UNITED STATES DISTRICT COURT lip SOUTHERN DISTRICT OF NEW YORK ee a OC #: AUTH TOKEN LLC, TEI NRE | Plaintiff,
-against- 25-cv-3870 (CM) CITY NATIONAL BANK, an RBC Company, Defendant. 2 ca oa TE OPINION AND ORDER McMahon, J.: Plaintiff Auth Token LLC (“Auth Token”) is the assignee of all right, title, and interest in United States Patent No. 8,375,212 (the “*212 Patent”), entitled Method for personalizing an authentication token, which issued on February 12, 2013. Auth Token britigs this action against Defendant City National Bank (“CNB”), alleging direct infrinzennent under 35 U.S.C. § □□□ □□□ and seeking damages under 35 U.S.C. § 284. The ‘212 Patent is directed to methods for securely personglizing an authentication token — such as a smart card — after manufacture, using cryptographic techniques to provision secret data while preventing subsequent re-personalization. For the reasons set forth below, CNB’s motion to dismiss is GRANTED.
I. Background The °212 Patent relates to electronic authentication systems. As described in the specification, autientication systems are used to verify the identity of a user seeking access to a protected service, such as an online account or secure network. Dkt. No, 20-1, at 1:18-22.
The specification explains that, in the art at the time of the invention, many authentication systems relied on single-factor authentication, most commonly a password known to the user. Jd. at 1:23—25. According to the patent, such systems were vulnerable to a wide range of attacks, including interception and observation. /d. The specification further states that, although multi- factor authentication systems existed in the art, many online services continued to rely on passwords because they appeared cheaper to implement, notwithstanding the downstream costs associated with security breaches. /d. at 1:26-29. An authentication token, as described in the ‘212 Patent, is a physical or logical device used as part of a multi-factor authentication system. /d. at 2:6-12. The specification describes authentication tokens as devices capable of storing secret data and performing cryptographic operations. /d. In use, an authentication token interacts with a separate interface device — such as a calculator-like reader or other electronic interface — to generate authentication credentials, including one-time passwords. /d. at 7:63—65; 9:10-12.
A. Prior Art Token Personalization The ‘212 Patent describes prior art approaches to authentication-token personalization and identifies their shortcomings. According to the specification, authentication tokens — particularly smart cards — were commonly programmed with application software and secret data duriag manufacture. /d. at 3:19-24. The patent explains that this required authentication applications to be hardwired into the card’s read-only memory, limiting flexibility and preventing secure personalization after manufacture. Jd. The specification further states that these prior art approaches created several problems. First, because personalization occurred at the manufacturing stage, sensitive cryptographic keys had to be embedded before the card was delivered to the issuing organization or end user, which
the patent characterizes as creating supply-chain security risks. Jd. at 3:28-32. Second, where multiple applications resided on the same card, each application had to trust the others not to read or overwrite its data, which the patent describes as introducing additional security vulnerabilities. Id. The patent also explains that existing systems lacked secure mechanisms for delivering personalized authentication credentials to end users after manufacture, forcing organizations to either embed secrets early or to rely on insecure delivery methods. Jd. at 8:5-19. According to the specification, these limitations contributed to the slow adoption of smart card-based authentication technologies. /d. at 3:51—52.
B. The ‘212 Patent Against this backdrop, the ‘212 Patent discloses methods intended to enable secure post- manufacture personalization of an authentication token through encrypted communications with a personalization device. The specification describes issuing a smart card to a user and subsequently personalizing it using cryptographic protocols designed to ensure the integrity and authenticity of the personalization process. Jd. at 4:13-16. As described in the specification, the approach uses a cryptographic key exchange to establish a secure channel between the personalization device and the authentication token. □□□ at 6:37-40. The patent explains that a transport key is established through a key-exchange protocol and is supplemented by a personalization key to protect against “man-in-the-middle” attacks. Jd. Once the personalization process is complete, the specification states that the authentication token is rendered incapable of re-entering personalization mode. Jd. at 6:15—17. Claim 1, the sole claim of the ‘212 Patent, recites a seven-step method for personalizing an authentication token. Dkt. No. 20-1, 11:4-12:8. The claim requires, among other things, that a
personalization device and authentication token exchange encrypted data, establish an encrypted session using a transport key, transmit an initial seed value and an initial secret key to the token, and store that data on the token such that the token can no longer be re-personalized. /d. The specification explains that the stored seed value and secret key may thereafter be used to facilitate secure interactions between the authentication token and an interface device, including generating one-time passwords or other authentication credentials. /d. at 7:63—65; 9:10—12.
