DCT

1:26-cv-00290

Mycard Inc v. Atomic Fi Inc

Log In
Key Events
Complaint
complaint Intelligence

I. Executive Summary and Procedural Information

  • Parties & Counsel:
  • Case Identification: 1:26-cv-00290, D. Del., 03/17/2026
  • Venue Allegations: Venue is alleged to be proper in the District of Delaware because the Defendant, Atomic FI, Inc., is a Delaware corporation and therefore "resides" in the district.
  • Core Dispute: Plaintiff seeks a declaratory judgment that its products do not infringe Defendant's patents related to secure card-on-file updating technology, and further alleges these patents are invalid and unenforceable, alongside claims that Defendant misappropriated Plaintiff's trade secrets and infringed its copyrights.
  • Technical Context: The dispute is in the financial technology (FinTech) sector, concerning software platforms that automate the process of updating consumer payment card information stored with various online merchants and service providers.
  • Key Procedural History: The complaint alleges that after Plaintiff launched its "CardSwitcher™" product, Defendant, a competitor, engaged in partnership discussions with Plaintiff, obtained information about the product, and subsequently filed for the patents-in-suit covering similar technology. Defendant later sent Plaintiff a cease-and-desist letter accusing it of infringement. Plaintiff alleges it discovered that Defendant copied its source code by identifying a unique, non-functional "honeypot" string in Defendant's code, which forms the basis for its trade secret and copyright claims and supports its allegations of improper patenting. The complaint also references prior, settled trade secret misappropriation litigation brought against Defendant by another company, ClickSWITCH.

Case Timeline

Date Event
2022-08-XX Plaintiff Knot launches its CardSwitcher™ product.
2022-09-12 Defendant Atomic's representative contacts Knot to discuss a potential partnership.
2022-12-22 Atomic files U.S. Provisional Application No. 63/434,824 (Priority Date for patents-in-suit).
2023-Late Atomic launches its competing "TrueAuth" product.
2023-10-03 Knot files its own U.S. Provisional Patent Application No. 63/587,667.
2024-10-15 U.S. Patent No. 12,120,118 issues to Atomic.
2024-11-12 Knot unveils its MassSwitcher™ product.
2025-06-04 Knot finalizes its code to trigger Apple's Face ID functionality.
2025-06-XX Knot inserts "honeypot" code into its Authentication Integrations Source Code.
2025-10-14 U.S. Patent No. 12,445,443 issues to Atomic.
2025-12-23 Atomic's counsel sends a cease-and-desist letter to Knot alleging infringement.
2026-02-25 Knot discovers the "honeypot" code string in Atomic's production source code.
2026-03-17 Complaint filed.

II. Technology and Patent(s)-in-Suit Analysis

U.S. Patent No. 12,120,118 - "Securely Communicating Data Between an Application Associated with an Entity and a Third-Party System"

The Invention Explained

  • Problem Addressed: The patent describes a security vulnerability in prior systems where a user, seeking to connect a service (e.g., a bank) with a third-party system (e.g., a payroll provider), would provide their third-party login credentials to an "intermediary service" ʼ118 Patent, col. 1:30-49 This exposed the credentials to potential compromise at the intermediary level ʼ118 Patent, col. 1:43-49
  • The Patented Solution: The invention removes the intermediary service by providing a "webview" directly within the primary application (e.g., the banking app) ʼ118 Patent, col. 3:28-35 This webview displays the native login page of the third-party system, allowing the user's credentials to be passed directly to the third party without being handled by an intermediary ʼ118 Patent, abstract The system then confirms successful authentication by analyzing the resulting "response page" for "one or more visual page elements" (e.g., a "sign out" button) and, upon confirmation, automates subsequent tasks on the user's behalf ʼ118 Patent, abstract '118 Patent, col. 6:4-7
  • Technical Importance: This approach aims to enhance security and reduce friction in connecting disparate financial accounts by ensuring user credentials for a third-party service are only ever transmitted directly to that service.

Key Claims at a Glance

  • The complaint focuses on independent method claim 14 Compl. ¶160
  • Essential elements of claim 14 include:
    • Providing a "webview" in an application that displays a "native login page" of a selected third-party system, removing the need for an intermediary service.
    • Determining that the user has been authenticated by "analyzing a response page" displayed in the webview.
    • This determination involves finding "one or more visual page elements indicative of the user being authenticated".
    • In response to this determination, "automating one or more tasks" with the third-party system.
  • The complaint does not explicitly reserve the right to address other claims.

