`571-272-7822
`
`
`
`
`
`
`
`
` Paper No. 42
`
` Entered: August 15, 2017
`
`
`
`
`
`UNITED STATES PATENT AND TRADEMARK OFFICE
`____________
`
`BEFORE THE PATENT TRIAL AND APPEAL BOARD
`____________
`
`UNITED SERVICES AUTOMOBILE ASSOCIATION,
`Petitioner,
`v.
`NADER ASGHARI-KAMRANI and KAMRAN ASGHARI-KAMRANI,
`Patent Owner.
`____________
`
`Case CBM2016-00064
`Patent 8,266,432 B2
`____________
`
`
`
`Before JONI Y. CHANG, JUSTIN T. ARBES, and
`FRANCES L. IPPOLITO, Administrative Patent Judges.
`
`
`CHANG, Administrative Patent Judge.
`
`
`
`
`FINAL WRITTEN DECISION
`35 U.S.C. § 328(a); 37 C.F.R. § 42.73
`
`
`
`
`CBM2016-00064
`Patent 8,266,432 B2
`
`
`INTRODUCTION
`I.
`United Services Automobile Association (“Petitioner”) filed a Petition
`requesting a review of claims 1–55 of U.S. Patent No. 8,266,432 B2
`(Ex. 1001, “the ’432 patent”) under the transitional program for covered
`business method patents.1 Paper 2 (“Pet.”). Nader Asghari-Kamrani and
`Kamran Asghari-Kamrani (collectively, “Patent Owner”) filed a Preliminary
`Response to the Petition and a statutory disclaimer of claims 4 and 29.
`Paper 11 (“Prelim. Resp.”); Ex. 2001. Petitioner filed a Reply to the
`Preliminary Response. Paper 13. Pursuant to 35 U.S.C. § 324 and § 18(a)
`of the AIA, we instituted this covered business method patent review, only
`as to claims 1–3, 5–28, and 30–55 of the ’432 patent. Paper 14 (“Dec.”).
`During the course of trial, Patent Owner filed a Response to the
`Petition (Paper 22, “PO Resp.”) and a statutory disclaimer of claims 11, 46,
`49, and 53 (Ex. 2007), and Petitioner filed a Reply (Paper 26, “Reply”) to
`the Patent Owner Response. In addition, pursuant to our authorization,
`Patent Owner filed an additional brief (Paper 29) on the issue of whether the
`’432 patent is eligible for covered business method patent review in light of
`the decision issued by the U.S. Court of Appeals for the Federal Circuit in
`Secure Axcess, LLC v. PNC Bank Nat’l Ass’n, 848 F.3d 1370 (Fed. Cir.
`2017). Petitioner filed a Reply (Paper 30) to Patent Owner’s additional
`brief. Petitioner also filed a Motion to Exclude Evidence (Paper 32), and
`
`
`1 See § 18(a) of the Leahy-Smith America Invents Act, Pub. L. No. 112-29,
`125 Stat. 284, 329 (2011) (“AIA”).
`
`2
`
`
`
`CBM2016-00064
`Patent 8,266,432 B2
`
`Patent Owner filed an Opposition (Paper 37) to Petitioner’s Motion.
`Petitioner filed a Reply (Paper 39) in support of its Motion. No oral hearing
`was held. Paper 41, 3. Patent Owner filed a Motion for Observation
`(Paper 31) on certain cross-examination testimony of Petitioner’s declarant,
`and Petitioner filed a Response (Paper 36). Petitioner also filed a Motion for
`Observation (Paper 33) on the cross-examination testimony, and Patent
`Owner filed a Response (Paper 38).
`We have jurisdiction under 35 U.S.C. § 6. This Final Written
`Decision is issued pursuant to 35 U.S.C. § 328(a) and 37 C.F.R. § 42.73.
`For the reasons that follow, we determine that Petitioner has shown by a
`preponderance of the evidence that claims 1–3, 5–10, 12–28, 30–45, 47, 48,
`50–52, 54, and 55 (“the challenged claims”) of the ’432 patent are
`unpatentable.
