Case: 20-2043 Document: 52 Page: 1 Filed: 10/04/2021
United States Court of Appeals
for the Federal Circuit
______________________
COSMOKEY SOLUTIONS GMBH & CO. KG,
Plaintiff-Appellant
v.
DUO SECURITY LLC, FKA DUO SECURITY, INC.,
Defendant-Appellee
______________________
2020-2043
______________________
Appeal from the United States District Court for the
District of Delaware in No. 1:18-cv-01477-CFC, Judge
Colm F. Connolly.
______________________
Decided: October 4, 2021
______________________
SCOTT THOMAS WEINGAERTNER, White & Case LLP,
New York, NY, argued for plaintiff-appellant. Also repre-
sented by STEFAN MENTZER, GRACE WANG, MATTHEW ROB-
ERT WISNIEFF.
MARK A. LEMLEY, Durie Tangri LLP, San Francisco,
CA, argued for defendant-appellee. Also represented by
BETHANY BENGFORT.
______________________
Before O’MALLEY, REYNA, and STOLL, Circuit Judges.
Case: 20-2043 Document: 52 Page: 2 Filed: 10/04/2021
2 COSMOKEY SOLUTIONS GMBH & CO. v. DUO SECURITY LLC
Opinion for the court filed by Circuit Judge STOLL.
Concurring opinion filed by Circuit Judge REYNA.
STOLL, Circuit Judge.
CosmoKey Solutions GmbH & Co. KG appeals the
United States District Court for the District of Delaware’s
entry of judgment on the pleadings holding that the as-
serted claims of CosmoKey’s
U.S. Patent No. 9,246,903 are
ineligible under
35 U.S.C. § 101. The district court held
that the asserted claims are directed to abstract ideas and
fail to provide an inventive concept. We conclude that the
claims of the ’903 patent are patent-eligible under Alice
step two because they recite a specific improvement to a
particular computer-implemented authentication tech-
nique. Accordingly, we reverse the decision of the district
court.
BACKGROUND
I
The ’903 patent is titled “Authentication Method” and
purports to disclose an authentication method that is both
low in complexity and high in security. The abstract de-
scribes a method of authenticating the identity of a user
performing a transaction at a terminal (e.g., a computer),
including activating an authentication function on the
user’s mobile device. ’903 patent Abstract, col. 2 ll. 35–40.
The patent specification recognizes that when a user
communicates with a remote transaction partner (e.g., a
bank, a store, or a secured database) via a communication
channel like the Internet, “it is important to assure that an
individual that identifies itself as an authorized user is ac-
tually the person it alleges to be.”
Id. at col. 1 ll. 15–19.
The specification also describes several conventional au-
thentication methods involving a user’s mobile phone.
Id.
at col. 1 ll. 30–46. The specification discloses that by using
a user’s mobile device for authentication, the prior art
Case: 20-2043 Document: 52 Page: 3 Filed: 10/04/2021
COSMOKEY SOLSUTIONS GMBH & CO. v. DUO SECURITY LLC 3
confirms “that the person carrying the mobile device, e.g.,
a mobile telephone, is actually present at the location of the
terminal from which the transaction has been requested.”
Id. at col. 1 ll. 47–50. “Thus, as long as the user is in control
of his mobile device, the authentication method assures
that no third party can fake the identification data of this
user and perform any transactions in his place.”
Id.
at col. 1 ll. 50–53.
The specification purports to improve on these conven-
tional mobile phone authentication methods in that, ac-
cording to the invention, the “authentication function is
normally inactive and is activated by the user only prelim-
inarily for the transaction, said response from the second
communication channel includes the information that the
authentication is active, and the authentication function is
automatically deactivated.”
Id. at col. 1 ll. 58–63. The
specification explains the advantages of this method as fol-
lows: “In this method, the complexity of the authentication
function can be reduced significantly” because all that is
required “from the authentication function is to permit the
authentication device to detect whether or not this function
is active[,]” and “the only activity that is required from the
user for authentication purposes is to activate the authen-
tication function [within] a suitable timing.”
