MEMORANDUM OPINION AND ORDER REGARDING DEFENDANTS' MOTION FOR SUMMARY JUDGMENT AND MOTION TO STRIKE AFFIDAVIT OF PLAINTIFFS' EXPERT

MARK W. BENNETT, District Judge.

                                  TABLE OF CONTENTS

  I.  INTRODUCTION.................................................................904

 II.  THE MOTION TO STRIKE.........................................................905
      A.  Procedural History.......................................................906
      B.  Arguments Of The Parties.................................................907
          1.  The Iowa Defendants' opening argument................................907
          2.  Serverside's response................................................908
          3.  The Iowa Defendants' reply...........................................908
      C.  Legal Analysis...........................................................908
          1.  Rule 26 and Rule 37 standards........................................908
          2.  Rule 56 standards....................................................913
          3.  Summary..............................................................914

III.  THE MOTION FOR SUMMARY JUDGMENT..............................................914
      A.  Context Of The Motion....................................................914
          1.  The patents-in-suit..................................................914
          2.  The key patent claims at issue.......................................915
          3.  The patent claim terms at issue......................................915
      B.  Factual Background.......................................................917
          1.  The parties' factual allegations and denials.........................917
          2.  The accused system...................................................917
              a.  Parts and users of the Cre8MyCard system.........................917
              b.  Customization by a remote customer...............................917
              c.  Processing of the customized card by the financial
                  institution......................................................920
              d.  Card manufacturing...............................................921
              e.  "Instant"production methods......................................921

              f.  Use of hash codes and encryption in the accused system...........922
      C.  Standards For Summary Judgment...........................................922
      D.  Standards For Patent Infringement........................................923
      E.  Grounds For Summary Judgment.............................................926
          1.  Infringement under the doctrine of equivalents.......................926
          2.  Implications of non-infringement of the first claims.................927
          3.  Absence of "a customer identifier that corresponds to the remote
              customer that personalized said image," as claimed in the
              '199 and the '490 patents............................................929
              a.  Arguments of the parties.........................................929
              b.  Analysis.........................................................930
          4.  Absence of a "customer identifier [that] comprises an identifier
              selected from a secure unique identifier and a one-way code,"
              as claimed in the '199 patent........................................932
              a.  Arguments of the parties.........................................933
              b.  Analysis.........................................................934
                   i.  Secure unique identifier....................................934
                  ii.  One-way code................................................938
          5.  Absence of a "customer identifier [that] encompasses encrypted
              customer information," as claimed in the '490 patent.................939
              a.  Arguments of the parties.........................................940
              b.  Analysis.........................................................941
          6.  Summary..............................................................943

 IV.  CONCLUSION...................................................................943

This patent-infringement action, alleging infringement of two of the plaintiffs' patents, both entitled "Computerized Card Production Equipment," is before me on the defendants' motion for summary judgment and the defendants' motion to strike the affidavit of the plaintiffs' expert offered in resistance to the defendants' motion for summary judgment. I previously construed disputed terms of the patents in a Markman ruling. Thus, the question on the defendants' motion for summary judgment is whether their accused "system for the customization of financial transaction cards" infringes the patents as I have construed them. The preliminary question, however, is whether or not I can consider the affidavit of the plaintiffs' expert in deciding the summary judgment motion, where the defendants contend that the affidavit presents new and previously undisclosed expert opinions.

I. INTRODUCTION

On June 22, 2011, plaintiffs Serverside Group Limited and Serverside Graphics, Inc., collectively "Serverside," filed the original Complaint in this patent infringement action, against fifteen defendants, in the United States District Court for the District of Delaware (the Delaware action). Serverside's Complaint alleges infringement of certain claims of its U.S. Patent No. 7,931,199 (the '199 patent), entitled "Computerized Card Production Equipment," in Count I, and infringement of certain claims of its related U.S. Patent No. 7,946,490 (the '199 patent), also entitled "Computerized Card Production Equipment," in Count II. Somewhat more specifically, Serverside alleges that the Iowa Defendants, defendants Tactical 8 Technologies, L.L.C., now known as Banno, L.L.C. (Banno),1 and Bank of Iowa Corporation (BIC), are infringing the patents-in-suit by using the "Cre8MyCard system," which the parties agree is an Internet-based system that allows for the customization of financial transaction cards from financial institutions, such as BIC, that are Banno's customers.

On February 17, 2012, United States District Court Judge Richard Andrews entered a Memorandum Opinion in the Delaware action, in response to motions by several of the defendants, in which he concluded, inter alia, that the claims against the Iowa Defendants should be transferred to this court, pursuant to 28 U.S.C. § 1406(a). That same day, Judge Andrews entered a separate Order transferring the claims against the Iowa Defendants to this court pursuant to 28 U.S.C. § 1406(a). After this action was transferred to this district, it was initially assigned to Chief United States District Court Judge Linda R. Reade, but it was eventually reassigned to me on August 29, 2012. After a Markman hearing on February 20, 2013, I entered my ruling on construction of disputed patent claim terms on March 4, 2013. See Serverside Group Ltd. v. Tactical 8 Techs., L.L.C., 927 F.Supp.2d 623 (N.D.Iowa 2013).

On August 12, 2013, the Iowa Defendants filed the first of the motions now before me, the Iowa Defendants' Motion For Summary Judgment (docket no. 133), in which the Iowa Defendants assert that there are no genuine issues of material fact, and that they are entitled to judgment as a matter of law, that their Cre8MyCard system does not infringe the independent claims in claim 1 of the '199 patent and claim 1 of the '490 patent, so that they also are not infringing any dependent claims of those patents. Serverside filed a Resistance (docket no. 134) to that Motion on September 5, 2013, and the Iowa Defendants filed a Reply (docket no. 136) in further support of that Motion on September 16, 2013.

On September 16, 2013, the Iowa Defendants filed the second motion now before me, their Motion To Strike (docket no. 137), in which they argue that the affidavit of Serverside's expert, Alex Cheng, offered by Serverside in support of its Resistance to the Motion For Summary Judgment, must be stricken, because it contains new opinions not properly disclosed previously pursuant to Rule 26(a)(2)(B)(i), and that portions of Serverside's Statement Of Additional Material Facts that rely, in whole or in part, on Mr. Cheng's affidavit must also be stricken. Serverside filed its Resistance (docket no. 139) to that Motion on October 3, 2013, and the Iowa Defendants filed a Reply (docket no. 142), in further support of that Motion, on October 15, 2013.

Trial in this matter is set to begin on January 21, 2014, so I had hoped to address the pending motions as soon as they were ripe. However, other matters interfered with that plan, including a Verified Complaint And Petition For Return Of Children, seeking return to Mexico of children allegedly wrongfully retained in the United States, filed November 7, 2013, which required expedited proceedings under international and federal law. For much the same reason, my crowded schedule has not allowed me to accommodate the Iowa Defendants' request for oral arguments on their Motions sufficiently in advance of the scheduled trial. I find the parties' written submissions fully address the issues raised, however, so that I have resolved the pending motions on the parties' written submissions.

II. THE MOTION TO STRIKE

I must first resolve the Iowa Defendants' Motion To Strike, as it pertains to the record that I may consider on the Iowa Defendants' Motion For Summary Judgment. I will begin my analysis of that Motion by briefly summarizing the procedural history concerning disclosure of experts.

A. Procedural History

In accordance with the Scheduling Order (docket no. 112), Serverside served its Claim Chart setting forth its infringement contentions on October 5, 2012, and the Iowa Defendants served and filed their Claim Chart (docket no. 119), asserting their noninfringement contentions, on November 2, 2012. Serverside produced the Expert Report Of Alex Cheng Regarding Infringement By Tactical 8 Technologies, L.L.C., And Bank Of Iowa Corporation (Cheng Report), on or about May 10, 2013. See Plaintiffs' Appendix (docket no. 134-4), 38-188. The Iowa Defendants produced their Responsive Expert Report Of Peter Alexander, Ph.D., Regarding Non-Infringement Of U.S. Patents No[s]. 7,908,199 And 7,599,490 (Alexander Report) (docket no. 131), on June 7, 2013. Serverside never produced a supplemental or rebuttal expert report from Mr. Cheng or anyone else related to the issues raised in Mr. Cheng's Expert Report or Dr. Alexander's Expert Report. Fact and expert discovery closed on July 12, 2013, without any expert depositions being taken by either side.

The Iowa Defendants filed their Motion For Summary Judgment (docket no. 133) on August 12, 2013, relying primarily on the deposition of David Wade Arnold, Banno's chief executive officer, rather than the Alexander Report, as the basis for its arguments on non-infringement. On September 5, 2013, Serverside submitted as part of and as the basis for much of its Resistance to the Iowa Defendants' Motion For Summary Judgment an Expert Declaration Of Alex Cheng In Support Of Plaintiff's Opposition To Defendants' Motion For Summary Judgment (Cheng Declaration). See Plaintiffs' Appendix (docket no. 134-4), 1-37.

In his Declaration, Mr. Cheng declares, inter alia,

Plaintiffs' Appendix at 1-3 (Cheng Declaration, ¶¶ 3-4, 9-10).

Serverside relied extensively on the Cheng Declaration in resisting the Iowa Defendants' Motion For Summary Judgment, in both its Statement Of Additional Material Facts and its brief. The Iowa Defendants deny various allegations in Serverside's Statement Of Additional Material Facts "to the extent [that they are] supported by stricken paragraphs from the Cheng Declaration, currently subject to Defendants' Motion to Strike," but then "otherwise admit" those paragraphs, in whole or in part, or deny them on the basis that they are incomplete or inaccurate summaries of the underlying evidence on which Serverside relies. See Defendants' Response To Plaintiffs' Statement Of Additional Material Facts (docket no. 136), ¶¶ 12, 13, 14, 15, 16, 22, 23.

B. Arguments Of The Parties

In essence, the Iowa Defendants assert that the Cheng Declaration was developed and submitted solely for the purpose of resisting the Iowa Defendants' Motion for Summary Judgment, and, as a result, contains numerous additional purported "expert opinions" not previously disclosed in the Cheng Report. Serverside contends that, although discovery is closed, the Iowa Defendants' Motion For Summary Judgment relies on new arguments and unsupported assertions never previously articulated in discovery, in deposition testimony, or in the Alexander Report, so that the Cheng Declaration is justified to address those new arguments. These arguments require a somewhat more detailed summary.

1. The Iowa Defendants' opening argument

The Iowa Defendants argue, first, that the Cheng Declaration contains newly developed opinions not previously disclosed as required by Rule 26(a)(2)(B)(i) of the Federal Rules of Civil Procedure and that, pursuant to Rule 37(c)(1) of the Federal Rules of Civil Procedure, it should be stricken. More specifically, the Iowa Defendants argue that this court and the Eighth Circuit Court of Appeals have construed those rules, in conjunction, to mean that a party resisting a summary judgment motion cannot cite to or rely upon expert opinions not otherwise previously disclosed and that such previously undisclosed expert opinions must be stricken from the record, citing Popoalii v. Correctional Medical Services, 512 F.3d 488, 496, 498-99 (8th Cir.2008); Chapman v. Labone, 460 F.Supp.2d 989, 998 (S.D.Iowa 2006); and Schuller v. Great-West Life & Annuity Ins. Co., 2005 WL 2257634, *6-8 (N.D.Iowa, Sept. 15, 2005).

Here, the Iowa Defendants argue, the Cheng Declaration should be stricken, and should not be considered on summary judgment, because Serverside never produced a supplemental or rebuttal expert report from Mr. Cheng and because the Cheng Declaration contains new opinions that were formulated solely for the purpose of resisting the summary judgment motion. Indeed, they contend that Mr. Cheng has admitted as much by stating in his Declaration that his Report contains only "some" of his opinions and that his Declaration is for the purpose of responding to their noninfringement arguments in their summary judgment motion. The Iowa Defendants concede that a few of the allegations in Serverside's Statement Of Additional Material Facts do not rely on the Cheng Declaration, but cite to and directly rely on opinions properly disclosed in the Cheng Report, so that they need not be stricken. They contend that all other allegations that rely on the Cheng Declaration, in whole or in part, must be stricken, however, because they lack any support in the record, and that such allegations cannot preclude summary judgment pursuant to Rule 56(b). Finally, they argue, in passing, that the conclusory statements and opinions in the Cheng Declaration are not appropriate to resist or sufficient to defeat their summary judgment motion, apparently because they contend that such statements are merely meant to substitute for the judgment of the court.

2. Serverside's response

In its Resistance, Serverside argues that the Cheng Declaration is not an expert report and, therefore, does not need to comply with Rule 26 requirements for supplementation of Mr. Cheng's prior Report on infringement. Specifically, Serverside argues that the Cheng Declaration does not change Mr. Cheng's infringement theories, but only responds to new non-infringement arguments. Second, while Serverside admits that select paragraphs of the Cheng Declaration may contain new information, Serverside argues that the Iowa Defendants acknowledge that "large" portions of it are not new. Third, Serverside argues that the limited new information in the Cheng Declaration directly resulted from new non-infringement positions that the Iowa Defendants have asserted and, therefore, are necessary to respond properly and fully to those newly-stated positions. Indeed, Serverside argues that some of the Iowa Defendants' new positions are in direct opposition to previously provided discovery responses and testimony from their witnesses and expert to which Serverside has a right to respond.