C. Auth Token’s Alleged Theory of Infringement Auth Token’s infringement allegations are set forth in the amended complaint, as supplemented by an attached “claim comparison” chart. Dkt. No. 20 {[ 22-24; Dkt. No. 20-2. Auth Token alleges that CNB issues debit cards equipped with “EMV chips” and that the personalization of those cards practices the method claimed in the ‘212 Patent. Dkt. No. 20-2, at 2-3. According to the claim chart, an EMV chip card constitutes an “authentication token,” and the EMV card personalization process corresponds to the steps recited in Claim 1. /d. The chart asserts that, during EMV personalization, an integrated circuit card enters a personalization mode, exchariges encrypted data with a personalization device, and stores cryptegraphic information on the card. /d. at 6-19. Auth Token contends that these EMV processes correspond to Claim 1’s requirements of encrypting a serial number using a personalization key, validating that key at the authentication token, establishing an encrypted session using a transport key, and securely transmitting and storing secret data on the token. /d. at 12-25. Auth Token alleges, albeit on information and belief, that CNB performs these steps and then infringe:s its patent by issuing EMV cards and by having its employees test and use such cards. Dkt. No. 20 4 22--23; Dkt. No. 20-2, at 6, 9, 12, 19.
CNB disputes these allegations. According to Plaintiff, rather than mapping Claim 1 to what CNB itself does when personalizing debit cards, Plaintiff maps the seven claimed personalization steps onto a generalized industry process — a suggestion, really — that is described in a third-party specification prepared by EMVCo, LLC, an industry consortium. As relevant here, Plaintiff does not plausibly allege that this suggestion reflects CNB’s actual practices, that CNB authored or adopted it, or that CNB was required to follow it when issuing EMV cards. CNB further argues that the ‘212 Patent is directed to patent-ineligible subject matter and is therefore invalid under 35 U.S.C. § 101.
Il. Legal Standards A. Rule 12(b)(6) Standard To survive dismissal, a complaint must plead sufficient facts “to state a claim to relief that is plausible on its face.” Bell Atl. Corp. v. Twombly, 550 U.S. 544, 570 (2007). A claim is plausible “when the plaintiff pleads factual content that allows the court to draw the reasonable inference that the defendant is liable for the misconduct alleged.” Ashcroft v. Iqbal, 556 U.S. 662, 678 (2009) (citation omitted). Whether a complaint states a plausible claim is a “context-specific task that requires the reviewing court to draw on its judicial experience and common sense.” Iqbal, 556 U.S. at 679 (citation omitted). Nevertheless, the Court must accept the complaint’s well- pleaded factual allegations as true — even if doubtful ~ and draw all reasonable inferences in the plaintiff's favor. Twombly, 550 U.S. at 555-56. In the patent context, “a plaintiff cannot assert a plausible claim for infringement . . . by reciting the claim elements and merely concluding that the accused product has those elements.” Bot M8 LLC vy. Sony Corp. of America, 4 F 4th 1342, 1353 (Fed. Cir. 2021). Instead, “There must be some factual allegations that, when taken as true, articulate why it is plausible that the accused
product infringes the patent claim.” /d. Ifa plaintiff fails to nudge his claims “across the line from conceivable to plausible,” the complaint “must be dismissed.” Twombly, 550 U.S. at 569.
WI. Discussion A. Auth Token Does Not State a Plausible Claim of Direct Infringement To state a claim for direct infringement of a method claim under 35 U.S.C. § 271(a), a plaintiff must plausibly allege that the accused infringer “performs every step of the claimed method” or that “all steps of a claimed method are performed by or attributable to a single entity.” Akamai Techs., Inc. v. Limelight Networks, Inc., 797 F.3d 1020, 1022 (Fed. Cir. 2015); NTP, Inc. v. Rsch. In Motion, Ltd., 418 F.3d 1282, 1318 (Fed. Cir. 2005). That single-entity requirement is a substantive element of a § 271(a) method claim. Even at the pleading stage, the complaint must contain factual content making it plausible that the accused infringer (or a sing/e attributable actor) performed the method as a whole. Applying the pleading principles set out above, Plaintiff must allege nonconclusory facts making it plausible that CNB itself performed, or is charged with performing, every step of the seven-step method recited in Claim 1. Plaintiff has not done so. The Amended Complaint relies on a generalized industry specification and conclusory “on information and belief” assertions, but pleads no CNB-specific facts making it plausible that CNB followed the process Plaintiff mapped onto Claim 1. Because the Court concludes that the amended complaint fails to plausibly allege direct infringement, it need not and does not reach CNB’s alternative argument that the ‘212 Patent is petent ineligible under § 101. The Court notes that it has not undertaken claim construction because the parties’ Rule 12(b)(6) submissions do not fully brief the meaning of the disputed claim terms or present a record adequate for formal claim construction. Moreover, to the extent CNB’s
arguments turn on competing constructions of Claim 1’s limitations, those are “classic Markman arguments” that are not generally resolved at the Rule 12(b)(6) stage. See Nalco Co. v. Chem- Mod, LLC, 883 F.3d 1337, 1349-50 (Fed. Cir. 2018) (explaining that claim-scope disputes “not suitable for resolution on a motion to dismiss” and that it is “not appropriate” to resolve such disputes “without the benefit of claim construction’).