Id. at col. 1 l.
64–col. 2 l. 3. The specification explains that there is a
“predetermined time relation” in that “the authentication
function is activated within a certain (preferably short)
time window after the transmission of the user identifica-
tion.”
Id. at col. 2 ll. 8–14. The specification also touts the
enhanced security provided by this method:
Since the authentication function is normally inac-
tive, the authentication will almost certainly fail
when a third party fraudulently identifies itself as
the user in order to initiate a transaction. Then,
the authentication would be successful only in the
very unlikely event that the true user happens to
activate the authentication function of his mobile
Case: 20-2043 Document: 52 Page: 4 Filed: 10/04/2021
4 COSMOKEY SOLUTIONS GMBH & CO. v. DUO SECURITY LLC
device just in the right moment. Even in this un-
likely case the fraud could be detected . . . . Thus,
notwithstanding the low complexity, the method
according to the invention offers a high level of se-
curity.
Id. at col. 2 ll. 15–32.
The specification thus explains that the claimed inven-
tion “provide[s] an authentication method that is easy to
handle and can be carried out with mobile devices of low
complexity.”
Id. at col. 1 ll. 54–56. The specification elab-
orates that “[i]t is a particular advantage of the invention
that the mobile device does not have to have any specific
hardware for capturing or outputting information.”
Id.
at col. 2 ll. 44–46. According to the specification, the mobile
device need only be capable of being activated for a certain
period of time and connecting to a mobile network where it
has an address that is linked to the identification data of
the user.
Id. at col. 2 ll. 46–50. Then, the authentication
device must be “capable of checking whether the authenti-
cation function of the mobile device with the associated ad-
dress is active.”
Id. at col. 2 ll. 50–54.
Thus, instead of requiring the user to input multiple
authentication factors using multiple communication
channels, the user’s identity is verified by transmitting the
user identification via a first communication channel and
checking via a second communication channel that an au-
thentication function is activated in the user’s mobile de-
vice.
Id. at col. 1 ll. 3–9. Checking for an activated
authentication function replaces the manual entry of infor-
mation for an authentication factor by the user. For exam-
ple, the user may activate the authentication function by
activating their mobile device,
id. at col. 2 ll. 56–60, or by
activating an application on a mobile device, see
id. at col. 6
ll. 59–62.
Claim 1 is the sole independent claim of the ’903 patent
and recites:
Case: 20-2043 Document: 52 Page: 5 Filed: 10/04/2021
COSMOKEY SOLSUTIONS GMBH & CO. v. DUO SECURITY LLC 5
1. A method of authenticating a user to a transac-
tion at a terminal, comprising the steps of:
transmitting a user identification from the termi-
nal to a transaction partner via a first communica-
tion channel,
providing an authentication step in which an au-
thentication device uses a second communication
channel for checking an authentication function
that is implemented in a mobile device of the user,
as a criterion for deciding whether the authentica-
tion to the transaction shall be granted or denied,
having the authentication device check whether a
predetermined time relation exists between the
transmission of the user identification and a re-
sponse from the second communication channel,
ensuring that the authentication function is nor-
mally inactive and is activated by the user only pre-
liminarily for the transaction,
ensuring that said response from the second com-
munication channel includes information that the
authentication function is active, and
thereafter ensuring that the authentication func-
tion is automatically deactivated.
Id. at col. 10 ll. 39–60.
II
In September 2018, CosmoKey sued Duo Security, Inc. 1
for infringement of the ’903 patent. In October 2019, Duo
moved for judgment on the pleadings pursuant to Rule
12(c) of the Federal Rules of Civil Procedure, arguing that
1 Duo Security LLC was known as Duo Security, Inc.
at the time of filing.
