Summary
recognizing that summary judgment may be entered sua sponte when the parties have been fully heard on determinative factual issues, and the court grants summary judgment on the basis of a question of law
Summary of this case from Platts v. Kelly Servs., Inc.Opinion
No. C 12–2016–MWB.
2013-12-9
Charles T. Steenburg, Hunter D. Keeton, Michael A. Albert, Wolf, Greenfield & Sacks, PC, Boston, MA, Glenn L. Johnson, Nyemaster Goode, P.C., Cedar Rapids, IA, for Plaintiffs. Michael A. Dee, Brant D. Kahler, G. Brian Pingel, Brown, Winick, Graves, Gross, Baskerville & Schoenebaum, PLC, Des Moines, IA, for Defendants.
Charles T. Steenburg, Hunter D. Keeton, Michael A. Albert, Wolf, Greenfield & Sacks, PC, Boston, MA, Glenn L. Johnson, Nyemaster Goode, P.C., Cedar Rapids, IA, for Plaintiffs. Michael A. Dee, Brant D. Kahler, G. Brian Pingel, Brown, Winick, Graves, Gross, Baskerville & Schoenebaum, PLC, Des Moines, IA, for Defendants.
MEMORANDUM OPINION AND ORDER REGARDING DEFENDANTS' MOTION FOR SUMMARY JUDGMENT AND MOTION TO STRIKE AFFIDAVIT OF PLAINTIFFS' EXPERT
MARK W. BENNETT, District Judge.
TABLE OF CONTENTS |
I. | INTRODUCTION | 904 |
---|---|---|
II. | THE MOTION TO STRIKE | 905 |
A. | Procedural History | 906 | |
---|---|---|---|
B. | Arguments Of The Parties | 907 |
1. | The Iowa Defendants' opening argument | 907 | ||
---|---|---|---|---|
2. | Serverside's response | 908 | ||
3. | The Iowa Defendants' reply | 908 |
C. | Legal Analysis | 908 |
---|
1. | Rule 26 and Rule 37 standards | 908 | ||
---|---|---|---|---|
2. | Rule 56 standards | 913 | ||
3. | Summary | 914 |
III. | THE MOTION FOR SUMMARY JUDGMENT | 914 |
---|
A. | Context Of The Motion | 914 |
---|
1. | The patents-in-suit | 914 | ||
---|---|---|---|---|
2. | The key patent claims at issue | 915 | ||
3. | The patent claim terms at issue | 915 |
B. | Factual Background | 917 |
---|
1. | The parties' factual allegations and denials | 917 | ||
---|---|---|---|---|
2. | The accused system | 917 |
a. | Parts and users of the Cre8MyCard system | 917 | |||
---|---|---|---|---|---|
b. | Customization by a remote customer | 917 | |||
c. | Processing of the customized card by the financial institution | 920 | |||
d. | Card manufacturing | 921 | |||
e. | ”Instant” production methods | 921 | |||
f. | Use of hash codes and encryption in the accused system | 922 |
C. | Standards For Summary Judgment | 922 | |
---|---|---|---|
D. | Standards For Patent Infringement | 923 | |
E. | Grounds For Summary Judgment | 926 |
1. | Infringement under the doctrine of equivalents | 926 | ||
---|---|---|---|---|
2. | Implications of non-infringement of the first claims | 927 | ||
3. | Absence of “a customer identifier that corresponds to the remote customer that personalized said image,” as claimed in the '199 and the '490 patents | 929 |
a. | Arguments of the parties | 929 | |||
---|---|---|---|---|---|
b. | Analysis | 930 |
4. | Absence of a “customer identifier [that] comprises an identifier selected from a secure unique identifier and a one-way code,” as claimed in the '199 patent | 932 |
---|
a. | Arguments of the parties | 933 | |||
---|---|---|---|---|---|
b. | Analysis | 934 |
i. | Secure unique identifier | 934 | ||||
---|---|---|---|---|---|---|
ii. | One-way code | 938 |
5. | Absence of a “customer identifier [that] encompasses encrypted customer information,” as claimed in the '490 patent | 939 |
---|
a. | Arguments of the parties | 940 | |||
---|---|---|---|---|---|
b. | Analysis | 941 |
6. | Summary | 943 |
---|
IV. | CONCLUSION | 943 |
---|
This patent-infringement action, alleging infringement of two of the plaintiffs' patents, both entitled “Computerized Card Production Equipment,” is before me on the defendants' motion for summary judgment and the defendants' motion to strike the affidavit of the plaintiffs' expert offered in resistance to the defendants' motion for summary judgment. I previously construed disputed terms of the patents in a Markman ruling. Thus, the question on the defendants' motion for summary judgment is whether their accused “system for the customization of financial transaction cards” infringes the patents as I have construed them. The preliminary question, however, is whether or not I can consider the affidavit of the plaintiffs' expert in deciding the summary judgment motion, where the defendants contend that the affidavit presents new and previously undisclosed expert opinions.
I. INTRODUCTION
On June 22, 2011, plaintiffs Serverside Group Limited and Serverside Graphics, Inc., collectively “Serverside,” filed the original Complaint in this patent infringement action, against fifteen defendants, in the United States District Court for the District of Delaware (the Delaware action). Serverside's Complaint alleges infringement of certain claims of its U.S. Patent No. 7,931,199 (the '199 patent), entitled “Computerized Card Production Equipment,” in Count I, and infringement of certain claims of its related U.S. Patent No. 7,946,490 (the '490 patent), also entitled “Computerized Card Production Equipment,” in Count II. Somewhat more specifically, Serverside alleges that the Iowa Defendants, defendants Tactical 8 Technologies, L.L.C., now known as Banno, L.L.C. (Banno), and Bank of Iowa Corporation (BIC), are infringing the patents-in-suitby using the “Cre8MyCard system,” which the parties agree is an Internet-based system that allows for the customization of financial transaction cards from financial institutions, such as BIC, that are Banno's customers.
I will refer to Tactical 8 Technologies as “Banno” and I have replaced references to “Tactical 8” or “T8” with “Banno” in quotations from documents throughout this decision.
On February 17, 2012, United States District Court Judge Richard Andrews entered a Memorandum Opinion in the Delaware action, in response to motions by several of the defendants, in which he concluded, inter alia, that the claims against the Iowa Defendants should be transferred to this court, pursuant to 28 U.S.C. § 1406(a). That same day, Judge Andrews entered a separate Order transferring the claims against the Iowa Defendants to this court pursuant to 28 U.S.C. § 1406(a). After this action was transferred to this district, it was initially assigned to Chief United States District Court Judge Linda R. Reade, but it was eventually reassigned to me on August 29, 2012. After a Markman hearing on February 20, 2013, I entered my ruling on construction of disputed patent claim terms on March 4, 2013. See Serverside Group Ltd. v. Tactical 8 Techs., L.L.C., 927 F.Supp.2d 623 (N.D.Iowa 2013).
On August 12, 2013, the Iowa Defendants filed the first of the motions now before me, the Iowa Defendants' Motion For Summary Judgment (docket no. 133), in which the Iowa Defendants assert that there are no genuine issues of material fact, and that they are entitled to judgment as a matter of law, that their Cre8MyCard system does not infringe the independent claims in claim 1 of the '199 patent and claim 1 of the '490 patent, so that they also are not infringing any dependent claims of those patents. Serverside filed a Resistance (docket no. 134) to that Motion on September 5, 2013, and the Iowa Defendants filed a Reply (docket no. 136) in further support of that Motion on September 16, 2013.
On September 16, 2013, the Iowa Defendants filed the second motion now before me, their Motion To Strike (docket no. 137), in which they argue that the affidavit of Serverside's expert, Alex Cheng, offered by Serverside in support of its Resistance to the Motion For Summary Judgment, must be stricken, because it contains new opinions not properly disclosed previously pursuant to Rule 26(a)(2)(B)(i), and that portions of Serverside's Statement Of Additional Material Facts that rely, in whole or in part, on Mr. Cheng's affidavit must also be stricken. Serverside filed its Resistance (docket no. 139) to that Motion on October 3, 2013, and the Iowa Defendants filed a Reply (docket no. 142), in further support of that Motion, on October 15, 2013.
Trial in this matter is set to begin on January 21, 2014, so I had hoped to address the pending motions as soon as they were ripe. However, other matters interfered with that plan, including a Verified Complaint And Petition For Return Of Children, seeking return to Mexico of children allegedly wrongfully retained in the United States, filed November 7, 2013, which required expedited proceedings under international and federal law. For much the same reason, my crowded schedule has not allowed me to accommodate the Iowa Defendants' request for oral arguments on their Motions sufficiently in advance of the scheduled trial. I find the parties' written submissions fully address the issues raised, however, so that I have resolved the pending motions on the parties' written submissions.
II. THE MOTION TO STRIKE
I must first resolve the Iowa Defendants' Motion To Strike, as it pertains to the record that I may consider on the Iowa Defendants' Motion For Summary Judgment. I will begin my analysis of that Motion by briefly summarizing the procedural history concerning disclosure of experts.
A. Procedural History
In accordance with the Scheduling Order (docket no. 112), Serverside served its Claim Chart setting forth its infringement contentions on October 5, 2012, and the Iowa Defendants served and filed their Claim Chart (docket no. 119), asserting their noninfringement contentions, on November 2, 2012. Serverside produced the Expert Report Of Alex Cheng Regarding Infringement By Tactical 8 Technologies, L.L.C., And Bank Of Iowa Corporation (Cheng Report), on or about May 10, 2013. See Plaintiffs' Appendix (docket no. 134–4), 38–188. The Iowa Defendants produced their Responsive Expert Report Of Peter Alexander, Ph.D., Regarding Non–Infringement Of U.S. Patents No[s]. 7,908,199 And 7,599,490 (Alexander Report) (docket no. 131), on June 7, 2013. Serverside never produced a supplemental or rebuttal expert report from Mr. Cheng or anyone else related to the issues raised in Mr. Cheng's Expert Report or Dr. Alexander's Expert Report. Fact and expert discovery closed on July 12, 2013, without any expert depositions being taken by either side.
The Iowa Defendants filed their Motion For Summary Judgment (docket no. 133) on August 12, 2013, relying primarily on the deposition of David Wade Arnold, Banno's chief executive officer, rather than the Alexander Report, as the basis for its arguments on non-infringement. On September 5, 2013, Serverside submitted as part of and as the basis for much of its Resistance to the Iowa Defendants' Motion For Summary Judgment an Expert Declaration Of Alex Cheng In Support Of Plaintiff's Opposition To Defendants' Motion For Summary Judgment (Cheng Declaration). See Plaintiffs' Appendix (docket no. 134–4), 1–37.
In his Declaration, Mr. Cheng declares, inter alia,
3. Some of my expert opinions and non-confidential bases therefore are set forth in the Expert Report of Alex Cheng Regarding Infringement by Tactical 8 Technologies, L.L.C., and Bank of Iowa Corp. (“Cheng Report”). The Cheng Report is filed as an attachment to the Appendix in Support of Plaintiff's Opposition to Defendants' Motion for Summary Judgment. I have reviewed that attachment, and confirm that it is a true and accurate copy of the Cheng Report.
4. To the best of my knowledge, all statements of fact set forth in the Cheng Report are true and correct or, if so indicated, are believed by me to be true and correct.
* * *
9. The Cheng Report provides technical background information in the area of financial cards, financial card production, and documentation practices for financial card production and documents my opinion on the infringement of the patents-in-suit by Defendants and the methodology used to arrive at my opinion.
10. This declaration contains my analysis of the Defendants' Brief in Support of Defendants' Motion for Summary Judgment, dated August 12, 2013 (“Defs' SJ Brief”).
Plaintiffs' Appendix at 1–3 (Cheng Declaration, ¶¶ 3–4, 9–10).
Serverside relied extensively on the Cheng Declaration in resisting the Iowa Defendants' Motion For Summary Judgment, in both its Statement Of Additional Material Facts and its brief. The Iowa Defendants deny various allegations in Serverside's Statement Of Additional Material Facts “to the extent [that they are] supported by stricken paragraphs from the Cheng Declaration, currently subject to Defendants' Motion to Strike,” but then “otherwise admit” those paragraphs, in whole or in part, or deny them on the basis that they are incomplete or inaccurate summaries of the underlying evidence on which Serverside relies. See Defendants' Response To Plaintiffs' Statement Of Additional Material Facts (docket no. 136), ¶¶ 12, 13, 14, 15, 16, 22, 23.
B. Arguments Of The Parties
In essence, the Iowa Defendants assert that the Cheng Declaration was developed and submitted solely for the purpose of resisting the Iowa Defendants' Motion for Summary Judgment, and, as a result, contains numerous additional purported “expert opinions” not previously disclosed in the Cheng Report. Serverside contends that, although discovery is closed, the Iowa Defendants' Motion For Summary Judgment relies on new arguments and unsupported assertions never previously articulated in discovery, in deposition testimony, or in the Alexander Report, so that the Cheng Declaration is justified to address those new arguments. These arguments require a somewhat more detailed summary.
1. The Iowa Defendants' opening argument
The Iowa Defendants argue, first, that the Cheng Declaration contains newly developed opinions not previously disclosed as required by Rule 26(a)(2)(B)(i) of the Federal Rules of Civil Procedure and that, pursuant to Rule 37(c)(1) of the Federal Rules of Civil Procedure, it should be stricken. More specifically, the Iowa Defendants argue that this court and the Eighth Circuit Court of Appeals have construed those rules, in conjunction, to mean that a party resisting a summary judgment motion cannot cite to or rely upon expert opinions not otherwise previously disclosed and that such previously undisclosed expert opinions must be stricken from the record, citing Popoalii v. Correctional Medical Services, 512 F.3d 488, 496, 498–99 (8th Cir.2008); Chapman v. Labone, 460 F.Supp.2d 989, 998 (S.D.Iowa 2006); and Schuller v. Great–West Life & Annuity Ins. Co., 2005 WL 2257634, *6–8 (N.D.Iowa, Sept. 15, 2005).
Here, the Iowa Defendants argue, the Cheng Declaration should be stricken, and should not be considered on summary judgment, because Serverside never produced a supplemental or rebuttal expert report from Mr. Cheng and because the Cheng Declaration contains new opinions that were formulated solely for the purpose of resisting the summary judgment motion. Indeed, they contend that Mr. Cheng has admitted as much by stating in his Declaration that his Report contains only “some” of his opinions and that his Declaration is for the purpose of responding to their noninfringement arguments in their summary judgment motion. The Iowa Defendants concede that a few of the allegations in Serverside's Statement Of Additional Material Facts do not rely on the Cheng Declaration, but cite to and directly rely on opinions properly disclosed in the Cheng Report, so that they need not be stricken. They contend that all other allegations that rely on the Cheng Declaration, in whole or in part, must be stricken, however, because they lack any support in the record, and that such allegations cannot preclude summary judgment pursuant to Rule 56(b). Finally, they argue, in passing, that the conclusory statements and opinions in the Cheng Declaration are not appropriate to resist or sufficient to defeat their summary judgmentmotion, apparently because they contend that such statements are merely meant to substitute for the judgment of the court.
2. Serverside's response
In its Resistance, Serverside argues that the Cheng Declaration is not an expert report and, therefore, does not need to comply with Rule 26 requirements for supplementation of Mr. Cheng's prior Report on infringement. Specifically, Serverside argues that the Cheng Declaration does not change Mr. Cheng's infringement theories, but only responds to new non-infringement arguments. Second, while Serverside admits that select paragraphs of the Cheng Declaration may contain new information, Serverside argues that the Iowa Defendants acknowledge that “large” portions of it are not new. Third, Serverside argues that the limited new information in the Cheng Declaration directly resulted from new non-infringement positions that the Iowa Defendants have asserted and, therefore, are necessary to respond properly and fully to those newly-stated positions. Indeed, Serverside argues that some of the Iowa Defendants' new positions are in direct opposition to previously provided discovery responses and testimony from their witnesses and expert to which Serverside has a right to respond.