1. Plaintiffs “Industry-Standard” Theory of Infringement Is Not Plausibly Tied to CNB’s Conduct. Auth Token’s infringement theory is pleaded through the amended complaint, supplemented by an attached claim comparison chart. Dkt. No. 20 fj 22-24; Dkt. No. 20-2. As framed by Plaintiff, the accused “Exemplary Defendant Products” are CNB’s EMV chip-enabled Visa debit cards, which CNB - like virtually every bank in the United States — issues to its customers. Plaintiff alleges that the personalization of those cards practices the seven-step method recited in Claim 1 of the ‘212 Patent. Dkt. No. 20-2, at 2-3. The Claim Chart is styled as an element-by-element mapping of Claim 1 onto what Plaintiff describes as “a method (e.g., EMV card personalization) for personalizing an authentication token (e.g., IC card).” Dkt. No. 20-2, at 2. For each claim limitation, the Chart principally reproduces excerpts from a document entitled EMV Card Personalization Specification (the “EMV Spec”), a publicly available specification published by EMVCo, LLC, a private consortium formed by major payment networks to develop technical specifications for EMV chip-based payment cards. The Amended Complaint does not allege what EMVCo is, that CNB authored or adopted the EMV Spec, or that CNB was required to follow it when issuing EMV cards. See Dkt. No. 20, §f§ 22-24; Dkt. No. 20-2, at 2-3. Instead, for each limitation of Claim 1, Plaintiff reproduces a description of a step from the EMV Spec — such as the loading of application data, the injection of cryptographic keys, or the establishment of secure messaging — and then alleges, “on information
and belief,” that CNB “performed this step of the claimed method,” often “by having one or more of its employees” cause the step to occur. See, e.g., Dkt. No. 20-2, at 6, 9, 12, 19, 24, 25, 31. In substance, Plaintiff appears to allege that, because the EMV Spec describes certain personalization steps that Plaintiff contends correspond to Claim 1, and because CNB issues EMV chip-enabled cards, CNB must have followed the steps in the EMV Spec when it personalized cards or caused them to be personalized — and so infringed the ‘212 Patent. Although the Court recognizes that the Comparison Chart includes screenshots of CNB’s public-facing materials describing its debit card as a “Visa EMV debit card,” Dkt. No. 20-2, at 3, those allegations plausibly support only the premise that CNB issues EMV chip-enabled cards. They do not plausibly allege that CNB personalizes cards by following the EMV Spec, or that CNB itself performed each step of Claim 1’s seven-step personalization method. Jd. The problem with Plaintiff's pleading lies in the fact that tae EMV Spec does not describe how any particular bank personalizes cards. The EMV Spec is not a document prepared by CNB, nor is it tailored to any particular issuer, bank, or card program. Rather, it is a general standard, intended to describe, at a high level, the data structures, cryptographic keys, and procedural steps that could — or perhaps even should — be used by card issuers, personalization bureaus, and other participants in the payment ecosystem to personalize EMV-compliant cards prior to issuance. The EMV Spec defines “card personalization” broadly as “the use of data personalization commands that are sent to a card that already contains the basic EMV application.” EMV Card Personalization Specification, § 1.3, available at https://perma.cc/CM2W-E6P%S. It states that its purpose is to “standardize[] the EMV card personalization process.” /d., § 1.1. But nothing in the document purports to describe issuer-specific practices or the internal operations of any bank. Nor does the complaint allege any facts tendiag to show that CNB, or any bank, was required to follow
the Specification — or even that all, or most, banks do follow the specification when personalizing EMV cards as a matter of industry practice. The EMV Spec draws clear boundaries around what it does not cover. Most notably, it states that it “does not cover the interface between the Card Issuer and the Data Preparation system.” JId., § 1.2. The EMV Spec thus does not describe what an issuing bank needs to do in order to initiate, control, or supervise personalization. Consistent with that limited scope, the EMV Spec does not describe the personalization process in terms of particular actors. It refers to a “Data Preparation system,” a “Personalization Device,” and the card itself, and describes the commands and data that must be exchanged between those components. /d., §§ 2.1-2.3. But the EMV Spec does not state that an issuing bank performs each step of personalization, and it does not attribute the described steps to a single entity. Akamai, 797 F.3d at 1022; NTP, 418 F.3d at 1318. The Court does not question, in the abstract, that following an industry standard could support a finding of patent infringement, if the industry standard itself infringed the patent. Ifa complaint plausibly alleged i. that a defendant was required — by regulation, network rules, contractual arrangements, or widespread industry custom — to adhere to a particular personalization protocol, and ii. that the defendant controlled or directed the personalization process such that adherence would be attributable to the defendant, then mapping patent claim limitations to that standardized protocol could support a reasonable inference of infringement at the pleading stage. But that predicate link is missing from this complaint. This pleading simply does not allege that CNB actually follows the EMV Spec in a manner that infringes its patent. The complaint does not allege that: i. CNB was required to follow the EMV Spec;