Case: 20-2043 Document: 52 Page: 6 Filed: 10/04/2021
6 COSMOKEY SOLUTIONS GMBH & CO. v. DUO SECURITY LLC
all claims of the ’903 patent are ineligible under
35 U.S.C. § 101 as the claims are directed to the abstract
idea of authentication and do not recite any patent-eligible
inventive concept. The district court granted Duo’s motion
on June 24, 2020. Money & Data Protection Lizenz GmpH
& Co. KG, v. Duo Security, Inc.,
468 F. Supp. 3d 674
(D. Del. 2020) (Judgment Op.). 2
At step one of the Alice two-step framework for deter-
mining patent eligibility, the district court agreed with Duo
that the claims of the ’903 patent “are directed to the ab-
stract idea of authentication—that is, the verification of
identity to permit access to transactions.”
Id. at 677; see
Alice Corp. v. CLS Bank Int’l,
573 U.S. 208, 217 (2014).
The district court reasoned that the “[’]903 patent is not
materially different from the patent at issue in Prism
Tech[nologies] LLC v. T-Mobile USA, Inc., 696 F. App’x
1014 (Fed. Cir. 2017),” where we determined that the pa-
tent claims were invalid because they were “directed to the
abstract idea of ‘providing restricted access to resources.’”
Judgment Op., 468 F. Supp. 3d at 677 (citation omitted).
The district court determined that, “[g]iven the similarities
between the abstract processes in the [’]903 patent and the
patent in Prism, I find that the claims at issue here are
directed to the abstract idea of verifying identity to permit
access to transactions.” Id. at 678.
At Alice step two, the district court concluded that “the
[’]903 patent merely teaches generic computer functional-
ity to perform the abstract concept of authentication; and
it therefore fails Alice’s step two inquiry.” Id. at 678. In so
holding, the district court determined that the patent itself
admits that “the detection of an authentication function’s
activity and the activation by users of an authentication
2 CosmoKey was known as Money and Data Protec-
tion Lizenz GmbH & Co. KG at the time it filed its original
complaint.
Case: 20-2043 Document: 52 Page: 7 Filed: 10/04/2021
COSMOKEY SOLSUTIONS GMBH & CO. v. DUO SECURITY LLC 7
function within a pre-determined time relation were well-
understood and routine, conventional activities previously
known in the authentication technology field.” Id. at 679
(citing ’903 patent col. 1 ll. 15–53).
CosmoKey appeals the district court’s judgment. We
have jurisdiction under
28 U.S.C. § 1295(a)(1).
DISCUSSION
We apply regional circuit law when reviewing a district
court’s judgment on the pleadings. Koninklijke KPN N.V.
v. Gemalto M2M GmbH,
942 F.3d 1143, 1149
(Fed. Cir. 2019). Applying Third Circuit law, we review the
district court’s grant of Duo’s motion for judgment on the
pleadings de novo, accepting as true all facts pleaded by
CosmoKey and drawing all reasonable inferences in favor
of CosmoKey. Allstate Prop. & Cas. Ins. Co. v. Squires,
667 F.3d 388, 390 (3d Cir. 2012).
Patent eligibility under § 101 is a question of law that
may contain underlying questions of fact. Interval Licens-
ing LLC v. AOL, Inc.,
896 F.3d 1335, 1342 (Fed. Cir. 2018)
(citing Berkheimer v. HP Inc.,
881 F.3d 1360, 1365
(Fed. Cir. 2018)). We review a district court’s ultimate con-
clusion on patent eligibility de novo.
Id. We have held that
“[p]atent eligibility can be determined on the pleadings un-
der Rule 12(c) when there are no factual allegations that,
when taken as true, prevent resolving the eligibility ques-
tion as a matter of law.” Data Engine Techs. LLC v. Google
LLC,
906 F.3d 999, 1007 (Fed. Cir. 2018).
Section 101 defines patent-eligible subject matter as
“any new and useful process, machine, manufacture, or
composition of matter, or any new and useful improvement
thereof.”