As a fallback position, Serverside argues that, even if I find that the Cheng Declaration violates Rule 26, I should not strike the Declaration, because it is substantially justified and does not harm the Iowa Defendants, where the Iowa Defendants may disagree with the legal implications of certain facts, but those facts are not “new.” Serverside argues that the Cheng Declaration also merely restates and elaborates information and opinions previously disclosed, so that it may be considered on summary judgment. Finally, Serverside argues that striking the Cheng Declaration and portions of its Statement Of Additional Material Facts relying, in whole or in part, on that Declaration is a harsh and extreme sanction that is not called for here, where other equitable remedies, such as allowing the Iowa Defendants to respond to the Cheng Declaration, are sufficient and more appropriate.
3. The Iowa Defendants' reply
In reply, the Iowa Defendants argue that Serverside is simply wrong in its assertion that they have relied on “new” theories of non-infringement in their summary judgment motion. To the contrary, they contend, all of the purportedly “new” arguments were set forth in the Alexander Report. They contend that Dr. Alexander merely used different names in certain hypotheticals demonstrating non-infringement, which are reasserted in their arguments for summary judgment, and that he also addressed Serverside's arguments that use of SSL and TLS constitutes an infringing form of “encryption.” They contend that the vast majority of the Cheng Declaration, not just some small part of it, states new opinions, and should be stricken. Moreover, they dispute that any new arguments are substantially justified or harmless, where they did not rely on “new” non-infringement arguments not previously disclosed, and they are prejudiced by both the substance and timing of the Cheng Declaration, where there is insufficient time to depose Mr. Cheng and seek rebuttal opinions.
C. Legal Analysis
1. Rule 26 and Rule 37 standards
“Decisions concerning the admission of expert testimony lie within the broad discretion of the trial court, and these decisions will not be disturbed on appeal absent an abuse of that discretion.” Bradshaw v. FFE Transp. Servs., Inc., 715 F.3d 1104, 1107 (8th Cir.2013) (internal quotation marks and citations omitted). Similarly, the Eighth Circuit Court of Appeals “review[s] for abuse of discretion a district court's election regarding how to treat evidence that was not disclosed in accordance with Rule 26(a)(2)(B).” Shuck v. CNH America, L.L.C., 498 F.3d 868, 873 (8th Cir.2007).
Rule 26 of the Federal Rules of Civil Procedure provides, in pertinent part, as follows:
(a) Required Disclosures.
* * *
(2) Disclosure of Expert Testimony.
* * *
(B) Witnesses Who Must Provide a Written Report. Unless otherwise stipulated or ordered by the court, this disclosure must be accompanied by a written report—prepared and signed by the witness—if the witness is one retained or specially employed to provide expert testimony in the case or one whose duties as the party's employee regularly involve giving expert testimony. The report must contain:
(i) a complete statement of all opinions the witness will express and the basis and reasons for them;
* * *
(e) Supplementing Disclosures and Responses.
* * *
(2) Expert Witness. For an expert whose report must be disclosed under Rule 26(a)(2)(B), the party's duty to supplement extends both to information included in the report and to information given during the expert's deposition. Any additions or changes to this information must be disclosed by the time the party's pretrial disclosures under Rule 26(a)(3) are due.
Fed.R.Civ.P. 26(a)(2)(B)(i), (e).
Thus, Rule 26(a)(2) “dictates the form and framework of disclosed experts reports.” Rodrick v. Wal–Mart Stores East, L.P., 666 F.3d 1093, 1096 (8th Cir.2012). Rule 26(a)(2)(B)(i) requires an expert report to provide “a complete statement of all opinions the witness will express and the basis and reasons for them,” Fed.R.Evid. 26(a)(2)(B)(i) (emphasis added); Mems v. City of St. Paul, Dep't of Fire and Safety Servs., 327 F.3d 771, 779 (8th Cir.2003), and “[u]nder [Rule] 26(e), a party is required to supplement and seasonably amend disclosures.” Mems, 327 F.3d at 779. Such supplementation is required if the expert makes “any changes or alterations” to his or her expert opinions and “any changes or additions to the information provided.” Tenbarge v. Ames Taping Tool Sys., Inc., 190 F.3d 862, 865 (8th Cir.1999); see alsoFed.R.Civ.P. 26(e) (referring to “[a]ny additions or changes” as requiring supplemental disclosure).
Although “Rule 26 does not require the disclosure of evidence used solely for impeachment purposes,” the Eighth Circuit Court of Appeals has explained that supplemental testimony of an expert is not “impeachment,” that is, evidence attacking the credibility of a witness, where it is offered “to show that an expert's opinion about the meaning of facts merely differs from that of other experts.” Wegener v. Johnson, 527 F.3d 687, 691 (8th Cir.2008). The Eighth Circuit Court of Appeals has recognized,
It is often difficult to distinguish between foundational facts and expert opinion, and so to distinguish between impeachment and substantive evidence, see [Kennemur v. California, 133 Cal.App.3d 907, 184 Cal.Rptr. 393,] 403 [ (1982) ], but Rule 26(a)(2)(C)(ii) resolvesthe dilemma in favor of disclosure by requiring parties to disclose expert testimony offered to contradict the expert testimony of the opposing party.
Wegener, 527 F.3d at 691.
“ ‘Failure to disclose an expert witness required by rule 26(a)(2)(B) can justify exclusion of testimony at trial.’ ” McCoy v. Augusta Fiberglass Coatings, Inc., 593 F.3d 737, 746 (8th Cir.2010) (quoting Crump v. Versa Prod., Inc., 400 F.3d 1104, 1110 (8th Cir.2005)). Similarly, “[i]f a party fails to supplement expert testimony [as required by Rule 26(e) ], the district court may order appropriate sanctions as provided for in Rule 37(c).” Tenbarge, 190 F.3d at 865. “Sanctions [for a Rule 26 violation] may include exclusion of the testimony, a continuance to allow depositions to be taken, or the grant of a new trial.” Id. Although it may be permissible to reopen discovery to address belatedly disclosed expert opinions, “ ‘[o]nce discovery has closed in a case, it is the district court's discretion whether or not to allow it to be reopened.’ ” Bradshaw, 715 F.3d at 1108 (quoting Harris v. Steelweld Equip. Co., 869 F.2d 396, 400 (8th Cir.1989)). Also, if an expert's testimony (or affidavit) exceeds the scope of opinions properly disclosed, the district court may adequately address the discrepancy “by advising the jurors of the discrepancy and instructing them to take this discrepancy into consideration when weighing the expert's testimony and credibility.” Shuck, 498 F.3d at 876.
Although the district court has discretion to determine the appropriate sanction for a Rule 26 violation, “the district court's discretion narrows as the severity of the sanction or remedy it elects increases.” Wegener, 527 F.3d at 692. For example, the court should consider “a lesser sanction, if any, before imposing one that [would] result[ ] in the dismissal of a claim.” Dunning v. Bush, 536 F.3d 879, 890 (8th Cir.2008). Similarly, “ ‘the exclusion of evidence is a harsh penalty and should be used sparingly.’ ” Wegener, 527 F.3d at 692 (quoting ELCA Enters. v. Sisco Equip. Rental & Sales, 53 F.3d 186, 190 (8th Cir.1995)). Thus, the district court should “fashion a remedy or sanction as appropriate for the particular circumstances of the case.” Id.
On the other hand, “under Federal Rule of Civil Procedure 37(c)(1), evidence not disclosed under Rule 26(a) is admissible if harmless.” Shuck, 498 F.3d at 874. Also, a district court may allow evidence violating Rule 26 disclosure requirements, if the violation was “justified.” Rodrick, 666 F.3d at 1096 (acknowledging that expert evidence violating Rule 26 may be allowed if it is “justified or harmless”); Wegener, 527 F.3d at 692 (same). As the Eighth Circuit Court of Appeals has explained,
A district court considers several factors in determining whether a Rule 26 violation is justified or harmless, including: “(1) the prejudice or surprise to the party against whom the testimony is offered; (2) the ability of the party to cure the prejudice; (3) the extent to which introducing such testimony would disrupt the trial; and (4) the moving party's bad faith or willfulness.” [Jacobsen v. Deseret Book Co., 287 F.3d 936, 953 (10th Cir.2002) ] (quotation omitted). And, even then, the court need not make explicit findings concerning the existence of a substantial justification or the harmlessness. Id.
Rodrick, 666 F.3d at 1096–97;Wegener, 527 F.3d at 692.
Here, I find it unnecessary to engage in the paragraph-by-paragraph analysis of the Cheng Declaration that the Iowa Defendants invite me to make to determine which parts, if any, are “new” opinions that should have been presented by supplementation of the Cheng Report. I will assume, without deciding, that parts of the Cheng Declaration introduced “changes or alterations” to his expert opinions or “changes or additions to the information provided” in the Cheng Report. See Tenbarge, 190 F.3d at 865;see alsoFed.R.Civ.P. 26(e) (referring to “[a]ny additions or changes” as requiring supplemental disclosure). I cannot conclude that the Cheng Declaration is simply for “impeachment,” because it does not attack the credibility of any witness, but is offered “to show that an expert's [or witness's] opinion about the meaning of facts ... differs from that of other experts.” Wegener, 527 F.3d at 691. Rather than invite a challenge to the Cheng Declaration based on a Rule 26 violation, the wiser course for Serverside would have been to make a supplemental disclosure, even if doing so required a request to make the supplemental disclosure out of time. Cf. id. (suggesting that the “dilemma” over what to disclose pursuant to Rule 26 can be resolved by making a disclosure when an expert's testimony is offered to contradict the expert testimony of the opposing party).
Nevertheless, even if there was a violation, I find that it was “justified or harmless.” Rodrick, 666 F.3d at 1096–97;Wegener, 527 F.3d at 692;Shuck, 498 F.3d at 874. This is so, because the prejudice or surprise to the Iowa Defendants, if any, is minimal. See id. (first factor in the “justified or harmless” analysis). The Iowa Defendants surely anticipated responses specifically tailored to their non-infringement arguments in their summary judgment motion. Moreover, their allegations of prejudice ring hollow, where, notwithstanding their initial denials of various allegations in Serverside's Statement Of Additional Material Facts on the ground that those allegations rely on the Cheng Declaration, the Iowa Defendants nevertheless “otherwise admit” many of those allegations or offer specific explanations of continued denials based on inaccurate summaries or statements of underlying evidence, with citations to or quotations from the underlying evidence. Thus, it appears to me that the Iowa Defendants have already seized the opportunity to “cure” any prejudice that they may have suffered from unanticipated opinions in the Cheng Declaration. See id. (second factor is the party's ability to cure the prejudice). For this same reason, allowing the purportedly “new” expert opinions, offered in response to the Iowa Defendants' own non-infringement arguments will not disrupt the trial or, here, disrupt the timely disposition of the summary judgment motion. See id. (third factor is the extent to which introducing such testimony would disrupt the trial). Finally, I do not believe that Serverside acted in “bad faith” or “willfully” in offering the Cheng Declaration, although I believe that both parties have engaged in some gamesmanship to hide their infringement and non-infringement arguments from each other. See id. (fourth factor is the bad faith or willfulness of the party offering previously undisclosed expert opinions).
For example, much of the Iowa Defendants' argument for summary judgment relies on their assertion that the “remote customer” who uses the Cre8MyCard system does not have to be the “account holder” or “card holder” for the account for which a card is customized, but there was no hint of such an argument in the parties' arguments about the proper construction of disputed claim terms relating to the “customer” in the patents-in-suit in the Markman proceedings.
The Iowa Defendants' reliance on Schuller v. Great–West Life & Annuity Ins. Co., 2005 WL 2257634, *6–*8 (N.D.Iowa, Sept. 15, 2005), is unavailing, because the proponent of the expert's evidence in that case had previously failed to make anyRule 26 disclosure prior to summary judgment, as required by applicable orders. See2005 WL 2257634 at *7. Also, the proponent in Schuller failed to demonstrate that the failure to make required disclosures was harmless or substantially justified, where the opposing party had premised its summary judgment motion on the failure of the proponent to make any expert disclosures, so that the proponent lacked the required expert testimony to support a claim. Id. at *8. Here, the Iowa Defendants have not premised their summary judgment motion on the failure of Serverside to make any expert disclosures, as the defendants had in Schuller, so that the Iowa Defendants simply do not suffer the same kind of harm from the failure to disclose the opinions in the Cheng Declaration earlier, and Serverside has shown an arguable justification for any tardy disclosure.
The Iowa Defendants' reliance on Chapman v. Labone, 460 F.Supp.2d 989, 998 (S.D.Iowa 2006), is also unavailing. In Chapman, the expert offered some opinions in an affidavit that referred to the “required degree of scientific certainty,” which had been absent from his report, without including the basis or reasoning for such amended opinions, and one new opinion relied on underlying evidence that plainly did not support that opinion. See460 F.Supp.2d at 998. The purportedly “new” opinions here do not change any infringement opinions previously offered in the Cheng Report, but respond to the Iowa Defendants' non-infringement arguments, and, as I have found, any prejudice from such new opinions has been cured by the Iowa Defendants' Response to Serverside's Statement Of Additional Material Facts.
Furthermore, I conclude that, even if there was a violation of Rule 26 that was not wholly justified or harmless, exclusion of the Cheng Declaration and all allegations in Serverside's Statement Of Additional Material Facts that rely, in whole or in part, on purportedly “new” opinions in the Cheng Declaration is simply too harsh a sanction in this case. See Wegener, 527 F.3d at 692 (noting that exclusion is a “harsh” remedy and that the district court should “fashion a remedy or sanction as appropriate for the particular circumstances of the case”). A more appropriate sanction, even in the relatively short time remaining before trial, might be to reopen discovery to address belatedly disclosed expert opinions. Bradshaw, 715 F.3d at 1108. I find it unnecessary to impose such a sanction in this case, however, because, again, notwithstanding the Iowa Defendants' initial denials of various allegations in Serverside's Statement Of Additional Material Facts on the ground that those allegations rely on the Cheng Declaration, the Iowa Defendants nevertheless “otherwise admit” many of those allegations or offer specific explanations of continued denials based on inaccurate summaries or statements of underlying evidence, with citations to or quotations from the underlying evidence. Thus, as I explained, above, it appears to me that the Iowa Defendants have already seized the opportunity to “cure” any prejudice that they may have suffered from unanticipated opinions in the Cheng Declaration, making further discovery unnecessary.
Also, an appropriate sanction for an expert's testimony (or affidavit) that exceeds the scope of opinions properly disclosed is to “advis[e] the jurors of the discrepancy and instruct[ ] them to take this discrepancy into consideration when weighing the expert's testimony and credibility.” Shuck, 498 F.3d at 876. Consequently, I can leave the question of the impact of any discrepancies between the Cheng Declaration and the Cheng Report to the jury at trial, if I find that the Cheng Declaration generates genuine issues of material fact on infringement at the summary judgment stage.
Indeed, I turn, next, to the specific question of whether the Cheng Declaration and allegations of disputed fact that rely upon it should be excluded in my consideration of the Iowa Defendants' summary judgment motion, under Rule 56 standards, but I will not strike the Cheng Declaration on Rule 26 and Rule 37 grounds.