`
`A. Related Matters
`The parties indicate that the ’432 patent is involved in
`Asghari-Kamrani et al. v. United Services Auto. Ass’n, Case No. 2:15-cv-
`00478-RGD-LRL (E.D. Va.), and Case IPR2015-01842, which has been
`denied institution. Pet. 2; Paper 5, 2. The ’432 patent also is subject to a
`covered business method patent review in CBM2016-00063. A final written
`decision in CBM2016-00063 is entered concurrently with this Decision.
`
`B. The ’432 Patent
`The ’432 patent relates to “a system and method provided by a
`Central-Entity for centralized identification and authentication of users and
`3
`
`
`
`CBM2016-00064
`Patent 8,266,432 B2
`
`their transactions to increase security in e-commerce.” Ex. 1001, 2:52–55.
`A central-entity is said to allow a user to purchase goods and services from
`an external-entity (e.g., a merchant) using the user’s digital identity without
`revealing confidential personal or financial information, by generating a
`dynamic, non-predictable and time-dependable secure code for the user per
`the user’s request. Id. at 3:35–40. Examples of central-entities include
`banks and credit card issuing companies. Id. at 2:16–18. In a transaction
`between the user and the external-entity, the user presents his user name and
`secure code as a digital identity to the external-entity for identification. Id.
`at Abstract, 2:19–21, 3:19–21, 4:55–58. The external-entity depends on the
`central-entity to identify and authenticate the user and transaction. Id.
`
`C. Illustrative Claim
`Of the challenged claims, claims 1, 25, 48, and 52 are independent.
`Claims 2, 3, 5–10, and 12–24 depend ultimately from claim 1; claims 26–28,
`30–45, and 47 depend either directly or indirectly from claim 25; claim 50
`depends directly from claim 48; and claims 54 and 55 depend directly from
`claim 52. Claim 1, reproduced below, is illustrative:
`1. A method for authenticating a user during an electronic
`transaction between the user and an external-entity, the method
`comprising:
`receiving electronically a request for a dynamic code for the user
`by a computer associated with a central-entity during the
`transaction between the user and the external-entity;
`generating by the central-entity during the transaction a dynamic
`code for the user in response to the request, wherein the dynamic
`
`4
`
`
`
`CBM2016-00064
`Patent 8,266,432 B2
`
`
`code is valid for a predefined time and becomes invalid after
`being used;
`providing by the computer associated with the central-entity said
`generated dynamic code to the user during the transaction;
`receiving electronically by the central-entity a request for
`authenticating the user from a computer associated with the
`external-entity based on a user-specific information and the
`dynamic code as a digital identity included in the request which
`said dynamic code was received by the user during the
`transaction and was provided to the external-entity by the user
`during the transaction; and
`authenticating by the central-entity the user and providing a
`result of the authenticating to the external-entity during the
`transaction if the digital identity is valid.
`Ex. 1001, 6:24–47.
`
`D. Prior Art Relied Upon
`Petitioner relies upon the following prior art references:
`
`
`US 5,740,361
`Brown
`Nicholson US 2007/0022301 A1
`
`
`
`
`
`
`
`
`(Ex. 1035)
`Apr. 14, 1998
`(Ex. 1034)
`Jan. 25, 2007
`(filed July 14, 2006)
`
`
`
`
`
`
`5
`
`
`
`CBM2016-00064
`Patent 8,266,432 B2
`
`
`E. Instituted Ground of Unpatentability
`We instituted this trial based on the sole ground that claims 1–3, 5–10,
`12–28, 30–45, 47, 48, 50–52, 54, and 552 are unpatentable as obvious under
`35 U.S.C. § 103(a)3 over Nicholson and Brown. Dec. 35.
`
`II. ANALYSIS
`A. Claim Construction
`In a covered business method patent review, claim terms in an
`unexpired patent are interpreted according to their broadest reasonable
`interpretation in light of the specification of the patent in which they appear.
