`
`
`
`United States Court of Appeals
`for the Federal Circuit
`______________________
`
`UNIVERSAL SECURE REGISTRY LLC,
`Plaintiff-Appellant
`
`v.
`
`APPLE INC., VISA INC., VISA U.S.A. INC.,
`Defendants-Appellees
`______________________
`
`2020-2044
`______________________
`
`Appeal from the United States District Court for the
`District of Delaware in No. 1:17-cv-00585-CFC-SRF, Judge
`Colm F. Connolly.
`______________________
`
`Decided: August 26, 2021
`______________________
`
`KATHLEEN M. SULLIVAN, Quinn Emanuel Urquhart &
`Sullivan, LLP, New York, NY, argued for plaintiff-appel-
`lant. Also represented by BRIAN MACK, KEVIN ALEXANDER
`SMITH, San Francisco, CA; TIGRAN GULEDJIAN,
`CHRISTOPHER MATHEWS, Los Angeles, CA.
`
` MARK D. SELWYN, Wilmer Cutler Pickering Hale and
`Dorr LLP, Palo Alto, CA, argued for defendant-appellee
`Apple Inc. Also represented by LIV LEILA HERRIOT,
`THOMAS GREGORY SPRANKLING; MONICA GREWAL, Boston,
`MA.
`
`
`
`
`Case: 20-2044 Document: 56 Page: 2 Filed: 08/26/2021
`
`2
`
`UNIVERSAL SECURE REGISTRY LLC v. APPLE INC.
`
` STEFFEN NATHANAEL JOHNSON, Wilson, Sonsini,
`Goodrich & Rosati, PC, Washington, DC, argued for de-
`fendants-appellees Visa Inc., Visa U.S.A. Inc. Also repre-
`sented by MATTHEW A. ARGENTI, JAMES C. YOON, Palo Alto,
`CA.
` ______________________
`
`Before TARANTO, WALLACH,* and STOLL, Circuit Judges.
`STOLL, Circuit Judge.
`Universal Secure Registry LLC (USR) appeals the
`United States District Court for the District of Delaware’s
`dismissal of certain patent infringement allegations
`against Apple Inc., Visa Inc., and Visa U.S.A. Inc. (collec-
`tively, “Apple”) under Rule 12(b)(6) of the Federal Rules of
`Civil Procedure. The district court held all claims of four
`asserted patents owned by USR ineligible under 35 U.S.C.
`§ 101. Because we conclude that all claims of the asserted
`patents are directed to an abstract idea and that the claims
`contain no additional elements that transform them into a
`patent-eligible application of the abstract idea, we affirm.
`BACKGROUND
`I
`USR sued Apple for allegedly infringing all claims of
`U.S. Patent Nos. 8,856,539; 8,577,813; 9,100,826; and
`9,530,137 (collectively, the “asserted patents”). The
`’137 patent is a continuation of the ’826 patent. Although
`the patents are otherwise unrelated, they are directed to
`similar technology—securing electronic payment transac-
`tions. As USR explained in its opening brief, its patents
`“address the need for technology that allows consumers to
`conveniently make payment-card
`[e.g., credit card]
`
`
`* Circuit Judge Evan J. Wallach assumed senior sta-
`tus on May 31, 2021.
`
`
`
`Case: 20-2044 Document: 56 Page: 3 Filed: 08/26/2021
`
`UNIVERSAL SECURE REGISTRY LLC v. APPLE INC.
`
`3
`
`transactions without a magnetic-stripe reader and with a
`high degree of security.” Appellant’s Br. 7. “For example,
`it allows a person to purchase goods without providing
`credit card information to the merchant, thereby prevent-
`ing the credit card information from being stolen or used
`fraudulently.” Id. at 9.