As a fallback position, Serverside argues that, even if I find that the Cheng Declaration violates Rule 26, I should not strike the Declaration, because it is substantially justified and does not harm the Iowa Defendants, where the Iowa Defendants may disagree with the legal implications of certain facts, but those facts are not "new." Serverside argues that the Cheng Declaration also merely restates and elaborates information and opinions previously disclosed, so that it may be considered on summary judgment. Finally, Serverside argues that striking the Cheng Declaration and portions of its Statement Of Additional Material Facts relying, in whole or in part, on that Declaration is a harsh and extreme sanction that is not called for here, where other equitable remedies, such as allowing the Iowa Defendants to respond to the Cheng Declaration, are sufficient and more appropriate.

3. The Iowa Defendants' reply

In reply, the Iowa Defendants argue that Serverside is simply wrong in its assertion that they have relied on "new" theories of non-infringement in their summary judgment motion. To the contrary, they contend, all of the purportedly "new" arguments were set forth in the Alexander Report. They contend that Dr. Alexander merely used different names in certain hypotheticals demonstrating non-infringement, which are reasserted in their arguments for summary judgment, and that he also addressed Serverside's arguments that use of SSL and TLS constitutes an infringing form of "encryption." They contend that the vast majority of the Cheng Declaration, not just some small part of it, states new opinions, and should be stricken. Moreover, they dispute that any new arguments are substantially justified or harmless, where they did not rely on "new" non-infringement arguments not previously disclosed, and they are prejudiced by both the substance and timing of the Cheng Declaration, where there is insufficient time to depose Mr. Cheng and seek rebuttal opinions.

C. Legal Analysis

1. Rule 26 and Rule 37 standards

"Decisions concerning the admission of expert testimony lie within the broad discretion of the trial court, and these decisions will not be disturbed on appeal absent an abuse of that discretion." Bradshaw v. FFE Transp. Servs., Inc., 715 F.3d 1104, 1107 (8th Cir.2013) (internal quotation marks and citations omitted). Similarly, the Eighth Circuit Court of Appeals "review[s] for abuse of discretion a district court's election regarding how to treat evidence that was not disclosed in accordance with Rule 26(a)(2)(B)." Shuck v. CNH America, L.L.C., 498 F.3d 868, 873 (8th Cir.2007).

Rule 26 of the Federal Rules of Civil Procedure provides, in pertinent part, as follows:

FED.R.CIV.P. 26(a)(2)(B)(i), (e).

Thus, Rule 26(a)(2) "dictates the form and framework of disclosed experts reports." Rodrick v. Wal-Mart Stores East, L.P., 666 F.3d 1093, 1096 (8th Cir.2012). Rule 26(a)(2)(B)(i) requires an expert report to provide "a complete statement of all opinions the witness will express and the basis and reasons for them," FED. R.EVID. 26(a)(2)(B)(i) (emphasis added); Mems v. City of St. Paul, Dep't of Fire and Safety Servs., 327 F.3d 771, 779 (8th Cir.2003), and "[u]nder [Rule] 26(e), a party is required to supplement and seasonably amend disclosures." Mems, 327 F.3d at 779. Such supplementation is required if the expert makes "any changes or alterations" to his or her expert opinions and "any changes or additions to the information provided." Tenbarge v. Ames Taping Tool Sys., Inc., 190 F.3d 862, 865 (8th Cir.1999); see also FED.R.CIV.P. 26(e) (referring to "[a]ny additions or changes" as requiring supplemental disclosure).

Although "Rule 26 does not require the disclosure of evidence used solely for impeachment purposes," the Eighth Circuit Court of Appeals has explained that supplemental testimony of an expert is not "impeachment," that is, evidence attacking the credibility of a witness, where it is offered "to show that an expert's opinion about the meaning of facts merely differs from that of other experts." Wegener v. Johnson, 527 F.3d 687, 691 (8th Cir.2008). The Eighth Circuit Court of Appeals has recognized,

Wegener, 527 F.3d at 691.

"`Failure to disclose an expert witness required by rule 26(a)(2)(B) can justify exclusion of testimony at trial.'" McCoy v. Augusta Fiberglass Coatings, Inc., 593 F.3d 737, 746 (8th Cir.2010) (quoting Crump v. Versa Prod., Inc., 400 F.3d 1104, 1110 (8th Cir.2005)). Similarly, "[i]f a party fails to supplement expert testimony [as required by Rule 26(e) ], the district court may order appropriate sanctions as provided for in Rule 37(c)." Tenbarge, 190 F.3d at 865. "Sanctions [for a Rule 26 violation] may include exclusion of the testimony, a continuance to allow depositions to be taken, or the grant of a new trial." Id. Although it may be permissible to reopen discovery to address belatedly disclosed expert opinions, "`[o]nce discovery has closed in a case, it is the district court's discretion whether or not to allow it to be reopened.'" Bradshaw, 715 F.3d at 1108 (quoting Harris v. Steelweld Equip. Co., 869 F.2d 396, 400 (8th Cir.1989)). Also, if an expert's testimony (or affidavit) exceeds the scope of opinions properly disclosed, the district court may adequately address the discrepancy "by advising the jurors of the discrepancy and instructing them to take this discrepancy into consideration when weighing the expert's testimony and credibility." Shuck, 498 F.3d at 876.

Although the district court has discretion to determine the appropriate sanction for a Rule 26 violation, "the district court's discretion narrows as the severity of the sanction or remedy it elects increases." Wegener, 527 F.3d at 692. For example, the court should consider "a lesser sanction, if any, before imposing one that [would] result[ ] in the dismissal of a claim." Dunning v. Bush, 536 F.3d 879, 890 (8th Cir.2008). Similarly, "`the exclusion of evidence is a harsh penalty and should be used sparingly.'" Wegener, 527 F.3d at 692 (quoting ELCA Enters. v. Sisco Equip. Rental & Sales, 53 F.3d 186, 190 (8th Cir.1995)). Thus, the district court should "fashion a remedy or sanction as appropriate for the particular circumstances of the case." Id.

On the other hand, "under Federal Rule of Civil Procedure 37(c)(1), evidence not disclosed under Rule 26(a) is admissible if harmless." Shuck, 498 F.3d at 874. Also, a district court may allow evidence violating Rule 26 disclosure requirements, if the violation was "justified." Rodrick, 666 F.3d at 1096 (acknowledging that expert evidence violating Rule 26 may be allowed if it is "justified or harmless"); Wegener, 527 F.3d at 692 (same). As the Eighth Circuit Court of Appeals has explained,

Rodrick, 666 F.3d at 1096-97; Wegener, 527 F.3d at 692.

Here, I find it unnecessary to engage in the paragraph-by-paragraph analysis of the Cheng Declaration that the Iowa Defendants invite me to make to determine which parts, if any, are "new" opinions that should have been presented by supplementation of the Cheng Report. I will assume, without deciding, that parts of the Cheng Declaration introduced "changes or alterations" to his expert opinions or "changes or additions to the information provided" in the Cheng Report. See Tenbarge, 190 F.3d at 865; see also FED.R.CIV.P. 26(e) (referring to "[a]ny additions or changes" as requiring supplemental disclosure). I cannot conclude that the Cheng Declaration is simply for "impeachment," because it does not attack the credibility of any witness, but is offered "to show that an expert's [or witness's] opinion about the meaning of facts ... differs from that of other experts." Wegener, 527 F.3d at 691. Rather than invite a challenge to the Cheng Declaration based on a Rule 26 violation, the wiser course for Serverside would have been to make a supplemental disclosure, even if doing so required a request to make the supplemental disclosure out of time. Cf. id. (suggesting that the "dilemma" over what to disclose pursuant to Rule 26 can be resolved by making a disclosure when an expert's testimony is offered to contradict the expert testimony of the opposing party).

Nevertheless, even if there was a violation, I find that it was "justified or harmless." Rodrick, 666 F.3d at 1096-97; Wegener, 527 F.3d at 692; Shuck, 498 F.3d at 874. This is so, because the prejudice or surprise to the Iowa Defendants, if any, is minimal. See id. (first factor in the "justified or harmless" analysis). The Iowa Defendants surely anticipated responses specifically tailored to their noninfringement arguments in their summary judgment motion. Moreover, their allegations of prejudice ring hollow, where, notwithstanding their initial denials of various allegations in Serverside's Statement Of Additional Material Facts on the ground that those allegations rely on the Cheng Declaration, the Iowa Defendants nevertheless "otherwise admit" many of those allegations or offer specific explanations of continued denials based on inaccurate summaries or statements of underlying evidence, with citations to or quotations from the underlying evidence. Thus, it appears to me that the Iowa Defendants have already seized the opportunity to "cure" any prejudice that they may have suffered from unanticipated opinions in the Cheng Declaration. See id. (second factor is the party's ability to cure the prejudice). For this same reason, allowing the purportedly "new" expert opinions, offered in response to the Iowa Defendants' own non-infringement arguments will not disrupt the trial or, here, disrupt the timely disposition of the summary judgment motion. See id. (third factor is the extent to which introducing such testimony would disrupt the trial). Finally, I do not believe that Serverside acted in "bad faith" or "willfully" in offering the Cheng Declaration, although I believe that both parties have engaged in some gamesmanship to hide their infringement and non-infringement arguments from each other.2 See id. (fourth factor is the bad faith or willfulness of the party offering previously undisclosed expert opinions).

The Iowa Defendants' reliance on Schuller v. Great-West Life & Annuity Ins. Co., 2005 WL 2257634, *6-*8 (N.D.Iowa, Sept. 15, 2005), is unavailing, because the proponent of the expert's evidence in that case had previously failed to make any Rule 26 disclosure prior to summary judgment, as required by applicable orders. See 2005 WL 2257634 at *7. Also, the proponent in Schuller failed to demonstrate that the failure to make required disclosures was harmless or substantially justified, where the opposing party had premised its summary judgment motion on the failure of the proponent to make any expert disclosures, so that the proponent lacked the required expert testimony to support a claim. Id. at *8. Here, the Iowa Defendants have not premised their summary judgment motion on the failure of Serverside to make any expert disclosures, as the defendants had in Schuller, so that the Iowa Defendants simply do not suffer the same kind of harm from the failure to disclose the opinions in the Cheng Declaration earlier, and Serverside has shown an arguable justification for any tardy disclosure.

The Iowa Defendants' reliance on Chapman v. Labone, 460 F.Supp.2d 989, 998 (S.D.Iowa 2006), is also unavailing. In Chapman, the expert offered some opinions in an affidavit that referred to the "required degree of scientific certainty," which had been absent from his report, without including the basis or reasoning for such amended opinions, and one new opinion relied on underlying evidence that plainly did not support that opinion. See 460 F.Supp.2d at 998. The purportedly "new" opinions here do not change any infringement opinions previously offered in the Cheng Report, but respond to the Iowa Defendants' non-infringement arguments, and, as I have found, any prejudice from such new opinions has been cured by the Iowa Defendants' Response to Serverside's Statement Of Additional Material Facts.

Furthermore, I conclude that, even if there was a violation of Rule 26 that was not wholly justified or harmless, exclusion of the Cheng Declaration and all allegations in Serverside's Statement Of Additional Material Facts that rely, in whole or in part, on purportedly "new" opinions in the Cheng Declaration is simply too harsh a sanction in this case. See Wegener, 527 F.3d at 692 (noting that exclusion is a "harsh" remedy and that the district court should "fashion a remedy or sanction as appropriate for the particular circumstances of the case"). A more appropriate sanction, even in the relatively short time remaining before trial, might be to reopen discovery to address belatedly disclosed expert opinions. Bradshaw, 715 F.3d at 1108. I find it unnecessary to impose such a sanction in this case, however, because, again, notwithstanding the Iowa Defendants' initial denials of various allegations in Serverside's Statement Of Additional Material Facts on the ground that those allegations rely on the Cheng Declaration, the Iowa Defendants nevertheless "otherwise admit" many of those allegations or offer specific explanations of continued denials based on inaccurate summaries or statements of underlying evidence, with citations to or quotations from the underlying evidence. Thus, as I explained, above, it appears to me that the Iowa Defendants have already seized the opportunity to "cure" any prejudice that they may have suffered from unanticipated opinions in the Cheng Declaration, making further discovery unnecessary.

Also, an appropriate sanction for an expert's testimony (or affidavit) that exceeds the scope of opinions properly disclosed is to "advis[e] the jurors of the discrepancy and instruct[] them to take this discrepancy into consideration when weighing the expert's testimony and credibility." Shuck, 498 F.3d at 876. Consequently, I can leave the question of the impact of any discrepancies between the Cheng Declaration and the Cheng Report to the jury at trial, if I find that the Cheng Declaration generates genuine issues of material fact on infringement at the summary judgment stage.