`37 C.F.R. § 42.300(b). Under this standard, claim terms generally are given
`their ordinary and customary meaning, as would be understood by one of
`ordinary skill in the art in the context of the entire disclosure. In re
`Translogic Tech., Inc., 504 F.3d 1249, 1257 (Fed. Cir. 2007). An inventor
`may rebut that presumption by providing a definition of the term in the
`specification with reasonable clarity, deliberateness, and precision. In re
`Paulsen, 30 F.3d 1475, 1480 (Fed. Cir. 1994).
`
`
`2 As explained above, Patent Owner statutorily disclaimed claims 11, 46, 49,
`and 53 subsequent to institution. Thus, we do not consider these claims in
`analyzing the asserted grounds.
`3 Because the challenged claims have a filing date prior to March 16, 2013,
`the effective date of AIA, we apply the pre-AIA version of 35 U.S.C. § 103
`in this Decision.
`
`6
`
`
`
`CBM2016-00064
`Patent 8,266,432 B2
`
`
`Here, the Specification of the ’432 patent sets forth the definitions for
`certain claim terms. Ex. 1001, 2:10–12, 2:19–26, 2:35–45, 3:4–6. We
`adopted those lexicographical definitions as our preliminary claim
`constructions in the Decision on Institution. Dec. 15–16. Petitioner does not
`challenge those claim constructions. See generally Reply. However, Patent
`Owner proposes different constructions for certain terms. PO Resp. 3–10.
`We note that only those terms which are in controversy need to be
`construed, and only to the extent necessary to resolve the controversy. Vivid
`Techs., Inc. v. Am. Sci. & Eng’g, Inc., 200 F.3d 795, 803 (Fed. Cir. 1999).
`Here, we find it necessary to address only the claim terms below.
`
`“user”
`
`Claim 1 recites “authenticating a user during an electronic transaction
`between the user and an external-entity.” Ex. 1001, 6:24–25. Independent
`claims 25, 48, and 52 include similar language. The Specification expressly
`defines the term “user”:
`For convenience, the term “user” is used throughout to represent
`both a typical person consuming goods and services as well as a
`business consuming goods and services.
`Id. at 2:10–12 (emphasis added).
`
`In the Decision on Institution (Dec. 15), we adopted the definition set
`forth in the Specification, construing the claim term “user” as “a person or
`business consuming goods and services.” Neither party challenges this
`construction. PO Resp. 3; see generally Reply. We discern no reason to
`modify our claim construction set forth in the Decision on Institution with
`
`7
`
`
`
`CBM2016-00064
`Patent 8,266,432 B2
`
`respect to this claim term. Therefore, for purposes of this Final Written
`Decision, we maintain our claim construction.
`
`“external-entity”
`
`As noted above, claim 1 recites “authenticating a user during an
`electronic transaction between the user and an external-entity,” and the
`remaining independent claims include similar language. The Specification
`expressly defines the claim term “external-entity” in the “Background of the
`Invention” Section:
`As also used herein, an “External-Entity” is any party offering
`goods or services that users utilize by directly providing their
`UserName and SecureCode as digital identity. Such entity could
`be a merchant, service provider or an online site. An
`“External-Entity” could also be an entity that receives the user’s
`digital identity indirectly from the user through another
`External-Entity, in order to authenticate the user, such entity
`could be a bank or a credit card issuing company.
`Ex. 1001, 2:19–26 (emphasis added).
`The Specification further defines this term in the “Summary of the
`Invention” Section by providing the following:
`A plurality of the External-Entities: An External-Entity is any
`party offering goods or services in e-commerce and needs to
`authenticate the users based on digital identity.
`Id. at 3:4–6 (emphasis added).
`Petitioner adopts only the portion of the definition in the “Background
`of the Invention” Section as its proposed claim construction. Pet. 6 (citing
`Ex. 1001, 2:19–21). In its Preliminary Response, Patent Owner did not
`
`8
`
`
`
`CBM2016-00064
`Patent 8,266,432 B2
`
`propose any claim construction. Prelim. Resp. 36−37. In the Decision on
`Institution, we adopted Petitioner’s proposed claim construction. Dec. 15.
