`
`
`Asghari-Kamrani, et al.
`In re Patent of:
`8,266,432 Attorney Docket No.: 36137-0007CP2
`U.S. Patent No.:
`September 11, 2012
`
`Issue Date:
`Appl. Serial No.: 12/210,926
`
`Filing Date:
`September 15, 2008
`
`Title:
`CENTRALIZED IDENTIFICATION AND
`AUTHENTICATION SYSTEM AND METHOD
`
`
`DECLARATION OF SETH NIELSON
`
`I.
`
`Introduction
`
` My name is Seth James Nielson. I have previously submitted two
`
`expert declarations in this matter. The first is dated April 29th, 2016 and the second
`
`is dated August 25th, 2016.
`
`
`
`In addition to the professional background sections of these two
`
`declarations, I have been appointed the Director of Advanced Research Projects at
`
`the Johns Hopkins University Information Security Institute. I am now teaching
`
`Advanced Network Security in addition to the Network Security course I have
`
`been teaching for the last few years. Moreover, in my new role, I am engaging
`
`with internal and external researchers on a range of projects relating to
`
`cryptography vulnerabilities, Internet-of-Things (IoT) forensics, and computer
`
`security in health care.
`
`
`
`As stated in previous declarations, I am not currently and have not at
`
`any time in the past been an employee of United Services Automobile Association
`Page 1 of 52
`
`
`
`
`
`
`USAA 1054
`USAA v Asghari-Kamrani
`CBM2016-00063
`CBM2016-00064
`
`
`
`
`
`
`
`
`
`
`
`
`
`(“USAA”). I have been engaged in the present matter to provide my independent
`
`analysis of the issues raised in the petition for post-grant review of the ‘432 patent.
`
`I received no compensation for this declaration beyond my normal hourly
`
`compensation based on my time actually spent studying the matter, and I will not
`
`receive any added compensation based on the outcome of this post-grant review of
`
`the ‘432 patent.
`
`
`
`I have been asked by counsel for Petitioner to opine on certain
`
`technical issues set forth in Patent Owner’s Response in this matter, dated
`
`December 5th, 2016 as well as to the opinions set forth in the Expert Declaration of
`
`Dr. Alfred C. Weaver, also dated December 5th, 2016. In reviewing the Response
`
`and accompanying Expert Declaration, I have been asked to opine as to whether
`
`either U.S. Patent Application Serial No. 11/333,400 or U.S. Patent Application
`
`Serial No. 11/239,046 provides sufficient supporting disclosure for the claims of
`
`U.S. Patent No. 8,266,432, which claims priority thereunto.
`
`II. Materials Considered
`
`
`
`In writing this Declaration, I have considered the following: my own
`
`knowledge and experience, including my work experience in the fields of
`
`computer science and IT security and authentication; my industry experience with
`
`those subjects; and my experience in working with others involved in those fields.
`
`
`
`
`Page 2 of 52
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`I have also analyzed the following publications and materials, in addition to other
`
`materials I cite in my declaration:
`
` U.S. Patent No. 8,266,432 and its accompanying prosecution history
`
`(“the ‘432 Patent”, USAA-1001, USAA-1002)
`
` U.S. Patent No. 7,444,676 (“the ‘676 Patent”, USAA-1015)
`
` U.S. Patent No. 8,281,129 (“the ‘129 Patent”, Ex. 2004)
`
` U.S. Patent Application Serial No. 11/333,400 (“the ‘400 Application”,
`
`Ex. 2009)
`
` U.S. Patent Application Serial No. 11/239,046 (“the ‘046 application”,
`
`Ex. 1014)
`
` Patent Owner’s Preliminary Response (Paper 11)
`
` Patent Owner’s Response (Paper 22)
`
` PCT Application Publication WO2003021837 A1 (USAA-1028)
`
` Grandparent U.S. Patent Application Serial No. 09/940,635 (USAA-
`
`1016)
`
`
`
`Although for the sake of brevity this Declaration refers to selected
`
`portions of the cited references, it should be understood that one of ordinary skill in
`
`the art would view the references cited herein in their entirety, and in combination
`
`with other references cited herein or cited within the references themselves. The
`
`
`
`
`Page 3 of 52
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`references used in this Declaration, therefore, should be viewed as being
`
`incorporated herein in their entirety.