Indeed, I turn, next, to the specific question of whether the Cheng Declaration and allegations of disputed fact that rely upon it should be excluded in my consideration of the Iowa Defendants' summary judgment motion, under Rule 56 standards, but I will not strike the Cheng Declaration on Rule 26 and Rule 37 grounds.

2. Rule 56 standards

In addition to Rule 26 disclosure concerns, the presentation of an affidavit in resistance to a Rule 56 summary judgment motion that includes expert opinions that purportedly differ from those in a previously disclosed expert report raises additional concerns:

Popoalii v. Correctional Med. Servs., 512 F.3d 488, 498 (8th Cir.2008).

Contrary to the Iowa Defendants' arguments, I do not believe that Popoalii requires exclusion of the Cheng Declaration or allegations of fact that rely upon it. In Popoalii, the proponent of the expert's affidavit asserted that it was a non-contradictory supplemental affidavit, but the court found that the affidavit plainly contradicted the expert's prior refusal to opine that the defendants had done anything wrong in their medical treatment of the plaintiff, where the expert's affidavit included his opinion that, if the defendants had tested and monitored the plaintiff's intracranial pressure, they could have likely prevented her blindness. 512 F.3d at 499. Thus, there was an actual "inconsistency" between the expert's earlier report and his affidavit offered to resist summary judgment. Id. Notwithstanding that the Iowa Defendants have argued against admission of the Cheng Declaration on various grounds, they have failed to demonstrate that the "new" opinions in the Cheng Declaration, which respond to their own arguments for non-infringement, actually "contradict" or are "inconsistent" with any opinions about infringement by the accused system in the prior Cheng Report. To put it the other way around, Serverside has asserted that the purportedly "new" opinions about non-infringement in the Cheng Declaration are entirely consistent with Mr. Cheng's opinions about infringement in the Cheng Report, and the Iowa Defendants have failed to rebut that assertion. Thus, the "trigger" of inconsistency for exclusion of the affidavit on summary judgment is missing here. Id.

Therefore, I will not strike the Cheng Declaration from consideration on the Iowa Defendants' Motion For Summary Judgment on Rule 56 grounds, either.

3. Summary

The Iowa Defendants' September 16, 2013, Motion To Strike (docket no. 137) is denied. Notwithstanding denial of that motion, to the extent that the Iowa Defendants can demonstrate to a jury, if this case proceeds to a jury trial, that Mr. Cheng's opinions in his Declaration exceed the scope of opinions properly disclosed in his Report, the Iowa Defendants may request that I "advis[e] the jurors of the discrepancy and instruct[ ] them to take this discrepancy into consideration when weighing [Mr. Cheng's] testimony and credibility." Shuck, 498 F.3d at 876.

III. THE MOTION FOR SUMMARY JUDGMENT

The other motion now before me is the Iowa Defendants' August 12, 2013, Motion For Summary Judgment (docket no. 133). Before reviewing the factual background provided by the parties' Statements Of Material Facts and responses to them, I find that some context for the motion, particularly in light of prior Markman proceedings, is appropriate.

A. Context Of The Motion

The Motion For Summary Judgment on Serverside's infringement claims must be viewed in the context of the claims and claim terms of the patents-in-suit, as I have construed them. See ActiveVideo Networks, Inc. v. Verizon Commc'ns, Inc., 694 F.3d 1312, 1319 (Fed.Cir.2012) (explaining that determining literal infringement requires "`proper construction of the asserted claim and a determination whether the claim as properly construed reads on the accused product or method'" (quoting Georgia-Pacific Corp. v. U.S. Gypsum Co., 195 F.3d 1322, 1330 (Fed.Cir.1999))). Thus, I will begin my analysis of the Iowa Defendants' Motion For Summary Judgment with a summary of the patent claims at issue and my construction of various claim terms in those patent claims.

1. The patents-in-suit

The patents-in-suit are U.S. Patent No. 7,931,199 (the '199 patent), entitled "Computerized Card Production Equipment," in Count I, and U.S. Patent No. 7,946,490 (the '490 patent), also entitled "Computerized Card Production Equipment." As I explained in my Markman ruling, both of the patents-in-suit arise from the same provisional application, and the Abstracts, Figures, Cross-Reference To Related Applications, Technical Fields, Backgrounds, Summaries, Brief Descriptions Of The Drawings, and Detailed Descriptions of the two patents are nearly identical. Id. at 631-32. Unless otherwise indicated, citations to and quotations from the '199 patent appear in the identical location, in identical form, in the '490 patent. I will refer to titled sections of the patents in the singular and quote portions of the patents using the '199 patent as the source, unless otherwise required. Identically numbered claims of the two patents are sometimes stated in identical language and sometimes stated somewhat differently, albeit with much overlap of claim terms, so I will always differentiate between the claims of the two patents.

In my Markman ruling, I set forth, in considerable detail, the description of the invention claimed in the two patents-in-suit. Id. at 631-38. As I also explained, and the parties did not dispute, putting the description of the invention in plain English, the invention allows customers to use a secure process on the internet to select personalized images, which are printed on their bank credit or debit cards, even if the customer, the images, the image manipulation software, the customer's account information, and the card printer are all in different locations. Id. at 633. As I also explained, the claimed invention discloses both "`[a]n apparatus and method for manipulating images.'" Id. at 632 (quoting '199 Patent, Abstract).

2. The key patent claims at issue

Serverside accuses the Iowa Defendants of directly and indirectly infringing claims 1, 2, 9, 14-16, 18, 22, 25, 29, and 30 of the '199 patent and claims 1, 2, 9, 14-16, 18, 22, 25, and 29-31 of the '490 patent. The focus of the defendants' Motion For Summary Judgment, however, is claim 1 of each patent. I think that the most effective way to present these patent claims, when they are so similar, is side-by-side in a way that indicates similarities and differences. I have done so, below, using bold for "undisputed" claim terms — that is, claim terms that the parties agreed required construction, but for which they agreed upon the appropriate construction — using italics for "disputed" claim terms — that is, claim terms for which the parties disputed the appropriate construction, so that I was required to construe them — and underlining for claim language that differs between the two patents.

                                         PATENT CLAIMS ALLEGEDLY INFRINGED

            '199 Patent Claims                                                '490 Patent Claims

What is claimed is:                                             What is claimed is:

1.  Computerized financial transaction card production          1.  Computerized financial transaction card production
    equipment operable to apply one or                              equipment operable to apply one or
    more personalized images to a financial                         more personalized images to a financial
    transaction card, the production equipment                      transaction card, the production equipment
    comprising:                                                     comprising:

a module configured to receive a personalized                   a module configured to receive a personalized
    image of a customer, the image being received                   image of a customer, the image being received
    from an image processor computer                                from an image processor computer
    arranged to facilitate image personalization                    arranged to facilitate image personalization
    by remote customers;                                            by remote customers;

a module configured to receive a customer identifier        a module configured to receive a customer identifier
    that corresponds to the remote customer                         that corresponds to the remote customer
    that personalized said image;                              that personalized said image;

a module configured to receive a financial record               a module configured to receive a financial record
    of the remote customer that personalized                        of the remote customer that personalized
    the image;                                                      the image;

a card printer arranged to print images on card                 a card printer arranged to print images on card,
    material and equipment configured to apply                      material and equipment configured to apply
    financial information from the financial record                 financial information from the financial record
    to the card material; and                                       to the card material; and

a controller operable, based on said customer               a controller operable, based on said customer
    identifier, to cause printing of said personalized         identifier, to cause printing of said personalized
    customer image onto the card material                           customer image onto the card material
    and to cause application of relevant financial                  and to cause application of relevant financial
    information from the financial record onto the                  information from the financial record onto the
    card material,                                                  card material,

wherein the customer identifier comprises an                wherein the customer identifier encompasses
    identifier selected from a secure unique           encrypted customer information.
    identifier and a one-way code.

3. The patent claim terms at issue

In my Markman ruling, Serverside, 927 F.Supp.2d at 690, I construed the "undisputed" claim terms that appear in either claim 1 of the '199 patent, claim 1 of the '490 patent, or both, as shown in the following chart:3

                                           UNDISPUTED CLAIM TERMS

No.     Claim Term/Phrase                  Relevant Claim(s)                 Agreed Construction

1       "financial transaction card"       '199: 1, 2, 9, 14-16, 18, 22,     "a transaction card (e.g., credit
                                           25, 29 '490: 1, 2, 9,14-16,       card, debit card, ATM card, or
                                           18, 22, 25, 29-31                 similar card), but not a prepaid
                                                                             bearer card"

2       "record of the remote customer     '199: 1 '490: 1                   "record of financial information of
        that personalized the                                                the customer that personalized
        image"                                                               the image"

3       "one-way code"                     '199: 1                           "a hash value created from
                                                                             customer information"

8       "an identifier selected from       '199: 1                           "a customer identifier that is chosen
        a secure unique identifier                                           from one of two available options:
        and a one-way code"                                                  a secure unique identifier
                                                                             or a one-way code"

In my Markman ruling, see Serverside, 927 F.Supp.2d at 691-92, I also construed the "disputed" claim terms at issue in this patent-infringement action, all of which appear in either claim 1 of the '199 patent, claim 1 of the '490 patent, or both, as shown in the following chart:

                                                  DISPUTED CLAIM TERMS

No.     Claim Term/Phrase                               Relevant Claim(s)              Court's Final Construction

1       "customer identifier that                       '199: 1-4, 6-8, 10-13, 15,     "a signal, character, or group of
        corresponds to the remote                       17-18, 20-21, 24-28            characters that matches with the
        customer that personalized                                                     customer that personalized the
        said image"                                                                    image"

        "customer identifier corresponding              '490: 1-4, 6-8, 10-13, 15,
        to the remote customer"/"customer               17-18, 20-21, 24-28, 30-31
        identifier
        that corresponds to the
        remote customer"

        "unique identifier corresponding
        to the remote
        user"

2       "secure unique identifier"                      '199: 1                        "a secure, unique signal, character,
                                                                                       or group of characters that
                                                                                       can be used to identify the
                                                                                       customer"

3       "encrypted customer information"/"encrypted     '490: 1,29-31                  "customer information coded
        remote                                                                         from original text into language
        user information"                                                              unintelligible to unauthorized persons,
                                                                                       but not into a randomly
                                                                                       generated alphanumeric code"

With this context in mind, I turn to the factual background specifically relating to the pending Motion For Summary Judgment.

B. Factual Background

1. The parties' factual allegations and denials

The factual background pertinent to the Motion For Summary Judgment relates primarily to the Iowa Defendants' allegedly infringing "Cre8MyCard system." The Iowa Defendants dispute many of Serverside's allegations in Serverside's Statement Of Additional Material Facts on the ground that Serverside's statements are inaccurate or incomplete summaries or statements of the evidence cited in support. Where it appears that the dispute over summaries or characterizations of other evidence can be resolved by relying directly on the underlying evidence — such as what a particular document says or what a particular witness said — I will quote from the underlying document. On the other hand, where the dispute is about the characterization of a witness's explanation of the accused system, I cannot simply quote the underlying testimony as if it were an undisputed explanation of the accused system. Rather, I can only frame the dispute and later resolve whether the dispute is material and whether the cited record evidence supports a particular characterization. The Iowa Defendants also dispute many more of Serverside's allegations on the ground that those allegations rely, in whole or in part, on the Cheng Declaration, which the Iowa Defendants had moved to strike. Because I have declined to strike the Cheng Declaration, I will not reject allegations that rely on it as unsupported; rather, I will treat as "admitted" those allegations relying on the Cheng Declaration that the Iowa Defendants "otherwise admit" and explain the basis for denials of those allegations that the Iowa Defendants deny on additional grounds.

Unless indicated otherwise, the facts stated below are undisputed.