2. Rule 56 standards
In addition to Rule 26 disclosure concerns, the presentation of an affidavit in resistance to a Rule 56 summary judgment motion that includes expert opinions that purportedly differ from those in a previously disclosed expert report raises additional concerns:
Generally, a court is required to consider an otherwise admissible affidavit, unless that affidavit contradicts previous deposition testimony. Webb v. Garelick Mfg. Co., 94 F.3d 484, 488 (8th Cir.1996). If an additional affidavit simply restates information already contained in deposition testimony or elaborates on information already conveyed, then the district court should consider the affidavit. Id. Contradictory supplemental affidavits are a different matter. We have held that “[i]f testimony under oath ... can be abandoned many months later by the filing of an affidavit, probably no cases would be appropriate for summary judgment. A party should not be allowed to create issues of credibility by contradicting his own earlier testimony.” Camfield Tires, Inc. v. Michelin Tire Corp., 719 F.2d 1361, 1365 (8th Cir.1983). Post-deposition contradictory affidavits are admitted only when the prior deposition testimony shows confusion, and the subsequent affidavit helps explain the contradiction. Cuffley v. Mickes, 208 F.3d 702, 707 (8th Cir.2000).
Popoalii v. Correctional Med. Servs., 512 F.3d 488, 498 (8th Cir.2008).
Contrary to the Iowa Defendants' arguments, I do not believe that Popoalii requires exclusion of the Cheng Declaration or allegations of fact that rely upon it. In Popoalii, the proponent of the expert's affidavit asserted that it was a non-contradictory supplemental affidavit, but the court found that the affidavit plainly contradicted the expert's prior refusal to opine that the defendants had done anything wrong in their medical treatment of the plaintiff, where the expert's affidavit included his opinion that, if the defendants had tested and monitored the plaintiff's intracranial pressure, they could have likely prevented her blindness. 512 F.3d at 499. Thus, there was an actual “inconsistency” between the expert's earlier report and his affidavit offered to resist summary judgment. Id. Notwithstanding that the Iowa Defendants have argued against admission of the Cheng Declaration on various grounds, they have failed to demonstrate that the “new” opinions in the Cheng Declaration, which respond to their own arguments for non-infringement, actually “contradict” or are “inconsistent” with any opinions about infringement by the accused system in the prior Cheng Report. To put it the other way around, Serverside has asserted that the purportedly “new” opinions about non- infringement in the Cheng Declaration are entirely consistent with Mr. Cheng's opinions about infringement in the Cheng Report, and the Iowa Defendants have failed to rebut that assertion. Thus, the “trigger” of inconsistency for exclusion of the affidavit on summary judgment is missing here. Id.
Therefore, I will not strike the Cheng Declaration from consideration on the Iowa Defendants' Motion For Summary Judgment on Rule 56 grounds, either.
3. Summary
The Iowa Defendants' September 16, 2013, Motion To Strike (docket no. 137) is denied. Notwithstanding denial of that motion, to the extent that the Iowa Defendants can demonstrate to a jury, if this case proceeds to a jury trial, that Mr. Cheng's opinions in his Declaration exceed the scope of opinions properly disclosed in his Report, the Iowa Defendants may request that I “advis [e] the jurors of the discrepancy and instruct[ ] them to take this discrepancy into consideration when weighing [Mr. Cheng's] testimony and credibility.” Shuck, 498 F.3d at 876.
III. THE MOTION FOR SUMMARY JUDGMENT
The other motion now before me is the Iowa Defendants' August 12, 2013, Motion For Summary Judgment (docket no. 133). Before reviewing the factual background provided by the parties' Statements Of Material Facts and responses to them, I find that some context for the motion, particularly in light of prior Markman proceedings, is appropriate.
A. Context Of The Motion
The Motion For Summary Judgment on Serverside's infringement claims must be viewed in the context of the claims and claim terms of the patents-in-suit, as I have construed them. See ActiveVideo Networks, Inc. v. Verizon Commc'ns, Inc., 694 F.3d 1312, 1319 (Fed.Cir.2012) (explaining that determining literal infringement requires “ ‘proper construction of the asserted claim and a determination whether the claim as properly construed reads on the accused product or method’ ” (quoting Georgia–Pacific Corp. v. U.S. Gypsum Co., 195 F.3d 1322, 1330 (Fed.Cir.1999))). Thus, I will begin my analysis of the Iowa Defendants' Motion For Summary Judgment with a summary of the patent claims at issue and my construction of various claim terms in those patent claims.
1. The patents-in-suit
The patents-in-suit are U.S. Patent No. 7,931,199 (the '199 patent), entitled “Computerized Card Production Equipment,” in Count I, and U.S. Patent No. 7,946,490 (the '490 patent), also entitled “Computerized Card Production Equipment.” As I explained in my Markman ruling, both of the patents-in-suit arise from the same provisional application, and the Abstracts, Figures, Cross–Reference To Related Applications, Technical Fields, Backgrounds, Summaries, Brief Descriptions Of The Drawings, and Detailed Descriptions of the two patents are nearly identical. Id. at 631–32. Unless otherwise indicated, citations to and quotations from the '199 patent appear in the identical location, in identical form, in the '490 patent. I will refer to titled sections of the patents in the singular and quote portions of the patents using the '199 patent as the source, unless otherwise required. Identically numbered claims of the two patents are sometimes stated in identical language and sometimes stated somewhat differently, albeit with much overlap of claim terms, so I will always differentiate between the claims of the two patents.
In my Markman ruling, I set forth, in considerable detail, the description of the invention claimed in the two patents-in-suit. Id. at 631–38. As I also explained, and the parties did not dispute, putting the description of the invention in plain English, the invention allows customers to use a secure process on the internet to select personalized images, which are printed on their bank credit or debit cards, even if the customer, the images, the image manipulation software, the customer's account information, and the card printer are all in different locations. Id. at 633. As I also explained, the claimed invention discloses both “ ‘[a]n apparatus and method for manipulating images.’ ” Id. at 632 (quoting '199 Patent, Abstract).
2. The key patent claims at issue
Serverside accuses the Iowa Defendants of directly and indirectly infringing claims 1, 2, 9, 14–16, 18, 22, 25, 29, and 30 of the '199 patent and claims 1, 2, 9, 14–16, 18, 22, 25, and 29–31 of the '490 patent. The focus of the defendants' Motion For Summary Judgment, however, is claim 1 of each patent. I think that the most effective way to present these patent claims, when they are so similar, is side-by-side in a way that indicates similarities and differences. I have done so, below, using bold for “undisputed” claim terms—that is, claim terms that the parties agreed required construction, but for which they agreed upon the appropriate construction—using italics for “disputed” claim terms—that is, claim terms for which the parties disputed the appropriate construction, so that I was required to construe them—and underlining for claim language that differs between the two patents.
PATENT CLAIMS ALLEGEDLY INFRINGED |
'199 Patent Claims | '490 Patent Claims |
What is claimed is: | What is claimed is: |
1. Computerized financial transaction card production equipment operable to apply one or more personalized images to a financial transaction card, the production equipment comprising: | 1. Computerized financial transaction card production equipment operable to apply one or more personalized images to a financial transaction card, the production equipment comprising: |
a module configured to receive a personalized image of a customer, the image being received from an image processor computer arranged to facilitate image personalization by remote customers; | a module configured to receive a personalized image of a customer, the image being received from an image processor computer arranged to facilitate image personalization by remote customers; |
a module configured to receive a customer identifier that corresponds to the remote customer that personalized said image; | a module configured to receive a customer identifier that corresponds to the remote customer that personalized said image; |
a module configured to receive a financial record of the remote customer that personalized the image; | a module configured to receive a financial record of the remote customer that personalized the image; |
a card printer arranged to print images on card material and equipment configured to apply financial information from the financial record to the card material; and | a card printer arranged to print images on card material and equipment configured to apply financial information from the financial record to the card material; and |
a controller operable, based on said customer identifier, to cause printing of said personalized customer image onto the card material and to cause application of relevant financial information from the financial record onto the card material, | a controller operable, based on said customer identifier, to cause printing of said personalized customer image onto the card material and to cause application of relevant financial information from the financial record onto the card material, |
wherein the customer identifier comprises an identifier selected from a secure unique identifier and a one-way code. | wherein the customer identifier encompasses encrypted customer information. |
3. The patent claim terms at issue
In my Markman ruling, Serverside, 927 F.Supp.2d at 690, I construed the “undisputed” claim terms that appear in either claim 1 of the '199 patent, claim 1 of the '490 patent, or both, as shown in the followingchart:
Nine claim terms were originally identified by the parties as “undisputed,” but those claim terms are not all found in the first claims of the two patents. I have retained the original numbering of the “undisputed” claim terms from the Markman proceedings in the Undisputed Claim Terms chart shown in the body of this ruling.
In my Markman ruling, see Serverside, 927 F.Supp.2d at 691–92, I also construed the “disputed” claim terms at issue in this patent-infringement action, all of which appear in either claim 1 of the '199 patent, claim 1 of the '490 patent, or both, as shown in the following chart:
DISPUTED CLAIM TERMS |
No. | Claim Term/Phrase | Relevant Claim(s) | Court's Final Construction |
1 | “customer identifier that corresponds to the remote customer that personalized said image” | '199: 1–4, 6–8, 10–13, 15, 17–18, 20–21, 24–28 | “a signal, character, or group of characters that matches with the customer that personalized the image” |
“customer identifier corresponding to the remote customer”/”customer identifier that corresponds to the remote customer” | '490: 1–4, 6–8, 10–13, 15, 17–18, 20–21, 24–28, 30–31 | ||
“unique identifier corresponding to the remote user” | |||
2 | “secure unique identifier” | '199: 1 | “a secure, unique signal, character, or group of characters that can be used to identify the customer” |
3 | “encrypted customer information”/”encrypted remote user information” | '490: 1, 29–31 | “customer information coded from original text into language unintelligible to unauthorized persons, but not into a randomly generated alphanumeric code” |
With this context in mind, I turn to the factual background specifically relating to the pending Motion For Summary Judgment.
B. Factual Background
1. The parties' factual allegations and denials
The factual background pertinent to the Motion For Summary Judgment relates primarily to the Iowa Defendants' allegedly infringing “Cre8MyCard system.” The Iowa Defendants dispute many of Serverside's allegations in Serverside's Statement Of Additional Material Facts on the ground that Serverside's statements are inaccurate or incomplete summaries or statements of the evidence cited in support. Where it appears that the dispute over summaries or characterizations of other evidence can be resolved by relying directly on the underlying evidence—such as what a particular document says or what a particular witness said—I will quote from the underlying document. On the other hand, where the dispute is about the characterization of a witness's explanation of the accused system, I cannot simply quote the underlying testimony as if it were an undisputed explanation of the accused system. Rather, I can only frame the dispute and later resolve whether the dispute is material and whether the cited record evidence supports a particular characterization. The Iowa Defendants also dispute many more of Serverside's allegations on the ground that those allegations rely, in whole or in part, on the Cheng Declaration, which the Iowa Defendants had moved to strike. Because I have declined to strike the Cheng Declaration, I will not reject allegations that rely on it as unsupported; rather, I will treat as “admitted” those allegations relying on the Cheng Declaration that the Iowa Defendants “otherwise admit” and explain the basis for denials of those allegations that the Iowa Defendants deny on additional grounds.
Unless indicated otherwise, the facts stated below are undisputed.
2. The accused system
Serverside alleges that the Iowa Defendants are infringing the patents-in-suit by using the Cre8MyCard system, which the parties agree is an Internet-based system that allows for the customization of financial transaction cards from financial institutions, such as BIC, that are Banno's customers. I will summarize the parties' allegations concerning the Cre8MyCard system as they relate to the parts and users of the Cre8MyCard system; the process for customization of a card by a remote customer; the processing of the customized card by a financial institution; the manufacturing or printing of the card; the workings of “instant” production methods (as opposed to the remote access method); and, finally, the extent to which the Cre8MyCard system does or does not use “hashing” or “encryption.”
a. Parts and users of the Cre8MyCard system
As part of the Cre8MyCard system, Banno owns and maintains the following: (1) a database for storing images and configuration settings for each financial institution participating in Cre8MyCard; (2) Personal Home Page (PHP) code that interacts with the database; (3) a file system that stores Flash files; and (4) an Apache webserver. Three classes of users interact with the Cre8MyCard system: card holders, financial institutions, and card manufacturers.
b. Customization by a remote customer
One way for a customer to customize a financial transaction card using the Cre8MyCard system is for a customer to access the website serving the Cre8MyCard system for the remote customer's financial institution, then download the Cre8MyCard software to the remote customer's browser. Serverside points out that there are other ways to access the Cre8MyCard system, including at an instant issuance kiosk and through Banno's iPad application. Cre8MyCard does not use remote customer passwords or usernames, but the parties dispute whether or not it requires remote customers to submit any information about themselves. More specifically, the Iowa Defendants allege that any remote customer can access and utilize the Cre8MyCard system to configure a financial transaction card for himself or herself or for a third party, and that the remote customer's identity is not verified by the Cre8MyCard system, nor determinable from the information recorded by the Cre8MyCard system during the card configuration process. Serverside counters that a remote customer can access and utilize the Cre8MyCard system to configure a financial transaction card only if that customer has the first name, last name, and personal account number (PAN) of a card holder. Serverside admits that the Cre8MyCard system does not require, nor does it take any steps to verify, that the remote customer and the card owner are the same person, but Serverside alleges that the intended use of the Cre8MyCard system is for card holders to customize their own cards.
One example of the Iowa Defendants' denial of Serverside's allegations on the basis that the allegation misstates or inaccurately summarizes the evidence cited in support relates to Serverside's allegation, in its Statement of Additional Material Facts (docket no. 134–3), ¶ 3, that “[t]he webserver can be accessed as a subdomain of a financial institution (e.g. bankiowa.cre8mycard.com) that points to the [Banno] webserver.” Another example is the Iowa Defendants' denial, on the same basis, of Serverside's allegation in its Statement of Additional Material Facts, ¶ 7, that “[t]he user interface contains a link from a financial institution webpage which connects the card holder's browser to the [Banno] Cre8MyCard server (e.g. bankiowa. cre8mycard.com for BIC).” In their Response To Plaintiffs' Statement Of Additional Material Facts (docket no. 136), ¶¶ 3, 7, the Iowa Defendants assert that these allegations are inaccurate summaries of the following portion of Mr. Arnold's deposition, which Serverside cited in support of them:
MR. ARNOLD: The three integration points are the client browser, which is the end user. If they come to the website with a subdomain of a financial institution, such as bankiowa.cre8mycard.com, this could also be used as a vanity domain. So they could have personalcard. bankiowa.com point to us, and we would also resolve to give them the content that the consumer would interact with.
Plaintiffs' Appendix at 200 (Arnold Deposition at 46:2–10).
Where Mr. Arnold testified that a customer could “come to the website with a subdomain of a financial institution,” it is not clear to me how Serverside's statement in ¶ 3 that “[t]he webserver can be accessed as a subdomain of a financial institution” is an inaccurate summary of that testimony. Similarly, it is not clear to me how Serverside's statement in ¶ 7 that “[t]he user interface contains a link from a financial institution webpage which connects the card holder's browser to the [Banno] Cre8MyCard server” is an inaccurate summary of that testimony. It may be that the parties' dispute is over what website “points” to the Banno webserver, an issue that Mr. Arnold's testimony seems to me to muddy rather than clarify.
I have avoided simply quoting Mr. Arnold's explanation of the Cre8MyCard system, Plaintiffs' Appendix at 44:14—46:15, as if it were undisputed, which appears to be the Iowa Defendants' position. Instead, I have stated that “one way to customize a financial transaction card using the Cre8MyCard system is for a customer to access the website serving the Cre8MyCard system for the remote customer's financial institution, then download the Cre8MyCard software to the remote customer's browser,” which is a clearly material fact that is alleged by the Iowa Defendants and admitted by Serverside.