`After institution, however, Patent Owner adopts only the portion of the
`definition in the “Summary of the Invention” Section as its proposed claim
`construction. PO Resp. 6 (citing Ex. 1001, 3:4–6).
`We agree with Patent Owner in part. Both cited sections of the
`Specification set forth what an external-entity “is,” indicating an intent to
`define the term. See Ex. 1001, 2:19–26, 3:4–6. In view of the Specification
`as a whole, we construe the claim term “external-entity” in accordance with
`the aforementioned definitions—“any party offering goods or services in
`e-commerce that users utilize by directly providing their UserName and
`SecureCode as digital identity, and that needs to authenticate the users based
`on digital identity.”
`
`“central-entity”
`
`Each independent claim (and thus each challenged claim) requires a
`
`“central-entity” to authenticate a user during an electronic transaction
`between the user and the external-entity. For example, claim 1 recites
`“authenticating by the central-entity the user and providing a result of the
`authenticating to the external-entity during the transaction if the digital
`identity is valid.” Ex. 1001, 6:45–47. The Specification expressly defines
`the term “central-entity”:
`As used herein, a “Central-Entity” is any party that has user’s
`personal and/or financial information, UserName, Password and
`generates [a] dynamic, non-predictable and time dependable
`
`9
`
`
`
`CBM2016-00064
`Patent 8,266,432 B2
`
`
`SecureCode for the user. Example of Central-Entity are: banks,
`credit card issuing companies or any intermediary service
`companies.
`Ex. 1001, 2:13–18. The Specification also defines the term “SecureCode”:
`The term “SecureCode” is used herein to denote any dynamic,
`non-predictable and time dependent alphanumeric code, secret
`code, PIN or other code, which may be broadcast to the user over
`a communication network, and may be used as part of a digital
`identity to identify a user as an authorized user.
`Id. at 2:35–40.
`In its Petition, Petitioner adopts the above definition of a
`“central-entity” as its proposed claim construction. Pet. 5−6. In its
`Preliminary Response, Patent Owner did not propose any claim construction.
`Prelim. Resp. 36−37. In the Decision on Institution, we adopted the
`definitions of “central-entity” and “SecureCode” set forth in the
`Specification. Dec. 15.
`After institution, Patent Owner proposes to construe the claim term
`“central-entity” as follows:
`a party comprising one or more computing devices that has user’s
`personal, financial, identification information, UserName, and/or
`Password and provides dynamic, non-predictable and time
`dependable code for the user.
`PO Resp. 5. Patent Owner seems to adopt the definition in the Specification,
`with modifications, as its proposed claim construction. Id. at 3–5.
`We decline to adopt Patent Owner’s proposed construction because it
`would not be consistent with the Specification, and the modifications
`improperly import an extraneous limitation into the claims and substantively
`
`10
`
`
`
`CBM2016-00064
`Patent 8,266,432 B2
`
`broaden the claim scope. Specifically, Patent Owner’s proposed
`construction would import an extraneous limitation—“one or more
`computing devices.” Each claim at issue already expressly requires one or
`more computers associated with a central-entity. Id. at 6:28, 7:57–8:7, 9:7,
`10:7–25. Adopting Patent Owner’s proposed construction would conflict
`with the broader term “party” used in the lexicographical definition above
`and potentially render the “computer” limitations superfluous.
`Additionally, Patent Owner’s proposed construction would introduce
`the following modifications to the lexicographical definition: (1) moving
`“and/or” to a different location in the list of information possessed by the
`central-entity, (2) changing “generates” to “provides,” (3) changing
`“SecureCode” to “code,” and (4) adding “identification information.” These
`modifications would substantively broaden the claim scope. For example,
`under Patent Owner’s proposed claim construction, possessing the
`UserName, Password, and SecureCode would be optional. These
`substantive modifications are not supported by the Specification.
