Print PDF

Specification Required That Network Service Providers Must Authenticate Users

February 20, 2007

Decision icon Decision

Last Month at the Federal Circuit - March 2007

Judges: Newman, Schall, Bryson (author)

[Appealed from: E.D. Tex., Judge Davis]

In MyMail, Ltd. v. America Online, Inc., Nos. 06-1147, -1172 (Fed. Cir. Feb. 20, 2007), the Federal Circuit affirmed the district court’s SJ of noninfringement of U.S. Patent No. 6,571,290 (“the ’290 patent”). The Federal Circuit also affirmed the district court’s ruling that the patent holder, MyMail, Ltd. (“MyMail”), had standing to assert infringement of the ’290 patent.

The ’290 patent relates to a method of providing network customers with access to a network, such as the Internet, when they are away from their normal base of operations. According to the claimed method, a customer who is temporarily in a remote location uses contact and login information to access the Internet through an Internet service provider (“ISP”) or through a third-party modem bank affiliated with that ISP. Through that Internet connection, the user then contacts another entity called an “internet service provider access service” or ASP. The ASP provides the user with login information for a new ISP that is more suitable to the customer’s remote location, typically because it is closer to that location. The user then terminates the connection to the Internet established through the first ISP and reconnects to the Internet using the new ISP. To generalize the invention, the claims use the term Network Service Provider or NSP to refer to a party in a generic network performing the function of an ISP and providing modem services to network users.

The district court construed NSP as “a party that provides a connection to the network and authenticates users for access to the network.” Slip op. at 3. All of the accused parties are ISPs who use third-party modem banks to connect their customers to the Internet. Typically, a user dials into a third-party modem bank, which compares the user’s ID with a list of affiliated ISPs and connects the user if an affiliated ISP name is part of the user’s ID, a process called “realm string checking.” MyMail theorized that the defendants infringed because the third-party modem banks, serving as the claimed NSPs, and the defendants, serving as the claimed ASPs, connected users to the Internet using the claimed methodology.

The district court found that the defendants could not infringe on MyMail’s patent because the patent requires that the NSP authenticate the user, defining “authentication” as validating a user ID and a password. The district court found that the NSPs are the third-party modem banks and do not perform the required authentication.

On appeal, MyMail argued that the authentication does not have to be performed by the NSP. Secondly, MyMail argued that even if the NSP must authenticate the user, the third-party modem bank’s screening process based on user ID is authentication. Four of the defendants, NetZero, Juno, NetBrands, and EarthLink, cross-appealed, arguing that MyMail had no standing because it acquired the assignment from an individual who had secured the patent application through a state foreclosure action on a fraudulent promissory note secured by the application.

The Federal Circuit first addressed the cross-appeal, noting that an enforceable state court judgment transferred title under Texas law to MyMail. The Court held that the defendants must nullify that judgment to establish a break in the title chain, and they had not attempted to do so. The Court rejected defendants’ argument that the federal court was required to make an independent review of the title. While fraud in the procurement of a patent can be raised as a defense in federal court because it bears on the enforceability of the patent, asserting that a third party owns a particular patent is an issue addressed by state law. The Court thus affirmed with respect to the cross-appeal.

The Court then addressed MyMail’s contention that the NSP did not have to perform the authentication. Both parties agreed that the term “NSP” is a coined term, without a meaning apart from the ’290 patent. To determine the requirements of the NSP, the Court looked to the specification. It noted that the invention centers around giving users IDs and passwords associated with an ISP to allow the user to gain access to the Internet. The IDs and passwords described would serve no function, the Court concluded, if the user did not have to be authenticated before being connected to the Internet. The Court also noted that MyMail agreed during the Markman hearing before the district court that the NSPs authenticate the users, and the Court would not allow it to argue against the construction later. As to MyMail’s argument that the ASP does the authentication because the specification describes an embodiment in which “all user authentication for ISPs happens at the [ASP],” the Court found it to be part of an invention that MyMail conceded was unclaimed. Thus, the Court required the NSP to perform the authentication function.

Next, the Court rejected MyMail’s argument that the third-party modem bank, by performing realm string checking, was authenticating users as required by the claims. Not so, the Court said, because authentication requires validating a user’s ID and password and realm string checking falls short of that requirement. The third-party modem banks can only deny access to a subset of unauthorized users but cannot determine whether the user is authorized to connect to the Internet. Therefore, the Federal Circuit affirmed the district court’s grant of SJ of noninfringement.