35 U.S.C. § 101. The Supreme Court established
a two-step test for examining patent eligibility under § 101
in Alice. First, we “determine whether the claims at issue
are directed to a patent-ineligible concept[,]” such as an ab-
stract idea. Alice, 573 U.S. at 218. If so, we proceed to step
Case: 20-2043 Document: 52 Page: 8 Filed: 10/04/2021
8 COSMOKEY SOLUTIONS GMBH & CO. v. DUO SECURITY LLC
two and “consider the elements of each claim both individ-
ually and ‘as an ordered combination’ to determine
whether the additional elements ‘transform the nature of
the claim’ into a patent-eligible application.” Id. (quoting
Mayo Collaborative Servs. v. Prometheus Labs., Inc.,
566 U.S. 66, 78–79 (2012)). Step two is “a search for an
‘inventive concept’—i.e., an element or combination of ele-
ments that is ‘sufficient to ensure that the patent in prac-
tice amounts to significantly more than a patent upon the
[ineligible concept] itself.’” Alice, 573 U.S. at 217–18 (al-
teration in original) (quoting Mayo,
566 U.S. at 72–73).
I
As the district court noted, this court has previously
considered the eligibility of various claims generally di-
rected to authentication and verification under § 101 and
found those claims abstract. For example, in Prism, the
case cited by the district court, we held that the claims at
issue were directed to the abstract idea of “providing re-
stricted access to resources” because the claims did not
cover a “concrete, specific solution.” 696 F. App’x at 1017.
Rather, the claims recited generic steps typical of any con-
ventional process for restricting access, including such pro-
cesses that predated computers. In particular, the claims
recited “receiving” a user identity, “authenticating” the
user identity, “authorizing” the user, and “permitting ac-
cess” to the user. Id. at 1016. At step two, we determined
that the asserted claims recited conventional generic com-
puter components employed in a customary manner such
that they were insufficient to transform the abstract idea
into a patent-eligible invention. Id. at 1017–18.
More recently, in Universal Secure Registry LLC v. Ap-
ple, Inc.,
10 F.4th 1342 (Fed. Cir. 2021), we held that the
patent claims were directed to the abstract idea of combin-
ing multiple conventional authentication techniques for
verifying the identity of a user to facilitate a financial
transaction. The patent specifications disclosed that
Case: 20-2043 Document: 52 Page: 9 Filed: 10/04/2021
COSMOKEY SOLSUTIONS GMBH & CO. v. DUO SECURITY LLC 9
biometric authentication, multi-factor authentication, and
using multiple devices to authenticate were all conven-
tional authentication techniques. The claims, then, were
simply directed to combining these long-standing, well-
known authentication techniques to achieve the expected
result of increased security no greater than the sum of the
security provided by each technique alone. Under Alice
step two, we held that these claims did not recite an in-
ventive concept because the combination of long-standing
conventional methods of authentication yielded expected
results of an additive increase in security, and nothing in
the record suggested an additional technological improve-
ment.
In contrast, we have held claims directed to specific
verification methods that depart from earlier approaches
and improve computer technology eligible under § 101. In
Ancora Technologies Inc. v. HTC America, Inc., we held
that claims directed to storing a verification structure in
computer memory were directed to a specific non-abstract
computer-functionality improvement addressing the “vul-
nerability of license-authorization software to hacking.”
908 F.3d 1343, 1348–49 (Fed. Cir. 2018). We explained
that “[i]mproving security . . . can be a non-abstract com-
puter-functionality improvement if done by a specific tech-
nique that departs from earlier approaches to solve a
specific computer problem.”
Id. at 1349 (citing Finjan, Inc.
v. Blue Coat Sys., Inc.,
879 F.3d 1299, 1304–05 (Fed. Cir.
2008)). We further explained the claims “yield[ed] a tangi-
ble technological benefit” in making the system less sus-
ceptible to hacking by altering how the verification is
performed.
Id. at 1350.