`We are not persuaded by Patent Owner’s argument that “the
`‘central-entity’ does not necessarily possess or use personal and/or financial
`information, a UserName, and a Password,” such that “the Central-Entity
`has some or all of such user information described in the Background.” PO
`Resp. 3–5. The portions of the Specification cited by Patent Owner do not
`support Patent Owner’s proposed construction because they address the
`items of information that are used for performing a transaction and
`authenticating a user, not the items of information possessed by the
`
`11
`
`
`
`CBM2016-00064
`Patent 8,266,432 B2
`
`central-entity. Id. at 4 (citing Ex. 1001, 2:27–34, 2:41–43, 5:5–58, Fig. 2,
`Steps D–L). Patent Owner’s argument conflates the information that is
`possessed by the central-entity with the information that is used for
`performing a transaction and authenticating a user. Id. The lexicographical
`definition expressly listed the information that is possessed by the
`central-entity—namely, “any party that has user’s personal and/or financial
`information, UserName, Password and generates [a] dynamic . . .
`SecureCode for the user.” Ex. 1001, 2:13–16 (emphases added). Patent
`Owner also does not articulate, nor can we discern, a sufficient reason for
`changing “generates” to “provides” and changing “SecureCode” to “code.”
`For these reasons, we decline to adopt Patent Owner’s proposed
`construction. Rather, as in the Decision on Institution (Dec. 15), we
`adopt the definition in the Specification here as our claim
`construction, and interpret “central-entity” to mean “any party that has
`a user’s personal and/or financial information, UserName, and
`Password, and generates a dynamic, non-predictable and time
`dependable SecureCode for the user,” where a “SecureCode” is “any
`dynamic, non-predictable and time dependent alphanumeric code,
`secret code, PIN or other code, which may be broadcast to the user
`over a communication network, and may be used as part of a digital
`identity to identify a user as an authorized user.”
`
`12
`
`
`
`CBM2016-00064
`Patent 8,266,432 B2
`
`
`“digital identity”
`
`Each independent claim requires an authentication request based on
`
`“a user-specific information and the dynamic code as a digital identity.”
`See, e.g., Ex. 1001, 6:38–44. The Specification expressly defines the claim
`term “digital identity”:
`The term “digital identity” is used herein to denote a combination
`of user’s “SecureCode” and user’s information such as
`“UserName,” which may result in a dynamic, non-predictable
`and time dependable digital identity that could be used to identify
`a user as an authorized user.
`Id. at 2:41–45 (emphasis added).
`
`Neither party proposes a claim construction for this term. In the
`Decision on Institution, we adopted the express definition as our
`construction. Dec. 16. The parties do not provide, nor do we discern, a
`reason to modify that construction. Therefore, for purposes of this Final
`Written Decision, we maintain our claim construction set forth in the
`Institution Decision, in accordance with the Specification’s definition,
`construing “digital identity” as “a combination of a user’s SecureCode and
`the user’s information such as UserName, which may result in a dynamic,
`non-predictable and time dependable digital identity that could be used to
`identify a user as an authorized user.”
`
`“dynamic code”
`
`The claim term “dynamic code” appears in each independent claim.
`For instance, claim 1 recites “receiving electronically a request for a
`dynamic code for the user by a computer associated with a central-entity
`13
`
`
`
`CBM2016-00064
`Patent 8,266,432 B2
`
`during the transaction between the user and the external-entity.” Ex. 1001,
`6:27–30. The Specification does not define the term “dynamic code,” but
`rather defines the term “SecureCode” as follows:
`The term “SecureCode” is used herein to denote any dynamic,
`non-predictable and time dependent alphanumeric code, secret
`code, PIN or other code, which may be broadcast to the user over
`a communication network, and may be used as part of a digital
`identity to identify a user as an authorized user.
`Id. at 2:35–40 (emphasis added).