Once connected, the remote customer (Serverside alleges “card holder,” but the Iowa Defendants deny that the remote customer must actually be the “card holder”) is “authenticated” (according to Serverside) or “credentialed” (according to the Iowa Defendants) in one of three ways: (1) through the last four digits of their card number and their unique personal identification number (PIN), although the Iowa Defendants assert that this option applies only if the card is a debit card; (2) the remote customer's image is assigned an image ID and the financial institution manually reconciles the card image with the account when the customer comes into the institution, although the Iowa Defendants allege that this option applies only to new customers; and (3) the card holder bank account number, primary account number (PAN), or user-supplied information is associated with the session ID of the webserver (as Serverside alleges) or a manual lookup can be performed to match the name and bank account number with the image (as the Iowa Defendants allege).
Once a remote customer has accessed the Cre8MyCard system via the website serving the Cre8MyCard system and downloads the software, the remote customer is allowed to select a card product type ( i.e., a photo ID card, full image card, debit card, credit card, prepaid card, or photocard) that the remote customer wishes to configure. The remote customer then selects an image provided from a third-party gallery, a social media site, or the computer that the remote customer is using. The remote customer (again, Serverside alleges “card holder,” but the Iowa Defendants deny that the remote customer must be the “card holder”) can select images for customization in several different ways: (1) the image data can be sent from the remote customer's computer to the remote customer's web browser without sending the image to the server before manipulation; (2) a thumbnail image can be selected from the gallery and the full resolution image is downloaded to the client; or (3) a third-party web service ( e.g., Facebook, Flickr) is accessed to download the image to the remote customer's browser.
Next, the Cre8MyCard software downloaded to the remote customer's web browser allows the remote customer to manipulate the chosen image, for example, by shrinking, enlarging, or rotating the image. The Iowa Defendants allege that the entire image manipulation process takes place on the remote customer's web browser, not on the Cre8MyCard web server. Serverside admits that the Iowa Defendants have not produced any evidence that the manipulation process occurs anywhere else, but Serverside argues that the only evidence produced by the Iowa Defendants about where the image is manipulated is “uncorroborated.” The Iowa Defendants allege that no information about the initial image or the manner in which the image is manipulated is sent to the Cre8MyCard server; rather, the Cre8MyCard server only receives the image in its final form once the image manipulation process is complete. Serverside denies this allegation, because it alleges that information about the card holder whose card will display the manipulated image is sent to the Cre8MyCard server. I do not believe that information about whose card will display the image is, by any sensible reading, information about the initial image or the manner in which the image was manipulated, so that Serverside has alleged an additional fact, but has not actually disputed (let alone refuted) the Iowa Defendants' allegation that no information about the initial image or the manner in which the image was manipulated is sent to the Cre8MyCard server.
After the image has been manipulated, the remote customer continues the card configuration process by filling in two alphanumericfields, which hold text strings consisting of the first and last name of the card owner, respectively, as well as a separate numeric field generally representative of the last four digits of the card owner's card number. Like the parties, I will call the information entered in the two alphanumeric fields and the numeric field “the Data.” Serverside alleges that the Data is used to identify the card holder as the remote customer who personalized the image in the Cre8MyCard system, but the Iowa Defendants deny this as unsupported by the record, again based on their contention that the remote customer does not have to be the card holder. The parties agree that, generally speaking, the financial institutions that utilize the Cre8MyCard system desire the numeric field to represent somewhere from four to six characters of the card owner's card number or account number. As a specific example, they agree that BIC uses the Cre8MyCard system's numeric field to gather the last four digits of the card owner's card number. The parties agree that, pursuant to ISO 7812, the first six digits of the PAN are reserved as the issuer identifier number (IIN), which is unique to each financial institution issuing financial transaction cards. The Cre8MyCard system does not store the card owner's entire card number or account number, because storage of that information in its entirety requires registration with, and strict regulation by, the federal government.
The Cre8MyCard system does not verify the accuracy of the Data, only that the remote customer has put letters (as opposed to other characters) into the alphanumeric fields and numbers (as opposed to other characters) into the numeric field. The Cre8MyCard system does not verify that the Data provided by the remote customer actually corresponds with an existing BIC account, but Serverside denies the Iowa Defendants' allegation that the Cre8MyCard system is not linked in any way to BIC's accounting system.
Next, the remote customer hits the “submit” button, and the Data, along with the image, are uploaded to Cre8MyCard's web server.
c. Processing of the customized card by the financial institution
The parties agree that the Data and the image are recorded by the Cre8MyCard system during the card configuration process and passed on to BIC, but Serverside alleges that the Cre8MyCard system also records a session ID. More specifically, after a remote customer hits the “submit” button for the image he or she wants on the subject card, the Cre8MyCard system uses a table called “Orders” to store the incoming domain name of the financial institution from which the card is being personalized, which is how Banno knows which financial institution to bill, and separate columns within the table for first name, last name, personal account number (PAN), and a foreign key that directs the user to another database table that holds all of the images, but the Iowa Defendants deny that there is a column for an Order identification of any kind.
It appears to me that this description, offered by the Iowa Defendants as the basis for a denial of Serverside's allegation in its Statement Of Additional Material Facts, ¶ 15, is not plainly different from, although perhaps clearer and more complete than, Serverside's version, which is that “Cre8MyCard uses an order table to store the incoming domain name, known as an institution key, which is unique to each financial institution, as well as the last name, first name, and last four digits of the card holder and a pointer to an image database.”
Through Banno's back-end system, BIC is then notified that a new order was placed using the Cre8MyCard system. Someone at BIC logs into Banno's administrative software to verify that the Data provided by the remote customer corresponds with an existing BIC account, and, if so, BIC orders the card for its customer ( i.e., the card owner) through a separate system operated by a third party (at least in the case of non-instant issuance). Specifically, financial institutions log on to Banno's system to review and approve images submitted by a remote customer (although the Iowa Defendants reiterate their contention that the “remote customer” is not necessarily the actual card holder) prior to undertaking the different steps utilized by each financial institution to print or manufacture its cards.
I have used this statement of the portion of Serverside's Statement of Additional Material Facts, ¶ 14, that the Iowa Defendants admit, see Iowa Defendants' Response To Plaintiffs' Statement Of Additional Material Facts (docket no. 136), ¶ 14, to address the parties' dispute regarding Serverside's allegations in two paragraphs of its Statement of Additional Material Facts, ¶ 4 (“Financial institution personnel use a browser to connect to the [Banno] webserver over the Internet with the URL, admin.cre8mycard.com”) and ¶ 14 (“The Cre8MyCard system provides a user interface to financial institutions, such as Bank of Iowa Corp. (‘BIC’), to review and approve images submitted by card holders prior to printing the card”).
d. Card manufacturing
Serverside denies that the system that BIC uses to order the card from a card manufacturer is “unrelated” to the Cre8MyCard system. While the Iowa Defendants allege that the Cre8MyCard system does not control any card manufacturing operations, Serverside disputes that allegation, because Serverside alleges, and the Iowa Defendants admit, that the Cre8MyCard system provides the financial transaction card manufacturer for a financial institution ( e.g., BIC) with an interface to retrieve images and associated data from the financial record of the remote customer that personalized the image to manufacture financial transaction cards customized by the remote customer. Serverside also alleges, and the Iowa Defendants admit, that the card manufacturer connects to the Banno webserver via the Banno API ( i.e., api.cre8mycard.com) using a connection secured by firewall trust security. Specifically, Mr. Arnold explained in his deposition that “api.cre8mycard.com ... is how the iPad version and the third-party card printers interact ... to get the images.” Plaintiffs' Appendix at 200 (Arnold Deposition at 46:13–15). Financial institutions (but not Banno) have contracts in place with electronic fund transfer (EFT) companies to have cards manufactured.
I have used “card manufacturing” and “card manufacturer” as interchangeable with “card printing” and “card printer,” which I believe is consistent with the parties' use of these terms.
I have quoted the pertinent part of Mr. Arnold's deposition to address the parties' dispute regarding Serverside's allegation in its Statement of Additional Material Facts, ¶ 5, that “[c]ard printers and those using the Cre8MyCard iPad client connect to the [Banno] webserver over the internet with the URL: api.cre8mycard.com.”
e. “Instant” production methods
As mentioned above, in addition to a remote customer accessing the Cre8MyCard system from his or her own computer, the Cre8MyCard system may also be accessed at an instant issuance kiosk and through Banno's iPad application. The Cre8MyCard iPad application, which is used in instant issue machines, is controlled by an employee of the financial institution and allows card holders to select an image from a gallery or download images from social media (Facebook, Flickr, Picasso), customize the downloaded image, and have the financial transaction card manufactured at the financial institution's location from an instant issuance machine.
It is not clear from the parties' Statements Of Material Facts whether or not the instant issuance kiosks can be used other than through the iPad application, nor is it clear whether the iPad application is used other than for the instant issuance kiosks.
The parties dispute whether “have” in this statement means “cause,” as Serverside alleges. See Serverside's Statement Of Additional Material Facts, ¶ 22; Iowa Defendants' Response To Plaintiffs' Statement Of Additional Material Facts, ¶ 22.
f. Use of hash codes and encryption in the accused system
The Iowa Defendants allege that the Cre8MyCard system does not use, nor has it ever used, hash codes or hashing techniques in its software. Serverside disputes this allegation, because Serverside alleges, and the Iowa Defendants admit, that the last numeric field, which is filled in with the last four or six digits of the card holder's PAN, is partly established by the remote customer's financial institution and that, pursuant to the ISO 7812 standard, the last digit of the PAN is calculated using the Luhn hash algorithm which uses the preceding digits of the PAN to compute the last digit.
The Iowa Defendants also allege that the Cre8MyCard system's software has no encryption or decryption algorithms, and that the only encryption involved in the Cre8MyCard process is the standard, everyday Security Sockets Layer (SSL) transmission over the internet, which is performed by a third party. Serverside asserts, based on deposition testimony by Mr. Arnold, that SSL transmission over the internet is encryption used in the Cre8MyCard process—both between remote customers and the Cre8MyCard server and between the Cre8MyCard server and card manufacturers —and alleges, further, that Transport Layer Security (TLS), the successor to SSL, is also used. The Iowa Defendants allege that the Cre8MyCard system does not provide BIC or any other customer with any encrypted information and that all information received by Banno's customers is unencrypted. Serverside denies this allegation, because it alleges that an exhibit used in the deposition of Mr. Arnold shows that data transmitted between the Cre8MyCard webserver and Banno's customer's browsers, such as BIC, is SSL/TLS encrypted.
The parties' dispute about the accuracy of Serverside's characterization of when SSL is used and whether or not it is encryption by or used in the Cre8MyCard System, based on Mr. Arnold's deposition testimony, is stated in more detail in Serverside's Statement of Additional Material Facts, ¶ 8, and the Iowa Defendants' response to that allegation. I believe that I have correctly characterized Mr. Arnold's testimony in the portions of his deposition cited by the parties to be that SSL is used both between remote customers and the Cre8MyCard server and between the Cre8MyCard server and card manufacturers.
C. Standards For Summary Judgment
I must determine whether or not the Iowa Defendants are entitled to summary judgment that the Cre8MyCard system described above does not infringe the patents-in-suit. As the Federal Circuit Court of Appeals recently reiterated, in patent-infringement actions, that court “review[s] the grant of summary judgment under the law of the regional circuit in which the district court sits,” here, the Eighth Circuit. Keurig, Inc. v. Sturm Foods, Inc., 732 F.3d 1370, 1372 (Fed.Cir.2013).
Under Supreme Court and Eighth Circuit precedent, summary judgment is only appropriate when “the pleadings, depositions,answers to interrogatories, and admissions on file, together with affidavits, if any, show that there is no genuine issue of material fact and that the moving party is entitled to a judgment as a matter of law.” Fed.R.Civ.P. 56(c) (emphasis added); see Woods v. DaimlerChrysler Corp., 409 F.3d 984, 990 (8th Cir.2005) (“Summary judgment is appropriate if viewing the record in the light most favorable to the nonmoving party, there are no genuine issues of material fact and the moving party is entitled to judgment as a matter of law.”); see generally Celotex Corp. v. Catrett, 477 U.S. 317, 323–24, 106 S.Ct. 2548, 91 L.Ed.2d 265 (1986). Thus, “[t]he movant ‘bears the initial responsibility of informing the district court of the basis for its motion,’ and must identify ‘those portions of [the record] ... which it believes demonstrate the absence of a genuine issue of material fact.’ ” Torgerson v. City of Rochester, 643 F.3d 1031, 1042 (8th Cir.2011) ( en Banc ) (quoting Celotex, 477 U.S. at 323, 106 S.Ct. 2548). In response, “[t]he nonmovant ‘must do more than simply show that there is some metaphysical doubt as to the material facts,’ and must come forward with ‘specific facts showing that there is a genuine issue for trial.’ ” Id. (quoting Matsushita Elec. Indus. Co. v. Zenith Radio Corp., 475 U.S. 574, 586–87, 106 S.Ct. 1348, 89 L.Ed.2d 538 (1986)). “Only disputes over facts that might affect the outcome of the suit under the governing law will properly preclude the entry of summary judgment.” Anderson v. Liberty Lobby, Inc., 477 U.S. 242, 248, 106 S.Ct. 2505, 91 L.Ed.2d 202 (1986); Ryan v. Capital Contractors, Inc., 679 F.3d 772, 776 (8th Cir.2012).
When the parties have met their burden, the district judge's task is as follows:
“On a motion for summary judgment, ‘facts must be viewed in the light most favorable to the nonmoving party only if there is a genuine dispute as to those facts.’ ” Ricci v. DeStefano, 557 U.S. 557, 129 S.Ct. 2658, 2677, 174 L.Ed.2d 490 (2009) quoting Scott v. Harris, 550 U.S. 372, 380, 127 S.Ct. 1769, 167 L.Ed.2d 686 (2007) (internal quotations omitted). “Credibility determinations, the weighing of the evidence, and the drawing of legitimate inferences from the facts are jury functions, not those of a judge.” Reeves v. Sanderson Plumbing Prods., Inc., 530 U.S. 133, 150, 120 S.Ct. 2097, 147 L.Ed.2d 105 (2000), quoting Anderson v. Liberty Lobby, Inc., 477 U.S. 242, 255, 106 S.Ct. 2505, 91 L.Ed.2d 202 (1986). .... “ ‘Where the record taken as a whole could not lead a rational trier of fact to find for the nonmoving party, there is no genuine issue for trial.’ ” Ricci, 129 S.Ct. at 2677, quoting Matsushita, 475 U.S. at 587, 106 S.Ct. 1348.
Torgerson, 643 F.3d at 1042–43. Summary judgment is particularly appropriate when only questions of law are involved, rather than factual issues that may or may not be subject to genuine dispute. See, e.g., Cremona v. R.S. Bacon Veneer Co., 433 F.3d 617, 620 (8th Cir.2006).
D. Standards For Patent Infringement
Here, the “governing law” against which the parties' factual contentions must be measured on summary judgment, see Anderson, 477 U.S. at 248, 106 S.Ct. 2505, is the law of patent infringement. Of course, “Federal Circuit law applies to ‘issues of substantive patent law and certain procedural issues pertaining to patent law.’ ” Pregis Corp. v. Kappos, 700 F.3d 1348, 1353 (Fed.Cir.2012) (quoting Research Corp. Techs., Inc. v. Microsoft Corp., 536 F.3d 1247, 1255 (Fed.Cir.2008)). Under Federal Circuit precedent, “ ‘[a] determination of infringement is a question of fact,’ ” id. (quoting ACCO Brands, Inc. v. ABA Locks Mfr. Co., 501 F.3d 1307, 1311 (Fed.Cir.2007)), but “like other issues in which there are no disputed factual questions, [it] may properly be decided by summary judgment.” Keurig, 732 F.3d at 1373.