II
Under Alice step one, we consider “what the patent as-
serts to be the ‘focus of the claimed advance over the prior
art.’” Solutran, Inc. v. Elavon, Inc.,
931 F.3d 1161, 1168
(Fed. Cir. 2019) (quoting Affinity Labs of Tex., LLC
Case: 20-2043 Document: 52 Page: 10 Filed: 10/04/2021
10 COSMOKEY SOLUTIONS GMBH & CO. v. DUO SECURITY LLC
v. DIRECTV, LLC,
838 F.3d 1253, 1257 (Fed. Cir. 2016)).
The district court held that the claims “are directed to the
abstract idea of authentication—that is, the verification of
identity to permit access to transactions.” Judgment Op.,
468 F. Supp. 3d at 677. We are not convinced that this
broad characterization of the focus of the claimed advance
is correct. Rather, the claims and written description sug-
gest that the focus of the claimed advance is activation of
the authentication function, communication of the activa-
tion within a predetermined time, and automatic deactiva-
tion of the authentication function, such that the invention
provides enhanced security and low complexity with mini-
mal user input. The critical question then is whether this
correct characterization of what the claims are directed to
is either an abstract idea or a specific improvement in com-
puter verification and authentication techniques. Ancora,
908 F.3d at 1347.
We need not answer this question, however, because
even if we accept the district court’s narrow characteriza-
tion of the ’903 patent claims, the claims satisfy Alice step
two. See Amdocs (Israel) Ltd. v. Openet Telecom, Inc.,
841
F.3d 1288, 1303 (Fed. Cir. 2016) (explaining that “even if
[the claim] were directed to an abstract idea under step
one, the claim is eligible under step two”). 3
Turning then to Alice step two, we “consider the ele-
ments of each claim both individually and ‘as an ordered
combination’ to determine whether the additional elements
‘transform the nature of the claim’ into a patent-eligible ap-
plication.” Alice, 573 U.S. at 217 (quoting Mayo,
566 U.S.
at 77–78). In computer-implemented inventions, the
3 Judge Reyna’s concurrence challenges our ap-
proach of accepting the district court’s analysis under Alice
step one and resolving the case under Alice step two. Judge
Reyna Concurrence at 1. We note that this very approach
was followed in Amdocs, 841 F.3d at 1303.
Case: 20-2043 Document: 52 Page: 11 Filed: 10/04/2021
COSMOKEY SOLSUTIONS GMBH & CO. v. DUO SECURITY LLC 11
computer must perform more than “well-understood, rou-
tine, conventional activities previously known to the indus-
try.” Id. at 223 (quoting Mayo,
566 U.S. at 73 (internal
quotation marks and brackets omitted)). In addition, “[a]n
inventive concept that transforms the abstract idea into a
patent-eligible invention must be significantly more than
the abstract idea itself, and cannot simply be an instruction
to implement or apply the abstract idea on a computer.”
BASCOM Glob. Internet Servs., Inc. v. AT&T Mobility
LLC,
827 F.3d 1341, 1349 (Fed. Cir. 2016) (citing Alice,
573 U.S. at 222–23).
The district court held that the ’903 patent failed at
step two because it “merely teaches generic computer func-
tionality to perform the abstract concept of authentica-
tion[.]” Judgment Op., 468 F. Supp. 3d at 678. The court
recognized that the specification indicates that the “differ-
ence between [the] prior art methods and the claimed in-
vention is that the [’]903 patent’s method ‘can be carried
out with mobile devices of low complexity’ so that ‘all that
has to be required from the authentication device function
is to detect whether or not this function is active’” and that
“the only activity that is required from the user for authen-
tication purposes is to activate the authentication function
at a suitable timing for the transaction.” Id. at 678–79
(quoting ’903 patent col. 1 l. 55–col. 2 l. 3). But the court
cited column 1, lines 15–53 of the specification as purport-
edly admitting that detection of activation of an authenti-
cation function’s activity and the activation by users of an
authentication function within a pre-determined time rela-
tion were “well-understood and routine, conventional activ-
ities previously known in the authentication technology
field.” Judgment Op., 468 F. Supp. 3d at 679.
