`contracted to provide the authentication services.
`
`27.
`
`The Accused Instrumentality includes a service user interface in communication
`
`with said server, said service user interface having a third set of instructions embodied in a
`
`computer readable medium operable to receive input from said unauthorized service client. For
`
`example, the authorization server includes an interface with programming instructions to also
`
`receive within the payment authorization request transaction specific information that was input
`
`into the request by the merchant. The interface is either hosted directly by Truist or through an
`
`agent with whom Truist has contracted to provide the authentication services.
`
`28.
`
`The Accused Instrumentality includes a second set of instructions further operable
`
`to receive an authentication credential from said unauthorized service client associated with said
`
`request for access, said authentication credential having been provided to said unauthorized
`
`service client by said requester. For example, the authorization server is also programmed to
`
`identify within the payment authorization request the cryptogram that was passed by the user to
`
`the merchant and the authorization server will use the cryptogram to authenticate that the request
`
`originated with the actual account holder.
`
`29.
`
`The Accused Instrumentality includes a second set of instructions further operable
`
`to evaluate said authentication credential to authenticate the identity of said requestor. For
`
`example, the authorization server uses the token value and other transaction information received
`
`
`
`18
`
`
`
`

`

`Case 6:22-cv-00940-ADA Document 1 Filed 09/12/22 Page 19 of 69
`
`to evaluate the cryptogram. If the cryptogram is valid, the authorization server authenticates the
`
`identity of requestor as the actual account holder.
`
`30. Moreover, Plaintiff alleges that each of these elements are present in the Accused
`
`Instrumentality either literally or under the doctrine of equivalents if anywhere determined not to
`
`be literally present. For example, if a function literally claimed to be performed by a given
`
`element, such as a particular server or set of instructions, is conducted in the accused system by
`
`another server or another set of instructions, Plaintiff alleges that this would be an infringement
`
`under the doctrine of equivalents because the two would be substantially the same and would be
`
`performing the same function in the same way to arrive at the same result.
`
`31.
`
`Defendants thus infringe one or more of the claims of the 079 Patent. For
`
`example, the elements and conduct described herein are covered by and infringe upon at least
`
`Claim 1 of the 079 Patent. Thus, Defendant’s use, manufacture, sale, and/or offer for sale of the
`
`Accused Instrumentality is enabled by the system described in the 079 Patent.
`
`32.
`
`Truist has directly infringed and continues to directly infringe (either literally or
`
`under the doctrine of equivalents) at least Claim 1 of the 079 Patent, in violation of 35 U.S.C. §
`
`271(a), by making, using, offering for sale, and/or selling the Accused Instrumentality without
`
`authority in the United States and will continue to do so unless enjoined by this Court.
`
`33.
`
`Truist has indirectly infringed and continues to indirectly infringe (either literally
`
`or under the doctrine of equivalents) at least Claim 1 of the 079 Patent, in violation of 35 U.S.C.
`
`§ 271(b), by actively inducing the infringement of the 079 Patent by others and Truist will
`
`continue to do so unless enjoined by this Court. Truist’s deliberate and/or willfully blind actions
`
`include, but are not limited to, actively marketing to, supplying, causing the supply to,
`
`encouraging, recruiting, and instructing others such as consumers, businesses, distributors,
`
`
`
`19
`
`
`
`

`

`Case 6:22-cv-00940-ADA Document 1 Filed 09/12/22 Page 20 of 69
`
`agents, sales representatives, end-users, account holders and customers to use, make available for
`
`another’s use, promote, market, distribute, import, sell and/or offer to sell the Accused
`
`Instrumentality. These actions, individually and/or collectively, have induced and continue to
`
`induce the direct infringement of the 079 Patent by others such as consumers, businesses,
`
`distributors, agents, sales representatives, end-users, account holders and customers. Truist knew
`
`and/or was willfully blind to the fact that the induced parties’ use, making available for another’s
`
`use, promotion, marketing, distributing, importing, selling and/or offering to sell the Accused
`
`Instrumentality would infringe the 079 Patent.
`
`34.
`
`Truist continues to make, use, make available for another’s use, or sell or offer to
`
`sell, the Accused Instrumentality, and/or continues to induce others such as consumers,
`
`businesses, distributors, agents, sales representatives, account holders, end users and customers
`
`to infringe one or more claims of the 079 Patent.
`
`35.
`
`Truist has indirectly infringed and continues to indirectly infringe (either literally
`
`or under the doctrine of equivalents) at least Claim 1 of the 079 Patent, in violation of 35 U.S.C.
`
`§ 271(c), by contributing to the direct infringement of the 079 Patent by others, such as
`
`consumers, businesses, distributors, agents, sales representatives, end-users, account holders and
`
`customers, by offering to sell or selling within the United States the Accused Instrumentality
`
`which is a component of a patented machine, manufacture, combination, or composition, or a
`
`material or apparatus for use in practicing a patented process, constituting a material part of the
`
`invention, knowing the same to be especially made or especially adapted for use in an
`
`infringement of such patent, and not a staple article or commodity of commerce suitable for
`
`substantial non-infringing use.
`
`36.
`
`Truist has committed these acts of infringement without license or authorization.
`
`
`
`20
`
`
`
`