In its Complaint, Serverside alleges both “direct” and “indirect” infringement of its patents. “Direct infringement requires proof by preponderant evidence that the defendant performs (if a method claim) or uses (if a product claim) each element of a claim, either literally or under the doctrine of equivalents.” Cheese Systems, Inc. v. Tetra Pak Cheese and Powder Systems, Inc., 725 F.3d 1341, 1348 (Fed.Cir.2013). In contrast, “indirect infringement” occurs when a party actively induces others to directly infringe a patent. Moba, B.V. v. Diamond Automation, Inc., 325 F.3d 1306, 1318 (Fed.Cir.2003) (citing 35 U.S.C. § 271(b)). Here, the parties have not put at issue in their summary judgment briefing whether or not the Iowa Defendants indirectly infringe the patents-in-suit. Therefore, I will focus on “direct” infringement. Also, as explained, below, in Section III.E.1, beginning on page 46, infringement under the “doctrine of equivalents” is not at issue on the Iowa Defendants' Motion For Summary Judgment. Therefore, I will focus on “literal” infringement.
Thus,
To establish liability for direct infringement of a claimed method or process under 35 U.S.C. § 271(a), a patentee must prove that each and every step of the method or process was performed. See Akamai Techs., Inc. v. Limelight Networks, Inc., 692 F.3d 1301, 1307 (Fed.Cir.2012) (en banc). In cases in which more than one entity performs the steps of a claimed method or process, a party is liable for direct infringement only if that party exercises “control or direction” over the performance of each step of the claim, including those that the party does not itself perform. Golden Hour Data Sys., Inc. v. emsCharts, Inc., 614 F.3d 1367, 1381 (Fed.Cir.2010) (“Where the combined actions of multiple parties are alleged to infringe process claims, the patent holder must prove that one party exercised control or direction over the entire process such that all steps of the process can be attributed to the controlling party, i.e., the mastermind.” (internal quotation marks omitted)); see also Muniauction, Inc. v. Thomson Corp., 532 F.3d 1318, 1329 (Fed.Cir.2008); BMC Res., Inc. v. Paymentech, L.P., 498 F.3d 1373, 1380 (Fed.Cir.2007) (“Courts faced with a divided infringement theory have also generally refused to find liability where one party did not control or direct each step of the patented process.”) overruled on other grounds by Akamai, 692 F.3d at 1306. The determination is a fact-specific inquiry; relevant considerations include whether the accused direct infringer “provides instructions or directions” to another entity for performing steps of the patented process or, on the other hand, “contract[s] out steps of a patented process to another entity.” BMC, 498 F.3d at 1381.
Move, Inc. v. Real Estate Alliance Ltd., 709 F.3d 1117, 1123 (Fed.Cir.2013).
As the Federal Circuit Court of Appeals has explained,
Determining literal infringement is a two step process: [ (1) ] the “proper construction of the asserted claim and [ (2) ] a determination whether the claim as properly construed reads on the accused product or method.” Georgia–Pacific Corp. v. U.S. Gypsum Co., 195 F.3d 1322, 1330 (Fed.Cir.1999). The first step is a question of law, which we review de novo. Id. The second step is a question of fact, which we review for substantial evidence. i4i Ltd. P'Ship v. Microsoft Corp., 598 F.3d 831, 849 (Fed.Cir.2010), aff'd,––– U.S. ––––, 131 S.Ct. 2238, 180 L.Ed.2d 131 (2011).
ActiveVideo Networks, Inc., 694 F.3d at 1319. “ ‘To establish literal infringement, every limitation set forth in a claim must be found in an accused product, exactly.’ ” Transocean Offshore Deepwater Drilling, Inc. v. Maersk Drilling USA, Inc., 699 F.3d 1340, 1356 (Fed.Cir.2012) (quoting Southwall Techs., Inc. v. Cardinal IG Co., 54 F.3d 1570, 1575 (Fed.Cir.1995)). More specifically, for present purposes, “[t]o infringe a method claim, all steps of the claimed method must be performed.” Mirror Worlds, L.L.C. v. Apple, Inc., 692 F.3d 1351, 1358 (Fed.Cir.2012) (citing Lucent Techs., Inc. v. Gateway, Inc., 580 F.3d 1301, 1317 (Fed.Cir.2009), and 35 U.S.C. § 271). The Federal Circuit Court of Appeals has explained that “ ‘[u]nless the steps of a method actually recite an order, the steps are not ordinarily construed to require one,’ ” but the order of steps must be the same “when the method steps implicitly require that they be performed in the order written.” Altiris, Inc. v. Symantec Corp., 318 F.3d 1363, 1369 (8th Cir.2003) (noting, further, that claim language may indicate, “as a matter of logic or grammar,” that the steps be performed in the order written (citing Interactive Gift Express, Inc. v. Compuserve Inc., 256 F.3d 1323, 1342–43 (Fed.Cir.2001))).
“A patentee need not always have direct evidence of infringement, as infringement may be established by circumstantial evidence.” Mirror Worlds, L.L.C., 692 F.3d at 1358. “Circumstantial evidence must show that at least one person directly infringed an asserted claim during the relevant time period.” Toshiba Corp. v. Imation Corp., 681 F.3d 1358, 1364 (Fed.Cir.2012). Such circumstantial evidence may include installing, maintaining, demonstrating, and managing infringing systems for customers, or live testing. See ePlus, Inc. v. Lawson Software, Inc., 700 F.3d 509, 521 (Fed.Cir.2012). It may also include evidence that an alleged infringer designed a product for use in an infringing way and instructed users to use the product in an infringing way. Toshiba Corp., 681 F.3d at 1365. Circumstantial evidence of performing the method does not include demonstrating the accused method to a jury during a trial. Mirror Worlds, L.L.C., 692 F.3d at 1359.
In Lucent Technologies, Inc. v. Gateway, Inc., 580 F.3d 1301 (Fed.Cir.2009), the court provided this discussion of circumstantial evidence:
[I]n the present case, the jury reviewed evidence relating to the extensive sales of Microsoft products and the dissemination of instruction manuals for the Microsoft products. The jury also heard corresponding testimony from Lucent's infringement expert. The circumstantial documentary evidence, supplementing the experts' testimony, was just barely sufficient to permit the jury to find direct infringement by a preponderance of the evidence. As in Moleculon [ Research Corp. v. CBS, Inc., 793 F.2d 1261 (Fed.Cir.1986) ], the jury in the present case could have reasonably concluded that, sometime during the relevant period from 2003 to 2006, more likely than not one person somewhere in the United States had performed the claimed method using the Microsoft products. See Moleculon, 793 F.2d at 1272 (“It is hornbook law that direct evidence of a fact is not necessary. ‘Circumstantial evidence is not only sufficient, but may also be more certain, satisfying and persuasive than direct evidence.’ ” (quoting Michalic v. Cleveland Tankers, Inc., 364 U.S. 325, 330, 81 S.Ct. 6, 5 L.Ed.2d 20 (1960))); see also Alco Standard Corp. v. Tenn. Valley Auth., 808 F.2d 1490, 1503 (Fed.Cir.1986) (“Although the evidence of infringement is circumstantial, that does not make it any less credible or persuasive.”).
Lucent, 580 F.3d at 1318.
As to frequency of infringement, “[d]irect infringement of a method claim can be based on even one instance of the claimed method being performed.” Mirror Worlds, L.L.C., 692 F.3d at 1358 (citing Lucent, 580 F.3d at 1317);Toshiba Corp., 681 F.3d at 1364 (citing Lucent, 580 F.3d at 1317). Furthermore, an accused method or system “ ‘that sometimes, but not always, embodies a claimed method nonetheless infringes.’ ” Cross Medical Prods., Inc. v. Medtronic Sofamor Danek, Inc., 424 F.3d 1293, 1311 (Fed.Cir.2005)(quoting Bell Commc'ns Research, Inc. v. Vitalink Commc'ns Corp., 55 F.3d 615, 622–23 (Fed.Cir.1995), and citing Hilgraeve Corp. v. Symantec Corp., 265 F.3d 1336, 1343 (Fed.Cir.2001), but noting that this rule does not apply to apparatus claims). Circumstantial evidence that an accused method infringes “at least a small percentage of the time” is sufficient for a factfinder to conclude that direct infringement has occurred. Vita–Mix Corp. v. Basic Holding, Inc., 581 F.3d 1317, 1326 (Fed.Cir.2009).
Just as importantly, here, where the patents-in-suit claim both “[a]n apparatus and method for manipulating images,” '199 Patent, Abstract, the Federal Circuit Court of Appeals has explained, “[T]o infringe a claim that recites capability and not actual operation, an accused device ‘need only be capable of operating’ in the described mode.” Finjan, Inc. v. Secure Computing Corp., 626 F.3d 1197, 1204 (Fed.Cir.2010) (quoting Intel Corp. v. U.S. Int'l Trade Comm'n, 946 F.2d 821, 832 (Fed.Cir.1991)). In Finjan, the court noted that the “apparatus” claims “do not require that the proactive scanning software be configured in a particular way to infringe—only that it be programmed for performing the claimed steps.” Id. Here, while the steps of claim 1 of the patents-in-suit refer to various “modules” that are “configured” to perform certain tasks or to receive certain information, they do not require that the “modules” be configured in a particular way to perform those tasks or to receive that information. Cf. id. (comparing software that was programmed to perform claimed steps to a claim requiring a locking device's pin to extend through a slot in a specific configuration). Thus, the question for infringement is whether an accused system is “capable of operating in the described mode,” not whether it is actually operated in the described mode. Id.
Where an accused method or system does not infringe independent claims, it also cannot infringe associated dependent claims as a matter of law. See Voter Verified, Inc. v. Premier Election Solutions, Inc., 698 F.3d 1374, 1383 (Fed.Cir.2012) (citing Wahpeton Canvas Co. v. Frontier, Inc., 870 F.2d 1546, 1552 n. 9 (Fed.Cir.1989)).
E. Grounds For Summary Judgment
In their Motion For Summary Judgment, the Iowa Defendants assert that two elements (or limitations) of claim 1 of the '199 patent and three elements (or limitations) of claim 1 of the '490 patent are not infringed, which Serverside disputes. I will consider those grounds for summary judgment in turn, below. First, however, I will address two grounds for summary judgment that are no longer in dispute and some further implications of the Iowa Defendants' Motion For Summary Judgment that the parties did not expressly address.
1. Infringement under the doctrine of equivalents
The Iowa Defendants argue that the limitations “secure unique identifier” and “one-way code,” as recited in the '199 patent, and “encrypted customer information,” as recited in the '490 patent, are not entitled to equivalents. In response, Serverside states that it has not argued that the Cre8MyCard system infringes the “secure unique identifier,” “one-way code,” or “encrypted customer information” limitations under the doctrine of equivalents, because there is no need to do so, where those limitations are literally infringed. I conclude that Serverside has restricted its infringement claims concerning these limitations of the patents-in-suit to “literal” infringement, by failing to come forward with “specific facts showing that there is a genuine issue for trial” on infringement of those limitations under the doctrine of equivalents. Torgerson, 643 F.3d at 1042 (internal quotation marks and citations omitted). Consequently, the Iowa Defendants are entitled to summary judgment on any claim of infringement of these limitations under the doctrine of equivalents.
2. Implications of non-infringement of the first claims
The Iowa Defendants also assert that it is axiomatic that dependent claims of a patent cannot be infringed, unless the independent claim from which they depend is also infringed, citing Wahpeton Canvas Co. v. Frontier, Inc., 870 F.2d 1546, 1553 (Fed.Cir.1989). Thus, they contend that, if independent claim 1 of a patent at issue is not infringed, then, as a matter of law, neither are dependent claims 2, 9, 14, 15, 16, 18 and 22 of that patent. Serverside responds that the Iowa Defendants do infringe independent claim 1 of each patent.
Because Serverside has not attempted to generate genuine issues of material fact on infringement of the dependent claims, if the independent claims from which they depend are not infringed—and, indeed, they could not do so, as a matter of law, see Wahpeton Canvas, 870 F.2d at 1552–53 & n. 9;accord Voter Verified, Inc., 698 F.3d at 1383—I will not separately consider infringement of the dependent claims specifically identified by the Iowa Defendants. Torgerson, 643 F.3d at 1042 (the non-moving party must generate genuine issues of material fact to avoid summary judgment); Cremona, 433 F.3d at 620 (explaining that summary judgment is particularly appropriate when only questions of law are involved, rather than factual issues that may or may not be subject to genuine dispute). Rather, I conclude that whether or not assertions of infringement of these dependent claims survive the Iowa Defendants' Motion For Summary Judgment depends upon my disposition of infringement claims as to independent claim 1 of the respective patent.
This conclusion still leaves at issue claims 25, 29, and 30 of the '199 patent and claims 25, and 29–31 of the '490 patent, which Serverside alleges are also infringed by the Iowa Defendants' Cre8MyCard system, see Complaint, Counts I and II, but which the parties do not address in their summary judgment briefing. In my Markman ruling, I noted that there was some dispute as to whether or not at least some of these patent claims were “independent” or “dependent,” as follows:
This issue [of how “dependent” and “independent” claims are defined] may be of more than academic interest here—eventually, if not immediately—because Serverside asserts that “claims 1 and 29 of the '199 patent, and claims 1 and 29–31 of the '490 patent, are independent,” Plaintiffs' Opening Brief at 3, notwithstanding that claim 29 of the '199 patent expressly incorporates “the computerized financial transaction card production equipment of claim 1 operable to apply the resulting image to a financial transaction card.” In contrast, the Iowa Defendants assert that only claim 1 of the '199 patent is “independent,” although they agree that claims 1 and 29–31 of the '490 patent are “independent.” Defendants' Opening Brief at 1.
Serverside, 927 F.Supp.2d at 645 n. 3. The issue of whether claims 25, 29, and 30 of the '199 patent and claims 25, and 29–31 of the '490 patent are “dependent” or “independent” is of more than academic interest now, because whether or not these patent claims are infringed might depend on their relationship to independent claim 1 of their respective patents. See Wahpeton Canvas, 870 F.2d at 1552–53 & n. 9;accord Voter Verified, Inc., 698 F.3d at 1383. Unfortunately,the parties not only failed to address whether these patent claims are “dependent” or “independent” in their summary judgment briefing, but they have failed to present any other arguments concerning infringement of these patent claims.
Nevertheless, I can still determine whether allegations of infringement of these overlooked patent claims can be decided as a matter of law, based on my disposition of the arguments that the parties have made about infringement of claim 1 of each patent, at least where the parties have had a full and fair opportunity to contest the determinative issue. Cremona, 433 F.3d at 620 (explaining that summary judgment is particularly appropriate when only questions of law are involved, rather than factual issues that may or may not be subject to genuine dispute); Heisler v. Metropolitan Council, 339 F.3d 622, 631–32 (8th Cir.2003) (explaining that summary judgment may be granted sua sponte if the court's ruling on issues properly raised forecloses as a matter of law the claim on which the court wishes to grant summary judgment sua sponte ); Madewell v. Downs, 68 F.3d 1030, 1048 (8th Cir.1995) (explaining that a district court may enter summary judgment sua sponte where the parties had an adequate opportunity to address the determinative issues and were on notice that the right to judgment as a matter of law was at stake on those issues).