2. The accused system

Serverside alleges that the Iowa Defendants are infringing the patents-in-suit by using the Cre8MyCard system, which the parties agree is an Internet-based system that allows for the customization of financial transaction cards from financial institutions, such as BIC, that are Banno's customers. I will summarize the parties' allegations concerning the Cre8MyCard system as they relate to the parts and users of the Cre8MyCard system; the process for customization of a card by a remote customer; the processing of the customized card by a financial institution; the manufacturing or printing of the card; the workings of "instant" production methods (as opposed to the remote access method); and, finally, the extent to which the Cre8MyCard system does or does not use "hashing" or "encryption."

a. Parts and users of the Cre8MyCard system

As part of the Cre8MyCard system, Banno owns and maintains the following: (1) a database for storing images and configuration settings for each financial institution participating in Cre8MyCard; (2) Personal Home Page (PHP) code that interacts with the database; (3) a file system that stores Flash files; and (4) an Apache webserver. Three classes of users interact with the Cre8MyCard system: card holders, financial institutions, and card manufacturers.

b. Customization by a remote customer

One way for a customer to customize a financial transaction card using the Cre8MyCard system is for a customer to access the website serving the Cre8MyCard system for the remote customer's financial institution, then download the Cre8MyCard software to the remote customer's browser.4 Serverside points out that there are other ways to access the Cre8MyCard system, including at an instant issuance kiosk and through Banno's iPad application. Cre8MyCard does not use remote customer passwords or usernames, but the parties dispute whether or not it requires remote customers to submit any information about themselves. More specifically, the Iowa Defendants allege that any remote customer can access and utilize the Cre8MyCard system to configure a financial transaction card for himself or herself or for a third party, and that the remote customer's identity is not verified by the Cre8MyCard system, nor determinable from the information recorded by the Cre8MyCard system during the card configuration process. Serverside counters that a remote customer can access and utilize the Cre8MyCard system to configure a financial transaction card only if that customer has the first name, last name, and personal account number (PAN) of a card holder. Serverside admits that the Cre8MyCard system does not require, nor does it take any steps to verify, that the remote customer and the card owner are the same person, but Serverside alleges that the intended use of the Cre8MyCard system is for card holders to customize their own cards.

Once connected, the remote customer (Serverside alleges "card holder," but the Iowa Defendants deny that the remote customer must actually be the "card holder") is "authenticated" (according to Serverside) or "credentialed" (according to the Iowa Defendants) in one of three ways: (1) through the last four digits of their card number and their unique personal identification number (PIN), although the Iowa Defendants assert that this option applies only if the card is a debit card; (2) the remote customer's image is assigned an image ID and the financial institution manually reconciles the card image with the account when the customer comes into the institution, although the Iowa Defendants allege that this option applies only to new customers; and (3) the card holder bank account number, primary account number (PAN), or user-supplied information is associated with the session ID of the webserver (as Serverside alleges) or a manual lookup can be performed to match the name and bank account number with the image (as the Iowa Defendants allege).

Once a remote customer has accessed the Cre8MyCard system via the website serving the Cre8MyCard system and downloads the software, the remote customer is allowed to select a card product type (i.e., a photo ID card, full image card, debit card, credit card, prepaid card, or photocard) that the remote customer wishes to configure. The remote customer then selects an image provided from a third-party gallery, a social media site, or the computer that the remote customer is using. The remote customer (again, Serverside alleges "card holder," but the Iowa Defendants deny that the remote customer must be the "card holder") can select images for customization in several different ways: (1) the image data can be sent from the remote customer's computer to the remote customer's web browser without sending the image to the server before manipulation; (2) a thumbnail image can be selected from the gallery and the full resolution image is downloaded to the client; or (3) a third-party web service (e.g., Facebook, Flickr) is accessed to download the image to the remote customer's browser.

Next, the Cre8MyCard software downloaded to the remote customer's web browser allows the remote customer to manipulate the chosen image, for example, by shrinking, enlarging, or rotating the image. The Iowa Defendants allege that the entire image manipulation process takes place on the remote customer's web browser, not on the Cre8MyCard web server. Serverside admits that the Iowa Defendants have not produced any evidence that the manipulation process occurs anywhere else, but Serverside argues that the only evidence produced by the Iowa Defendants about where the image is manipulated is "uncorroborated." The Iowa Defendants allege that no information about the initial image or the manner in which the image is manipulated is sent to the Cre8MyCard server; rather, the Cre8MyCard server only receives the image in its final form once the image manipulation process is complete. Serverside denies this allegation, because it alleges that information about the card holder whose card will display the manipulated image is sent to the Cre8MyCard server. I do not believe that information about whose card will display the image is, by any sensible reading, information about the initial image or the manner in which the image was manipulated, so that Serverside has alleged an additional fact, but has not actually disputed (let alone refuted) the Iowa Defendants' allegation that no information about the initial image or the manner in which the image was manipulated is sent to the Cre8MyCard server.

After the image has been manipulated, the remote customer continues the card configuration process by filling in two alphanumeric fields, which hold text strings consisting of the first and last name of the card owner, respectively, as well as a separate numeric field generally representative of the last four digits of the card owner's card number. Like the parties, I will call the information entered in the two alphanumeric fields and the numeric field "the Data." Serverside alleges that the Data is used to identify the card holder as the remote customer who personalized the image in the Cre8MyCard system, but the Iowa Defendants deny this as unsupported by the record, again based on their contention that the remote customer does not have to be the card holder. The parties agree that, generally speaking, the financial institutions that utilize the Cre8MyCard system desire the numeric field to represent somewhere from four to six characters of the card owner's card number or account number. As a specific example, they agree that BIC uses the Cre8MyCard system's numeric field to gather the last four digits of the card owner's card number. The parties agree that, pursuant to ISO 7812, the first six digits of the PAN are reserved as the issuer identifier number (IIN), which is unique to each financial institution issuing financial transaction cards. The Cre8MyCard system does not store the card owner's entire card number or account number, because storage of that information in its entirety requires registration with, and strict regulation by, the federal government.

The Cre8MyCard system does not verify the accuracy of the Data, only that the remote customer has put letters (as opposed to other characters) into the alphanumeric fields and numbers (as opposed to other characters) into the numeric field. The Cre8MyCard system does not verify that the Data provided by the remote customer actually corresponds with an existing BIC account, but Serverside denies the Iowa Defendants' allegation that the Cre8MyCard system is not linked in any way to BIC's accounting system.

Next, the remote customer hits the "submit" button, and the Data, along with the image, are uploaded to Cre8MyCard's web server.

c. Processing of the customized card by the financial institution

The parties agree that the Data and the image are recorded by the Cre8MyCard system during the card configuration process and passed on to BIC, but Serverside alleges that the Cre8MyCard system also records a session ID. More specifically, after a remote customer hits the "submit" button for the image he or she wants on the subject card, the Cre8MyCard system uses a table called "Orders" to store the incoming domain name of the financial institution from which the card is being personalized, which is how Banno knows which financial institution to bill, and separate columns within the table for first name, last name, personal account number (PAN), and a foreign key that directs the user to another database table that holds all of the images, but the Iowa Defendants deny that there is a column for an Order identification of any kind.5

Through Banno's back-end system, BIC is then notified that a new order was placed using the Cre8MyCard system. Someone at BIC logs into Banno's administrative software to verify that the Data provided by the remote customer corresponds with an existing BIC account, and, if so, BIC orders the card for its customer (i.e., the card owner) through a separate system operated by a third party (at least in the case of non-instant issuance). Specifically, financial institutions log on to Banno's system to review and approve images submitted by a remote customer (although the Iowa Defendants reiterate their contention that the "remote customer" is not necessarily the actual card holder) prior to undertaking the different steps utilized by each financial institution to print or manufacture its cards.6

d. Card manufacturing

Serverside denies that the system that BIC uses to order the card from a card manufacturer7 is "unrelated" to the Cre8MyCard system. While the Iowa Defendants allege that the Cre8MyCard system does not control any card manufacturing operations, Serverside disputes that allegation, because Serverside alleges, and the Iowa Defendants admit, that the Cre8MyCard system provides the financial transaction card manufacturer for a financial institution (e.g., BIC) with an interface to retrieve images and associated data from the financial record of the remote customer that personalized the image to manufacture financial transaction cards customized by the remote customer. Serverside also alleges, and the Iowa Defendants admit, that the card manufacturer connects to the Banno webserver via the Banno API (i.e., api.cre8mycard.com) using a connection secured by firewall trust security. Specifically, Mr. Arnold explained in his deposition that "api.cre8mycard.com... is how the iPad version and the third-party card printers interact ... to get the images." Plaintiffs' Appendix at 200 (Arnold Deposition at 46:13-15).8 Financial institutions (but not Banno) have contracts in place with electronic fund transfer (EFT) companies to have cards manufactured.

e. "Instant" production methods

As mentioned above, in addition to a remote customer accessing the Cre8MyCard system from his or her own computer, the Cre8MyCard system may also be accessed at an instant issuance kiosk and through Banno's iPad application.9 The Cre8MyCard iPad application, which is used in instant issue machines, is controlled by an employee of the financial institution and allows card holders to select an image from a gallery or download images from social media (Facebook, Flickr, Picasso), customize the downloaded image, and have the financial transaction card manufactured at the financial institution's location from an instant issuance machine.10

f. Use of hash codes and encryption in the accused system

The Iowa Defendants allege that the Cre8MyCard system does not use, nor has it ever used, hash codes or hashing techniques in its software. Serverside disputes this allegation, because Serverside alleges, and the Iowa Defendants admit, that the last numeric field, which is filled in with the last four or six digits of the card holder's PAN, is partly established by the remote customer's financial institution and that, pursuant to the ISO 7812 standard, the last digit of the PAN is calculated using the Luhn hash algorithm which uses the preceding digits of the PAN to compute the last digit.

The Iowa Defendants also allege that the Cre8MyCard system's software has no encryption or decryption algorithms, and that the only encryption involved in the Cre8MyCard process is the standard, everyday Security Sockets Layer (SSL) transmission over the internet, which is performed by a third party. Serverside asserts, based on deposition testimony by Mr. Arnold, that SSL transmission over the internet is encryption used in the Cre8MyCard process — both between remote customers and the Cre8MyCard server and between the Cre8MyCard server and card manufacturers11 — and alleges, further, that Transport Layer Security (TLS), the successor to SSL, is also used. The Iowa Defendants allege that the Cre8MyCard system does not provide BIC or any other customer with any encrypted information and that all information received by Banno's customers is unencrypted. Serverside denies this allegation, because it alleges that an exhibit used in the deposition of Mr. Arnold shows that data transmitted between the Cre8MyCard webserver and Banno's customer's browsers, such as BIC, is SSL/TLS encrypted.

C. Standards For Summary Judgment

I must determine whether or not the Iowa Defendants are entitled to summary judgment that the Cre8MyCard system described above does not infringe the patents-in-suit. As the Federal Circuit Court of Appeals recently reiterated, in patent-infringement actions, that court "review[s] the grant of summary judgment under the law of the regional circuit in which the district court sits," here, the Eighth Circuit. Keurig, Inc. v. Sturm Foods, Inc., 732 F.3d 1370, 1372 (Fed.Cir.2013).

Under Supreme Court and Eighth Circuit precedent, summary judgment is only appropriate when "the pleadings, depositions, answers to interrogatories, and admissions on file, together with affidavits, if any, show that there is no genuine issue of material fact and that the moving party is entitled to a judgment as a matter of law." FED.R.CIV.P. 56(c) (emphasis added); see Woods v. DaimlerChrysler Corp., 409 F.3d 984, 990 (8th Cir.2005) ("Summary judgment is appropriate if viewing the record in the light most favorable to the nonmoving party, there are no genuine issues of material fact and the moving party is entitled to judgment as a matter of law."); see generally Celotex Corp. v. Catrett, 477 U.S. 317, 323-24, 106 S.Ct. 2548, 91 L.Ed.2d 265 (1986). Thus, "[t]he movant `bears the initial responsibility of informing the district court of the basis for its motion,' and must identify `those portions of [the record]... which it believes demonstrate the absence of a genuine issue of material fact.'" Torgerson v. City of Rochester, 643 F.3d 1031, 1042 (8th Cir.2011) (en Banc) (quoting Celotex, 477 U.S. at 323, 106 S.Ct. 2548). In response, "[t]he nonmovant `must do more than simply show that there is some metaphysical doubt as to the material facts,' and must come forward with `specific facts showing that there is a genuine issue for trial.'" Id. (quoting Matsushita Elec. Indus. Co. v. Zenith Radio Corp., 475 U.S. 574, 586-87, 106 S.Ct. 1348, 89 L.Ed.2d 538 (1986)). "Only disputes over facts that might affect the outcome of the suit under the governing law will properly preclude the entry of summary judgment." Anderson v. Liberty Lobby, Inc., 477 U.S. 242, 248, 106 S.Ct. 2505, 91 L.Ed.2d 202 (1986); Ryan v. Capital Contractors, Inc., 679 F.3d 772, 776 (8th Cir.2012).

When the parties have met their burden, the district judge's task is as follows:

Torgerson, 643 F.3d at 1042-43. Summary judgment is particularly appropriate when only questions of law are involved, rather than factual issues that may or may not be subject to genuine dispute. See, e.g., Cremona v. R.S. Bacon Veneer Co., 433 F.3d 617, 620 (8th Cir.2006).

D. Standards For Patent Infringement

Here, the "governing law" against which the parties' factual contentions must be measured on summary judgment, see Anderson, 477 U.S. at 248, 106 S.Ct. 2505, is the law of patent infringement. Of course, "Federal Circuit law applies to `issues of substantive patent law and certain procedural issues pertaining to patent law.'" Pregis Corp. v. Kappos, 700 F.3d 1348, 1353 (Fed.Cir.2012) (quoting Research Corp. Techs., Inc. v. Microsoft Corp., 536 F.3d 1247, 1255 (Fed.Cir.2008)). Under Federal Circuit precedent, "`[a] determination of infringement is a question of fact,'" id. (quoting ACCO Brands, Inc. v. ABA Locks Mfr. Co., 501 F.3d 1307, 1311 (Fed.Cir.2007)), but "like other issues in which there are no disputed factual questions, [it] may properly be decided by summary judgment." Keurig, 732 F.3d at 1373.