We disagree with the district court’s analysis and con-
clusion. The ’903 patent claims and specification recite a
specific improvement to authentication that increases se-
curity, prevents unauthorized access by a third party, is
easily implemented, and can advantageously be carried out
Case: 20-2043 Document: 52 Page: 12 Filed: 10/04/2021
12 COSMOKEY SOLUTIONS GMBH & CO. v. DUO SECURITY LLC
with mobile devices of low complexity. See ’903 patent
col. 2 ll. 15–32. Contrary to the district court’s conclusion,
the ’903 patent discloses a technical solution to a security
problem in networks and computers. While authentication
of a user’s identity using two communication channels and
a mobile phone was known at the time of the invention,
nothing in the specification or anywhere else in the record
supports the district court’s suggestion that the last four
claim steps—including (1) “as a criterion for deciding
whether the authentication to the transaction shall be
granted or denied, having the authentication device check
whether a predetermined time relation exists between the
transmission of the user identification and a response from
the second communication channel”; (2) “ensuring that the
authentication function is normally inactive and is acti-
vated by the user only preliminarily for the transaction”;
followed by (3) “ensuring that said response from the sec-
ond communication channel includes information that the
authentication function is active”; and (4) “thereafter en-
suring that the authentication function is automatically
deactivated,” id. at col. 10 ll. 45–55—are conventional.
The district court’s reliance on column 1, lines 15–53
as allegedly admitting that these steps were routine or con-
ventional is misplaced. While column 1, lines 30–46 de-
scribes three prior art references, none teach the recited
claim steps. To the contrary, the specification describes the
prior art references as disclosing: (1) sending a prompt to
a user to confirm the transaction followed by the user’s mo-
bile device sending a confirmation signal; (2) using a user’s
mobile device for activating and deactivating a credit card;
and (3) sending a token to the user’s terminal from which
a transaction has been requested followed by the user’s mo-
bile device capturing the image and sending it back to the
authentication device via a second communication channel.
Id. at col. 1 ll. 30–46. Read in context, the rest of the pas-
sage cited by the district court makes clear that the claimed
steps were developed by the inventors, are not admitted
Case: 20-2043 Document: 52 Page: 13 Filed: 10/04/2021
COSMOKEY SOLSUTIONS GMBH & CO. v. DUO SECURITY LLC 13
prior art, and yield certain advantages over the described
prior art. The district court erred in its interpretation of
this passage. This is particularly so given the procedural
posture of Duo’s motion for judgment under Rule 12(c),
which requires the district court to draw all reasonable in-
ferences in favor of CosmoKey. Allstate,
667 F.3d at 390.
Indeed, the patent specification describes how the par-
ticular arrangement of steps in claim 1 provides a technical
improvement over conventional authentication methods.
Specifically, the specification emphasizes the inventive na-
ture of these steps, explaining that “the complexity of the
authentication function can be reduced significantly” be-
cause “the only activity that is required from the user for
authentication purposes is to activate the authentication
function at a suitable timing for the transaction.”
Id.
at col. 1 l. 64–col. 2 l. 3. Continuing, the specification ex-
plains that compared to the prior art and conventional mul-
tifactor authentication systems, the ’903 patent performs
user authentication with fewer resources, less user inter-
action, and simpler devices.
Id. at col. 1 ll. 54–56 (“It is an
object of the invention to provide an authentication method
that is easy to handle and can be carried out with mobile
devices of low complexity.”).
Duo argues that using a second communication chan-
nel in a timing mechanism and an authentication function
that is normally inactive, activated only preliminarily, and
automatically deactivated is itself an abstract idea and
thus cannot contribute to an inventive concept. Appellee’s
Br. 21. Duo asserts that these limitations “are far from
concrete.”
Id. In addition, Duo cites ChargePoint, Inc.
v. SemaConnect, Inc.,
920 F.3d 759, 764 (Fed. Cir. 2019),
where our court held claims directed to network-controlled
charging stations for electric vehicles abstract, including a
dependent claim reciting a component “that can activate or
deactivate charging at the connection.” We disagree.