Specifically, I note that the language of claim 25 is identical in the two patents-in-suit, and that claim 25 in each patent expressly incorporates “the computerized financial transaction card production equipment of claim 1 operable to apply the resulting image to a financial transaction card.” See Serverside, 927 F.Supp.2d at 641–43 (chart of patent claims allegedly infringed quoting claim language); id. at 645 n. 3 (noting this language in claim 25). Similarly, claims 29 and 30 of the '199 patent incorporate claim 1 and claim 29 of that patent, respectively. See id. at 641–43. Thus, whether or not claim 25 of each patent and claims 28 and 29 of the '199 patent are “independent” or “dependent,” under the definitions identified in my Markman ruling, id. at 645–46 & n. 3, they plainly cannot survive if claim 1 of the respective patent cannot survive—a matter clearly in dispute on the Iowa Defendants' Motion For Summary Judgment—where they specifically incorporate claim 1 of the respective patent or a claim that, in turn, incorporates claim 1. To put it another way, if the limitations of an incorporated claim are not infringed as a matter of law, then neither is a claim incorporating it, as a matter of law.
In my Markman ruling, I observed, “The Federal Circuit Court of Appeals apparently knows an ‘independent’ claim when it sees one, because finding a clear definition of an ‘independent’ claim in Federal Circuit case law has proved far more difficult than I would have imagined, and the relevant statute and federal regulation also are not particularly helpful.” Serverside, 927 F.Supp.2d at 645 n. 3. I also set out various, admittedly conflicting definitions of “independent” claim from regulations, case law, and commentators. See id. (citing 37 C.F.R. § 1.75(e); Monsanto Co. v. Syngenta Seeds, Inc., 503 F.3d 1352, 1357 (Fed.Cir.2007); and Jason M. Nolan, Formalism And Patent Claim Drafting: The Status Of De Facto Independent Claims Under The Fourth Paragraph Of 35 U.S.C. § 112, 19 Tex. Intell. Prop. L.J.. 263, 275, 294 (Winter 2011)).
The analysis of claims 29–31 of the '490 patent is a little different, because those patent claims do not incorporate any other patent claims. Nevertheless, whether or not claims 29–31 of the '490 patent are “dependent” or “independent” claims, all of them include the “encrypted customer information”/“encrypted remote user information” limitation of claim 1 of the ' 490 patent—a limitation plainly at issue in the Iowa Defendants' Motion For Summary Judgment of non-infringement of claim 1 of the '490 patent. Thus, if claim 1 of the '490 patent is not infringed on the basis of this limitation, then neither are these claims, and the Iowa Defendants will be entitled to summary judgment on allegations of infringement of these patent claims, as a matter of law, as well.
I turn now to the Iowa Defendants' hotly contested grounds for summary judgment.
3. Absence of “a customer identifier that corresponds to the remote customer that personalized said image,” as claimed in the '199 and the '490 patents
Claim 1 of the '199 patent and claim 1 of the '490 patent include the following element or limitation: “a module configured to receive a customer identifier that corresponds to the remote customer that personalized said image.” '199 Patent, Claim 1 (italics indicating “disputed” claim term); ' 490 Patent, Claim 1 (same). As noted in the chart of “Disputed Claim Terms,” supra, page 916, in my Markman ruling, I construed the “disputed” claim term in this limitation to mean “a signal, character, or group of characters that matches with the customer that personalized the image.” The Iowa Defendants contend that this limitation is not literally infringed, as a matter of law, but Serverside disputes that contention.
a. Arguments of the parties
The Iowa Defendants argue that this limitation is not infringed, because the Cre8MyCard system allows the “remote customer” and the “card owner” to be different people, and it only records the Data in relation to the “card owner” (that is, first name, last name, and last four digits of the card number), rather than any data associated with the “remote customer.” Somewhat more specifically, they argue that the “remote customer” must submit the Data about the “card owner,” but no information about themselves, the Cre8MyCard system does not use “remote customer” passwords or usernames, and a third party could customize a card for the “card owner” using the Cre8MyCard system. In short, they argue, the Cre8MyCard system “knows nothing about the identity of the ‘remote customer that personalized said image,’ and is agnostic with regard to the Data provided by the remote customer.” They argue that, in contrast, claim 1 of both the '199 patent and the '490 patent requires the use of a “customer identifier that corresponds to the remote customer that personalized said image.”
Serverside argues that the Cre8MyCard system provides exactly what the court has construed “customer identifier” to be. Serverside argues that Mr. Arnold has admitted that the Cre8MyCard system receives the combination of the card owner's first name, last name, and last four digits of the PAN as a customer identifier that corresponds to the remote customer that personalized the image. Serverside argues that the combination of information in the Data comprises “a signal, character, or group of characters that matches with the customer that personalized the image.” Serverside points out that the court's construction does not require that the Cre8MyCard system use remote customer passwords or usernames, that the intended use of the Cre8MyCard system is for the card holders to customize their own financial transaction cards, and that any third party who customizes a card (if that scenario has ever occurred, and Serverside contends that the Iowa Defendants have offered no evidence that it ever has) must be acting as an agent of the card owner.
In reply, the Iowa Defendants reiterate that the Cre8MyCard system does not require that the remote customer who is personalizing the image be the actual card holder, meaning that Banno's customer identifier of first name, last name, and last four digits of the personal account number matches only the card holder, not necessarily the remote customer. They also argue that nothing in the claims, specifications, or claim construction supports Serverside's argument that a third party who customizes a card for a card owner must be acting as an agent of the card owner. They argue that, because the Cre8MyCard system has no way of knowing who actually personalized an image ordered through the system, only that an image has been personalized and a card has been ordered, the Cre8MyCard system clearly does not require a customer identifier that corresponds to or matches with the remote customer who personalized the image.
b. Analysis
As the movants for summary judgment, the Iowa Defendants must “inform [ ] the district court of the basis for [their] motion, and must identify those portions of [the record] ... which [they] believe[ ] demonstrate the absence of a genuine issue of material fact.” Torgerson, 643 F.3d at 1042 (internal quotation marks and citations omitted). Here, this standard requires the Iowa Defendants to point to some basis in the patents or in the court's construction of the pertinent claim terms for their contention that, in claim 1 of the patents-in-suit, the “remote customer” must be the “card holder.” See ActiveVideo Networks, Inc., 694 F.3d at 1319 (explaining that the first step in the two-step process for determining literal infringement is “the proper construction of the asserted claim”). This they have failed to do.
Specifically, the Iowa Defendants have not identified where, in the claim language, my construction of the claim terms, or the specification, the patents-in-suit require passwords or usernames, or any language that demonstrates that the claimed system knows the identity of the “remote customer that personalized said image,” or any language that prevents a third party from customizing a card for a card holder. Indeed, my reading of the claimed invention is that, like the Cre8MyCard system, it “knows nothing about the identity of the ‘remote customer that personalized said image,’ and is agnostic with regard to the [information] provided by the remote customer.” Thus, in the first instance, the Iowa Defendants are attempting to impose limitations for which they have identified no basis in the patents-in-suit. Doing so is at least as egregious an error as importing limitations from the specification into the claims. See, e.g., Deere & Co. v. Bush Hog, L.L.C., 703 F.3d 1349, 1353–54 (Fed.Cir.2012) (citing Phillips v. AWH Corp., 415 F.3d 1303, 1323 (Fed.Cir.2005) (en banc)).
What the claimed invention requires, as I have construed pertinent claim terms in my Markman ruling, is “a signal, character, or group of characters that matches with the customer that personalized the image.” Neither a requirement that the customer identifier “matches with,” nor the actual claim term, “corresponds to,” the customer that personalized the image requires that the remote customer that personalized the image be the card holder or account holder—although that might well be the case in the vast majority of instances in which the claimed invention is practiced. While I construed “customer identifier” as “some ‘signal or character’ or group of characters that can be used to ‘identify’ the customer,” see Serverside, 927 F.Supp.2d at 656, I never construed “customer identifier” to require that the remote customer who personalized the card be the card holder or account holder, or even that the “customer identifier” reveal the “identity” of the remote customer. Nor can a purported requirement that the remote customer be the card holder or account holder be drawn from my construction of “corresponds to” as “matches with.” See id. at 656;see also id. at 690 (reiterating this construction as the court's final construction). The “customer identifier” was construed to “match with” the remote customer, not to “match” the remote customer “with” the card holder or account holder, i.e., to identify the remote customer as the card holder, nor was it construed to “match” the remote customer “with” a specific person's identity. Id. Rather, the “customer identifier” was simply construed to “match with” the “remote customer,” for purposes of practicing the claimed method, whoever the “remote customer” might actually be outside of the practice of the claimed method.
The element of claim 1 of the patents-in-suit that I find comes closest to suggesting that the remote customer must be the card holder or account holder in the claimed invention is one not identified or relied on by the Iowa Defendants in their summary judgment arguments. That element is the one after the element at issue here, which requires “a module configured to receive a financial record of the remote customer that personalized the image,” where bold indicates an “undisputed” claim term. See Claim 1 side-by-side chart, supra, page 915. As I noted in my Markman ruling, the “undisputed” claim term in this element had been construed by the Delaware court “only by dropping ‘remote,’ so that its construction is ‘record of financial information of the customer that personalized the image,’ ” a construction that I then adopted. Serverside, 927 F.Supp.2d at 656–57. There are further references in the Abstract and the Detailed Description of the patents-in-suit to “financial account of the customer” or “the customer's financial information.” See, e.g., '199 Patent, Abstract; Detailed Description, 4:60–63, 10:65–11:8. These references suggest that the patents-in-suit assumed—if they did not, in fact, require—that the “remote customer” who personalized the image for a transaction card would be the card holder or account holder.
Yet, even if the claimed invention requires that the “remote customer” be the card holder or account holder, not a third party, the Iowa Defendants have failed to demonstrate that their Cre8MyCard system does not infringe this element as a matter of law. The second step in the determination of literal infringement requires “a determination [of] whether the claim as properly construed reads on the accused product or method.” ActiveVideo Networks, Inc., 694 F.3d at 1319 (internal quotation marks and citations omitted). While the Iowa Defendants have pointed to evidence that the Cre8MyCard system can be used by a third party to customize a transaction card for a card holder or account holder, see Torgerson, 643 F.3d at 1042, that is not the end of the matter. Serverside has demonstrated—or has, at least, generated genuine issues of material fact—that the Cre8MyCard system can also be used by the card holder to personalize his or her own card, which would be an infringing performance of the method. Id. at 1042 (stating the non-movant's burden to resist summary judgment). As explained in somewhat more detail, above, “[d]irect infringement of a method claim can be based on even one instance of the claimed method being performed,” Mirror Worlds, L.L.C., 692 F.3d at 1358 (citing Lucent, 580 F.3d at 1317); evidence that an accused method or system “sometimes, but not always, embodies a claimed method,” Cross Medical Prods., Inc., 424 F.3d at 1311 (internal quotation marks and citations omitted); or by circumstantial evidence that an accused method infringes “at least a small percentage of the time,” Vita–Mix Corp., 581 F.3d at 1326. Similarly, as to “apparatus” claims, Serverside has generated genuine issues of material fact that the claim in question recites only capability, and not actual operation, and that the accused system is “capable of operating in the described mode,” that is, for a card holder to personalize his or her own card. Finjan, Inc., 626 F.3d at 1204. Serverside has also marshaled evidence that Banno designed a product for use in an infringing way—allowing card holders or account holders to personalize their own transaction cards—and instructed users to use the product in an infringing way. Toshiba Corp., 681 F.3d at 1365.
Thus, Serverside has pointed to evidence that the Cre8MyCard system uses “a customer identifier that corresponds to the remote customer that personalized said image,” where the Cre8MyCard system does use “a signal, character, or group of characters that matches with the customer that personalized the image.” Specifically, the Cre8MyCard system requires the remote customer to enter the card holder's first and last name and last four digits of the card holder's PAN in the two alphanumeric and one numeric field (the Data). Thus, the Data constitute the “signal, character, or group of characters that matches with the customer that personalized the image,” even if that “signal, character, or group of characters” does not reveal the identity of the remote customer. When the remote customer hits the “submit” button, the Data, along with the image, are uploaded to Cre8MyCard's web server for further processing of the remote customer's personalized card order, and the Cre8MyCard system uses a table called “Orders” to store the incoming domain name of the financial institution from which the card is being personalized, and separate columns within the table for first name, last name, personal account number (PAN), and a foreign key that directs the user to another database table that holds all of the images. Thus, the “signal, character, or group of characters” is “matche[d] with the remote customer that personalized the image,” because the Data is “matche[d] with” or “correspond[s] to” the remote customer and his or her order throughout the processing of the personalized card.
Therefore, the Iowa Defendants are not entitled to summary judgment that they do not infringe, as a matter of law, the element of claim 1 of each of the patents-in-suit that requires “a module configured to receive a customer identifier that corresponds to the remote customer that personalized said image.” '199 Patent, Claim 1 (italics indicating “disputed” claim term); ' 490 Patent, Claim 1 (same).
4. Absence of a “customer identifier [that] comprises an identifier selected from a secure unique identifier and a one-way code,” as claimed in the '199 patent
Claim 1 of the '199 patent includes the following element or limitation: a module configured to receive a customer identifier that corresponds to the remote customer that personalized said image ... wherein the customer identifier comprises an identifier selected from a secure unique identifier and a one-way code. '199 Patent, Claim 1 (bold indicating “undisputed” claim terms, italics indicating “disputed” claim terms, and underlining indicating claim language that differs between the two patents). As noted in the chart of “Disputed Claim Terms,” supra, page 916, in my Markman ruling, I construed “secure unique identifier,” a “disputed” claim term, to mean “a secure, unique signal, character, or group of characters that can be used to identify the customer.” As noted in the chart of “Undisputed Claim Terms,” supra, page 916, in my Markman ruling, I construed “one-way code,” an “undisputed” claim term, to mean “a hash value created from customer information.” The Iowa Defendants contend that they do not infringe this element of claim 1 of the '199 patent, even if a factfinder interprets the Data—in their view, erroneously—to constitute “a customer identifier that corresponds to a remote customer.” Serverside also disputes this contention.
a. Arguments of the parties
The Iowa Defendants argue that, to infringe claim 1 of the '199 patent, the alleged “customer identifier” in the Cre8MyCard system (the Data) must include either a “hash code” or a “secure unique identifier,” but the Cre8MyCard system does not. They contend that it is undisputed that the Cre8MyCard system does not use, and has never used, hashing or a hash code, so that it does not use a “one-way code.” They also contend that the Data clearly are not “unique” or “secure,” so that this alternative also is not present in the Cre8MyCard system. More specifically, they argue that the Cre8MyCard system does not “provide” a “unique” customer identifier, because of the possibility—however small—that two card owners may exist who have the same first names, last names, and last four digits of their card numbers. They also argue that the Cre8MyCard system does not “provide” a “secure” customer identifier, because The Cre8MyCard system does not verify the accuracy of the Data provided by the remote customer in relation to the card owner, only that the proper characters are filled into each field. They contend that any verification is performed by BIC, through separate administrative software after the remote customer has submitted the Data through the Cre8MyCard system.
Serverside argues that the customer identifier used in the Cre8MyCard system is both “a secure unique identifier” and “a one-way code.” Serverside points out that claim 1 does not require, either by its plain language or as construed, that the claimed invention (or an accused device) “provide” a customer identifier, only that the system contain a module configured to “receive” a customer identifier. Serverside also argues that the “customer identifier” in the Cre8MyCard system is “unique,” because even two card owners with the same first names, last names, and last four digits of their card numbers would have “unique” customer identifiers, where the first six digits of their PANs (the issuing institutions' IINs) would be unique to the different financial institutions that issued their cards. Serverside points out that Mr. Arnold admitted in his deposition that incoming orders are stored in a table by institution key, which separates orders from each of Banno's customers (various financial institutions). This process, Serverside argues, ensures that no two customers have the same name and account number at the same financial institution. Serverside argues that, if a customer identifier comprising first name, last name, and last 4 digits of a PAN were not unique within a financial institution, then there would be a violation of the Gramm–Leach–Bliley Act Standards For Safeguarding Customer Information, citing 15 U.S.C. § 6801 and 16 C.F.R. § 314. Serverside also argues that the customer identifier in the Cre8MyCard system is “secure,” because Mr. Arnold admitted that the administrative software used by financial institutions, such as BIC, to verify card orders is accessed through a web address (admin.cre8mycard.com) that is part of the Cre8MyCard software. They contend that Mr. Arnold also admittedthat the customer identifier is secured using SSL and/or firewall trust security during the card customization process. Serverside also argues that, contrary to the Iowa Defendants' contention, the Cre8MyCard system does use a “one-way code” for a customer identifier. This is so, Serverside argues, because the Cre8MyCard system uses a hash code, where the last 4 digits of the PAN are part of the customer identifier, and the last digit of the PAN is a hash value created from customer information, pursuant to ISO 7812.