U.S. Patent No. 12,445,443 - "Securely Communicating Data Between an Application Associated with an Entity and a Third-Party System"

The Invention Explained

  • Problem Addressed: The '443 Patent shares a specification with the '118 Patent and addresses the same problem of insecurely handling user credentials via intermediary services when linking financial accounts '443 Patent, col. 1:34-52
  • The Patented Solution: The solution is architecturally similar to that of the '118 Patent, using a webview to present a third-party's native login page '443 Patent, abstract The claims of the '443 patent, however, focus more specifically on the software architecture, describing the determination of authentication as being performed by "executing the code associated with the second entity" (e.g., an SDK provider) that is "embedded in code of the application" '443 Patent, claim 16 After authentication, this embedded code communicates with a backend server to retrieve parameters and generate an API request to automate tasks '443 Patent, claim 16
  • Technical Importance: This patent claims a specific implementation architecture for the secure authentication process, focusing on the roles of embedded code (like an SDK) and a backend server in orchestrating the post-authentication workflow.

Key Claims at a Glance

  • The complaint focuses on independent method claim 16 Compl. ¶167
  • Essential elements of claim 16 include:
    • Providing a "webview" with a "native login page" via "code associated with a second entity" (e.g., an SDK) embedded in a "first entity's" application.
    • "Determining by executing the code associated with the second entity" that the user has been authenticated, using data from a response page.
    • In response to a successful authentication, automating tasks by "executing further code... to communicate with a backend server that determines a parameter and a request structure".
    • Using the parameter and request structure to "generate and send" an API request to the third-party system.
  • The complaint does not explicitly reserve the right to address other claims.

III. The Accused Instrumentality

Product Identification

  • The complaint identifies Plaintiff's "Knot CardSwitcher™ product" as the primary accused instrumentality Compl. ¶160 Related products built on the same SDK, such as MassSwitcher™ and AccountUpdater™, are also mentioned Compl. ¶¶29-30

Functionality and Market Context

  • CardSwitcher™ is a technology, delivered via an SDK, that integrates into banking applications to allow consumers to automatically update their "card-on-file" payment information across various online merchants and subscription services Compl. ¶¶21-22 Compl. ¶27
  • A key feature highlighted in the complaint is its ability to handle biometric authentication flows, such as Apple's Face ID, to update a user's card stored with Apple (Compl. ¶¶53; Compl. ¶61). The complaint alleges this functionality is powered by its proprietary and trade-secret "Authentication Integrations Source Code" Compl. ¶¶4 Compl. ¶61 The complaint includes a screenshot from Atomic's website discussing its integration with Apple, illustrating the competitive landscape Compl. ¶115
  • The complaint alleges that CardSwitcher™ was launched in August 2022, predating the priority date of the patents-in-suit Compl. ¶23 Compl. ¶123

IV. Analysis of Infringement Allegations

As this is a declaratory judgment action, the analysis below summarizes Plaintiff Knot's arguments for non-infringement as presented in the complaint.

'118 Patent Infringement Allegations

Claim Element (from Independent Claim 14) Alleged Non-Infringing Functionality (per Knot) Complaint Citation Patent Citation
determining that a user has been authenticated by the selected third-party system... at least in part by analyzing a response page displayed via the provided webview... The Accused Products allegedly do not determine authentication by "analyzing a response page displayed." ¶162 col. 13:20-29
and determining that the response page includes one or more visual page elements indicative of the user being authenticated... The Accused Products allegedly do not determine that the response page includes "one or more visual page elements indicative of the user being authenticated." The complaint further alleges that Atomic disclaimed the use of cookie data during prosecution, distinguishing it from the claimed "visual elements." ¶162; ¶163 col. 13:25-29
in response to a determination that the response page includes the one or more visual page elements indicative of the user being authenticated, automating one or more tasks... Because the Accused Products allegedly do not make the required determination based on visual elements, they do not trigger the subsequent step of automating tasks in response to such a determination. The complaint presents this as a direct consequence of the preceding elements not being met. ¶162 col. 13:30-35

'443 Patent Infringement Allegations

Claim Element (from Independent Claim 16) Alleged Non-Infringing Functionality (per Knot) Complaint Citation Patent Citation
determining, by executing the code associated with the second entity, that the user has been authenticated by the selected third-party system, using data comprising a response page displayed via the provided webview... The Accused Products allegedly do not determine that the user has been authenticated "by executing code associated with the second entity" that is "embedded in code of the application." This suggests a potential architectural difference in how and where the authentication status is determined in Knot's system. ¶169 col. 14:38-46
in response to determining that the data comprising the response page includes data indicative of the user being authenticated, automating one or more tasks... As the initial determination step is allegedly not performed as claimed, the subsequent automation step, which depends on that determination, is also not performed as claimed. ¶169 col. 14:47-55
including by executing further code associated with the second entity to continue with a backend server that determines a parameter and a request structure associated with the function requested by the user. The Accused Products allegedly do not automate tasks by "executing code associated with the second entity to continue with a backend server" for determining parameters and request structures. This further points to a potential mismatch between the specific, claimed client-server interaction and Knot's implementation. ¶169 col. 14:50-55

Identified Points of Contention

  • Scope Questions: A primary question for the '118 Patent is what constitutes "analyzing" a page for "visual page elements." The complaint raises the possibility that Knot's system confirms authentication through non-visual means (e.g., by analyzing cookies or network traffic), which may fall outside the claim scope, especially if Atomic narrowed the term during prosecution to overcome prior art Compl. ¶163
  • Technical Questions: For the '443 Patent, the dispute may turn on software architecture. A key question is whether Knot's embedded SDK is the component that "determin[es]" authentication, or if this function is performed elsewhere (e.g., by a backend server). The claim recites a specific sequence of operations between the embedded code and a backend server that will require factual comparison with Knot's system.