Case: 20-2043 Document: 52 Page: 14 Filed: 10/04/2021
14 COSMOKEY SOLUTIONS GMBH & CO. v. DUO SECURITY LLC
While prior cases can be helpful in analyzing eligibility,
whether particular claim limitations are abstract or, as an
ordered combination, involve an inventive concept that
transforms the claim into patent eligible subject matter,
must be decided on a case-by-case basis in light of the par-
ticular claim limitations, patent specification, and inven-
tion at issue. Here, the claim limitations are more specific
and recite an improved method for overcoming hacking by
ensuring that the authentication function is normally inac-
tive, activating only for a transaction, communicating the
activation within a certain time window, and thereafter en-
suring that the authentication function is automatically
deactivated. The specification explains that these features
in combination with the other elements of the claim consti-
tute an improvement that increases computer and network
security, prevents a third party from fraudulently identify-
ing itself as the user, and is easy to implement and can be
carried out even with mobile devices of low complexity.
’903 patent col. 2 ll. 15–32. We recognized in Ancora that
improving computer or network security can constitute “a
non-abstract computer-functionality improvement if done
by a specific technique that departs from earlier ap-
proaches to solve a specific computer problem.” 908 F.3d
at 1349. Here, as the specification itself makes clear, the
claims recite an inventive concept by requiring a specific
set of ordered steps that go beyond the abstract idea iden-
tified by the district court and improve upon the prior art
by providing a simple method that yields higher security.
CONCLUSION
For the reasons set forth above, we reverse the district
court’s judgment that the asserted claims of the ’903 patent
are ineligible under § 101.
REVERSED
Case: 20-2043 Document: 52 Page: 15 Filed: 10/04/2021
United States Court of Appeals
for the Federal Circuit
______________________
COSMOKEY SOLUTIONS GMBH & CO. KG,
Plaintiff-Appellant
v.
DUO SECURITY LLC, FKA DUO SECURITY, INC.,
Defendant-Appellee
______________________
2020-2043
______________________
Appeal from the United States District Court for the
District of Delaware in No. 1:18-cv-01477-CFC, Judge
Colm F. Connolly.
______________________
REYNA, Circuit Judge, concurring.
I concur with the majority decision to reverse the dis-
trict court’s judgment that the ’903 Patent is patent ineli-
gible under
35 U.S.C. § 101. I conclude that, under Alice
step one, the subject claims are directed to patent-eligible
subject matter.
I do not agree, however, with the majority’s analysis or
its application of law. In sum, the majority skips step one
of the Alice inquiry and bases its decision on what it claims
is step two. I believe this approach is extraordinary and
contrary to Supreme Court precedent. It turns the Alice
inquiry on its head.
Case: 20-2043 Document: 52 Page: 16 Filed: 10/04/2021
2 COSMOKEY SOLUTIONS GMBH & CO. v. DUO SECURITY LLC
Our case law, as governed by Supreme Court prece-
dent, is clear: whether a patent satisfies the subject-matter
eligibility requirement of § 101 involves a two-step inquiry.
Alice Corp. Pty. Ltd. v. CLS Bank Int’l,
573 U.S. 208, 217
(2014). I find nothing in Alice that provides for skipping
the first step or for conflating the two steps into one. Nor
does the majority cite any authority that specifically per-
mits skipping step one.
The Alice inquiry should be viewed as a loose filter that
prevents the patenting of abstract ideas, lest free thinking
itself become a form of chattel. There should be no exclu-
sivity to abstractness under the law. Of course, preemption
is a primary underlying concern, but so are the concepts of
inventiveness and innovation. To this end, step one serves
several important purposes, chief among them being that
a patent must lay bare that which is claimed. To echo
Judge Rich’s declaration: “[T]he name of the game is the
claim.” Giles S. Rich, Extent of Protection and Interpreta-
tion of Claims—American Perspectives, 21 Int’l Rev. of In-
dus. Prop. & Copyright L. 497, 499 (1990)). In terms of
Alice, step one is about the claim.