`Petitioner proposes to construe the claim term “dynamic code” to
`include a “dynamic, non-predictable and time dependent alphanumeric code,
`secret code, PIN or other code, which may be broadcast to the user over a
`communication network, and may be used as a part of a digital identity to
`identify a user as an authorized user.” Pet. 8. In its Preliminary Response,
`Patent Owner did not propose any claim construction. Prelim. Resp. 36−37.
`In the Decision on Institution, we construed the claim term “dynamic code”
`to encompass an “alphanumeric code that is non-predictable and time
`dependent, which may be broadcast to the user over a communication
`network, and may be used as a part of a digital identity to identify a user as
`an authorized user,” in light of the Specification including the claim
`language. Dec. 16−18 (emphases added).
`Subsequent to institution, Patent Owner argues that the claimed
`“dynamic code” corresponds to the disclosed “SecureCode,” citing the
`above-reproduced definition for support. PO Resp. 10 (citing Ex. 1001,
`2:35-40). We recognize that although the claims do not use the term
`
`14
`
`
`
`CBM2016-00064
`Patent 8,266,432 B2
`
`“SecureCode,” the written description appears to use the terms
`“SecureCode” and “dynamic code” interchangeably in certain contexts.
`For example, claim 1 also recites receiving a request for authenticating a
`user based on “a user-specific information and the dynamic code as a digital
`identity.” Ex. 1001, 6:38–42. The Specification defines the term “digital
`identity” as “a combination of user’s ‘SecureCode’ and user’s information
`such as ‘UserName,’” and explains that the central-entity “generates [a]
`dynamic, non-predictable and time dependent SecureCode for the user.” Id.
`at 2:41−43, 3:14–24. Nevertheless, because the above definition of
`“SecureCode” itself includes the word “dynamic” (id. at 2:35–40), we do not
`construe the claim term “dynamic code” to be interchangeable with
`“SecureCode” for all situations. For example, construing “dynamic code” to
`include “other code,” without more, would render the word “dynamic”
`superfluous. See Cat Tech LLC v. TubeMaster, Inc., 528 F.3d 871, 885
`(Fed. Cir. 2008) (noting that “[c]laims are interpreted with an eye toward
`giving effect to all terms in the claim”) (quotation omitted); see also
`Aristocrat Techs. Australia Pty Ltd. v. Int’l Game Tech., 709 F.3d 1348,
`1356–57 (Fed. Cir. 2013) (declining to adopt the appellants’ proposed
`construction because it would render another limitation “superfluous”).
`Patent Owner also argues that the ’432 patent “does not require that
`the SecureCode be alphanumeric.” PO Resp. 10 (citing Ex. 2010 ¶¶ 39–40).
`In light of the Specification and surrounding claim language, we agree with
`Patent Owner that the claim term “dynamic code” encompasses
`alphanumeric and non-alphanumeric codes that are non-predictable and
`
`15
`
`
`
`CBM2016-00064
`Patent 8,266,432 B2
`
`time dependent. Indeed, as Petitioner notes (Reply 19), claims 1 and 25
`recite a “dynamic code,” whereas claims 48 and 52 recite the “dynamic code
`is alphanumeric.” Based on claim differentiation, the full scope of “dynamic
`code” includes non-alphanumeric codes that are non-predictable and time
`dependent. Accordingly, we construe the claim term “dynamic code” to
`encompass “alphanumeric and non-alphanumeric codes that are
`non-predictable and time dependent, which may be broadcast to the user
`over a communication network, and may be used as a part of a digital
`identity to identify a user as an authorized user.” No further construction as
`to this term is necessary for purposes of this Decision. See Vivid Techs., 200
`F.3d at 803.
`
`“transaction”
`
`As noted above, claim 1 recites “authenticating a user during an
`electronic transaction between the user and an external-entity,” and the
`remaining independent claims include similar language. Petitioner argues
`that the claim term “transaction” should be construed to include “attempts
`[by a user] to access a restricted web site or attempts to buy services or
`products . . . through a standard interface provided by [an] External-Entity
`. . . and selects digital identity as his identification and authorization or
`payment option,” as described in the Specification of the ’432 patent.