In reply, the Iowa Defendants argue that two defendants, father and son, both named John Doe, with accounts at U.S. Bank, could be issued cards with the same last four digits, including the last digit created with the Luhn algorithm, so that they do not have “unique” customer identifiers. The Iowa Defendants argue that even an infinitesimally small chance of that happening is sufficient to preclude infringement. They also argue that nothing in the Gramm–Leach–Bliley Act or related regulations requires a bank to control the last four digits of a customer's PAN based on the customer's name or would prevent a bank from having two customers with the same first name, last name, and last four digits of a card number. As to the “one-way code” alternative, while the Iowa Defendants agree that the last digit of the PAN is a hash value created from customer information, they contend that the presence of that digit in no way brings the Cre8MyCard system within the scope of the “one-way code” recited in claim 1 of the '199 patent. This is so, they argue, because the '199 patent never teaches or describes a pre-calculated hash value as the “one-way code” limitation for the “customer identifier.” They contend that reading the '199 patent to encompass such a pre-calculated hash value would enlarge the scope of the patent to cover systems that Serverside did not invent, describe, or fairly suggest. The Iowa Defendants contend that what the '199 patent discloses is using customer information, including the customer's account number, and creating a new “hash value” for security purposes. This, they contend, the Cre8MyCard system does not do.
b. Analysis
i. Secure unique identifier
Again, the Iowa Defendants must point to some basis in the claim language or the court's construction of the pertinent claim terms to support their contentions about the meaning of “secure unique identifier.” See ActiveVideo Networks, Inc., 694 F.3d at 1319 (explaining that the first step in the two-step process for determining literal infringement is “the proper construction of the asserted claim”). In their opening summary judgment brief, the Iowa Defendants erroneously identify the following portion of my Markman ruling as providing the analysis of the nature of the “secure” limitation:
[T]he reference to “security” here is not to the “generation” of the “customer identifier,” or even to the “customer identifier” itself being “secure,” but to “a financial account association table maintained securely from a user interface.” '199 Patent, 4:60–63. Thus, because “uniqueness” is not a limitation of the “customer identifier,” and only some of the embodiments described in the specification describe “security” as an element or limitation, nothing makes “secure” superfluous if “secure unique identifier” means “unique customer identifier.”
Serverside, 927 F.Supp.2d at 660. The quoted statement was part of my basis for rejecting the Iowa Defendants' proposed construction of “secure unique identifier” as “encrypted customer information,” and, more particularly, my rejection of the Iowa Defendants' argument that “secure” is somehow superfluous if the term “secure unique identifier” means “unique customer identifier.” Id. at 660.
More instructive on the “secure” requirement are my conclusions that the description of a single embodiment describing “encrypted customer information” as “generated within a secure environment” “does not mean that all ‘secure unique identifiers' must be ‘encrypted customer information generated within a secure environment.’ ” Id. at 659 (citing Deere & Co., 703 F.3d at 1353–54). In fact, I specifically rejected the Iowa Defendants' contention that “secure” meant either “securely generated” or “maintained securely from the user interface,” as improper importations of embodiments into the construction of the claim term. Id. at 659–60. I also concluded that specifically claimed “secure unique identifiers” in dependent claims (a machine readable code or a bar code) did not define the entire universe of “secure unique identifiers.” Id. at 660–61. Ultimately, I concluded,
I do not believe that any doubt about the meaning and scope of this claim term actually relates to either the “secure” or the “unique” component. See O2 Micro Int'l [v. Beyond Innovation Tech. Co., Ltd.], 521 F.3d [1351,] 1362 [ (Fed.Cir.2008) ] (explaining the purpose of construction is to “ ‘resol [ve] disputed meanings and technical scope, to clarify and ... explain what the patentee covered by the claims, for use in the determination of infringement.’ ” (quoting U.S. Surgical [Corp. v. Ethicon, Inc.], 103 F.3d [1554,] 1568 [ (Fed.Cir.1997) ] )). I think that these words were intended to have their ordinary meaning; indeed, the parties have pointed to nothing in the description or the claims of the patents-in-suit that convincingly demonstrates otherwise. I also believe that leaving these words undefined in any construction of the claim terms will not prevent their meaning from being clear to a jury's full understanding of what the patentee covered with the claims. Power–One, Inc. [v. Artesyn Techs., Inc.], 599 F.3d [1343,] 1348 [ (Fed.Cir.2010) ] (“The terms, as construed by the court, must ‘ensure that the jury fully understands the court's claim construction rulings and what the patentee covered by the claims.’ ” (quoting Sulzer Textil A.G. [v. Picanol N.V.], 358 F.3d [1356,] 1366 [ (Fed.Cir.2004) ] )). The point of confusion, in my view, is the meaning of “identifier.”
Serverside, 927 F.Supp.2d at 661. For that “confusing” point, I reiterated my construction of “customer identifier” as “a signal, character, or group of characters that can be used to identify the customer,” and I adopted the following construction for the entire claim term: “a secure, unique signal, character, or group of characters that can be used to identify the customer.” Id.; see also id. at 691–92 (reiterating this construction as the court's final construction).
The Iowa Defendants have pointed to nothing in claim 1 or my construction of the pertinent claim term that requires that an accused system “provide” a “secure” customer identifier or even that the accused system “verify” the accuracy of the Data provided by the remote customer in relation to the card owner to meet the “secure” limitation. Thus, the Iowa Defendants are, once again, attempting to impose limitations for which they have identified no basis in the patents-in-suit, and doing so is at least as egregious an error as importing limitations from the specification into the claims. See, e.g., Deere & Co., 703 F.3d at 1353–54. Indeed, my rejection of the Iowa Defendants' construction of “secure” customer identifier as meaning “securely generated,” see Serverside, 927 F.Supp.2d at 659–60, demonstrates the fallacy of asserting that an accused system must “provide” a “secure” customer identifier.
Most conclusive, however, is the fact that a requirement that the system “provide” a “secure unique identifier” is clearly contrary to the express requirement of the patent claim that the module “receive” a “secure unique identifier” not “create” it. There is more, however. Such a requirement is also contrary to descriptions of embodiments that require the card issuer to “create” the “customer identifier.” See Serverside, 927 F.Supp.2d at 674 (citing '199 Patent, 16:5–8, and 16:20–21); see also ' 199 Patent, Detailed Description, 16:38–39 (explaining that the “hash value” relieved the “card issuer” of the need to create a unique identifier). Furthermore, claim 18 of the '199 patent specifically claims the following:
18. Computerized financial transaction card production equipment as in claim 1, configured to connect to a computer system of a card issuer comprising a module to generate the customer identifier.
'199 Patent, Claim 18. “It is axiomatic that a dependent claim cannot be broader than the claim from which it depends.” Alcon Research, Ltd. v. Apotex, Inc., 687 F.3d 1362, 1367 (Fed.Cir.2012). Thus, “[t]he presence of a dependent claim that adds a particular limitation gives rise to a presumption that the limitation in question is not in 63 the independent claim.” Phillips, 415 F.3d at 1315. Here, it is axiomatic that claim 1 of the ' 199 patent, from which claim 18 depends, does not include a limitation that involves a connection of the claimed invention (or an accused system) to the card issuer's computer system comprising a module to generate the customer identifier. The Iowa Defendants have pointed to nothing in the Detailed Description that makes “creating,” “generating,” or “providing” a “customer identifier” that is a “secure unique identifier” in claim 1 part of the claimed invention (or an accused system) itself.
Because I concluded that “secure” was intended to have its “ordinary meaning,” Serverside, 927 F.Supp.2d at 661, it means simply “free from risk of loss” or “affording safety.” Merriam Webster's Collegiate Dictionary (10th ed.1995), 1056 (definitions (2)(b) and (c) of “secure” as an adjective). Here, I conclude that Serverside has generated genuine issues of fact as to whether the accused Cre8MyCard system is, in some sense, “secure,” because the Data are protected from loss and afforded safety where the system is protected by SSL and TSL internet security, and because the Data, once submitted, are stored in a table called “Orders” that can only be accessed through an administrative website ( i.e., api.cre8mycard.com) using a connection secured by firewall trust security. I do not find those issues of fact to be “material,” however.
It appears to me that, in their attempt to introduce new constructions of the “secure” limitation, both parties have lost sight of the fact that it is not the system that must be “secure,” but the “unique identifier” itself that must be “secure” in the “secure unique identifier” limitation in claim 1 of the ' 199 patent. Because it is the “unique identifier” that must be “secure,” what is really dispositive is the second step of the infringement analysis, which requires “a determination [of] whether the claim as properly construed reads on the accused product or method.” ActiveVideo Networks, Inc., 694 F.3d at 1319 (internal quotation marks and citations omitted). To the extent that the Iowa Defendants have pointed out that the Cre8MyCard system, including the Data, is not protected by anything other than standard internet SSL encryption, the Iowa Defendants have met their burden, as the movants for summary judgment, to show that the “unique identifier” itself is not “secure.” Torgerson, 643 F.3d at 1042 (explaining the summary judgment movant's initial burden). In response, Serverside has failed to generate a genuine issue of material fact that the Data, identified by Serverside as the allegedly infringing “secure unique identifier,” is, itself, “secure,” even if that “identifier” is transferred by the Cre8MyCard system to the card issuer or from the card issuer to the card manufacturer using SSL/TLS encryption. Id. (explaining the non-movant's burden). More specifically, Serverside has not identified any way in which the Data itself is a “secure” unique identifier in the accused Cre8MyCard system.
The '199 patent does identify certain “secure unique identifiers.” As I observed in my Markman ruling,
It is ... clear that a “secure unique identifier” may be “a machine readable code,” as claimed in dependent claim 2, or “a barcode,” as claimed in dependent claim 3 ..., but these dependent claims are necessarily narrower than claim 1 from which they depend, see, e.g., Alcon Research, 687 F.3d at 1367;Intamin [ v. Magnetar Technologies, Corp.], 483 F.3d [1328] at 1335 [ (Fed.Cir.2007) ], so that they do not define the entire universe of “secure unique identifiers.”
Serverside, 927 F.Supp.2d at 660–61. In each of these instances, the “secure” aspect of the “unique identifier” is a characteristic of the “unique identifier” itself, not simply a characteristic of the claimed invention generally. Serverside has not pointed to any characteristic of the purported “unique identifier” in the Cre8MyCard system that makes the “unique identifier” itself “secure,” such as use of a machine readable code or barcode.
Thus, the Iowa Defendants are entitled to summary judgment of noninfringement of the “secure unique identifier” limitation, because Serverside has not generated any genuine issues of material fact that there is any “ secure unique identifier” in the Cre8MyCard system.
The Iowa Defendants' argument that the identifier, even if “secure,” is not “unique” also stands on firm ground. As the Iowa Defendants point out, in my Markman ruling, I concluded that “computational infeasibility” that the same “hash” value would be produced by different input strings and a possibility, however “infinitesimally small,” that different input strings might generate the same “hash” value meant that the “hash” value was not “unique.” See Serverside, 927 F.Supp.2d at 673. The Iowa Defendants have now pointed to evidence that there is a possibility, however small or remote, that two customers of the same financial institution could have the same first and last names and the same last four digits of their PANs and that this coincidence would not violate the GBL Act or regulations, where that Act and those regulations do not relate to combinations of names and the last four digits of a PAN, but to an entire PAN. See Torgerson, 643 F.3d at 1042 (explaining the summary judgment movant's initial burden). In response, Serverside has failed to generate a genuine issue of material fact that the GBL Act or regulations would preclude such an occurrence or that such an occurrence is computationally impossible. Id. (explaining the non-movant's burden).
Therefore, the Iowa Defendants are also entitled to summary judgment that the accused Cre8MyCard system does not receive a “secure unique identifier,” as a matter of law.
ii. One-way code
The Iowa Defendants have pointed to nothing in claim 1 or the court's construction of the pertinent claim term that requires that an accused system “provide” a “one-way code,” that is, “a hash value created from customer information.” Rather, as explained above, the express requirement of the patent claim is that the module “receive” a “one-way code.”
It is less immediately apparent whether the Iowa Defendants are correct that the claimed invention teaches only using customer information, including the customer's account number, to create a new “hash value” for security purposes. Serverside responds that incorporating into the customer identifier the last digit of the PAN, which is, itself, a “hash value” derived from the entire account number using the Luhn algorithm, is sufficient to infringe the “one-way code” limitation of claim 1 of the '199 patent.
I note that the construction of this “undisputed” claim term is “a hash value created from customer information.” Serverside, 927 F.Supp.2d at 639. It does not require that the “customer information” include the card holder's entire account number, as the Iowa Defendants appear to argue, nor does it require that the “hash value” necessarily be derived from some part of the customer's account number rather than some other “customer information.” This construction is confirmed by the following description of Figure 12, which I also quoted in my Markman ruling. See id. at 672–73:
By contrast with the process of FIG. 11, the embodiment of FIG. 12 allows a card issuer to avoid the need to create for each customer a unique identifier that must be passed through the card issuer's system. Instead, the card issuer creates a “hash value,” such as a message digest, or other one-way code, based on some account details for each individual, so that the card issuer can pass customers' account information to the back end server in a way that is completely safe. Referring to FIG. 12, the process is similar to that of FIG. 11, with a card issuer 1204, a back end server 1203, and bureau 1205 performing analogous steps (1201 and following) to those of FIG. 11 (1101 and following). However, a principal difference is found in steps 1202, 1207, 1210, 1213, 1226, and 1227 of FIG. 12, in which a “hash value” (or other one-way code) is passed between the card issuer 1204 and the back end server 1203, instead of requiring the card issuer to create a unique identifier for each customer, as in FIG. 11. First, in step 1202, a hash of a unique part of the customer record (such as the customer's name) is created. A one-way hash, such as the MD5 hash, is a process that takes arbitrary-sized input data (such as a customer's name and account number), and generates a fixed-size output, called a hash (or hash value). A hash has the following properties: (i) it should be computationally infeasible to find another input string that will generate the same hash value; and (ii) the hash does not reveal anything about the input that was used to generate it. This means that the hash function used in the embodiment of FIG. 12 allows the card issuer 1204 to pass at least some of a customer's account information to the back end server 1203 in a way that is completely secure. As seen in steps 1202, 1207, 1210, 1213, 1226, and 1227, a hash value may be passed back and forth between the card issuer 1204 and the back end server 1203, without the need for the card issuer 1204 to create a unique identifier and pass it through its system.
'199 Patent, 16:5–39 (emphasis added). Recognizing that the italicized preface makes clear that this description is limited to a single embodiment, this description nevertheless demonstrates that the “hash value” can be derived from “some account details,” such as “a unique part of the customer record,” which may include the customer's name, rather than any part of the customer's account number, and may allow for passing back and forth only “some of a customer's account information.” Also, because the card issuer “creates” a “hash value” in this embodiment, it is clear that the “one-way code” can be a “pre-calculated” hash value, that is, one not calculated or created by the Cre8MyCard system, and that it does not necessarily have to be a “new” hash value for use in the Cre8MyCard system.