`
`III. Summary of Opinions
`
`
`
`I am of the opinion that U.S. Patent No. 8,266,432 does not have
`
`sufficient supporting disclosure in either U.S. Patent Application Serial No.
`
`11/333,400 or U.S. Patent Application Serial No. 11/239,046 to satisfy the
`
`requirements of 35 U.S.C. §112, first paragraph. Although my opinion relates to
`
`the lack of sufficient supporting disclosure in these two applications, for
`
`convenience I will refer to citations in the ‘676 patent, which issued from the ‘046
`
`application, and citations in the ‘129 patent, which issued from the ‘400
`
`application. Where there are differences between the patent and the application, I
`
`will so indicate.
`
`
`
`I understand that the requirements of 35 U.S.C. 112, first paragraph,
`
`include that the specification includes the following: (A) A written description of
`
`the invention; (B) The manner and process of making and using the invention (the
`
`enablement requirement); and (C) The best mode contemplated by the inventor of
`
`carrying out his invention.
`
`
`
`I also understand that the disclosure requirement of 35 U.S.C. 112,
`
`first paragraph, must be met in a single parent application in order to obtain an
`
`
`
`
`Page 4 of 52
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`earlier filing date for individual claims and requires that each claim limitation must
`
`be expressly, implicitly, or inherently supported in the originally filed disclosure.
`
`
`
`I also understand that, to satisfy the written description requirement,
`
`the claimed invention must be described in sufficient detail that one skilled in the
`
`art can reasonably conclude that the inventor had possession of the claimed
`
`invention.
`
`
`
`I further understand that, the fact that a parent application could
`
`support a narrower scope of the invention for the same claim term does not show
`
`that the parent application provides sufficient support for the claims in the
`
`continuation application.
`
`
`
`I maintain the opinions I set forth previously in my two earlier
`
`declarations. Although none of those opinions have changed, I restate a subset of
`
`those opinions herein for emphasis.
`
`a. 4/29/2016 Declaration (¶ 64): It is my opinion that the specification
`
`of the '676 Patent does not support any independent claim in the '432
`
`Patent. Accordingly, by failing to provide written description support
`
`for at least one limitation in each of the independent claims of the
`
`‘432 Patent, the specification of the ‘676 Patent lacks written
`
`description for all the claims of the ‘432 Patent.
`
`
`
`
`Page 5 of 52
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`b. 8/25/2016 Declaration (¶ 35): It is my opinion that Section VIB [of
`
`the Patent Owner’s Preliminary Response] does not show sufficient
`
`written description support [from the ‘129 Patent] for all claim
`
`limitations of each claim of the ‘432 Patent.
`
`
`
`In addition to these and other opinions set forth in my two previous
`
`declarations, I disagree with Dr. Weaver that the ‘432 Patent has sufficient written
`
`description support from either the ‘676 or ‘129 patents to the extent that he holds
`
`this opinion. I note as an initial matter that he never clearly states this view in his
`
`Declaration. Rather, he says:
`
`a. “To provide my opinions that the original disclosure of a prior-filed
`
`application no. 11/333,400 (‘the 400 application’) provides written
`
`description support for the 432 Patent claims, I herein cite…” (Ex.
`
`2010 at ¶ 41)
`
`b. “To provide my opinions that the original disclosure of a prior-filed
`
`application no. 11/239,046 (‘the 046 application’) provides written
`
`description support for the 432 Patent claims, I herein cite…” (Ex.
`
`2010 at ¶ 62)
`
` These two statements appear to be the closest he gets to expressing his
`
`opinions about written description support. I remain unclear as to whether or not
`
`he reached his conclusions. But to the extent that he believes that the ‘400
`
`Page 6 of 52
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`application or the ‘046 application provide sufficient written description for the
`
`claims of the ‘432 Patent, I disagree.
`
` Moreover, I note that Dr. Weaver did not show written description
`
`support for any claim limitation for any claim of the ‘432 Patent. Instead, Dr.
`
`Weaver presents various opinions that certain terms have sufficient written
`
`description support from either the ‘129 or ‘676 patents. Because Dr. Weaver did
`
`not present any arguments or evidence of written description for claim limitations,
`
`I cannot analyze or rebut any opinions he has, if any, with respect to the actual
`
`language of those claim limitations. Should he introduce any additional opinions
`
`in the future, I reserve the right to address them.