`Pet. 7–8 (citing Ex. 1001, 5:5–22). Patent Owner appears to agree with
`Petitioner’s argument because Patent Owner argues that the disclosure of
`accessing a restricted website of an external-entity by a user provides written
`
`16
`
`
`
`CBM2016-00064
`Patent 8,266,432 B2
`
`description support for the claimed transaction. PO Resp. 17; see also id.
`at 9. Patent Owner also contends that the claim term “transaction” should
`not be construed as a single transaction. Id. at 6–7.
`Figures 4 and 5 of the ’432 patent are reproduced below.
`
`
`Figure 4 shows the steps of the transaction phase, whereas Figure 5
`
`illustrates the steps of the identification and authorization phase that involve
`utilizing a centralized identification and authentication system and method.
`Ex. 1001, 5:5–43. The steps in the transaction phase, as illustrated in
`
`17
`
`
`
`CBM2016-00064
`Patent 8,266,432 B2
`
`Figure 4, and the steps in the identification and authorization phase, as
`illustrated in Figure 5, are performed during the same transaction between
`the user and external-entity. Id. at 5:5–43, Figs. 4, 5.
`In light of the Specification and drawings, we agree with Petitioner’s
`interpretation of the term “transaction” insofar as it includes the user’s
`attempt to get access to the external-entity’s restricted website, or to
`purchase goods or services from the external-entity. Id. at 5:5–10, Fig. 4,
`step 110. Further, we observe that the transaction is not completed until the
`central-entity sends an approval or a denial to the external-entity. Id. at
`5:35–43, Fig. 5, steps 140, 150.
`However, we are not persuaded by Patent Owner’s argument that the
`claim term “transaction” should not be construed as a single transaction. PO
`Resp. 6–7. This argument squarely contradicts (1) Patent Owner’s claim
`construction submitted in Case IPR2015-01842 that involves the same patent
`and claims as those in the instant proceeding (Ex. 1027, 21–23), and (2)
`Patent Owner’s other arguments presented in the instant proceeding (PO
`Resp. 8–9). Notably, Patent Owner argued in Case IPR2015-01842 that the
`steps described in Figure 4 of the ’432 patent are performed during the same
`transaction because the dynamic code is for one-time use; whenever the user
`starts a new transaction and needs an authentication process, the user needs
`to restart those steps again. Ex. 1027, 22–23 (citing Ex. 1001, 4:12–14, 5:5–
`22, Fig. 4).
`Patent Owner’s argument (PO Resp. 6–7) also contradicts its other
`argument, in the instant proceeding, that the claim term “during the
`
`18
`
`
`
`CBM2016-00064
`Patent 8,266,432 B2
`
`transaction” includes the steps or functions performed during the transaction
`phase and the authorization phase involved in using the centralized
`identification and authentication system (id. at 8–9).4 In fact, Patent Owner
`acknowledges that each independent claim requires the recited steps or
`functions to be performed during the same transaction between the user and
`external-entity. Id. at 17−19.
`
` For these reasons, we construe “the transaction,” as recited in each
`step or function of each independent claim, to refer back to the same
`“electronic transaction between the user and an external-entity” recited in
`the preamble. See NTP, Inc. v. Research in Motion, Ltd., 418 F.3d 1282,
`1306 (Fed. Cir. 2005); Warner-Lambert Co. v. Apotex Corp., 316 F.3d 1348,
`1356 (Fed. Cir. 2003) (noting that the definite article “the” is a word of
`limitation, particularizing the subject which it precedes). No further
`construction is necessary for purposes of this Decision. See Vivid Techs.,
`200 F.3d at 803.
`
`B. Whether the ’432 Patent is a Covered Business Method Patent
`1. Financial Product or Service
`A covered business method (“CBM”) patent is “a patent that claims a
`method or corresponding apparatus for performing data processing or other
`operations used in the practice, administration, or management of a financial
`
`
`4 Patent Owner proposes construing “during the transaction” to mean “a
`period after the initiation of the transaction between a user and an
`external-entity and before the transaction is completed.” PO Resp. 8–9.