The more important question here is whether a customer identifier that is a “oneway code” must be only a hash value or whether the “one-way code” limitation is met if the customer identifier includes a hash value, such as the last digit of the PAN, which is derived by a “hashing” algorithm, or some other “pre-calculated” hash value. Relying on the Cheng Declaration, Serverside argues that ISO 7812 is the standard for identifying users of financial transaction cards, and must be used by financial institutions; that ISO 7812 explains that the last digit of the PAN is calculated using the Luhn hash algorithm, which computes the last digit of the PAN using all of the other digits of the PAN; that because The Cre8MyCard system uses the customer's first name, last name, and last 4 digits of the PAN as a customer identifier, and the last digit of the PAN is a hash created from customer information (the other digits in the PAN), the customer identifier is, therefore, a hash value created from customer information, thus meeting the limitation that the “customer identifier” comprises a “one-way code,” construed as a “hash value.” The Iowa Defendants counter that this reasoning results in an improper expansion of the patent over what was actually claimed.
I conclude that Serverside has met its burden, as the non-movant, to come forward with specific facts showing that there is a genuine and material issue for trial. Torgerson, 643 F.3d at 1042 (explaining the non-movant's burden in responding to a motion for summary judgment). Although the Iowa Defendants have moved to strike the Cheng Declaration on which Serverside relies, I concluded, above, that I would not strike the Cheng Declaration and that I could consider it to determine whether or not there are genuine issues of material fact, leaving to the jury to determine the weight and credibility of any testimony consistent with the Declaration, if that testimony exceeds the scope of opinions disclosed in the Cheng Report.
Therefore, the Iowa Defendants are not entitled to summary judgment that the accused Cre8MyCard system does not receive a “one-way code,” as a matter of law.
5. Absence of a “customer identifier [that] encompasses encrypted customer information,” as claimed in the '490 patent
Claim 1 of the '490 patent includes the following element or limitation: “a module configured to receive a customer identifier that corresponds to the remote customer that personalized said image ... wherein the customer identifier encompasses encrypted customer information. '490 Patent, Claim 1 ( italics indicating “disputed” claim terms, and underlining indicating claim language that differs between the two patents). Claim 1 of the '490 claim also includes the following element or limitation: “a controller operable, based on said customer identifier, to cause printing of said personalized customer image onto the card material and to cause application of relevant financial information from the financial record onto the card material ... wherein the customer identifier encompasses encrypted customer information. '490 Patent, Claim 1 ( italics indicating “disputed” claim terms and underlining indicating claim language that differs between the two patents). As noted in the chart of “Disputed Claim Terms,” supra, page 916, in my Markman ruling, I construed “encrypted customer information” (and “encrypted remote user information,” a claim term in claim 31 of the '490 patent) to mean “customer information coded from original text into language unintelligible to unauthorized persons, but not into a randomly generated alphanumeric code.” In their Motion For Summary Judgment, the Iowa Defendants contend that they do not infringe this limitation, which Serverside disputes.
a. Arguments of the parties
As to the first element of claim 1 of the '490 patent now at issue, the Iowa Defendants argues that the Cre8MyCard system does not encrypt or decrypt customer information, so it does not infringe this limitation. They argue that the specification of the '490 patent makes clear that the claimed “encrypted customer information” is encrypted by protocols beyond those normally associated with everyday internet activities, such as SSL. They argue, further, that The Cre8MyCard system has no algorithms for encrypting or decrypting data. Thus, they argue, where any encryption is by SSL, and is entirely unrelated to the encryption process disclosed in the '490 patent, then The Cre8MyCard system does not create a customer identifier that “encompasses encrypted customer information,” and does not infringe claim 1 of the '490 patent as a matter of law. As to the second element of claim 1 of the '490 patent now at issue, the Iowa Defendants argue that, because the Cre8MyCard system does not provide any encrypted information to BIC, it necessarily does not provide any encrypted information that may be used by a server operated by BIC to print cards, and The Cre8MyCard system does not, itself, control any printing operations.
In response, Serverside argues that, because the customer identifier in the Cre8MyCard system is the Data, which is encrypted using SSL/TLS when transmitted from the client's browser to the Banno server, the Cre8MyCard system does infringe the “encrypted customer information” limitation of claim 1 of the '490 patent. Serverside argues that the Iowa Defendants attempt to escape this conclusion by misreading the plain language of the claim to impose a limitation that the Cre8MyCard system “create” the customer identifier that encompasses encrypted customer information, but that there is no limitation in claim 1 of the '490 patent requiring that the Cre8MyCard system “create” a customer identifier, only that it “receive” a customer identifier. Serverside also argues that the Iowa Defendants' contention that The Cre8MyCard system does not encrypt or decrypt customer information contradicts the plain meaning of claim 1 and Mr. Arnold's deposition testimony, where Mr. Arnold admitted that the customer's name, e-mail, and the last digits of the customer's PAN are encrypted via SSL/TLS. Serverside also disputes any reading of the '490 patent as excluding encryption by protocols normally associated with everyday activities, because there is no disavowal of such means in the patent and no such restriction in the court's construction of the claim term. Where the Iowa Defendants have relied on references to public key/private key encryption in the specification, Serverside points out that SSL and TLS both make use of public key/private key based encryption. As to the second limitation of claim 1 of the '490 patent at issue, Serverside argues that a controller must only “cause” printing. Serverside argues that a module of the Cre8MyCard system provides an interface that is used by financial institution personnel to review the customized image and verify that the customer identifier consisting of the last name, first name, and last 4 digits of the PAN corresponds to the correct customized image, and that financial institutional personnel then use Cre8MyCard Manager to “cause” printing of the customized image and financial information onto the card material by a card manufacturer.
In reply, the Iowa Defendants change their ground by arguing that the specification to the '490 patent demonstrates that the financial institution takes steps to perform the encryption, not that an internet provider encrypts any transmissions as it would for any other internet users—in short, the Iowa Defendants argue that the use of SSL in the Cre8MyCard system is incidental and done by a third party. The Iowa Defendants also argue that construing the claims as broadly as Serverside would like increases the scope of the patent well beyond what the patents fairly teach, suggest, or claim.
b. Analysis
The parties' dispute about whether or not this limitation is infringed does not appear to me to turn on the court's construction of the pertinent claim terms. See ActiveVideo Networks, Inc., 694 F.3d at 1319 (explaining that the first step in the two-step process for determining literal infringement is “the proper construction of the asserted claim”). In fact, they almost completely ignore the court's construction in their arguments, instead focusing on who or what performs any encryption in the Cre8MyCard system, which appears to me to involve an attempt at further construction of the claim term. That being so, I will consider these attempts at further construction in relation to the first step in the infringement analysis.
I observe that the specification or Detailed Description of the ' 490 patent (which is identical to the Detailed Description of the '199 patent) does not require that, in all embodiments, the claimed invention (or the accused system) “generate” or “create” the “customer identifier” that encompasses “encrypted customer information.” Indeed, as I noted in my Markman ruling, the specification discloses an embodiment that expressly “allows a card issuer to avoid the need to create for each customer a unique identifier that must be passed through the card issuer's system.” See Serverside, 927 F.Supp.2d at 652 (quoting '199 Patent, Detailed Description, 16:5–8, which explains the embodiment of Figure 12); '490 Patent, Detailed Description, 16:5–8. I also noted that, in another embodiment described in the Detailed Description,
[I]t is also possible for the user information to be encrypted at the card issuer at the beginning of the process, and decrypted at the card bureau using a Private/Public Key or a Private/Private Key encryption technology. This alternative works in a manner similar to the process described in FIG. 12, but with modified security measures; for example, the key must be held by the card bureau.
Serverside, 927 F.Supp.2d at 664 (quoting '199 Patent, Detailed Description, 17:13–22); '490 Patent, Detailed Description, 17:13–22. Thus, the Detailed Description contemplates that, in at least some embodiments, the card issuer, not the claimed invention (or an accused system), will “create”or “generate” the “customer identifier.” Furthermore, claim 18 of the '490 patent specifically claims the following:
18. Computerized financial transaction card production equipment as in claim 1, configured to connect to a computer system of a card issuer comprising a module to generate the customer identifier.
'490 Patent, Claim 18. “It is axiomatic that a dependent claim cannot be broader than the claim from which it depends.” Alcon Research, 687 F.3d at 1367. Thus, “[t]he presence of a dependent claim that adds a particular limitation gives rise to a presumption that the limitation in question is not in the independent claim.” Phillips, 415 F.3d at 1315. Here, it is axiomatic that claim 1 of the '490 patent, from which claim 18 depends, does not include a limitation that involves a connection of the claimed invention (or an accused system) to the card issuer's computer system comprising a module to generate the customer identifier, as expressly claimed in claim 18. The Iowa Defendants have pointed to nothing in the Detailed Description that requires the claimed invention (or an accused system) to “create” or “generate” a “customer identifier” that encompasses “encrypted customer information” in order to practice claim 1 of the '490 patent.
I also noted, in my Markman ruling, that one of the truly “new” arguments offered by the Iowa Defendants at the Markman hearing was about who or what created “customer identifiers.” See Serverside, 927 F.Supp.2d at 672. I pointed out that the Detailed Description of the embodiment of Figure 12 “actually indicates, twice, that it is the ‘card issuer,’ not the ‘customer,’ who is relieved of the necessity of creating the ‘unique identifier.’ ” Id. at 674 (emphasis in the original) (citing '199 Patent, 16:5–8, and 16:20–21). I should have said “thrice,” because the Detailed Description of that embodiment actually indicates, yet again, at 16:38–39, that the “hash value” relieved the “card issuer” of the need to create a unique identifier. Furthermore, I noted that there were descriptions of numerous embodiments that were silent as to who or what part of the process creates a “customer identifier.” Serverside, 927 F.Supp.2d at 674. The Iowa Defendants have still not pointed me to any part of the Detailed Description that requires that, in claim 1, the claimed invention (or the accused device) “create” the “customer identifier” that encompasses “encrypted customer information.”
Thus, the Iowa Defendants have, again, attempted to insert into the limitations at issue “creation” of the “customer identifier” from “encrypted customer information” by the system, which simply is not claimed in claim 1 of the '490 patent, and that attempt is at least as egregious an error as importing limitations from the specification into the claims. See, e.g., Deere & Co., 703 F.3d at 1353–54.
That is not the end of the matter, however, because it appears to me that, in their attempt to introduce new constructions of the “encrypted customer information” limitation, both parties have, again, lost sight of the fact that it is not the system, but the “customer identifier” itself that must “encompass [ ] encrypted customer information” in claim 1 of the '490 patent. The Iowa Defendants' arguments focusing on the lack of “encryption” within the Cre8MyCard system, other than standard encryption of the transfer of information over the internet, and Serverside's arguments about the use in the Cre8MyCard system of SSL/TLS to “encrypt” the transfer of information, or even the transfer of the Data, as the purported “customer identifier,” from the Cre8MyCard system to the card issuer or from the card issuer to the card manufacturer, miss the point.
Because it is the “customer identifier” that must “encompass [ ] encrypted customer information” in claim 1 of the '490 patent, what is really dispositive is the second step of the infringement analysis, which requires “a determination [of] whether the claim as properly construed reads on the accused product or method.” ActiveVideo Networks, Inc., 694 F.3d at 1319 (internal quotation marks and citations omitted). To the extent that the Iowa Defendants have pointed out that the Data, as the purported “customer identifier,” simply does not “encompass encrypted customer information,” whoever might be responsible for the “encryption,” the Iowa Defendants have met their burden as the movants for summary judgment. Torgerson, 643 F.3d at 1042 (explaining the summary judgment movant's initial burden). In response, Serverside has failed to generate a genuine issue of material fact that the Data, identified by Serverside as the allegedly infringing “customer identifier,” ever “encompasses encrypted customer information,” even if the “customer identifier” is transferred by the Cre8MyCard system to the card issuer or from the card issuer to the card manufacturer using SSL/TLS encryption. Id. (explaining the non-movant's burden). More specifically, Serverside has not identified any part of the Data, as the alleged “customer identifier” in the accused Cre8MyCard system, that is “encrypted customer information,” because Serverside has pointed to no evidence that any part of the Data is “customer information coded from original text into language unintelligible to unauthorized persons, but not into a randomly generated alphanumeric code,” my construction of “encrypted customer information.” Similarly, Serverside has pointed to no evidence that there is a module of the Cre8MyCard system that uses a “customer identifier” that “encompasses encrypted customer information” to “cause printing of said personalized customer image onto the card material and to cause application of relevant financial information from the financial record onto the card material.”
Consequently, the Iowa Defendants are entitled to summary judgment that they do not infringe claim 1 of the '490, and all other patent claims of the '490 patent at issue, as a matter of law, because Serverside has failed to generate a genuine issue of material fact that the alleged “customer identifier” in the Cre8MyCard system “encompasses encrypted customer information.”
6. Summary
It follows from the analysis of the Iowa Defendants' arguments for summary judgment that the Iowa Defendants are entitled to summary judgment on claim 1, dependent claims 2, 9, 14, 15, 16, 18 and 22 of the '199 patent, and claims 25, 29, and 30 of the '199 patent, whether they are dependent or independent, to the extent that infringement of those patent claims is premised on a requirement that the claimed invention (or the accused Cre8MyCard system) receives a “customer identifier” that is a “secure unique identifier.” On the other hand, the Iowa Defendants are not entitled to summary judgment on infringement of those patent claims to the extent that infringement is premised on a requirement that the claimed invention (or the accused Cre8MyCard system) receives a “customer identifier” that is a “one-way code.” The Iowa Defendants are entitled to summary judgment on all claims of infringement of all of the patent claims of the '490 patent that are at issue here.
IV. CONCLUSION
Upon the foregoing,
1. The Iowa Defendants' September 16, 2013, Motion To Strike (docket no. 137) is denied;
2. The Iowa Defendants' August 12, 2013, Motion For Summary Judgment (docket no. 133) is granted in part, and denied in part, as follows:
a. The Motion is granted as to claims of infringement of independent claim 1, dependent claims 2, 9, 14, 15, 16, 18 and 22 of the '199 patent, and claims 25, 29, and 30 of the '199 patent, whether they are dependent or independent, to the extent that infringement of those patent claims is premised on a requirement that the claimed invention (or the accused Cre8MyCard system) receives a “customer identifier” that is a “secure unique identifier”;
a. The Motion is denied as to claims of infringement of independent claim 1, dependent claims 2, 9, 14, 15, 16, 18 and 22 of the '199 patent, and claims 25, 29, and 30 of the '199 patent, whether they are dependent or independent, to the extent that infringement is premised on a requirement that the claimed invention (or the accused Cre8MyCard system) receives a “customer identifier” that is a “one-way code”; and
c. The Motion is granted on all claims of infringement of all of the patent claims of the '490 patent that are at issue here.
IT IS SO ORDERED.
UNDISPUTED CLAIM TERMS |
No. | Claim Term/Phrase | Relevant Claim(s) | Agreed Construction |
1 | “financial transaction card” | '199: 1, 2, 9, 14–16, 18, 22, 25, 29 '490: 1, 2, 9, 14–16, 18, 22, 25, 29–31 | “a transaction card (e.g., credit card, debit card, ATM card, or similar card), but not a prepaid bearer card” |
2 | “record of the remote customer that personalized the image” | '199: 1 '490: 1 | “record of financial information of the customer that personalized the image” |
3 | “one-way code” | '199: 1 | “a hash value created from customer information” |
8 | “an identifier selected from a secure unique identifier and a one-way code” | ' 199: 1 | “a customer identifier that is chosen from one of two available options: a secure unique identifier or a one-way code” |