`

`Case 6:22-cv-00940-ADA Document 1 Filed 09/12/22 Page 21 of 69
`
`37.
`
`By engaging in the conduct described herein, Truist has caused injury to Textile
`
`and Textile has been damaged and continues to be damaged as result thereof and Truist is thus
`
`liable to Textile for infringement of the 079 Patent, pursuant to 35 U.S.C. § 271.
`
`38.
`
`As a direct and proximate result of Truist’s infringement of the 079 Patent,
`
`Textile has suffered monetary damages and is entitled to a monetary judgment in an amount
`
`adequate to compensate Textile for Truist’s past infringement pursuant to 35 U.S.C. § 284, but in
`
`no event less than a reasonable royalty, together with interest and costs.
`
`39.
`
`In addition, the infringing acts and practices of Truist have caused, are causing,
`
`and, unless such acts or practices are enjoined by the Court, will continue to cause immediate
`
`and irreparable harm and damage to Textile for which there is no adequate remedy at law, and
`
`for which Truist is entitled to injunctive relief pursuant to 35 U.S.C. § 283. As such, Textile is
`
`entitled to compensation for any continuing and/or future infringement up until the date that
`
`Truist is finally and permanently enjoined from further infringement.
`
`40.
`
`Truist has had actual knowledge of the 079 Patent at least as of the date when it
`
`was notified of the filing of this action. By the time of trial, Truist will have known and intended
`
`(since receiving such notice) that its continued actions would infringe and actively induce and
`
`contribute to the infringement of one or more claims of the 079 Patent.
`
`41.
`
`Truist has also indirectly and willfully infringed, and continues to indirectly and
`
`willfully infringe, the 079 Patent, as explained further below in the “Additional Allegations
`
`Regarding Infringement” section.
`
`42.
`
`Textile has been damaged as a result of the infringing conduct by Truist alleged
`
`above. Thus, Truist is liable to Textile in an amount that adequately compensates it for such
`
`
`
`21
`
`
`
`

`

`Case 6:22-cv-00940-ADA Document 1 Filed 09/12/22 Page 22 of 69
`
`infringements, which, by law, cannot be less than a reasonable royalty, together with interest and
`
`costs as fixed by this Court under 35 U.S.C. § 284.
`
`43.
`
`Textile is entitled to collect pre-filing damages for the full period allowed by law
`
`for infringement of the 079 Patent.
`
`COUNT II
`
`INFRINGEMENT OF U.S. PATENT NO. 8,533,802
`
`44.
`
`On September 10, 2013, United States Patent No. 8,533,802 (“the 802 Patent”)
`
`was duly and legally issued by the United States Patent and Trademark Office for an invention
`
`entitled “Authentication System and Related Method.”
`
`45.
`
`Textile is the owner of the 802 Patent, with all substantive rights in and to that
`
`patent, including the sole and exclusive right to prosecute this action and enforce the 802 Patent
`
`against infringers, and to collect damages for all relevant times.
`
`46.
`
`Truist offers debit and/or credit cards, such as the Truist Debit Cards and the
`
`Truist Visa Credit Cards, that are used with a Truist authentication system that authenticates the
`
`identity of a Truist card holder in a request to pay a merchant for a transaction (the “Accused
`
`Instrumentality”). The Truist card authentication system is implemented, in part, via EMVCo
`
`compliant tokens that are used in the transaction instead of the user’s debit and/or credit card
`
`number so that the user’s debit and/or credit card number is never transmitted or otherwise
`
`provided to the merchant thereby preventing the user’s debit and/or credit card number from
`
`being deliberately or unintentionally transferred from the merchant to a third-party such as
`
`through hacking, spoofing, or other man-in-the-middle vulnerabilities. The requests are initiated
`
`by account holders via their smartphones, typically at an NFC (near field communication)
`
`
`
`22
`
`
`
`

`

`Case 6:22-cv-00940-ADA Document 1 Filed 09/12/22 Page 23 of 69
`
`merchant terminal and use those tokens, which are generated and communicated to the user’s
`
`smartphone by the system, and wherein each account held by the user has its own token.
`
`(Source: https://www.truist.com/digital-banking/contactless-payments)
`
`
`
`
`
`23
`
`
`
`