`
` Although I understand from counsel that it is insufficient to opine that
`
`certain claim terms, rather than the claim limitations, have written description
`
`support, I have nevertheless reviewed Dr. Weaver’s opinions. I disagree with him
`
`on at least the following:
`
`a. User vs. Individual (Ex. 2010 at VII. A.)
`
`b. Central-Entity vs. Trusted-Authenticator (Ex. 2010 at VII. B.)
`
`c. External-Entity vs. Business (Ex. 2010 at VII. C.)
`
`d. Dynamic Code vs. Dynamic Key (Ex. 2010 at VII. E.)
`
` Moreover, I have affirmatively reviewed any claim limitations of the
`
`‘432 patent that include the terms identified by Dr. Weaver. I have also reviewed
`
`Page 7 of 52
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`Patent Owner’s Response and the claims charts attached thereunto. Contrary to
`
`Patent Owner’s assertion or implication, I am of the opinion that neither the ‘676
`
`patent nor the ‘129 patent provide sufficient written description for at least the
`
`following claim limitations from claim 1, and the corresponding limitations of
`
`claims 25, 48, and 52:
`
`a. receiving electronically a request for a dynamic code for the user by a
`
`computer associated with a central-entity during the transaction
`
`between the user and the external entity;
`
`b. generating by the central-entity during the transaction a dynamic code
`
`for the user in response to the request, wherein the dynamic code is
`
`valid for a predefined time and becomes invalid after being used;
`
`c. providing by the computer associated with the central entity said
`
`generated dynamic code to the user during the transaction;
`
`d. receiving electronically by the central-entity a request for
`
`authenticating the user from a computer associated with the external-
`
`entity based on a user-specific information and the dynamic code as a
`
`digital identity included in the request which said dynamic code was
`
`received by the user during the transaction and was provided to the
`
`external-entity by the user during the transaction; and
`
`
`
`
`Page 8 of 52
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`e. authenticating by the central-entity the user and providing a result of
`
`the authenticating to the external-entity during the transaction if the
`
`digital identity is valid.
`
`
`
`I understand from counsel that each and every limitation of a claim
`
`must have written description support. As I have identified multiple such
`
`unsupported limitations, I am also of the opinion that there is insufficient written
`
`description support for the claims of the ‘432 patent in either the ‘676 patent or the
`
`‘129 patent.
`
`
`
`I have not set forth an opinion about each and every statement in
`
`either Patent Owner’s Response or Dr. Weaver’s Declaration. Nevertheless, I
`
`explicitly disclaim endorsement for any opinion not specifically addressed herein.
`
`IV. Analysis of Dr. Weaver’s Expert Declaration
`
` As stated previously, Dr. Weaver expressed no opinions about written
`
`description support for any individual claim limitation, let alone all of them. He
`
`did, however, express his views that certain claim terms had written description
`
`support. I understand from counsel that it is insufficient to arrive at the conclusion
`
`that the ‘432 patent has sufficient written description support from either the ‘129
`
`Patent or the ‘676 Patent simply because certain claim terms are described. I
`
`understand that a proper analysis requires an analysis of the written description
`
`support for each and every limitation in a claim.
`
`Page 9 of 52
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
` However, even in his analysis of written description support for claim
`
`terms, I do not agree with Dr. Weaver’s conclusions as outlined below.
`
`A.
`‘129 Patent: User vs. Individual
` Dr. Weaver argues that there is sufficient written description support
`
`for the term “user” in the ‘432 Patent from the ‘129 Patent. Specifically, he
`
`identifies the ‘129 Patent’s disclosure of an “individual” as sufficient support. (Ex.
`
`2010 at ¶¶ 42-45).
`
`
`
`I disagree. A “user” in the ‘432 Patent is broader than “individual” in
`
`the ‘129 Patent and therefore the disclosure of the ‘129 Patent does not provide
`
`sufficient written description support. To illustrate I have reproduced their
`
`respective definitions below (emphasis added):
`
`‘432 Patent
`
`‘129 Patent
`
`For convenience, the term “user” is
`used throughout to represent both
`a typical person consuming goods
`and services as well as a business
`consuming good and services. Ex.
`1001 at 2:10-12.