il. CNB in fact followed it as a matter of custom or practice; or ili. If CNB did follow the EMV Spec, it controlled every step of the personalization process, such that following the specification could be attributable to CNB. Instead, Plaintiff asks the Court to infer — from CNB’s issuance of EMV chip-enabled cards — that CNB must have personalized those cards by following the processes described in the EMV Spec, and that those steps — the ones described in the EMV Spec — infringe Claim 1 of the ‘212 patent. But that inferential leap is not supported by any pleaded facts about CNB. The problem with Plaintiffs complaint is simple. It does not allege any specific facts about CNB that would support the inference that CNB (1) itself performs, directs, or controls the performance of (2) the steps described in the EMV Spec. Therefore, Plaintiff does not come close to satisfying the requirement that a patent infringement complaint explain how the defendant — not someone else — performs each and every step of the claimed method, or how the defendant — not someone else — causes another entity to do so on its sehalf. This omission is fatal because the ‘212 patent contains a method claim. Direct infringernent under § 271(a) requires that “all steps of a claimed! method are performed by or attributable to a single entity.” Akamai, 797 F.3d at 1022; NTP, 418 F.3d at 1318. But the EMV Spec contemplates a personalization workflow that can involve multiple participants, including a card manufacturer and a personalization bureau. The complaint pleads no facts permitting a reasonable inference that CNB either performs each claimed step itself or that it directs and controls other participants to perform each step. Absent such allegations, Plaintiff has not plausibly alleged that a single entity performed the sseven-step method recited in Claim 1, and its direct-infringement theory fails as a matter of law. Nor does the pleading allege any facts tending to show that CNB adopted the EMV Spec or incorporated those steps into its own personalization process. That, too, is a fatal omission. 10
Absent allegations that CNB used this particular process — and there are none — there is no way to tie the steps in the EMV Spec to conduct that can be attributed to CNB. Plaintiff relies solely on “information and belief” allegations to create the necessary tie. But in the circumstances of this case, plaintiffs “information and belief” allegations do not satisfy Rule 8’s plausibility requirement. That conclusion follows directly from controlling Second Circuit precedent addressing when allegations pleaded “on information and belief” will satisfy Rule 8. In Arista Records, LLC v. Doe 3, 604 F.3d 110 (2d Cir. 2010), the Second Circuit upheld infringement allegations pleaded in part “on information and belief’ because those allegations were anchored in defendant-specific facts. There, record-company plaintiffs alleged that anonymous “Doe” defendants infringed copyrights through peer-to-peer file sharing. Arista, 604 F.3d at 112-13. Although the complaint included “on information and belief” allegations, the Second Circuit held that the pleading was sufficient because those allegations were supported by concrete pleaded factual content. Exhibit A identified each defendant by IP address and specific date/time, identified the specific peer-to-peer network used, listed particular copyngfited sound recordings that were observed in the defendant’s shared folder, and identified the copyright owner for each recording. Jd. at 115, 121-22. In other words, the “information and belief” assertions were not free-standing speculation about what plaintiff thought “must have” happened; they were the inference drawn from pleaded, defendant-specific facts. Jd. at 121-22. Judge Sotomayor’s opinion for the Second Circuit in Boykin v. KeyCorp, 521 F.3d 202 (2d Cir. 2008), reinforces the same point, albeit in a different type of case. There, the Second Circuit reversecl dismissal of a Fair Housing Act disparate-treatment claim, holding that pleading “upon information and belief’ could be appropriate if the missing comparator information is “particularly
within [the defendant’s] knowledge and control.” Jd. at 215. But neither Arista nor Boykin approved “information and belief” allegations untethered to concrete events or objective facts, even if the missing information was peculiarly known to the defendant. In Boykin, Judge Sotomayor concluded that the plaintiffs “information and belief” allegations satisfied Rule 8 because the plaintiff pleaded concrete events and contextual facts —
none of them “on information and belief — that in and of themselves plausibly raised the specter of discrimination. Boykin alleged that she (an African-American woman) applied in person for a home-equity loan; that after reviewing her credit report, the loan officer told her the application was conditionally approved; that later the same day the officer called back to deny the loan, on the ostensible ground that she did not live in New York; and that she received a formal written denial shortly thereafter. Boykin, 521 F.3d at 204-05. Boykin also alleged that the property was located in a minority-concentrated neighborhood. Those facts — none of which was pleaded on information and belief — gave context to an “information and belief” allegation that non-minority applicants were treated more favorably than she was, in terms of both loans and counseling from the bank. This complaint differs from the complaints in Arista and Boykin in ways that matter. Plaintiff's Chart maps Claim 1 to generalized excerpts from a third-party EMV Spec that is attached to the Chart, and then asserts that CNB (or CNB employees) must have performed each step of the claimed seven-step personalization method — such as causing the authentication token to enter “personalization mode,” encrypting and transmitting a serial number using a personalization key, establishing an encrypted session using a transport key, transmitting an initial seed value and initial secret key encrypted by that transport key, and storing those values on the token such that it can no longer enter personalization mode — as part of the EMV personalization process described in the specification. See Dkt. No. 20-2, at6—7', 9-10, 12-14, 19-21, 24-25, 31.