In its Complaint, Serverside alleges both "direct" and "indirect" infringement of its patents. "Direct infringement requires proof by preponderant evidence that the defendant performs (if a method claim) or uses (if a product claim) each element of a claim, either literally or under the doctrine of equivalents." Cheese Systems, Inc. v. Tetra Pak Cheese and Powder Systems, Inc., 725 F.3d 1341, 1348 (Fed.Cir.2013). In contrast, "indirect infringement" occurs when a party actively induces others to directly infringe a patent. Moba, B.V. v. Diamond Automation, Inc., 325 F.3d 1306, 1318 (Fed.Cir.2003) (citing 35 U.S.C. § 271(b)).12 Here, the parties have not put at issue in their summary judgment briefing whether or not the Iowa Defendants indirectly infringe the patents-in-suit. Therefore, I will focus on "direct" infringement. Also, as explained, below, in Section III.E.1, beginning on page 46, infringement under the "doctrine of equivalents" is not at issue on the Iowa Defendants' Motion For Summary Judgment. Therefore, I will focus on "literal" infringement.

As the Federal Circuit Court of Appeals has explained,

ActiveVideo Networks, Inc., 694 F.3d at 1319. "`To establish literal infringement, every limitation set forth in a claim must be found in an accused product, exactly.'" Transocean Offshore Deepwater Drilling, Inc. v. Maersk Drilling USA, Inc., 699 F.3d 1340, 1356 (Fed.Cir.2012) (quoting Southwall Techs., Inc. v. Cardinal IG Co., 54 F.3d 1570, 1575 (Fed.Cir.1995)). More specifically, for present purposes, "[t]o infringe a method claim, all steps of the claimed method must be performed." Mirror Worlds, L.L.C. v. Apple, Inc., 692 F.3d 1351, 1358 (Fed.Cir.2012) (citing Lucent Techs., Inc. v. Gateway, Inc., 580 F.3d 1301, 1317 (Fed.Cir.2009), and 35 U.S.C. § 271). The Federal Circuit Court of Appeals has explained that "`[u]nless the steps of a method actually recite an order, the steps are not ordinarily construed to require one,'" but the order of steps must be the same "when the method steps implicitly require that they be performed in the order written." Altiris, Inc. v. Symantec Corp., 318 F.3d 1363, 1369 (8th Cir. 2003) (noting, further, that claim language may indicate, "as a matter of logic or grammar," that the steps be performed in the order written (citing Interactive Gift Express, Inc. v. Compuserve Inc., 256 F.3d 1323, 1342-43 (Fed.Cir.2001))).

"A patentee need not always have direct evidence of infringement, as infringement may be established by circumstantial evidence." Mirror Worlds, L.L.C., 692 F.3d at 1358. "Circumstantial evidence must show that at least one person directly infringed an asserted claim during the relevant time period." Toshiba Corp. v. Imation Corp., 681 F.3d 1358, 1364 (Fed.Cir.2012). Such circumstantial evidence may include installing, maintaining, demonstrating, and managing infringing systems for customers, or live testing. See ePlus, Inc. v. Lawson Software, Inc., 700 F.3d 509, 521 (Fed.Cir.2012). It may also include evidence that an alleged infringer designed a product for use in an infringing way and instructed users to use the product in an infringing way. Toshiba Corp., 681 F.3d at 1365.13 Circumstantial evidence of performing the method does not include demonstrating the accused method to a jury during a trial. Mirror Worlds, L.L.C., 692 F.3d at 1359.

As to frequency of infringement, "[d]irect infringement of a method claim can be based on even one instance of the claimed method being performed." Mirror Worlds, L.L.C., 692 F.3d at 1358 (citing Lucent, 580 F.3d at 1317); Toshiba Corp., 681 F.3d at 1364 (citing Lucent, 580 F.3d at 1317). Furthermore, an accused method or system "`that sometimes, but not always, embodies a claimed method nonetheless infringes.'" Cross Medical Prods., Inc. v. Medtronic Sofamor Danek, Inc., 424 F.3d 1293, 1311 (Fed.Cir.2005) (quoting Bell Commc'ns Research, Inc. v. Vitalink Commc'ns Corp., 55 F.3d 615, 622-23 (Fed.Cir.1995), and citing Hilgraeve Corp. v. Symantec Corp., 265 F.3d 1336, 1343 (Fed.Cir.2001), but noting that this rule does not apply to apparatus claims). Circumstantial evidence that an accused method infringes "at least a small percentage of the time" is sufficient for a factfinder to conclude that direct infringement has occurred. Vita-Mix Corp. v. Basic Holding, Inc., 581 F.3d 1317, 1326 (Fed.Cir.2009).

Just as importantly, here, where the patents-in-suit claim both "[a]n apparatus and method for manipulating images," '199 Patent, Abstract, the Federal Circuit Court of Appeals has explained, "[T]o infringe a claim that recites capability and not actual operation, an accused device `need only be capable of operating' in the described mode." Finjan, Inc. v. Secure Computing Corp., 626 F.3d 1197, 1204 (Fed.Cir.2010) (quoting Intel Corp. v. U.S. Int'l Trade Comm'n, 946 F.2d 821, 832 (Fed.Cir.1991)). In Finjan, the court noted that the "apparatus" claims "do not require that the proactive scanning software be configured in a particular way to infringe — only that it be programmed for performing the claimed steps." Id. Here, while the steps of claim 1 of the patents-in-suit refer to various "modules" that are "configured" to perform certain tasks or to receive certain information, they do not require that the "modules" be configured in a particular way to perform those tasks or to receive that information. Cf. id. (comparing software that was programmed to perform claimed steps to a claim requiring a locking device's pin to extend through a slot in a specific configuration). Thus, the question for infringement is whether an accused system is "capable of operating in the described mode," not whether it is actually operated in the described mode. Id.

Where an accused method or system does not infringe independent claims, it also cannot infringe associated dependent claims as a matter of law. See Voter Verified, Inc. v. Premier Election Solutions, Inc., 698 F.3d 1374, 1383 (Fed.Cir. 2012) (citing Wahpeton Canvas Co. v. Frontier, Inc., 870 F.2d 1546, 1552 n. 9 (Fed.Cir.1989)).

E. Grounds For Summary Judgment

In their Motion For Summary Judgment, the Iowa Defendants assert that two elements (or limitations) of claim 1 of the '199 patent and three elements (or limitations) of claim 1 of the '490 patent are not infringed, which Serverside disputes. I will consider those grounds for summary judgment in turn, below. First, however, I will address two grounds for summary judgment that are no longer in dispute and some further implications of the Iowa Defendants' Motion For Summary Judgment that the parties did not expressly address.

1. Infringement under the doctrine of equivalents

The Iowa Defendants argue that the limitations "secure unique identifier" and "one-way code," as recited in the '199 patent, and "encrypted customer information," as recited in the '490 patent, are not entitled to equivalents. In response, Serverside states that it has not argued that the Cre8MyCard system infringes the "secure unique identifier," "one-way code," or "encrypted customer information" limitations under the doctrine of equivalents, because there is no need to do so, where those limitations are literally infringed. I conclude that Serverside has restricted its infringement claims concerning these limitations of the patents-in-suit to "literal" infringement, by failing to come forward with "specific facts showing that there is a genuine issue for trial" on infringement of those limitations under the doctrine of equivalents. Torgerson, 643 F.3d at 1042 (internal quotation marks and citations omitted). Consequently, the Iowa Defendants are entitled to summary judgment on any claim of infringement of these limitations under the doctrine of equivalents.

2. Implications of non-infringement of the first claims

The Iowa Defendants also assert that it is axiomatic that dependent claims of a patent cannot be infringed, unless the independent claim from which they depend is also infringed, citing Wahpeton Canvas Co. v. Frontier, Inc., 870 F.2d 1546, 1553 (Fed.Cir.1989). Thus, they contend that, if independent claim 1 of a patent at issue is not infringed, then, as a matter of law, neither are dependent claims 2, 9, 14, 15, 16, 18 and 22 of that patent. Serverside responds that the Iowa Defendants do infringe independent claim 1 of each patent.

Because Serverside has not attempted to generate genuine issues of material fact on infringement of the dependent claims, if the independent claims from which they depend are not infringed — and, indeed, they could not do so, as a matter of law, see Wahpeton Canvas, 870 F.2d at 1552-53 & n. 9; accord Voter Verified, Inc., 698 F.3d at 1383 — I will not separately consider infringement of the dependent claims specifically identified by the Iowa Defendants. Torgerson, 643 F.3d at 1042 (the non-moving party must generate genuine issues of material fact to avoid summary judgment); Cremona, 433 F.3d at 620 (explaining that summary judgment is particularly appropriate when only questions of law are involved, rather than factual issues that may or may not be subject to genuine dispute). Rather, I conclude that whether or not assertions of infringement of these dependent claims survive the Iowa Defendants' Motion For Summary Judgment depends upon my disposition of infringement claims as to independent claim 1 of the respective patent.

This conclusion still leaves at issue claims 25, 29, and 30 of the '199 patent and claims 25, and 29-31 of the '490 patent, which Serverside alleges are also infringed by the Iowa Defendants' Cre8MyCard system, see Complaint, Counts I and II, but which the parties do not address in their summary judgment briefing. In my Markman ruling, I noted that there was some dispute as to whether or not at least some of these patent claims were "independent" or "dependent," as follows:

Serverside, 927 F.Supp.2d at 645 n. 3. The issue of whether claims 25, 29, and 30 of the '199 patent and claims 25, and 29-31 of the '490 patent are "dependent" or "independent" is of more than academic interest now, because whether or not these patent claims are infringed might depend on their relationship to independent claim 1 of their respective patents. See Wahpeton Canvas, 870 F.2d at 1552-53 & n. 9; accord Voter Verified, Inc., 698 F.3d at 1383. Unfortunately, the parties not only failed to address whether these patent claims are "dependent" or "independent" in their summary judgment briefing, but they have failed to present any other arguments concerning infringement of these patent claims.

Nevertheless, I can still determine whether allegations of infringement of these overlooked patent claims can be decided as a matter of law, based on my disposition of the arguments that the parties have made about infringement of claim 1 of each patent, at least where the parties have had a full and fair opportunity to contest the determinative issue. Cremona, 433 F.3d at 620 (explaining that summary judgment is particularly appropriate when only questions of law are involved, rather than factual issues that may or may not be subject to genuine dispute); Heisler v. Metropolitan Council, 339 F.3d 622, 631-32 (8th Cir.2003) (explaining that summary judgment may be granted sua sponte if the court's ruling on issues properly raised forecloses as a matter of law the claim on which the court wishes to grant summary judgment sua sponte); Madewell v. Downs, 68 F.3d 1030, 1048 (8th Cir.1995) (explaining that a district court may enter summary judgment sua sponte where the parties had an adequate opportunity to address the determinative issues and were on notice that the right to judgment as a matter of law was at stake on those issues).

Specifically, I note that the language of claim 25 is identical in the two patents-in-suit, and that claim 25 in each patent expressly incorporates "the computerized financial transaction card production equipment of claim 1 operable to apply the resulting image to a financial transaction card." See Serverside, 927 F.Supp.2d at 641-43 (chart of patent claims allegedly infringed quoting claim language); id. at 645 n. 3 (noting this language in claim 25). Similarly, claims 29 and 30 of the '199 patent incorporate claim 1 and claim 29 of that patent, respectively. See id. at 641-43. Thus, whether or not claim 25 of each patent and claims 28 and 29 of the '199 patent are "independent" or "dependent," under the definitions identified in my Markman ruling, id. at 645-46 & n. 3,14 they plainly cannot survive if claim 1 of the respective patent cannot survive — a matter clearly in dispute on the Iowa Defendants' Motion For Summary Judgment — where they specifically incorporate claim 1 of the respective patent or a claim that, in turn, incorporates claim 1. To put it another way, if the limitations of an incorporated claim are not infringed as a matter of law, then neither is a claim incorporating it, as a matter of law.

The analysis of claims 29-31 of the '490 patent is a little different, because those patent claims do not incorporate any other patent claims. Nevertheless, whether or not claims 29-31 of the '490 patent are "dependent" or "independent" claims, all of them include the "encrypted customer information"/"encrypted remote user information" limitation of claim 1 of the '490 patent — a limitation plainly at issue in the Iowa Defendants' Motion For Summary Judgment of non-infringement of claim 1 of the '490 patent. Thus, if claim 1 of the '490 patent is not infringed on the basis of this limitation, then neither are these claims, and the Iowa Defendants will be entitled to summary judgment on allegations of infringement of these patent claims, as a matter of law, as well.