`
`II
`Apple moved to dismiss the complaint under Federal
`Rule of Civil Procedure 12(b)(6), arguing that the asserted
`patents claimed patent-ineligible subject matter under
`35 U.S.C. § 101. The magistrate judge determined that all
`the representative claims are directed to a non-abstract
`idea. Universal Secure Registry, LLC v. Apple Inc., No. 17-
`cv-00585, 2018 WL 4502062, at *8–11 (D. Del. Sept. 19,
`2018). The magistrate judge explained that the ’539 patent
`claims are “not directed to an abstract idea because ‘the
`plain focus of the claims is on an improvement to computer
`functionality itself, not on economic or other tasks for
`which a computer is used in its ordinary capacity.’” Id.
`at *8 (quoting Visual Memory LLC v. NVIDIA Corp.,
`867 F.3d 1253, 1258 (Fed. Cir. 2017)). Of particular im-
`portance to the magistrate judge was the conclusion that
`the claimed invention provided a more secure authentica-
`tion system. See id. at *9.
`The district court disagreed, concluding that the repre-
`sentative claims fail at both steps one and two of Alice
`Corp. v. CLS Bank International, 573 U.S. 208 (2014). Uni-
`(USR) v. Apple
`Inc.,
`versal Secure Registry LLC
`469 F. Supp. 3d 231, 236–37 (D. Del. 2020). The district
`court explained that the claimed invention was directed to
`the abstract idea of “the secure verification of a person’s
`identity” and that the patents do not disclose an inventive
`concept—including an improvement in computer function-
`ality—that transforms the abstract idea into a patent-eli-
`gible application. Id. Accordingly, the district court
`
`
`
`Case: 20-2044 Document: 56 Page: 4 Filed: 08/26/2021
`
`4
`
`UNIVERSAL SECURE REGISTRY LLC v. APPLE INC.
`
`granted Apple’s motion to dismiss for failure to state a
`claim under Rule 12(b)(6). Id. at 240.
`USR appeals. We have jurisdiction under 28 U.S.C.
`§ 1295(a)(1).
`
`DISCUSSION
`We apply regional circuit law when reviewing a district
`court’s dismissal for failure to state a claim under
`Rule 12(b)(6). XY, LLC v. Trans Ova Genetics, LC,
`968 F.3d 1323, 1329 (Fed. Cir. 2020). The Third Circuit re-
`views such dismissals de novo, accepting as true all factual
`allegations in the complaint and viewing those facts in the
`light most favorable to the non-moving party. Klotz v. Ce-
`lentano Stadtmauer & Walentowicz LLP, 991 F.3d 458, 462
`(3d Cir. 2021) (citing Foglia v. Renal Ventures Mgmt., LLC,
`754 F.3d 153, 154 n.1 (3d Cir. 2014)).
`Patent eligibility under § 101 is a question of law based
`on underlying facts, so we review a district court’s ultimate
`conclusion on patent eligibility de novo. Interval Licensing
`LLC v. AOL, Inc., 896 F.3d 1335, 1342 (Fed. Cir. 2018). We
`have held that patent eligibility can be determined at the
`Rule 12(b)(6) stage “when there are no factual allegations
`that, taken as true, prevent resolving the eligibility ques-
`tion as a matter of law.” Aatrix Software, Inc. v. Green
`Shades Software, Inc., 882 F.3d 1121, 1125 (Fed. Cir.
`2018).
`
`I
`Section 101 defines patent-eligible subject matter as
`“any new and useful process, machine, manufacture, or
`composition of matter, or any new and useful improvement
`thereof.” 35 U.S.C. § 101. Long-standing judicial excep-
`tions, however, provide that laws of nature, natural phe-
`nomena, and abstract ideas are not eligible for patenting.
`ChargePoint, Inc. v. SemaConnect, Inc., 920 F.3d 759, 765
`(Fed. Cir. 2019) (citing Alice, 573 U.S. at 216).
`
`
`
`Case: 20-2044 Document: 56 Page: 5 Filed: 08/26/2021
`
`UNIVERSAL SECURE REGISTRY LLC v. APPLE INC.
`
`5
`
`The Supreme Court has articulated a two-step test for
`examining patent eligibility when a patent claim is alleged
`to involve one of these three types of subject matter. See
`Alice, 573 U.S. at 217–18. The first step of the Alice test
`requires a court to determine whether the claims at issue
`are directed to a patent-ineligible concept, such as an ab-
`stract idea. Id. at 218. “[T]he claims are considered in
`their entirety to ascertain whether their character as a
`whole is directed to excluded subject matter.” McRO, Inc.
`v. Bandai Namco Games Am. Inc., 837 F.3d 1299, 1312
`(Fed. Cir. 2016) (quoting Internet Pats. Corp. v. Active Net-
`work, Inc., 790 F.3d 1343, 1346 (Fed. Cir. 2015)). If the
`claims are directed to a patent-ineligible concept, the sec-
`ond step of the Alice test requires a court to “examine the
`elements of the claim to determine whether it contains an
`‘inventive concept’ sufficient to ‘transform’ the claimed ab-
`stract idea into a patent-eligible application.” Alice,
`573 U.S. at 221 (quoting Mayo Collaborative Servs. v. Pro-
`metheus Labs., Inc., 566 U.S. 66, 72, 78–79 (2012)). This
`inventive concept must do more than simply recite “well-
`understood, routine, conventional activity.”
` Mayo,
`566 U.S. at 79–80.
`In cases involving authentication technology, patent el-
`igibility often turns on whether the claims provide suffi-
`cient specificity to constitute an improvement to computer
`functionality itself. For example, in Secured Mail Solu-
`tions LLC v. Universal Wilde, Inc., we held that claims di-
`rected to using a marking (e.g., a conventional barcode)
`affixed to the outside of a mail object to communicate infor-
`mation about the mail object, including claims reciting a
`method for verifying the authenticity of the mail object,
`were abstract. 873 F.3d 905, 907, 910–11 (Fed. Cir. 2017).
`We explained that the claims were not directed to specific
`details of the barcode or of the equipment for generating
`and processing the barcode. See id. at 910. Nor was there
`a description of how the barcode was generated, or how
`that
`barcode was
`different
`from
`long-standing
`
`
`
`Case: 20-2044 Document: 56 Page: 6 Filed: 08/26/2021
`
`6
`
`UNIVERSAL SECURE REGISTRY LLC v. APPLE INC.
`
`identification practices. See id. At step two, we determined
`that there was no inventive concept that transformed the
`claimed abstract idea into a patent-eligible application of
`the abstract idea. See id. at 912. We explained that the
`claims recited well-known and conventional ways to verify
`an object using a barcode and to allow generic communica-
`tion between a sender and recipient using generic com-
`puter technology, and that the patents themselves
`suggested that all the hardware used was conventional.
`See id.
`In Electronic Communication Technologies, LLC
`v. ShoppersChoice.com, LLC, we drew a similar conclusion
`about claims focused on monitoring the location of a “mo-
`bile thing” and using authentication software to increase
`security. 958 F.3d 1178, 1181 (Fed. Cir. 2020). As to the
`authentication limitations—“namely, enabling a first party
`to input authentication information, storing the authenti-
`cation information, and providing the authentication infor-
`mation along with the advance notice of arrival to help
`ensure the customer that the notice was initiated by an au-
`thorized source”—we determined that these limitations
`were themselves abstract and thus were not an inventive
`concept. Id. We pointed to the specification, which stated
`that the claimed “authentication information” could be es-
`sentially any information recognizable to the party being
`contacted. Id. We also noted that businesses have long
`been recording customer information that would qualify as
`authentication information as broadly defined in the spec-
`ification. See id. at 1182.
`Similarly, in Solutran, Inc. v. Elavon, Inc., we held in-
`eligible claims that recited a method for electronically pro-
`cessing checks, which included electronically verifying the
`accuracy of a transaction to avoid check fraud, because the
`claims were directed to a long-standing commercial prac-
`tice of crediting a merchant’s account as soon as possible.
`931 F.3d 1161, 1163, 1167 (Fed. Cir. 2019). We recognized
`that the claims only recited conventional steps that were
`
`
`
`Case: 20-2044 Document: 56 Page: 7 Filed: 08/26/2021
`
`UNIVERSAL SECURE REGISTRY LLC v. APPLE INC.
`
`7
`
`not directed to an improvement to the way computers op-
`erate, noting that the patent specification explained that
`“verifying
`the accuracy of
`the
`transaction
`infor-
`mation . . . was already common.” Id. at 1167. At step two,
`we rejected the argument that reordering these conven-
`tional steps constituted an inventive concept, and held that
`using a general-purpose computer and scanner to perform
`the conventional activities of transaction verification does
`not amount to an inventive concept. Id. at 1168–69.
`Finally, in Prism Technologies LLC v. T-Mobile USA,
`Inc., the claims broadly recited “receiving” identity data of
`a client computer, “authenticating” the identity of the data,
`“authorizing” the client computer, and “permitting access”
`to the client computer. 696 F. App’x 1014, 1016 (Fed. Cir.
`2017). We held that the claims at issue were directed to
`the abstract idea of “providing restricted access to re-
`sources” because the claims did not cover a “concrete, spe-
`cific solution.” Id. at 1017. Rather, the claims merely
`recited generic steps typical of any conventional process for
`restricting access, including processes that predated com-
`puters. Id. At step two, we determined that the asserted
`claims recited conventional generic computer components
`employed in a customary manner such that they were in-
`sufficient to transform the abstract idea into a patent-eli-
`gible invention. Id.
`
`II
`With this precedent in mind, we turn to the patent
`claims at issue in this case. We address each patent in
`turn.
`
`A
`We first consider the claims of the ’539 patent. The
`’539 patent is titled “Universal Secure Registry” and ex-
`plains that most people carry multiple forms of identifica-
`tion to verify their identities and make purchases,
`’539 patent col. 1 ll. 53–67, but that they may not always
`
`
`
`Case: 20-2044 Document: 56 Page: 8 Filed: 08/26/2021
`
`8
`
`UNIVERSAL SECURE REGISTRY LLC v. APPLE INC.
`
`want to disclose their personal information during finan-
`cial transactions, id. at col. 2 ll. 1–27. Thus, the ’539 patent
`proposes “an identification system that will enable a per-
`son to be identified or verified . . . and/or authenticated
`without necessitating the provision of any personal infor-
`mation.” Id. at col. 2 l. 64–col. 3 l. 1. The patent purports
`to accomplish this goal through use of a Universal Secure
`Registry or “USR system or database . . . [that] may take
`the place of multiple conventional forms of identification.”
`Id. at col. 3 ll. 22–24. Access to the USR system may be
`gained through a user’s electronic ID device, which may be
`a smart card, cell phone, pager, wristwatch, computer, per-
`sonal digital assistant, key fob, or other commonly availa-
`ble electronic devices. Id. at col. 3 l. 64–col. 4 l. 4.
`One embodiment of the invention facilitates purchas-
`ing goods or services without revealing personal financial
`information to a merchant. See id. at col. 11 l. 46–col. 12
`l. 18. When a user initiates a purchase, the user enters a
`secret code in the user’s electronic ID device to cause the
`ID device to generate a one-time code. Id. at col. 11
`ll. 51–56. After the user presents the one-time code to the
`merchant, the merchant transmits the code, the store num-
`ber, the amount of the purchase, and the time of receipt to
`the credit card company. Id. at col. 11 ll. 56–59. The credit
`card company then passes the code to the USR system,
`which determines if the code is valid and, “if valid, accesses
`the user’s credit card information and transmits the appro-
`priate credit card number to the credit card company.” Id.
`at col. 11 ll. 59–65. The credit card company then checks
`the credit worthiness of the user and either “declines the
`card or debits the user’s account in accordance with its
`standard transaction processing system.” Id. at col. 12
`ll. 6–9. “The credit card company then notifies the mer-
`chant of the result of the transaction.” Id. at col. 12
`ll. 9–11.
`Claim 22 is representative of the ’539 patent claims
`at issue and states as follows:
`
`
`
`Case: 20-2044 Document: 56 Page: 9 Filed: 08/26/2021
`
`UNIVERSAL SECURE REGISTRY LLC v. APPLE INC.
`
`9
`
`22. A method for providing information to a pro-
`vider to enable transactions between the provider
`and entities who have secure data stored in a se-
`cure registry in which each entity is identified by a
`time-varying multicharacter code, the method com-
`prising:
`receiving a transaction request including at least
`the time-varying multicharacter code for an entity
`on whose behalf a transaction is to take place and
`an indication of the provider requesting the trans-
`action;
`mapping the time-varying multicharacter code to
`an identity of the entity using the time-varying
`multicharacter code;
`determining compliance with any access re-
`strictions for the provider to secure data of the en-
`tity for completing the transaction based at least in
`part on the indication of the provider and the time-
`varying multicharacter code of the transaction re-
`quest;
`accessing information of the entity required to per-
`form the transaction based on the determined com-
`pliance with any access restrictions for the
`provider, the information including account identi-
`fying information;
`providing the account identifying information to a
`third party without providing the account identify-
`ing information to the provider to enable or deny
`the transaction; and
`enabling or denying the provider to perform the
`transaction without the provider’s knowledge of
`the account identifying information.
`Id. at col. 20 ll. 4–31.
`
`
`
`Case: 20-2044 Document: 56 Page: 10 Filed: 08/26/2021
`
`10
`
`UNIVERSAL SECURE REGISTRY LLC v. APPLE INC.
`
`The district court held that claim 22 is not materially
`different from the claims at issue in Prism. As discussed
`above, in Prism, we determined that the claims were di-
`rected to the process of “(1) receiving identity data from a
`device with a request for access to resources; (2) confirming
`the authenticity of the identity data associated with that
`device; (3) determining whether the device identified is au-
`thorized to access the resources requested; and (4) if au-
`thorized, permitting access to the requested resources.”
`Prism, 696 F. App’x at 1017. Here, the district court stated
`that claim 22 requires the following steps:
`(1) “receiving” a transaction request with a time-
`varying multicharacter code and “an indication of”
`the merchant requesting the transaction; (2) “map-
`ping” the time-varying multicharacter code to the
`identity of the customer in question; (3) “determin-
`ing” whether the merchant’s access to the cus-
`tomer’s secure data complies with any restrictions;
`(4) “accessing” the customer’s account information;
`(5) “providing” the account identifying information
`to a third party without providing that information
`to the merchant; and (6) “enabling or denying” the
`merchant to perform the transaction without ob-
`taining knowledge of the customer’s identifying in-
`formation.
`USR, 469 F. Supp. 3d at 237. Based on the similarities be-
`tween these steps and those in the claims at issue in Prism,
`the district court determined that claim 22 is directed to
`“the abstract idea of obtaining the secure verification of a
`user’s identity to enable a transaction.” Id.
`While we see differences between claim 22 and the
`claims at issue in Prism, we agree with the district court
`that, like the claims at issue in Prism, claim 22 is directed
`to an abstract idea. The claims are directed to a method
`for enabling a transaction between a user and a merchant,
`where the merchant is given a time-varying code instead of
`
`
`
`Case: 20-2044 Document: 56 Page: 11 Filed: 08/26/2021
`
`UNIVERSAL SECURE REGISTRY LLC v. APPLE INC.
`
`11
`
`the user’s secure (credit card) information. The time-vary-
`ing code is used to access a database that indicates any re-
`strictions on the user’s transactions with the merchant and
`also allows a third party or credit card company to approve
`or deny the transaction based on the secure information
`without the provider gaining access to the secure infor-
`mation. In our view, the claims “simply recite conventional
`actions in a generic way” (e.g., receiving a transaction re-
`quest, verifying the identity of a customer and merchant,
`allowing a transaction) and “do not purport to improve any
`underlying technology.” Solutran, 931 F.3d at 1168. Ac-
`cordingly, the claims are directed to an abstract idea under
`Alice step one.
`USR cites Ancora Technologies, Inc. v. HTC America,
`Inc., to assert that the claims’ recitation of a time-varying
`multicharacter code used in combination with additional
`intermediaries constitutes a specific technique that de-
`parts from earlier approaches to solve a specific computer
`problem. 908 F.3d 1343 (Fed. Cir. 2018). We are unper-
`suaded. In Ancora, the claimed invention identified a spe-
`cific technique for addressing the vulnerability of license-
`authorization software to hacking in an unexpected way—
`by storing the software license record in the computer’s
`BIOS memory. Id. at 1348–49. Using the BIOS memory
`to assist with software verification was unexpected because
`it had never previously been used in that way. Id. The
`claimed invention of the ’539 patent, on the other hand,
`uses a combination of conventional components in a con-
`ventional way to achieve an expected result. See, e.g.,
`’539 patent col. 7 ll. 30–36 (disclosing a SecurIDTM card or
`its equivalent as an example of a single use code genera-
`tor). While we appreciate that the claims here are closer to
`the demarcation line between what is abstract and non-ab-
`stract than the claims in Prism, we conclude that, at Alice
`step one, the asserted claims are directed to a method for
`verifying the identity of a user to facilitate an economic
`transaction, for which computers are merely used in a
`
`
`
`Case: 20-2044 Document: 56 Page: 12 Filed: 08/26/2021
`
`12
`
`UNIVERSAL SECURE REGISTRY LLC v. APPLE INC.
`
`conventional way, rather than a technological improve-
`ment to computer functionality itself.
`Turning to Alice step two, the district court rejected
`USR’s argument that the claim’s recitations of (1) time-var-
`ying codes and (2) sending data to a third-party as opposed
`to the merchant each rise to the level of an inventive con-
`cept. USR, 469 F. Supp. 3d at 238. We agree. Regarding
`USR’s first argument, the patent itself acknowledges that
`the claimed step of generating time-varying codes for au-
`thentication of a user is conventional and long-standing.
`’539 patent col. 8 ll. 17–35 (disclosing use of a “SecurIDTM
`card available from RSA Security,” which “retrieves a se-
`cret user code and/or time varying value from memory and
`obtains from the user a secret personal identification
`code”).
`And with regard to USR’s second argument—that the
`step of bypassing the merchant’s computer constitutes an
`inventive concept—USR cites BASCOM Global Internet
`Services, Inc. v. AT&T Mobility LLC, where we determined
`that claims directed to a method and system of filtering In-
`ternet content using the individual account association ca-
`pability of some Internet Service Provider (ISP) servers
`were a “technical improvement over prior art ways of filter-
`ing such content.” 827 F.3d 1341, 1350, 1352 (Fed. Cir.
`2016). In that case, we reasoned that although “[f]iltering
`content on the Internet was already a known concept, . . .
`the patent describes how its particular arrangement of el-
`ements is a technical improvement over prior art ways of
`filtering such content.” Id. at 1350. Unlike was the case in
`BASCOM, however, the Supreme Court has previously
`held the use of a third-party intermediary in a financial
`transaction to be an ineligible abstract idea. Alice, 573 U.S.
`at 219–20. In Alice, the claims involved “a method of ex-
`changing financial obligations between two parties using a
`third-party intermediary to mitigate settlement risk.” Id.
`at 219. Similarly, the claims here involve allowing a finan-
`cial transaction between two parties using a third-party
`
`
`
`Case: 20-2044 Document: 56 Page: 13 Filed: 08/26/2021
`
`UNIVERSAL SECURE REGISTRY LLC v. APPLE INC.
`
`13
`
`intermediary to mitigate information security risks. Be-
`cause sending data to a third-party as opposed to the mer-
`chant is itself an abstract idea, it cannot serve as an
`inventive concept. BASCOM, 827 F.3d at 1349 (“An in-
`ventive concept that transforms the abstract idea into a pa-
`tent-eligible invention must be significantly more than the
`abstract idea itself . . . .” (citing Alice, 573 U.S. at 223–24)).