But unlike in Arista, Plaintiff pleads no objective facts from which one could reasonably infer that CNB adhered to the EMV Spec when personalizing EMV cards, or that CNB performed each step in that process or dictated how it should be performed by some third party. Thus, unlike in Boykin, Plaintiff does not plead concrete events involving CNB that would make its “information and belief” assertions plausible — even if certain details about what CNB did are peculiarly within CNB’s control. The Federal Circuit’s application of those pleading principles in Bot M8 illustrates why Plaintiff s allegations fall short. In that case, the accused products were Sony’s PlayStation 4 video game consoles and related network services. Bot M8 LLC v. Sony Corp. of Am., 4 F.4th 1342, 1347 (Fed. Cir. 2021). The PlayStation system is a complex, multi-component platform that includes a console with multiple memory devices, removable storage media such as Blu-ray game discs, and remote PlayStation Network servers. Jd. at 1347-48; Bot M8 LLC v. Sony Corp. of Am., 2020 WL 418938, at *1—3 (N.D. Cal. Jan. 27, 2020). Bot M8 alleged that various authentication and security functions were performed across those components to prevent unauthorized game use and copying. Bot M8, 4 F.4th at 1348. The infringement theories at issue thus depended, not on whether authentication occurred in the abstract, but on where particular programs were stored and how they interacted within that distributed system — facts central to whether the accused system satisfied the specific architectural requirements of the asserted claims. J/d.; Bot M8, 2020 WL 418938, at *3-4. The ‘990 patent in Bot M8 claimed a specific “mutual authentication” mechanism ancl required, among other things, “a removable storage medium storing thereir gamiig information including a mutual authentication program.” Jd. at 1347-48. Judge Alsup dismissed the infringement claim, even though the complaint alleged the presence of authentication functionality
at various points in the gaming system, because it failed to plead facts showing where the mutual authentication program and gaming information was stored and failed to plausibly allege that they were stored together, as the patented claims required. Bot M8, 2020 WL 418938, at *3-4. The district court rejected allegations that merely tracked the claim language — such as assertions that the “game program . . . contains a mutual authentication process” — as conclusory, explaining that the plaintiff's claim with respect to the ‘990 Patent “require[s] support not found in the substantive allegations.” Jd at *3—4. It likewise rejected the plaintiff's reliance on generalized descriptions of authentication functionality or the existence of possible storage locations, holding that those allegations did not plausibly establish the specific storage relationship required by the claims. Jd. On appeal, the Federal Circuit affirmed the district court’s dismissal. It agreed that Bot M8’s allegations were insufficient because they did not plausibly allege that the accused PlayStation system satisfied the particular claim requirement that the gaming information and mutual authentication program be stored together on the same removable medium. Bot M8, 4 F.4th at 1354-55. The court emphasized that allegations which merely track claim language, or which are “merely consistent with” infringement, do not satisfy Twombly and Iqbal. Id. The Federal Circuit’s same reasoning applies here. Like the ‘990 patent in Bot M8, the ‘212 Patent does not claim a generic result such as “secure personalization.” It claims a defined, seven-step method that must be performed as a unitary process, including (i) encryption using a personalization key, (ii) validation of that key at the authentication token, (iii) establishment of an encrypted session using a transport key, (iv) transmission of an initial seed value and an initial secret key encrypted by that transport key, and (v) storage of those values such that the authentication token can no longer enter personalization mode. Dkt. No. 20-1, 11:4-12:8. As with
the “990 Patent, infringement turns, not on whether some form of personalization occurred somewhere in the system, but on whether the accused party plausibly performed the specific method the claim requires. Plaintiff's pleading fails for the same reason the ‘990 patent theory failed in Bot M8. Plaintiff’ s pleading describes a “specification” created by a third-party — not CNB — that reads on its patent, and then alleges — on information and belief — that CNB performed each step described in the EMV Spec. But it does not plead any facts tending to show that CNB actually adopted the EMV Spec for its personalization process. It does not allege that CNB was required to adopt that process, and it does not allege any facts about CNB’s employment of that process. As was the case in Bot M&, where allegations of authentication activity across a distributed PlayStation ecosystem did not plausibly establish the required co-location of programs, Plaintiff's “information and belief” allegations do not permit a reasonable inference that CNB performed the steps set forth in a standard that was created by someone else. Under Bot M8, that deficiency is fatal at the pleading stage. Predictably, Plaintiff alleges that dismissal would be inappropriate because it could not have pleaded the necessary facts with more specificity — or otherwise than on information and belief — at this pre-discovery stage. But the Federal Circuit has made clear that a plaintiff's inability to plead facts without discovery does not excuse compliance with Rule 8 or permit a purely speculative complaint to proceed past a motion to dismiss. And district courts applying Bot MS have rejected the argument that conclusory infringement allegations justify discovery into a defendant’s internal systems before a motion to dismiss can be granted. For example, in Estech Systems IP, LLC v. Intermedia.net, Inc., 2025 WL 834500, at *4— 6 (N.D. Cal. Mar. 17, 2025), the plaintiff identified numerous accused products and services, and