I turn now to the Iowa Defendants' hotly contested grounds for summary judgment.

3. Absence of "a customer identifier that corresponds to the remote customer that personalized said image," as claimed in the '199 and the '490 patents

Claim 1 of the '199 patent and claim 1 of the '490 patent include the following element or limitation: "a module configured to receive a customer identifier that corresponds to the remote customer that personalized said image." '199 Patent, Claim 1 (italics indicating "disputed" claim term); '490 Patent, Claim 1 (same). As noted in the chart of "Disputed Claim Terms," supra, page 916, in my Markman ruling, I construed the "disputed" claim term in this limitation to mean "a signal, character, or group of characters that matches with the customer that personalized the image." The Iowa Defendants contend that this limitation is not literally infringed, as a matter of law, but Serverside disputes that contention.

a. Arguments of the parties

The Iowa Defendants argue that this limitation is not infringed, because the Cre8MyCard system allows the "remote customer" and the "card owner" to be different people, and it only records the Data in relation to the "card owner" (that is, first name, last name, and last four digits of the card number), rather than any data associated with the "remote customer." Somewhat more specifically, they argue that the "remote customer" must submit the Data about the "card owner," but no information about themselves, the Cre8MyCard system does not use "remote customer" passwords or usernames, and a third party could customize a card for the "card owner" using the Cre8MyCard system. In short, they argue, the Cre8MyCard system "knows nothing about the identity of the `remote customer that personalized said image,' and is agnostic with regard to the Data provided by the remote customer." They argue that, in contrast, claim 1 of both the '199 patent and the '490 patent requires the use of a "customer identifier that corresponds to the remote customer that personalized said image."

Serverside argues that the Cre8MyCard system provides exactly what the court has construed "customer identifier" to be. Serverside argues that Mr. Arnold has admitted that the Cre8MyCard system receives the combination of the card owner's first name, last name, and last four digits of the PAN as a customer identifier that corresponds to the remote customer that personalized the image. Serverside argues that the combination of information in the Data comprises "a signal, character, or group of characters that matches with the customer that personalized the image." Serverside points out that the court's construction does not require that the Cre8MyCard system use remote customer passwords or usernames, that the intended use of the Cre8MyCard system is for the card holders to customize their own financial transaction cards, and that any third party who customizes a card (if that scenario has ever occurred, and Serverside contends that the Iowa Defendants have offered no evidence that it ever has) must be acting as an agent of the card owner.

In reply, the Iowa Defendants reiterate that the Cre8MyCard system does not require that the remote customer who is personalizing the image be the actual card holder, meaning that Banno's customer identifier of first name, last name, and last four digits of the personal account number matches only the card holder, not necessarily the remote customer. They also argue that nothing in the claims, specifications, or claim construction supports Serverside's argument that a third party who customizes a card for a card owner must be acting as an agent of the card owner. They argue that, because the Cre8MyCard system has no way of knowing who actually personalized an image ordered through the system, only that an image has been personalized and a card has been ordered, the Cre8MyCard system clearly does not require a customer identifier that corresponds to or matches with the remote customer who personalized the image.

b. Analysis

As the movants for summary judgment, the Iowa Defendants must "inform[ ] the district court of the basis for [their] motion, and must identify those portions of [the record] ... which [they] believe[ ] demonstrate the absence of a genuine issue of material fact." Torgerson, 643 F.3d at 1042 (internal quotation marks and citations omitted). Here, this standard requires the Iowa Defendants to point to some basis in the patents or in the court's construction of the pertinent claim terms for their contention that, in claim 1 of the patents-in-suit, the "remote customer" must be the "card holder." See ActiveVideo Networks, Inc., 694 F.3d at 1319 (explaining that the first step in the two-step process for determining literal infringement is "the proper construction of the asserted claim"). This they have failed to do.

Specifically, the Iowa Defendants have not identified where, in the claim language, my construction of the claim terms, or the specification, the patents-in-suit require passwords or usernames, or any language that demonstrates that the claimed system knows the identity of the "remote customer that personalized said image," or any language that prevents a third party from customizing a card for a card holder. Indeed, my reading of the claimed invention is that, like the Cre8MyCard system, it "knows nothing about the identity of the `remote customer that personalized said image,' and is agnostic with regard to the [information] provided by the remote customer." Thus, in the first instance, the Iowa Defendants are attempting to impose limitations for which they have identified no basis in the patents-in-suit. Doing so is at least as egregious an error as importing limitations from the specification into the claims. See, e.g., Deere & Co. v. Bush Hog, L.L.C., 703 F.3d 1349, 1353-54 (Fed. Cir.2012) (citing Phillips v. AWH Corp., 415 F.3d 1303, 1323 (Fed.Cir.2005) (en banc)).

What the claimed invention requires, as I have construed pertinent claim terms in my Markman ruling, is "a signal, character, or group of characters that matches with the customer that personalized the image." Neither a requirement that the customer identifier "matches with," nor the actual claim term, "corresponds to," the customer that personalized the image requires that the remote customer that personalized the image be the card holder or account holder — although that might well be the case in the vast majority of instances in which the claimed invention is practiced. While I construed "customer identifier" as "some `signal or character' or group of characters that can be used to `identify' the customer," see Serverside, 927 F.Supp.2d at 656, I never construed "customer identifier" to require that the remote customer who personalized the card be the card holder or account holder, or even that the "customer identifier" reveal the "identity" of the remote customer. Nor can a purported requirement that the remote customer be the card holder or account holder be drawn from my construction of "corresponds to" as "matches with." See id. at 656; see also id. at 690 (reiterating this construction as the court's final construction). The "customer identifier" was construed to "match with" the remote customer, not to "match" the remote customer "with" the card holder or account holder, i.e., to identify the remote customer as the card holder, nor was it construed to "match" the remote customer "with" a specific person's identity. Id. Rather, the "customer identifier" was simply construed to "match with" the "remote customer," for purposes of practicing the claimed method, whoever the "remote customer" might actually be outside of the practice of the claimed method.

The element of claim 1 of the patents-in-suit that I find comes closest to suggesting that the remote customer must be the card holder or account holder in the claimed invention is one not identified or relied on by the Iowa Defendants in their summary judgment arguments. That element is the one after the element at issue here, which requires "a module configured to receive a financial record of the remote customer that personalized the image," where bold indicates an "undisputed" claim term. See Claim 1 side-by-side chart, supra, page 915. As I noted in my Markman ruling, the "undisputed" claim term in this element had been construed by the Delaware court "only by dropping `remote,' so that its construction is `record of financial information of the customer that personalized the image,'" a construction that I then adopted. Serverside, 927 F.Supp.2d at 656-57. There are further references in the Abstract and the Detailed Description of the patents-in-suit to "financial account of the customer" or "the customer's financial information." See, e.g., '199 Patent, Abstract; Detailed Description, 4:60-63, 10:65-11:8. These references suggest that the patents-in-suit assumed — if they did not, in fact, require — that the "remote customer" who personalized the image for a transaction card would be the card holder or account holder.

Yet, even if the claimed invention requires that the "remote customer" be the card holder or account holder, not a third party, the Iowa Defendants have failed to demonstrate that their Cre8MyCard system does not infringe this element as a matter of law. The second step in the determination of literal infringement requires "a determination [of] whether the claim as properly construed reads on the accused product or method." ActiveVideo Networks, Inc., 694 F.3d at 1319 (internal quotation marks and citations omitted). While the Iowa Defendants have pointed to evidence that the Cre8MyCard system can be used by a third party to customize a transaction card for a card holder or account holder, see Torgerson, 643 F.3d at 1042, that is not the end of the matter. Serverside has demonstrated — or has, at least, generated genuine issues of material fact — that the Cre8MyCard system can also be used by the card holder to personalize his or her own card, which would be an infringing performance of the method. Id. at 1042 (stating the non-movant's burden to resist summary judgment). As explained in somewhat more detail, above, "[d]irect infringement of a method claim can be based on even one instance of the claimed method being performed," Mirror Worlds, L.L.C., 692 F.3d at 1358 (citing Lucent, 580 F.3d at 1317); evidence that an accused method or system "sometimes, but not always, embodies a claimed method," Cross Medical Prods., Inc., 424 F.3d at 1311 (internal quotation marks and citations omitted); or by circumstantial evidence that an accused method infringes "at least a small percentage of the time," Vita-Mix Corp., 581 F.3d at 1326. Similarly, as to "apparatus" claims, Serverside has generated genuine issues of material fact that the claim in question recites only capability, and not actual operation, and that the accused system is "capable of operating in the described mode," that is, for a card holder to personalize his or her own card. Finjan, Inc., 626 F.3d at 1204. Serverside has also marshaled evidence that Banno designed a product for use in an infringing way — allowing card holders or account holders to personalize their own transaction cards — and instructed users to use the product in an infringing way. Toshiba Corp., 681 F.3d at 1365.

Thus, Serverside has pointed to evidence that the Cre8MyCard system uses "a customer identifier that corresponds to the remote customer that personalized said image," where the Cre8MyCard system does use "a signal, character, or group of characters that matches with the customer that personalized the image." Specifically, the Cre8MyCard system requires the remote customer to enter the card holder's first and last name and last four digits of the card holder's PAN in the two alphanumeric and one numeric field (the Data). Thus, the Data constitute the "signal, character, or group of characters that matches with the customer that personalized the image," even if that "signal, character, or group of characters" does not reveal the identity of the remote customer. When the remote customer hits the "submit" button, the Data, along with the image, are uploaded to Cre8MyCard's web server for further processing of the remote customer's personalized card order, and the Cre8MyCard system uses a table called "Orders" to store the incoming domain name of the financial institution from which the card is being personalized, and separate columns within the table for first name, last name, personal account number (PAN), and a foreign key that directs the user to another database table that holds all of the images. Thus, the "signal, character, or group of characters" is "matche[d] with the remote customer that personalized the image," because the Data is "matche[d] with" or "correspond[s] to" the remote customer and his or her order throughout the processing of the personalized card.

Therefore, the Iowa Defendants are not entitled to summary judgment that they do not infringe, as a matter of law, the element of claim 1 of each of the patents-in-suit that requires "a module configured to receive a customer identifier that corresponds to the remote customer that personalized said image." '199 Patent, Claim 1 (italics indicating "disputed" claim term); '490 Patent, Claim 1 (same).

4. Absence of a "customer identifier [that] comprises an identifier selected from a secure unique identifier and a one-way code," as claimed in the '199 patent

Claim 1 of the '199 patent includes the following element or limitation: a module configured to receive a customer identifier that corresponds to the remote customer that personalized said image ... wherein the customer identifier comprises an identifier selected from a secure unique identifier and a one-way code. '199 Patent, Claim 1 (bold indicating "undisputed" claim terms, italics indicating "disputed" claim terms, and underlining indicating claim language that differs between the two patents). As noted in the chart of "Disputed Claim Terms," supra, page 916, in my Markman ruling, I construed "secure unique identifier," a "disputed" claim term, to mean "a secure, unique signal, character, or group of characters that can be used to identify the customer." As noted in the chart of "Undisputed Claim Terms," supra, page 916, in my Markman ruling, I construed "one-way code," an "undisputed" claim term, to mean "a hash value created from customer information." The Iowa Defendants contend that they do not infringe this element of claim 1 of the '199 patent, even if a factfinder interprets the Data — in their view, erroneously — to constitute "a customer identifier that corresponds to a remote customer." Serverside also disputes this contention.

a. Arguments of the parties

The Iowa Defendants argue that, to infringe claim 1 of the '199 patent, the alleged "customer identifier" in the Cre8MyCard system (the Data) must include either a "hash code" or a "secure unique identifier," but the Cre8MyCard system does not. They contend that it is undisputed that the Cre8MyCard system does not use, and has never used, hashing or a hash code, so that it does not use a "one-way code." They also contend that the Data clearly are not "unique" or "secure," so that this alternative also is not present in the Cre8MyCard system. More specifically, they argue that the Cre8MyCard system does not "provide" a "unique" customer identifier, because of the possibility — however small — that two card owners may exist who have the same first names, last names, and last four digits of their card numbers. They also argue that the Cre8MyCard system does not "provide" a "secure" customer identifier, because The Cre8MyCard system does not verify the accuracy of the Data provided by the remote customer in relation to the card owner, only that the proper characters are filled into each field. They contend that any verification is performed by BIC, through separate administrative software after the remote customer has submitted the Data through the Cre8MyCard system.