`
`Furthermore, as used herein,
`“individual” 10 broadly refers to a
`person, company or organization
`that has established a trusted
`relationship with a trusted-
`authenticator 30.
`
`
`
` Dr. Weaver correctly identified the necessity for an “individual” in the
`
`‘129 patent to have a trusted relationship: “[t]hus the definition of ‘individual’ is
`
`tied to a trusted relationship rather than to a single human.” Ex. 2010 at ¶43.
`
`However, Dr. Weaver failed to note that the “user” defined in the ‘432 patent has
`
`Page 10 of 52
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`no such limitations. To reiterate, the “user” in the ‘432 patent is not required to
`
`have a trusted relationship with a trusted-authenticator.
`
` While it is true that the “user” from the ‘432 patent has data stored by
`
`the “central entity”, and Dr. Weaver associates the “central entity” with the trusted-
`
`authenticator, there is no requirement for the “user” and “central entity” of the ‘432
`
`Patent to maintain a trusted relationship. In the ‘432 patent, all that is required is
`
`that the “central entity” is “any party that has user’s personal and/or financial
`
`information, UserName, Password and generates dynamic, non-predictable and
`
`time dependable SecureCode for the user.” (‘432 patent at 2:13-16). The “central
`
`entity” could have the user’s information from a third party, or any number of
`
`ways that do not require a trusted relationship. All that is required is that the
`
`“central entity” has the information.
`
` Thus, I conclude that “user,” as disclosed and claimed in the ‘432
`
`Patent, is broader than “individual,” as disclosed in the ‘129 Patent, and the ’129
`
`Patent therefore does not provide sufficient written description support.
`
`B.
`‘129 Patent: Central Entity vs. Trusted-Authenticator
` Dr. Weaver also argues that there is sufficient written description
`
`support for the term “central entity” in the ‘432 Patent and identifies the term
`
`“trusted-authenticator” from the ‘129 Patent as providing that support.
`
`
`
`
`Page 11 of 52
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`I disagree. A “central entity” is broader than a “trusted-authenticator”
`
`for much the same reason that a “user” is broader than an “individual”, and
`
`therefore the disclosure of the ‘129 Patent does not provide sufficient written
`
`description support. To illustrate, I have reproduced their respective definitions
`
`below (emphasis added):
`
`‘432 Patent
`
`‘129 Patent
`
`As used herein, a “Central-Entity”
`is any party that has user’s personal
`and/or financial information,
`UserName, Password and generates
`dynamic, non-predictable and time
`dependable SecureCode for the
`user.
`
`
`
`The use of “trusted-authenticator”
`30 refers to an entity that already
`knows the individual 10, maintains
`information about that individual
`10, and has established a trusted
`relationship with that individual 10.
`
` The ‘129 Patent lists three separate requirements:
`
`a. The trusted-authenticator must already know the individual
`
`b. The trusted-authenticator must maintain information about the
`
`individual
`
`c. The trusted-authenticator must have established a trusted relationship
`
`with that individual
`
` On the other hand, the ‘432 Patent only requires the maintaining of
`
`information. The “central entity” is “any” party that has the user’s personal
`
`information regardless of whether or not it already knows the individual and/or has
`
`
`
`
`Page 12 of 52
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`a trusted relationship with the individual. While both terms have overlapping
`
`examples (e.g., both are identified as potentially being banks), the “central entity”
`
`also has a broader list of potential embodiments including “intermediary service
`
`provider.” (‘432 Patent at 2:17-18). The ‘129 Patent does not include such
`
`intermediaries in its description.
`
` The ‘129 Patent expressly states that this trusted relationship is a key
`
`component of the disclosure. “The trusted authenticator would be an entity that
`
`already knows the individual, maintains personal information about that individual,
`
`and has established a trusted relationship with that person. The advantage of using
`
`trusted authenticators is that the authentication process can be built on trust
`
`relationships and infrastructures already in place.” (‘129 Patent at 4:5-11
`
`(emphasis added)).
`
` Even the ‘129 Patent’s example of a bank for the “trusted-
`
`authenticator” is narrower than the ‘432 Patent’s example of a bank for the “central
`
`entity.” The ‘129 Patent explicitly states that the bank should be the individual’s
`
`bank, not just any bank. “A reasonable candidate for such a trusted authenticator
`
`would be a bank or other financial institution with whom the individual has already
`
`established an account. After all, if most people trust a bank to handle their money
`
`and keep it safe, trusting that same bank to authenticate their identities in other
`
`
`
`
`Page 13 of 52
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`financial transactions should be natural.” (‘129 Patent at 4:11-16 (emphasis
`
`added)).