alleged that they infringed asserted method and system claims. But the court dismissed the complaint because it “simply copie[d] the language of the claim element and then state[d] that the Accused Instrumentalities meet those claims,” without factual allegations explaining how or why infringement was plausible. /d. at *5. The court rejected the notion that identifying accused products and asserting infringement sufficed to unlock discovery, explaining that Bot M8 requires “additional factual allegations to support a plausible claim of infringement beyond just identifying the products and claiming they infringe.” Jd. at *5—6. That reasoning applies with equal force here. Plaintiff's literal infringement theory rests on its contention that a generalized specification developed by some industry support group infringes every claim of its patent, plus conclusory allegations — pleaded largely “on information and belief” — that CNB must have performed the steps in the generalized third party specification, simply and solely because it issues EMV chip-enabled cards. Plaintiff does not plead nonconclusory, specific facts about CNB’s practices that make it plausible to infer that CNB ever adopted tae EMV Spec, or that CNB itself performed the claimed method, or that all seven steps can be attributed to CNB. Under Bot M8 and Estech, such allegations do not state a plausible claim for infringement and do not entitle Plaintiff to discovery in the hope of uncovering facts that would make infringement plausible. Thus, the problem is not that Plaintiff failed to plead “technical detail” about how CNB performs each cryptographic step. The problem is more basic. Plaintiff has not pleaded any nonconclusory facts that admit of the conclusion that CNB follows the EMV Spec at all, much less that CNB controls every step of the claimed personalization method in a manner that would cause their performance to be attributed to CNB. Without those predicate allegzttions, Plaintiff's mapping of Claim 1 onto the EMV Spec describes, at most, how EMV personalization could
seme the abstract. It does not plausibly allege how CNB operates in fact. Taken to its logical conclusion, Plaintiffs theory, if accepted, would risk treating the issuance of EMV chip-enabled cards — standing alone ~ as sufficient to plead infringement by any issuing bank. That is precisely the sort of speculative pleading that Twombly forbids. Even drawing all reasonable inferences in Plaintiff's favor, Plaintiff's allegations “stop[] short of the line between possibility and plausibility.” Twombly, 550 U.S. at 557.
2. Conclusory Allegations About “Internal Testing and Use” Do Not Salvage the Claim. Plaintiff also alleges that CNB directly infringed the ’212 Patent by “internally testing and using” EMV cards. This theory does not cure the pleading defects identified above. The “testing and use” aspect of Plaintiffs amended complaint is limited to a single sentence, which states: “Defendant also infringed, literally or under the doctrine of equivalents, the Exemplary °212 Patent Claims, by having its employees internally test and use these Exemplary Products.” Dkt. No. 20, Am. Compl., 23. Plaintiff does not allege that CNB, by testing or using an allegedly infringing product supplied by others, engaged in indirect or contributory infringement; rather, Plaintiff asserts that such testing and use constitutes direct infringement. The Court will not read the complaint to invent an unpleaded theory of liability. See Faggionato v. Lerner, 500 F. Supp. 2d 237, 248 (S.D.N.Y. 2007). The question, then, is whether the Amended Complaint plausibly alleges direct infringement of Claim 1’s method on the theory that CNB infringed by testing the cards it issued. It does not. Under settled Federal Circuit law, a defendant directly infringes a method claim only by “actually perform[ing] the steps in the method claim.” Ericsson, Inc. v. D-Link Sys., Inc., 773 F.3d 1201, 1221 (Fed. Cir. 2014). Claim 1 is directed to “a method for personalizing an authentication