Serverside argues that the customer identifier used in the Cre8MyCard system is both "a secure unique identifier" and "a one-way code." Serverside points out that claim 1 does not require, either by its plain language or as construed, that the claimed invention (or an accused device) "provide" a customer identifier, only that the system contain a module configured to "receive" a customer identifier. Serverside also argues that the "customer identifier" in the Cre8MyCard system is "unique," because even two card owners with the same first names, last names, and last four digits of their card numbers would have "unique" customer identifiers, where the first six digits of their PANs (the issuing institutions' IINs) would be unique to the different financial institutions that issued their cards. Serverside points out that Mr. Arnold admitted in his deposition that incoming orders are stored in a table by institution key, which separates orders from each of Banno's customers (various financial institutions). This process, Serverside argues, ensures that no two customers have the same name and account number at the same financial institution. Serverside argues that, if a customer identifier comprising first name, last name, and last 4 digits of a PAN were not unique within a financial institution, then there would be a violation of the Gramm-Leach-Bliley Act Standards For Safeguarding Customer Information, citing 15 U.S.C. § 6801 and 16 C.F.R. § 314. Serverside also argues that the customer identifier in the Cre8MyCard system is "secure," because Mr. Arnold admitted that the administrative software used by financial institutions, such as BIC, to verify card orders is accessed through a web address (admin.cre8mycard.com) that is part of the Cre8MyCard software. They contend that Mr. Arnold also admitted that the customer identifier is secured using SSL and/or firewall trust security during the card customization process. Serverside also argues that, contrary to the Iowa Defendants' contention, the Cre8MyCard system does use a "one-way code" for a customer identifier. This is so, Serverside argues, because the Cre8MyCard system uses a hash code, where the last 4 digits of the PAN are part of the customer identifier, and the last digit of the PAN is a hash value created from customer information, pursuant to ISO 7812.

In reply, the Iowa Defendants argue that two defendants, father and son, both named John Doe, with accounts at U.S. Bank, could be issued cards with the same last four digits, including the last digit created with the Luhn algorithm, so that they do not have "unique" customer identifiers. The Iowa Defendants argue that even an infinitesimally small chance of that happening is sufficient to preclude infringement. They also argue that nothing in the Gramm-Leach-Bliley Act or related regulations requires a bank to control the last four digits of a customer's PAN based on the customer's name or would prevent a bank from having two customers with the same first name, last name, and last four digits of a card number. As to the "one-way code" alternative, while the Iowa Defendants agree that the last digit of the PAN is a hash value created from customer information, they contend that the presence of that digit in no way brings the Cre8MyCard system within the scope of the "one-way code" recited in claim 1 of the '199 patent. This is so, they argue, because the '199 patent never teaches or describes a pre-calculated hash value as the "one-way code" limitation for the "customer identifier." They contend that reading the '199 patent to encompass such a pre-calculated hash value would enlarge the scope of the patent to cover systems that Serverside did not invent, describe, or fairly suggest. The Iowa Defendants contend that what the '199 patent discloses is using customer information, including the customer's account number, and creating a new "hash value" for security purposes. This, they contend, the Cre8MyCard system does not do.

b. Analysis

i. Secure unique identifier

Again, the Iowa Defendants must point to some basis in the claim language or the court's construction of the pertinent claim terms to support their contentions about the meaning of "secure unique identifier." See ActiveVideo Networks, Inc., 694 F.3d at 1319 (explaining that the first step in the two-step process for determining literal infringement is "the proper construction of the asserted claim"). In their opening summary judgment brief, the Iowa Defendants erroneously identify the following portion of my Markman ruling as providing the analysis of the nature of the "secure" limitation:

Serverside, 927 F.Supp.2d at 660. The quoted statement was part of my basis for rejecting the Iowa Defendants' proposed construction of "secure unique identifier" as "encrypted customer information," and, more particularly, my rejection of the Iowa Defendants' argument that "secure" is somehow superfluous if the term "secure unique identifier" means "unique customer identifier." Id. at 660.

More instructive on the "secure" requirement are my conclusions that the description of a single embodiment describing "encrypted customer information" as "generated within a secure environment" "does not mean that all `secure unique identifiers' must be `encrypted customer information generated within a secure environment.'" Id. at 659 (citing Deere & Co., 703 F.3d at 1353-54). In fact, I specifically rejected the Iowa Defendants' contention that "secure" meant either "securely generated" or "maintained securely from the user interface," as improper importations of embodiments into the construction of the claim term. Id. at 659-60. I also concluded that specifically claimed "secure unique identifiers" in dependent claims (a machine readable code or a bar code) did not define the entire universe of "secure unique identifiers." Id. at 660-61. Ultimately, I concluded,

Serverside, 927 F.Supp.2d at 661. For that "confusing" point, I reiterated my construction of "customer identifier" as "a signal, character, or group of characters that can be used to identify the customer," and I adopted the following construction for the entire claim term: "a secure, unique signal, character, or group of characters that can be used to identify the customer." Id.; see also id. at 691-92 (reiterating this construction as the court's final construction).

The Iowa Defendants have pointed to nothing in claim 1 or my construction of the pertinent claim term that requires that an accused system "provide" a "secure" customer identifier or even that the accused system "verify" the accuracy of the Data provided by the remote customer in relation to the card owner to meet the "secure" limitation. Thus, the Iowa Defendants are, once again, attempting to impose limitations for which they have identified no basis in the patents-in-suit, and doing so is at least as egregious an error as importing limitations from the specification into the claims. See, e.g., Deere & Co., 703 F.3d at 1353-54. Indeed, my rejection of the Iowa Defendants' construction of "secure" customer identifier as meaning "securely generated," see Serverside, 927 F.Supp.2d at 659-60, demonstrates the fallacy of asserting that an accused system must "provide" a "secure" customer identifier.

Most conclusive, however, is the fact that a requirement that the system "provide" a "secure unique identifier" is clearly contrary to the express requirement of the patent claim that the module "receive" a "secure unique identifier" not "create" it. There is more, however. Such a requirement is also contrary to descriptions of embodiments that require the card issuer to "create" the "customer identifier." See Serverside, 927 F.Supp.2d at 674 (citing '199 Patent, 16:5-8, and 16:20-21); see also '199 Patent, Detailed Description, 16:38-39 (explaining that the "hash value" relieved the "card issuer" of the need to create a unique identifier). Furthermore, claim 18 of the '199 patent specifically claims the following:

'199 Patent, Claim 18. "It is axiomatic that a dependent claim cannot be broader than the claim from which it depends." Alcon Research, Ltd. v. Apotex, Inc., 687 F.3d 1362, 1367 (Fed.Cir.2012). Thus, "[t]he presence of a dependent claim that adds a particular limitation gives rise to a presumption that the limitation in question is not in 63 the independent claim." Phillips, 415 F.3d at 1315. Here, it is axiomatic that claim 1 of the '199 patent, from which claim 18 depends, does not include a limitation that involves a connection of the claimed invention (or an accused system) to the card issuer's computer system comprising a module to generate the customer identifier. The Iowa Defendants have pointed to nothing in the Detailed Description that makes "creating," "generating," or "providing" a "customer identifier" that is a "secure unique identifier" in claim 1 part of the claimed invention (or an accused system) itself.

Because I concluded that "secure" was intended to have its "ordinary meaning," Serverside, 927 F.Supp.2d at 661, it means simply "free from risk of loss" or "affording safety." MERRIAM WEBSTER'S COLLEGIATE DICTIONARY (10th ed.1995), 1056 (definitions (2)(b) and (c) of "secure" as an adjective). Here, I conclude that Serverside has generated genuine issues of fact as to whether the accused Cre8MyCard system is, in some sense, "secure," because the Data are protected from loss and afforded safety where the system is protected by SSL and TSL internet security, and because the Data, once submitted, are stored in a table called "Orders" that can only be accessed through an administrative website (i.e., api.cre8mycard.com) using a connection secured by firewall trust security. I do not find those issues of fact to be "material," however.

It appears to me that, in their attempt to introduce new constructions of the "secure" limitation, both parties have lost sight of the fact that it is not the system that must be "secure," but the "unique identifier" itself that must be "secure" in the "secure unique identifier" limitation in claim 1 of the '199 patent. Because it is the "unique identifier" that must be "secure," what is really dispositive is the second step of the infringement analysis, which requires "a determination [of] whether the claim as properly construed reads on the accused product or method." ActiveVideo Networks, Inc., 694 F.3d at 1319 (internal quotation marks and citations omitted). To the extent that the Iowa Defendants have pointed out that the Cre8MyCard system, including the Data, is not protected by anything other than standard internet SSL encryption, the Iowa Defendants have met their burden, as the movants for summary judgment, to show that the "unique identifier" itself is not "secure." Torgerson, 643 F.3d at 1042 (explaining the summary judgment movant's initial burden). In response, Serverside has failed to generate a genuine issue of material fact that the Data, identified by Serverside as the allegedly infringing "secure unique identifier," is, itself, "secure," even if that "identifier" is transferred by the Cre8MyCard system to the card issuer or from the card issuer to the card manufacturer using SSL/TLS encryption. Id. (explaining the non-movant's burden). More specifically, Serverside has not identified any way in which the Data itself is a "secure" unique identifier in the accused Cre8MyCard system.

The '199 patent does identify certain "secure unique identifiers." As I observed in my Markman ruling,

Serverside, 927 F.Supp.2d at 660-61. In each of these instances, the "secure" aspect of the "unique identifier" is a characteristic of the "unique identifier" itself, not simply a characteristic of the claimed invention generally. Serverside has not pointed to any characteristic of the purported "unique identifier" in the Cre8MyCard system that makes the "unique identifier" itself "secure," such as use of a machine readable code or barcode.

Thus, the Iowa Defendants are entitled to summary judgment of noninfringement of the "secure unique identifier" limitation, because Serverside has not generated any genuine issues of material fact that there is any "secure unique identifier" in the Cre8MyCard system.

The Iowa Defendants' argument that the identifier, even if "secure," is not "unique" also stands on firm ground. As the Iowa Defendants point out, in my Markman ruling, I concluded that "computational infeasibility" that the same "hash" value would be produced by different input strings and a possibility, however "infinitesimally small," that different input strings might generate the same "hash" value meant that the "hash" value was not "unique." See Serverside, 927 F.Supp.2d at 673. The Iowa Defendants have now pointed to evidence that there is a possibility, however small or remote, that two customers of the same financial institution could have the same first and last names and the same last four digits of their PANs and that this coincidence would not violate the GBL Act or regulations, where that Act and those regulations do not relate to combinations of names and the last four digits of a PAN, but to an entire PAN. See Torgerson, 643 F.3d at 1042 (explaining the summary judgment movant's initial burden). In response, Serverside has failed to generate a genuine issue of material fact that the GBL Act or regulations would preclude such an occurrence or that such an occurrence is computationally impossible. Id. (explaining the nonmovant's burden).

Therefore, the Iowa Defendants are also entitled to summary judgment that the accused Cre8MyCard system does not receive a "secure unique identifier," as a matter of law.

ii. One-way code

The Iowa Defendants have pointed to nothing in claim 1 or the court's construction of the pertinent claim term that requires that an accused system "provide" a "one-way code," that is, "a hash value created from customer information." Rather, as explained above, the express requirement of the patent claim is that the module "receive" a "one-way code."

It is less immediately apparent whether the Iowa Defendants are correct that the claimed invention teaches only using customer information, including the customer's account number, to create a new "hash value" for security purposes. Serverside responds that incorporating into the customer identifier the last digit of the PAN, which is, itself, a "hash value" derived from the entire account number using the Luhn algorithm, is sufficient to infringe the "one-way code" limitation of claim 1 of the '199 patent.

I note that the construction of this "undisputed" claim term is "a hash value created from customer information." Serverside, 927 F.Supp.2d at 639. It does not require that the "customer information" include the card holder's entire account number, as the Iowa Defendants appear to argue, nor does it require that the "hash value" necessarily be derived from some part of the customer's account number rather than some other "customer information." This construction is confirmed by the following description of Figure 12, which I also quoted in my Markman ruling. See id. at 672-73:

'199 Patent, 16:5-39 (emphasis added). Recognizing that the italicized preface makes clear that this description is limited to a single embodiment, this description nevertheless demonstrates that the "hash value" can be derived from "some account details," such as "a unique part of the customer record," which may include the customer's name, rather than any part of the customer's account number, and may allow for passing back and forth only "some of a customer's account information." Also, because the card issuer "creates" a "hash value" in this embodiment, it is clear that the "one-way code" can be a "pre-calculated" hash value, that is, one not calculated or created by the Cre8MyCard system, and that it does not necessarily have to be a "new" hash value for use in the Cre8MyCard system.

The more important question here is whether a customer identifier that is a "oneway code" must be only a hash value or whether the "one-way code" limitation is met if the customer identifier includes a hash value, such as the last digit of the PAN, which is derived by a "hashing" algorithm, or some other "pre-calculated" hash value. Relying on the Cheng Declaration, Serverside argues that ISO 7812 is the standard for identifying users of financial transaction cards, and must be used by financial institutions; that ISO 7812 explains that the last digit of the PAN is calculated using the Luhn hash algorithm, which computes the last digit of the PAN using all of the other digits of the PAN; that because The Cre8MyCard system uses the customer's first name, last name, and last 4 digits of the PAN as a customer identifier, and the last digit of the PAN is a hash created from customer information (the other digits in the PAN), the customer identifier is, therefore, a hash value created from customer information, thus meeting the limitation that the "customer identifier" comprises a "one-way code," construed as a "hash value." The Iowa Defendants counter that this reasoning results in an improper expansion of the patent over what was actually claimed.