`
` On the other hand, the ‘432 Patent makes no such limitations and
`
`places no such expectations on its banks. To the contrary, it appears to be open to
`
`having any financial institution serve as a “central entity”.
`
` Thus, I conclude that “central entity,” as disclosed and claimed in the
`
`‘432 Patent, is broader than “trusted-authenticator,” as disclosed in the ‘129 Patent,
`
`and the ‘129 Patent therefore does not provide sufficient written description
`
`support.
`
`C.
`‘129 Patent: External Entity vs. Business
` Similar to his analysis of the “user” and “central entity” terms of the
`
`‘432 patent, Dr. Weaver concludes that the term “external entity” in the ‘432 patent
`
`has sufficient written support from the ‘129 patent. He states that a POSITA
`
`would understand that “Business 20” of the ‘129 patent provides that support. (Ex.
`
`2010 at ¶¶ 47-48).
`
`
`
`I disagree. An “external entity” is broader than a “business” for much
`
`the same reason that a “user” is broader than an “individual” and “central entity is
`
`broader than “trusted-authenticator”, and therefore the disclosure of the ‘129 Patent
`
`does not provide sufficient written description support. To illustrate, I have
`
`reproduced their respective definitions below (emphasis added):
`
`Page 14 of 52
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`‘432 Patent
`
`‘129 Patent
`
`As also used herein, an “External-
`Entity” is any party offering goods
`or services that users utilize by
`directly providing their UserName
`and SecureCode as digital identity.
`
`Furthermore, as used herein,
`“business” 20 broadly refers to a
`company or organization (online or
`offline) that has established a
`trusted relationship with a trusted-
`authenticator 40 and that needs to
`authenticate the identity of the
`individual
`
`
`
`
`
` The “business” identified by the ‘129 patent is required to have a
`
`trusted relationship established with the trusted authenticator while the “external
`
`entity” of the ‘432 patent is not similarly limited.
`
` Moreover, I understand at least from the disclosure of the ‘432 Patent
`
`that the full scope of the claim terms includes the “external entity” and the “central
`
`entity” of the ‘432 Patent being the same entity, e.g., both could be banks. See also
`
`USAA-1026, 6. Not only is there no support for the “business” and “trusted-
`
`authenticator” to be the same entity in the ‘129 Patent, but such an arrangement
`
`would be antithetical. In fact, during prosecution of the application that issued as
`
`the ‘129 Patent, arguments were presented that make clear the “business” and
`
`“trusted-authenticator” cannot be the same entity: “[t]he business, organization, or
`
`another individual disclosed in the present specification is different from the
`
`trusted-authenticator (which plays a different role in the current authentication
`
`framework).” USAA-1053, 555 (emphasis in original).
`
`Page 15 of 52
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
` The ‘129 Patent requires that the business “needs to authenticate the
`
`identity of the individual.” It would not make sense for this to be the same entity
`
`as the trusted-authenticator that “already has a trusted relationship with the
`
`individual.” With such an established “trusted relationship,” the business as the
`
`same entity as the trusted-authenticator would not need to authenticate the
`
`individual, but that is a requirement of the business as defined in the ‘129 Patent.
`
`Because it is antithetical to the disclosure of the ‘129 Patent, the ‘129 Patent cannot
`
`possibly provide support for the external entity and central entity being the same
`
`entity.
`
`
`
`I also understand that Patent Owner previously argued that the
`
`“external entity” of the ‘432 Patent is not limited to corporate personalities but
`
`could be embodied in computer systems. USAA-1064, 4. But whereas Patent
`
`Owner argued that the “external entity” of the ‘432 Patent could be just a
`
`“computer system”, the ‘129 Patent requires that the “business” be a “company or
`
`organization.” Thus, because the “business” disclosed in the ’129 patent is limited
`
`to that corporate identity of a “company or organization,” the ’129 patent’s
`
`disclosed “business” fails to provide supporting disclosure for the full scope of the
`
`“external-entity,” which according to PO, can be simply a computer system.
`
`
`
`
`Page 16 of 52
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
` