The US Court of Appeals for the Federal Circuit found patent claims directed to a method of authenticating the identity of a user performing a transaction at a terminal was patent-eligible under 35 U.S.C. § 101 and reversed the district court’s entry of judgment on the pleadings. CosmoKey Solutions GmbH & Co. KG. v. Duo Security LLC, Case No. 20-2043 (Fed. Cir. Oct. 4, 2021) (Stoll, J.) (Reyna, concurring).

CosmoKey sued Duo for patent infringement and Duo moved for judgment on the pleadings, arguing that all claims of the patent at issue are ineligible under 35 U.S.C. § 101. The district court analyzed the claims under the Alice two-step framework. At step one, the court agreed with Duo, finding that the patent claims were directed to the abstract idea of authentication—the verification of identity to permit access to transactions. Relying on Federal Circuit precedent, the court reasoned that “authentication” is an abstract concept. Moving to step two, the court determined that the patent merely teaches generic computer functionality, reasoning that the patent itself admits that “the detection of an authentication function’s activity and the activation by users of an authentication function within a pre-determined time relation were well-understood and routine, conventional activities previously known in the authentication technology field.” After the court granted Duo’s motion for judgment on the pleadings, CosmoKey appealed.

Applying Third Circuit law, the Federal Circuit reversed the lower court’s decision and provided more insight into the “inventive concept” analysis and “two-step” process framework. The Federal Circuit first acknowledged that while it had previously found claims directed to authentication to be abstract, it also found claims directed to specific verification methods that depart from earlier approaches and improve technology eligible under § 101.

The Federal Circuit disagreed with the district court’s broad characterization of the claims under Alice step one, finding instead that the claims and written description suggest that the claims are directed to a more specific authentication function. Nevertheless, the Court noted that it did not need to answer this question because the patent claims satisfy Alice step two. Under step two, the Court focused on the purported technical advance and found that the invention provides a “specific improvement to authentication that increases security, prevents unauthorized access by a third party, is easily implemented, and can advantageously be carried out with mobile devices of low complexity.” The Court explained that the district court erred in its interpretation of certain sections of the specification. Specifically, the court read the specification to describe prior art that shows the steps were routine or conventional. However, the Court pointed out that the last four steps of claim one of the patent solved a technical problem in the field using steps that were not conventional.

Judge Jimmie V. Reyna concurred with the decision but took issue with the Court’s dismissal of analyzing the claims under Alice step one, finding the approach “extraordinary and contrary to Supreme Court precedent.” He noted that step two does not operate independently of step one, clarifying instead that step two comes into play only when a claim has failed step one. He stressed that “without the benefit of a step-one analysis, we are hobbled at step two in reasonably determining whether additional elements transform the nature of the claim into a patent-eligible application of the abstract idea. And by skipping step one, we create a risk that claims that are not directed to an abstract idea that might be deemed to ‘fail’ at step two [emphasis in original].”