At step one, we examine whether the claim is directed
to patent-ineligible subject matter. Among other things,
this examination permits us to distinguish between claims
that recite mere concepts, functions or results (abstract
ideas) from those that, through claimed limitations, chart
the specific means for achieving such concepts, functions or
results. Ancora Techs., Inc. v. HTC Am., Inc.,
908 F.3d
1343, 1347 (Fed. Cir. 2018). As a result, our case law has
developed specific circumstances that help guide the ques-
tion of abstraction. See
id. at 1347–48 (collecting cases).
For example, generally, if a claim is directed to a specific
technological solution to a technological problem, it is not
directed to an abstract idea. See Enfish, LLC v. Microsoft
Corp.,
822 F.3d 1327, 1336 (Fed. Cir. 2016).
Case: 20-2043 Document: 52 Page: 17 Filed: 10/04/2021
COSMOKEY SOLUTIONS GMBH & CO. v. DUO SECURITY LLC 3
Our precedent is clear that once a claim is deemed not
directed to an abstract idea, the Alice inquiry ends. We do
not proceed to step two. Core Wireless Licensing S.A.R.L.
v. LG Elecs., Inc.,
880 F.3d 1356, 1361 (Fed. Cir. 2018) (“If
the claims are directed to a patent-eligible concept, the
claims satisfy § 101 and we need not proceed to the second
step.”); see also McRO, Inc. v. Bandai Namco Games Am.,
Inc.,
837 F.3d 1299, 1312 (Fed. Cir. 2016). In other words,
step two does not operate independently of step one. Step
two comes into play only when a claim has been found to
be directed to patent-ineligible subject matter. The “di-
rected to” examination is only in step one, and not step two.
Step two is a lifeline. The step two inquiry recognizes
that the claim has been struck down as ineligible. In sim-
plistic terms, the question becomes whether there is any
reason to save the claim on the basis of whether additional
elements of the claim, considered individually and as an
ordered combination, transform the nature of the claim
into a patent-eligible application of the abstract idea. Con-
tent Extraction & Transmission LLC v. Wells Fargo Bank,
Nat’l Ass’n,
776 F.3d 1343, 1347 (Fed. Cir. 2014) (citing Al-
ice, 573 U.S. at 217).
Step two is rendered superfluous and unworkable with-
out step one. Without the benefit of a step-one analysis, we
are hobbled at step two in reasonably determining whether
additional elements transform the nature of the claim into
a patent-eligible application of the abstract idea. And by
skipping step one, we create a risk that claims that are not
directed to an abstract idea might be deemed to “fail” at
step two.
Employing step one, I conclude that the claims at issue
are directed to patent-eligible subject matter. I agree with
my colleagues that “[t]he ’903 Patent claims and specifica-
tion recite a specific improvement to authentication that in-
creases security, prevents unauthorized access by a third
party, is easily implemented, and can advantageously be
Case: 20-2043 Document: 52 Page: 18 Filed: 10/04/2021
4 COSMOKEY SOLUTIONS GMBH & CO. v. DUO SECURITY LLC
carried out with mobile devices of low complexity.” Major-
ity Op. 11-12 (emphasis added). But this is a step-one ra-
tionale. See Enfish, 822 F.3d at 1336 (“[T]he first step in
the Alice inquiry in this case asks whether the focus of the
claims is on the specific asserted improvement in computer
capabilities . . . or, instead, on a process that qualifies as
an ‘abstract idea’ for which computers are invoked merely
as a tool.”); McRO, 837 F.3d at 1314 (“It is the incorpora-
tion of the claimed rules, not the use of the computer, that
improved the existing technological process . . . .” (internal
quotation marks omitted)).
We should not lose sight, as my colleagues have in this
case, that the “question of abstraction is whether the claim
is ‘directed to’ the abstract idea itself.” Data Engine Techs.
LLC v. Google LLC,
906 F.3d 999, 1011 (Fed. Cir. 2018).