`

`Case 6:22-cv-00940-ADA Document 1 Filed 09/12/22 Page 24 of 69
`
`
`
`
`
`
`
`(Source: https://www.truist.com/digital-banking/contactless-payments)
`
`
`
`24
`
`
`
`

`

`Case 6:22-cv-00940-ADA Document 1 Filed 09/12/22 Page 25 of 69
`
`(Source: https://www.truist.com/digital-banking/contactless-payments)
`
`…
`
`
`
`25
`
`
`
`
`
`
`
`

`

`Case 6:22-cv-00940-ADA Document 1 Filed 09/12/22 Page 26 of 69
`
`(Source: https://www.truist.com/money-mindset/principles/protecting-what-matters/protecting-
`
`personal-data)
`
`
`
`
`
`
`
`26
`
`
`
`

`

`Case 6:22-cv-00940-ADA Document 1 Filed 09/12/22 Page 27 of 69
`
`(Source: https://www.uspaymentsforum.org/wp-content/uploads/2019/06/EMV-Payment-
`
`Tokenization-Primer-Lessons-Learned-FINAL-June-2019.pdf)
`
`
`
`
`
`27
`
`
`
`

`

`Case 6:22-cv-00940-ADA Document 1 Filed 09/12/22 Page 28 of 69
`
`Case 6:22-cv-00940-ADA Document1 Filed 09/12/22 Page 28 of 69
`
`5.1.2 Transaction Processing (POS Contactless, Device-Centric Wallet)
`
`Figure6illustrates the processing for in-store EMV contactless transactions using an NFC-enabled
`mobile phone with a device-centric digital wallet at a POS.
`
`
`
`Figure 6. Processing a Contactless EMV Transaction Using an NFC-Enabled Device-Centric Digital Wallet
`
`
`
`During the transaction, the following steps occur:
`
`
`
`28
`
`
`
`

`

`Case 6:22-cv-00940-ADA Document 1 Filed 09/12/22 Page 29 of 69
`
`
`
`(Source: https://www.uspaymentsforum.org/wp-content/uploads/2019/06/EMV-Payment-
`
`Tokenization-Primer-Lessons-Learned-FINAL-June-2019.pdf)
`
`47.
`
`The Accused Instrumentality includes an authentication system for authenticating
`
`the identity of a requester of access by an unauthorized service client to a secured resource. For
`
`example, a Truist account holder requests Truist to provision a specific Truist debit and/or credit
`
`card for use on his or her mobile device. The account holder can then request for payment to be
`
`made to a specific merchant in a specific amount for a specific transaction from a specific Truist
`
`card account of the account holder using his or her smartphone when near the NFC merchant
`
`terminal at a checkout counter. In initiating the request, the account holder’s smartphone receives
`
`
`
`29
`
`
`
`

`

`Case 6:22-cv-00940-ADA Document 1 Filed 09/12/22 Page 30 of 69
`
`certain transaction specific information from the merchant terminal, which is incorporated into a
`
`cryptogram generated by the smartphone that it transmits to the merchant’s terminal, along with
`
`the token value, for forwarding to a messaging gateway. The merchant also inputs into the
`
`request the token value that was transmitted from the user’s smartphone to the merchant’s
`
`terminal using NFC. Thus, the request messages will include both the transaction specific
`
`cryptogram as well as token and transaction specific information sent, some of which was used
`
`in making the cryptogram.
`
`48.
`
`The Accused Instrumentality comprises a messaging gateway having a first set of
`
`instructions embodied in a computer readable medium, said first set of instructions operable to
`
`receive from a requester purporting to be an authorized user of a secured resource a request for
`
`access by an unauthorized service client to said secured resource. For example, the Accused
`
`Instrumentality includes a messaging gateway that is programmed to receive requests initiated by
`
`Truist card account holders for provisioning a specific Truist debit and/or credit card for use on
`
`their mobile devices. This messaging gateway is either hosted directly by Truist or through an
`
`agent with whom Truist has contracted to receive the messages.
`
`49.
`
`The Accused Instrumentality includes a server in secure communication with said
`
`messaging gateway, said server having a second set of instructions embodied in a computer
`
`readable medium operable to generate a key string adapted to provide a basis for authenticating
`
`the identity of said requester. For example, behind the firewall of the message gateway and in
`
`secure communication therewith is an authorization server that generates a token corresponding
`
`to the debit and/or credit card account number. The authorization server is either hosted directly
`
`by Truist or through an agent with whom Truist has contracted to provide the authentication
`
`services.
`
`
`
`30
`
`
`
`

`

`Case 6:22-cv-00940-ADA Document 1 Filed 09/12/22 Page 31 of 69
`
`50.
`
`The Accused Instrumentality includes a service user interface in communication
`
`with said server, said service user interface having a third set of instructions embodied in a
`
`computer readable medium operable to receive