I conclude that Serverside has met its burden, as the non-movant, to come forward with specific facts showing that there is a genuine and material issue for trial. Torgerson, 643 F.3d at 1042 (explaining the non-movant's burden in responding to a motion for summary judgment). Although the Iowa Defendants have moved to strike the Cheng Declaration on which Serverside relies, I concluded, above, that I would not strike the Cheng Declaration and that I could consider it to determine whether or not there are genuine issues of material fact, leaving to the jury to determine the weight and credibility of any testimony consistent with the Declaration, if that testimony exceeds the scope of opinions disclosed in the Cheng Report.

Therefore, the Iowa Defendants are not entitled to summary judgment that the accused Cre8MyCard system does not receive a "one-way code," as a matter of law.

5. Absence of a "customer identifier [that] encompasses encrypted customer information," as claimed in the '490 patent

Claim 1 of the '490 patent includes the following element or limitation: "a module configured to receive a customer identifier that corresponds to the remote customer that personalized said image ... wherein the customer identifier encompasses encrypted customer information. '490 Patent, Claim 1 (italics indicating "disputed" claim terms, and underlining indicating claim language that differs between the two patents). Claim 1 of the '490 claim also includes the following element or limitation: "a controller operable, based on said customer identifier, to cause printing of said personalized customer image onto the card material and to cause application of relevant financial information from the financial record onto the card material ... wherein the customer identifier encompasses encrypted customer information. '490 Patent, Claim 1 (italics indicating "disputed" claim terms and underlining indicating claim language that differs between the two patents). As noted in the chart of "Disputed Claim Terms," supra, page 916, in my Markman ruling, I construed "encrypted customer information" (and "encrypted remote user information," a claim term in claim 31 of the '490 patent) to mean "customer information coded from original text into language unintelligible to unauthorized persons, but not into a randomly generated alphanumeric code." In their Motion For Summary Judgment, the Iowa Defendants contend that they do not infringe this limitation, which Serverside disputes.

a. Arguments of the parties

As to the first element of claim 1 of the '490 patent now at issue, the Iowa Defendants argues that the Cre8MyCard system does not encrypt or decrypt customer information, so it does not infringe this limitation. They argue that the specification of the '490 patent makes clear that the claimed "encrypted customer information" is encrypted by protocols beyond those normally associated with everyday internet activities, such as SSL. They argue, further, that The Cre8MyCard system has no algorithms for encrypting or decrypting data. Thus, they argue, where any encryption is by SSL, and is entirely unrelated to the encryption process disclosed in the '490 patent, then The Cre8MyCard system does not create a customer identifier that "encompasses encrypted customer information," and does not infringe claim 1 of the '490 patent as a matter of law. As to the second element of claim 1 of the '490 patent now at issue, the Iowa Defendants argue that, because the Cre8MyCard system does not provide any encrypted information to BIC, it necessarily does not provide any encrypted information that may be used by a server operated by BIC to print cards, and The Cre8MyCard system does not, itself, control any printing operations.

In response, Serverside argues that, because the customer identifier in the Cre8MyCard system is the Data, which is encrypted using SSL/TLS when transmitted from the client's browser to the Banno server, the Cre8MyCard system does infringe the "encrypted customer information" limitation of claim 1 of the '490 patent. Serverside argues that the Iowa Defendants attempt to escape this conclusion by misreading the plain language of the claim to impose a limitation that the Cre8MyCard system "create" the customer identifier that encompasses encrypted customer information, but that there is no limitation in claim 1 of the '490 patent requiring that the Cre8MyCard system "create" a customer identifier, only that it "receive" a customer identifier. Serverside also argues that the Iowa Defendants' contention that The Cre8MyCard system does not encrypt or decrypt customer information contradicts the plain meaning of claim 1 and Mr. Arnold's deposition testimony, where Mr. Arnold admitted that the customer's name, e-mail, and the last digits of the customer's PAN are encrypted via SSL/TLS. Serverside also disputes any reading of the '490 patent as excluding encryption by protocols normally associated with everyday activities, because there is no disavowal of such means in the patent and no such restriction in the court's construction of the claim term. Where the Iowa Defendants have relied on references to public key/private key encryption in the specification, Serverside points out that SSL and TLS both make use of public key/private key based encryption. As to the second limitation of claim 1 of the '490 patent at issue, Serverside argues that a controller must only "cause" printing. Serverside argues that a module of the Cre8MyCard system provides an interface that is used by financial institution personnel to review the customized image and verify that the customer identifier consisting of the last name, first name, and last 4 digits of the PAN corresponds to the correct customized image, and that financial institutional personnel then use Cre8MyCard Manager to "cause" printing of the customized image and financial information onto the card material by a card manufacturer.

In reply, the Iowa Defendants change their ground by arguing that the specification to the '490 patent demonstrates that the financial institution takes steps to perform the encryption, not that an internet provider encrypts any transmissions as it would for any other internet users — in short, the Iowa Defendants argue that the use of SSL in the Cre8MyCard system is incidental and done by a third party. The Iowa Defendants also argue that construing the claims as broadly as Serverside would like increases the scope of the patent well beyond what the patents fairly teach, suggest, or claim.

b. Analysis

The parties' dispute about whether or not this limitation is infringed does not appear to me to turn on the court's construction of the pertinent claim terms. See ActiveVideo Networks, Inc., 694 F.3d at 1319 (explaining that the first step in the two-step process for determining literal infringement is "the proper construction of the asserted claim"). In fact, they almost completely ignore the court's construction in their arguments, instead focusing on who or what performs any encryption in the Cre8MyCard system, which appears to me to involve an attempt at further construction of the claim term. That being so, I will consider these attempts at further construction in relation to the first step in the infringement analysis.

I observe that the specification or Detailed Description of the '490 patent (which is identical to the Detailed Description of the '199 patent) does not require that, in all embodiments, the claimed invention (or the accused system) "generate" or "create" the "customer identifier" that encompasses "encrypted customer information." Indeed, as I noted in my Markman ruling, the specification discloses an embodiment that expressly "allows a card issuer to avoid the need to create for each customer a unique identifier that must be passed through the card issuer's system." See Serverside, 927 F.Supp.2d at 652 (quoting '199 Patent, Detailed Description, 16:5-8, which explains the embodiment of Figure 12); '490 Patent, Detailed Description, 16:5-8. I also noted that, in another embodiment described in the Detailed Description,

Serverside, 927 F.Supp.2d at 664 (quoting '199 Patent, Detailed Description, 17:13-22); '490 Patent, Detailed Description, 17:13-22. Thus, the Detailed Description contemplates that, in at least some embodiments, the card issuer, not the claimed invention (or an accused system), will "create" or "generate" the "customer identifier." Furthermore, claim 18 of the '490 patent specifically claims the following:

'490 Patent, Claim 18. "It is axiomatic that a dependent claim cannot be broader than the claim from which it depends." Alcon Research, 687 F.3d at 1367. Thus, "[t]he presence of a dependent claim that adds a particular limitation gives rise to a presumption that the limitation in question is not in the independent claim." Phillips, 415 F.3d at 1315. Here, it is axiomatic that claim 1 of the '490 patent, from which claim 18 depends, does not include a limitation that involves a connection of the claimed invention (or an accused system) to the card issuer's computer system comprising a module to generate the customer identifier, as expressly claimed in claim 18. The Iowa Defendants have pointed to nothing in the Detailed Description that requires the claimed invention (or an accused system) to "create" or "generate" a "customer identifier" that encompasses "encrypted customer information" in order to practice claim 1 of the '490 patent.

I also noted, in my Markman ruling, that one of the truly "new" arguments offered by the Iowa Defendants at the Markman hearing was about who or what created "customer identifiers." See Serverside, 927 F.Supp.2d at 672. I pointed out that the Detailed Description of the embodiment of Figure 12 "actually indicates, twice, that it is the `card issuer,' not the `customer,' who is relieved of the necessity of creating the `unique identifier.'" Id. at 674 (emphasis in the original) (citing '199 Patent, 16:5-8, and 16:20-21). I should have said "thrice," because the Detailed Description of that embodiment actually indicates, yet again, at 16:38-39, that the "hash value" relieved the "card issuer" of the need to create a unique identifier. Furthermore, I noted that there were descriptions of numerous embodiments that were silent as to who or what part of the process creates a "customer identifier." Serverside, 927 F.Supp.2d at 674. The Iowa Defendants have still not pointed me to any part of the Detailed Description that requires that, in claim 1, the claimed invention (or the accused device) "create" the "customer identifier" that encompasses "encrypted customer information."

Thus, the Iowa Defendants have, again, attempted to insert into the limitations at issue "creation" of the "customer identifier" from "encrypted customer information" by the system, which simply is not claimed in claim 1 of the '490 patent, and that attempt is at least as egregious an error as importing limitations from the specification into the claims. See, e.g., Deere & Co., 703 F.3d at 1353-54.

That is not the end of the matter, however, because it appears to me that, in their attempt to introduce new constructions of the "encrypted customer information" limitation, both parties have, again, lost sight of the fact that it is not the system, but the "customer identifier" itself that must "encompass[] encrypted customer information" in claim 1 of the '490 patent. The Iowa Defendants' arguments focusing on the lack of "encryption" within the Cre8MyCard system, other than standard encryption of the transfer of information over the internet, and Serverside's arguments about the use in the Cre8MyCard system of SSL/TLS to "encrypt" the transfer of information, or even the transfer of the Data, as the purported "customer identifier," from the Cre8MyCard system to the card issuer or from the card issuer to the card manufacturer, miss the point.

Because it is the "customer identifier" that must "encompass[] encrypted customer information" in claim 1 of the '490 patent, what is really dispositive is the second step of the infringement analysis, which requires "a determination [of] whether the claim as properly construed reads on the accused product or method." ActiveVideo Networks, Inc., 694 F.3d at 1319 (internal quotation marks and citations omitted). To the extent that the Iowa Defendants have pointed out that the Data, as the purported "customer identifier," simply does not "encompass encrypted customer information," whoever might be responsible for the "encryption," the Iowa Defendants have met their burden as the movants for summary judgment. Torgerson, 643 F.3d at 1042 (explaining the summary judgment movant's initial burden). In response, Serverside has failed to generate a genuine issue of material fact that the Data, identified by Serverside as the allegedly infringing "customer identifier," ever "encompasses encrypted customer information," even if the "customer identifier" is transferred by the Cre8MyCard system to the card issuer or from the card issuer to the card manufacturer using SSL/TLS encryption. Id. (explaining the non-movant's burden). More specifically, Serverside has not identified any part of the Data, as the alleged "customer identifier" in the accused Cre8MyCard system, that is "encrypted customer information," because Serverside has pointed to no evidence that any part of the Data is "customer information coded from original text into language unintelligible to unauthorized persons, but not into a randomly generated alphanumeric code," my construction of "encrypted customer information." Similarly, Serverside has pointed to no evidence that there is a module of the Cre8MyCard system that uses a "customer identifier" that "encompasses encrypted customer information" to "cause printing of said personalized customer image onto the card material and to cause application of relevant financial information from the financial record onto the card material."

Consequently, the Iowa Defendants are entitled to summary judgment that they do not infringe claim 1 of the '490, and all other patent claims of the '490 patent at issue, as a matter of law, because Serverside has failed to generate a genuine issue of material fact that the alleged "customer identifier" in the Cre8MyCard system "encompasses encrypted customer information."

6. Summary

It follows from the analysis of the Iowa Defendants' arguments for summary judgment that the Iowa Defendants are entitled to summary judgment on claim 1, dependent claims 2, 9, 14, 15, 16, 18 and 22 of the '199 patent, and claims 25, 29, and 30 of the '199 patent, whether they are dependent or independent, to the extent that infringement of those patent claims is premised on a requirement that the claimed invention (or the accused Cre8MyCard system) receives a "customer identifier" that is a "secure unique identifier." On the other hand, the Iowa Defendants are not entitled to summary judgment on infringement of those patent claims to the extent that infringement is premised on a requirement that the claimed invention (or the accused Cre8MyCard system) receives a "customer identifier" that is a "one-way code." The Iowa Defendants are entitled to summary judgment on all claims of infringement of all of the patent claims of the '490 patent that are at issue here.

IV. CONCLUSION

Upon the foregoing,

1. The Iowa Defendants' September 16, 2013, Motion To Strike (docket no. 137) is denied;

2. The Iowa Defendants' August 12, 2013, Motion For Summary Judgment (docket no. 133) is granted in part, and denied in part, as follows:

c. The Motion is granted on all claims of infringement of all of the patent claims of the '490 patent that are at issue here.

IT IS SO ORDERED.