token,” not to amethod of testing, validating, or using an already-personalized card. Dkt. No. 20- 1, 10:66-67. Once personalization has occurred, subsequent testing or use of the card does not involve performance of the claimed personalization steps. Post-personalization testing or operation of a card therefore does not constitute performance of the claimed method. Plaintiff's Amended Complaint and Comparison Chart reflect this disconnect. Plaintiff does not plausibly allege that CNB performed the seven-step personalization method during any testing it may have conducted on the EMV cards it issued. Instead, Plaintiff appears to assume that the EMV card itself is an infringing product and that CNB infringes the ‘212 Patent by using that product during internal testing. That assumption is legally insufficient. Nor does Plaintiff plead any facts describing what testing occurred, who conducted it, when it occurred, what systems were used, or how any such testing involved performance of any step of Claim 1. Merely possessing, testing, or operating a product does not constitute direct infringement of a method claim. See Joy Techs., Inc. v. Flakt, Inc., 6 F.3d 770, 773-74 (Fed. Cir. 1993) (‘[A] method or process claim is directly infringed only when the process is performed.”). The merits-stage authorities Plaintiff cites do not compel a different result. Decisions such as Radio Corp. of America vy. Andrea, 90 F.2d 612 (2d Cir. 1937), Soitec, S.A. v. Silicon Genesis Corp., 81 F. App’x 734 (Fed. Cir. 2003), Carnegie Mellon Univ. v. Marvell Tech. Grp., Ltd., 807 F.3d 1283 (Fed. Cir. 2015), and GoTV Streaming, LLC v. Netflix, Inc., 2023 WL 6192744 (C.D. Cal. Sept. 11, 2023), all arose after plaintiffs had plausibly alleged — and in one case, had proved — underlying infringement. In those cases, the courts addressed whether internal testing or development activity constituted infringement once the accused product or method had been shown to infringe. None of the cases involved a pre-answer motion to dismiss under Rule 12(b)(6), and none held that conclusory allegations of testing can substitute for pleading a plausible
sobesrencramant theory in the first instance. Here, because Plaintiff has not plausibly alleged that the accused cards infringe Claim 1, its reliance on testing cases decided on a developed factual record is misplaced. Because Plaintiff pleads no facts plausibly suggesting that post-issuance testing or use of the cards would require re-performing the seven-step personalization method recited in Claim 1, the Court cannot reasonably infer that internal testing constitutes performance of the claimed method. The Federal Circuit has made clear that, at the pleading stage, “a plaintiff cannot assert a plausible claim for infringement under the Igbal/Twombly standard by reciting the claim elements and merely concluding that the accused product has those elements.” Bot M8, 4 F.4th at 1353. Instead, the complaint must include “some factual allegations that, when taken as true, articulate why it is plausible that the accused product infringes the patent claim.” Jd. Where, as here, the allegations are conclusory and untethered to facts showing performance of the claimed method, dismissal is required. Jd. at 1355. B. Plaintiff Does Not State a Plausible Claim of Direct Infringement Under the Doctrine of Equivalents. Plaintiff also purports to invoke the doctrine of equivalents, alleging — without elaboration
— that CNB infringes Claim 1 “literally or by the doctrine of equivalents.” The Plaintiff invokes the doctrine of equivalents for both the literal infringement and the “internal testing and use” theories of recovery. Dkt. No. 20, {§ 22-23. But the Plaintiffs invocation of equivalents is purely boilerplate; the Amended Complaint does not plausibly plead infringement under the doctrine of equivalents. The doctrine of equivalents is not a fallback that automatically survives a failed argument asserting literal infringement. Under settled Federal Circuit law, a patentee must plausibly allege,
on a limitation-by-limitation basis, that the accused process performs substantially the same function in substantially the same way to achieve substantially the same result as each claimed limitation, or that any differences are insubstantial. 4kzo Nobel Coatings, Inc. v. Dow Chem. Co., 811 F.3d 1334, 1339-40, 1343-44 (Fed. Cir. 2016). At the pleading stage, this requires at least nonconclusory factual content identifying what CNB allegedly does in place of a particular limitation and why that substitute is plausibly equivalent. See id.; Bot M8, 4 F.4th at 1352-55. Here, Plaintiff does not identify a single limitation of Claim 1 that is allegedly satisfied by an equivalent. Plaintiff does not allege what CNB purportedly does instead of any claimed step, does not plead facts explaining how any substituted conduct would perform the same function in the same way to achieve the same result, and does not allege why any differences between the claimed method and CNB’s conduct would be insubstantial. The Amended Complaint contains nothing at all beyond the bare incantation of the phrase “doctrine of equivalents.” That is far from sufficient. Additionally, Plaintiff's Amended Claim Chart contains no equivalence analysis and does not identify any allegedly equivalent steps, structures, or processes. Instead, it simply maps Claim 1’s limitations to excerpts from the EMV Spec and asserts, on information and belief, that CNB employees must have performed the steps in that specification. That is the very same allegation that purports to support its claim of literal infringement. But infringement by equivalents is necessarily different from literal infringement. The Federal Circuit has emphasized that equivalence must be independently pleaded and proven. Evidence and argument directed to the doctrine of equivalents “cannot merely be subsumed in plaintiff's case of literal infringement,’ but must be separately articulated and supported. See nCube Corp. v. SeaChange Int'l, Inc., 436 F.3d 1317, 1325 (Fed. Cir. 2006).