`B
`We next consider the claims of the ’813 patent. The
`’813 patent is also titled “Universal Secure Registry” and
`the invention bears resemblance to that in the ’539 patent.
`The ’813 patent discloses combined use of a user device
`(e.g., cell phone), a point-of-sale (POS) device, and a uni-
`versal secure registry to facilitate financial transactions.
`’813 patent col. 43 ll. 6–15. One embodiment of the claimed
`invention contemplates the user device communicating
`with a secure database in the secure registry, which stores
`account information, such as credit card and debit card ac-
`count information, for multiple accounts. Id. at col. 44
`ll. 39–53. This allows users to employ a single user device
`or cell phone to conduct financial transactions at a POS de-
`vice using a plurality of different credit or debit accounts.
`Id. at col. 45 ll. 4–17.
`Before the user device can access the secure registry,
`however, certain authentication processes must be com-
`pleted. One embodiment contemplates first restricting ac-
`cess to the user device until the user has been
`authenticated using biometric input provided to the user
`device. Id. at col. 46 ll. 37–41. Next, the secure registry
`also requires that the user be authenticated before account
`information is accessed. Id. at col. 45 ll. 18–20. Some em-
`bodiments employ a multi-factor authentication process
`whereby encrypted authentication information is gener-
`ated by the user device. Id. at col. 46 ll. 14–36. That is, the
`claimed invention can authenticate the user based on a
`combination of two or more of (1) “something the user
`
`
`
`Case: 20-2044 Document: 56 Page: 14 Filed: 08/26/2021
`
`14
`
`UNIVERSAL SECURE REGISTRY LLC v. APPLE INC.
`
`knows” (e.g., PIN number); (2) “something the user is” (e.g.,
`a biometric measurement as detected by a biometric sen-
`sor); (3) “something that the user has” (e.g., cell phone se-
`rial number); and (4) an “account selected by the user for
`the current transaction” (e.g., the transaction for which the
`authentication
`is being completed).
` Id. at col. 45
`l. 63–col. 46 l. 21. This encrypted authentication infor-
`mation is then communicated to the secure registry for au-
`thentication through the POS device and, if authentication
`is successful, the transaction and access to the user’s ac-
`count is permitted. Id. at col. 46 ll. 27–36.
`Claim 1 of the ’813 patent is representative:
`1. An electronic ID device configured to allow a
`user to select any one of a plurality of accounts as-
`sociated with the user to employ in a financial
`transaction, comprising:
`a biometric sensor configured to receive a biometric
`input provided by the user;
`a user interface configured to receive a user input
`including secret information known to the user and
`identifying information concerning an account se-
`lected by the user from the plurality of accounts;
`a communication interface configured to communi-
`cate with a secure registry;
`a processor coupled to the biometric sensor to re-
`ceive information concerning the biometric input,
`the user interface and the communication inter-
`face, the processor being programmed to activate
`the electronic ID device based on successful au-
`thentication by the electronic ID device of at least
`one of the biometric input and the secret infor-
`mation, the processor also being programmed such
`that once the electronic ID device is activated the
`processor is configured to generate a non-predicta-
`ble value and to generate encrypted authentication
`
`
`
`Case: 20-2044 Document: 56 Page: 15 Filed: 08/26/2021
`
`UNIVERSAL SECURE REGISTRY LLC v. APPLE INC.
`
`15
`
`information from the non-predictable value, infor-
`mation associated with at least a portion of the bi-
`ometric input, and the secret information, and to
`communicate the encrypted authentication infor-
`mation via the communication interface to the se-
`cure registry; and
`wherein the communication interface is configured
`to wirelessly transmit the encrypted authentica-
`tion information to a point-of-sale (POS) device,
`and wherein the secure registry is configured to re-
`ceive at least a portion of the encrypted authenti-
`cation information from the POS device.
`Id. at col. 51 l. 65–col. 52 l. 29.