V. Key Claim Terms for Construction

  • The Term: "analyzing a response page... [for] one or more visual page elements indicative of the user being authenticated" '118 Patent, claim 14

  • Context and Importance: This term is central to Knot's non-infringement defense for the '118 Patent. The definition will determine whether methods that confirm authentication without parsing the visible content of a webpage (e.g., by inspecting HTTP headers or cookies) are covered. Practitioners may focus on this term because the complaint alleges Atomic distinguished this method from analysis of "cookie data" during patent prosecution, which could create a prosecution history estoppel Compl. ¶163

  • Intrinsic Evidence for Interpretation:

    • Evidence for a Broader Interpretation: The specification provides examples such as "a 'sign out' or other visual text on the page," which could be interpreted to cover a wide range of on-screen indicators of a logged-in state '118 Patent, col. 6:4-7
    • Evidence for a Narrower Interpretation: The explicit use of the word "visual" suggests the element must be something that can be seen on the display, potentially excluding information contained in non-visible data like cookies or session tokens. The complaint alleges that Atomic's arguments to the patent office to distinguish prior art will provide strong evidence for a narrower construction Compl. ¶163

  • The Term: "determining by executing the code associated with the second entity, that the user has been authenticated" '443 Patent, claim 16

  • Context and Importance: This term defines the location and agent of the authentication-determination step. It appears to require that the embedded code (the SDK from the "second entity") performs this analysis itself. Knot's non-infringement defense may rely on showing that its system architecture operates differently, for instance, by having a backend server make the final determination based on data relayed from the client.

  • Intrinsic Evidence for Interpretation:

    • Evidence for a Broader Interpretation: One could argue that if the embedded code initiates the process or receives the dispositive data, it is part of the "determining" step, even if a final confirmation signal comes from a server.
    • Evidence for a Narrower Interpretation: The plain language links the "executing" of the embedded code directly to the "determining" act. The specification describes the SDK as being configured to "inspect a document object model (DOM)" and "analyze the webview" to determine the user's status, supporting a client-side-centric interpretation '118 Patent, col. 5:4-15 '118 Patent, col. 6:1-3

VI. Other Allegations

The complaint includes significant allegations of inequitable conduct against Atomic, which, if proven, could render the patents-in-suit unenforceable.

  • Withholding of Material Prior Art: The complaint alleges that Atomic and its named inventors were aware of Knot's CardSwitcher™ product, which was publicly launched in August 2022, well before the patents' December 2022 priority date Compl. ¶¶191-192 Compl. ¶¶200-201 It is alleged that Atomic failed to disclose this product to the U.S. Patent and Trademark Office (PTO) during prosecution, despite later asserting that the same product infringes the issued patents, which the complaint frames as an admission of the product's materiality Compl. ¶193 Compl. ¶202
  • Incorrect Inventorship: The complaint alleges, on information and belief, that Atomic and its inventors were aware that Knot's founders conceived of the card-switching methods disclosed in the patents Compl. ¶194 Compl. ¶203 It is alleged that they failed to disclose Knot's founders as inventors to the PTO, which is a material omission Compl. ¶194 Compl. ¶203
  • Intent to Deceive: The complaint alleges that the "single most reasonable inference" from this conduct is that Atomic intended to deceive the PTO to "patent Knot's card-switching product and claim it as their own" Compl. ¶195 Compl. ¶204 The complaint's central narrative of trade secret theft, evidenced by the side-by-side source code comparison showing the "honeypot" string, is presented as strong circumstantial evidence of this intent Compl. ¶1

VII. Analyst's Conclusion: Key Questions for the Case

  • A threshold issue will be one of enforceability and inventorship: Can Knot prove that Atomic intentionally withheld material prior art (Knot's own CardSwitcher™ product) or concealed the identity of the true inventors from the PTO? An affirmative finding on this issue of inequitable conduct could render the patents unenforceable regardless of infringement.
  • A key technical question will be one of authentication analysis: Does Knot's product determine a user's authenticated state by analyzing "visual page elements" as required by the '118 patent, or does it use a non-visual method that falls outside the claim scope, potentially narrowed by Atomic's own arguments to the patent office?
  • A dispositive factual question, underlying the entire dispute, will be the provenance of the technology: Does the "honeypot" code and other evidence demonstrate that Atomic copied Knot's source code, as alleged? This would not only support the trade secret and copyright counts but would also lend significant credibility to Knot's claims that Atomic improperly patented an invention that was not its own.