In CosmoKey Solutions GMBH & Co. KG v. Duo Security LLC, No. 2020-2043 (Fed. Cir. Oct. 4, 2021), the Federal Circuit reversed a finding of ineligibility for claims directed to a computer authentication method.

CosmoKey’s patent is directed to an authentication method that requires a user to activate a timed authentication function on a mobile device to log into a computer. Duo Security moved for judgment on the pleadings. The district court found the claims ineligible under § 101, specifically finding that the claims were directed to the abstract idea of “authentication” at step one of Alice, and that the remaining elements were generic computer functionality at step two.

The Federal Circuit reversed. The majority first stated it was “not convinced” the claims were broadly “directed to” authentication, instead noting the focus of the claims and the specification on the activation of a timed authentication function. Nonetheless, according to the majority, answering this question at step one was “unnecessary” because the claims were eligible at step two for reciting a specific improvement to authentication that “increases security, prevents unauthorized access by a third party, is easily implemented, and can advantageously be carried out with mobile devices of low complexity.”

Judge Reyna concurred in the judgment, but did so by resolving the inquiry at step one, finding the claims directed to a “specific improvement to authentication.” He viewed the majority’s decision to skip step one and resolve the inquiry at step two as “turn[ing] the Alice inquiry on its head.” He noted that, without the step one analysis, it is difficult to determine whether “additional elements transform the nature of the claim into a patent-eligible application” of an abstract idea.