`The district court held that the claims are directed to
`the abstract idea of “collect[ing] and examin[ing] data to
`authenticate the user’s identity.” USR, 469 F. Supp. 3d
`at 239. We agree with the district court that the claims are
`directed to an abstract idea, not a technological solution to
`a technological problem, as USR asserts. In our view, the
`claims are directed to an electronic ID device that includes
`a biometric sensor, user interface, communication inter-
`face, and processor working together to (1) authenticate the
`user based on two factors—biometric information and se-
`cret information known to the user—and (2) generate en-
`crypted authentication information to send to the secure
`registry through a point-of-sale device. There is no descrip-
`tion in the patent of a specific technical solution by which
`the biometric information or the secret information is gen-
`erated, or by which the authentication information is gen-
`erated and transmitted. In our view, as with the
`’539 patent, the claims recite “conventional actions in a ge-
`neric way”—e.g., authenticating a user using conventional
`tools and generating and transmitting that authentica-
`tion—without “improv[ing] any underlying technology.”
`Solutran, 931 F.3d at 1168. Accordingly, the claims are di-
`rected to an abstract idea under Alice step one.
`
`
`
`Case: 20-2044 Document: 56 Page: 16 Filed: 08/26/2021
`
`16
`
`UNIVERSAL SECURE REGISTRY LLC v. APPLE INC.
`
`USR asserts that the claims solve a problem in an ex-
`isting technological process using a novel form of data the
`patent describes as “encrypted authentication infor-
`mation.” Appellant’s Br. 44. USR reasons that, like the
`claimed invention in Finjan, Inc. v. Blue Coat Systems,
`Inc., 879 F.3d 1299 (Fed. Cir. 2018), this encrypted authen-
`tication information is a non-abstract improvement in com-
`puter functionality. Appellant’s Br. 45. We are not
`persuaded. In Finjan, we determined that the claimed in-
`vention was not abstract because it claimed the use of a
`“behavior-based” virus scan that was able to identify and
`compile unique information about potentially hostile oper-
`ations, while the traditional scan method was limited to
`recognizing the presence of previously identified viruses.
`879 F.3d at 1304. Unlike in Finjan, the claimed “encrypted
`authentication data” here is merely a collection of conven-
`tional data combined in a conventional way that achieves
`only expected results. See ’813 patent col. 46 ll. 21–27
`(“For example, in one embodiment, encrypted authentica-
`tion information is generated from a non-predictable value
`generated by the user device 352, identifying information
`for the selected user account 360, and at least one of the
`biometric information and secret information the user
`knows (for example, a PIN).”). We thus conclude that the
`claims are directed to the abstract idea of collecting and
`examining data to enable authentication.
`Turning to Alice step two, the district court explained
`that the specification “describes the Electronic ID Device
`as ‘any type of electronic device’ capable of accessing a se-
`cure
`identification system database.”
` USR, 469
`F. Supp. 3d at 239 (citation omitted). The court added that
`the patent also “describes the device as consisting of well-
`known, generic components, including a computer proces-
`sor.” Id. at 239–40. Based on this, the court determined
`that the claims do not recite an inventive concept sufficient
`to transform the claimed abstract idea into a patent-eligi-
`ble application.
`
`
`
`Case: 20-2044 Document: 56 Page: 17 Filed: 08/26/2021
`
`UNIVERSAL SECURE REGISTRY LLC v. APPLE INC.
`
`17
`
`We agree with the district court that the claims fail to
`recite an inventive concept that would transform the ab-
`stract idea into patentable subject matter. As we explained
`above, the “encrypted authentication data” is merely a
`combination of known authentication techniques that
`yields only expected results. For example, the ’813 patent
`specification explains that a one-time non-predictable code
`can be generated by the “SecurIDTM card available from
`RSA Security,” as well as “other smart cards” or an algo-
`rithm programmed onto a processor. ’813 patent col. 12
`l. 45–col. 13 l. 5. The ’813 patent specification also dis-
`closes that identifying information may include someth