`19
`
`
`
`CBM2016-00064
`Patent 8,266,432 B2
`
`product or service, except that the term does not include patents for
`technological inventions.” AIA § 18(d)(1); 37 C.F.R. § 42.301(a). A patent
`is eligible for review if it has at least one claim directed to a covered
`business method. See Transitional Program for Covered Business Method
`Patents—Definitions of Covered Business Method Patent and Technological
`Invention, 77 Fed. Reg. 48,734, 48,736 (Response to Comment 8).
`Our reviewing court has explained that Ҥ 18(d)(1) directs us to
`examine the claims when deciding whether a patent is a CBM patent.” Blue
`Calypso, LLC v. Groupon, Inc., 815 F.3d 1331, 1340 (Fed. Cir. 2016)
`(finding that the challenged patent was eligible for review because the
`claims recited “an express financial component in the form of a subsidy”
`that was “central to the operation of the claimed invention”). “CBM patents
`are limited to those with claims that are directed to methods and apparatuses
`of particular types and with particular uses ‘in the practice, administration,
`or management of a financial produce or service.’” Unwired Planet, LLC v.
`Google Inc., 841 F.3d 1376, 1382 (Fed. Cir. 2016). “Necessarily, the
`statutory definition of a CBM patent requires that the patent have a claim
`that contains, however phrased, a financial activity element.” Secure
`Axcess, 848 F.3d at 1381. Furthermore, “the definition of ‘covered business
`method patent’ is not limited to products and services of only the financial
`industry” and “on its face covers a wide range of finance-related activities.”
`Versata Dev. Grp., Inc. v. SAP Am., Inc., 793 F.3d 1306, 1326–27 (Fed. Cir.
`2015).
`
`20
`
`
`
`CBM2016-00064
`Patent 8,266,432 B2
`
`
`Here, Petitioner takes the position that the ’432 patent is a covered
`business method patent, arguing that the “method for authenticating a user of
`claim 1 is used for data processing in the practice, administration, and
`management of financial products and services; specifically, for processing
`user financial information for electronic purchases.” Pet. 8–11. According
`to Petitioner, the claims at issue are directed to “a Central-Entity for
`centralized identification and authentication of users and their transactions
`to increase security and e-commerce.” Id. at 9–10 (citing Ex. 1001, 2:51–
`3:6). Petitioner explains that claim 1 is directed to a method for
`authenticating a user during a transaction between the user and an external
`entity, and dependent claim 4 (subsequently disclaimed) requires that the
`transaction be a financial transaction. Id.; Ex. 1001, 6:24–47, 6:61–62.
`Patent Owner counters that the challenged claims “literally do not
`recite any commercial or financial transactions,” and “lack any recitation of
`financial terminology or activity.” PO Resp. 28; Paper 29, 2–4. In Patent
`Owner’s view, the claimed authentication method and system do not involve
`a financial product or service, but rather are, at most, merely incidental or
`complementary to a financial activity. Paper 29, 4–5. Although Patent
`Owner confirms that the ’432 patent describes commercial and financial
`transactions, Patent Owner argues that “others are not (e.g., accessing a
`restricted website)” and any sales or financial transactions are not part of the
`claimed authentication. PO Resp. 28–29 (emphasis omitted). Patent Owner
`contends that “the term ‘external entity’ is not recited as a financial product
`or service in the claims but as a party for example having a restricted
`
`21
`
`
`
`CBM2016-00064
`Patent 8,266,432 B2
`
`website that requires user authentication before allowing access or offering
`its product or service.” Paper 29, 3–4.
`Upon consideration of the parties’ contentions and supporting
`evidence, we determine that Petitioner has established that claim 1, when
`properly construed, recites a method for performing data processing or other
`operations used in the practice, administration, or m