Plaintiff s amended complaint asserts literal infringement, appends a conclusory reference to equivalence, and then offers no distinct factual allegations to support that theory. That approach does not plead an equivalents theory; it merely repackages Plaintiffs deficient literal-infringement allegations. Furthermore, even if adding a brief reference to the doctrine of equivalents as sufficient under Rule 8 (and it is not), that would not cure the more fundamental defect identified above. To prevail under either literal infringement or the doctrine of equivalents, the accused process must contain each claim element (or limitation), or its equivalent. Marquip, Inc. v. Fosber Am., Inc., 198 F.3d 1363, 1366 (Fed. Cir. 1999). As discussed at length, see supra Section III(A), Plaintiff has not plausibly alleged that CNB — or any single entity whose conduct is attributable to CNB — performed any part of the seven-step method recited in Claim 1. Absent nonconclusory factual allegations showing performance of the claimed method, Plaintiff cannot proceed on a theory that CNB performed equivalent steps. The doctrine of equivalents is not a vehicle for proceeding to discovery on speculation or for rescuing a literal infringement claim that is otherwise unsupported by well-pleaded factual allegations. For clarity, the Court emphasizes the narrow and threshold nature of its holding. Auth Token’s claim fails solely because it has not plausibly alleged that CNB itself performed — or can be charged with performing — all seven steps of the method recited in Claim 1 of the ‘212 Patent. Plaintiff's theory rests on the supposition that, because CNB issued EMV chip cards, it must have followed an EMV Spec that is not alleged to be binding or commonplace within the industry —
even as it is the EMV Spec, not any conduct attributable to CNB, that is alleged to read onto the seven steps in Claim 1 of the ‘212 patent. For all of the reasons discussed above, those allegations
do not satisfy Rule 8’s requirement of factual content permitting a reasonable inference of infringement. Because Plaintiff has not plausibly alleged performance of the claimed method by a single entity, dismissal under Rule 12(b)(6) is required.
C. Leave to Amend Auth Token requests leave to amend its Amended Complaint. Although, “The court should freely give leave [to amend] when justice so requires,” Fed. R. Civ. P. 15(a)(2), it remains within a district court’s sound discretion to deny leave “for good reason, including futility, bad faith, undue delay, or undue prejudice to the opposing party.” TechnoMarine SA v. Giftports, Inc., 758 F.3d 493, 505 (2d Cir. 2014) (citation omitted). Amendment is futile when the proposed amended pleading would not survive a motion to dismiss under Rule 12(b)(6). J/d.; Lucente v. Int'l Bus. Machines Corp., 310 F.3d 243, 258 (2d Cir. 2002}. Auth Token has already amended once, after CNB expressly identified the same core pleading defects now addressed here. In moving to dismiss the original complaint, CNB argued that Plaintiff's infringement allegations rested “entirely on a 30-page Claim Chart,” relied on “a series of excerpts from the EMV Card Personalization Specification . .. which does not mention CNB or describe its conduct,” and failed to plausibly allege that “CNB itself performs every claimed step.” Dkt. No. 19, at 12-13. CNB further emphasized that “Without factual allegations that CNB itself performs every claimed step, no plausible inference of direct irifringement arises.” Id. at 13. Auth Token subsequently amended as of sight. Nonetheless, the amended complaint continues to rely on the same theory — issuance of EMV cards coupled with conclusory assertions about performing steps outlined in some industry document and of “internal testing and use.” Auth
Token did not supplement its original complaint with nonconclusory facts plausibly tying CNB to performance or control of the seven-step personalization method. Nor has Auth Token articulated, either in its opposition or otherwise, what additional factual allegations it could plead that would plausibly remedy the defects identified in this Opinion. Its request for leave to amend is perfunctory, asserting only that Plaintiff should be permitted to add “additional allegations” supporting infringement. Plaintiff has not submitted a proposed amended complaint, as required by Local Civil Rule 15.1(a), nor has it identified any specific facts it could plead that would plausibly establish that CNB itself (or a single attributable entity) performed each step of the claimed method. Where a plaintiff has already amended after notice of the same defects and fails to explain how further amendment would cure them, denial of leave is often appropriate. Lucente, 310 F.3d at 258. However, the Court is mindful that this decision turns on a narrow but potentially curable pleading deficiency: the absence of nonconclusory, defendant-specific allegations that CNB was required to follow, in fact followed, a third-party, industry suggestion that Plaintiff contends infringes the ‘212 Patent. Discovery is not required to allege whether an industry standard is binding on a defendant or to plead facts concerning the defendant’s role in a standardized process. If such facts exist, they should already be known to the pleader and capable of being alleged consistent with Rule 11. Accordingly, the Court will grant Auth Token one final opportunity to amend. Any amended complaint must plead, without the benefit of discovery, nonconclusory facts plausibly alleging that CNB itself performed, directed, or controlled performance of each step of the claimed method, or that all steps are otherwise attributable to CNB as a single entity. Generalized reliance on industry standards, conclusory allegations pleaded “on information and belief,” or speculative
assertions of internal testing or use will not be sufficient. And if the doctrine of equivalents is relied on, Plaintiff must plead nonconclusory, limitation-by-limitation factual allegations identifying what CNB allegedly does in place of each claimed step and explaining why any such substitute is plausibly equivalent under governing Federal Circuit law. Leave to amend is therefore GRANTED. Plaintiff has 14 business days to serve an amended pleading that conforms to this decision. Failure to plead a plausible claim consistent with this Opinion will result in dismissal with prejudice.
Conclusion For the foregoing reasons, City National Bank’s motion to dismiss is GRANTED. Dismissal is without prejudice, and Plaintiff is granted leave to file an amended complaint. The Clerk of Court is directed to remove the motion located at Docket Entry Number 21 from the Court’s list of open motions. This constitutes the decision and order of the Court. It is a written decision.
Dated: January 14, 2026 (4 U.S.D.J.
BY ECF TO ALL COUNSEL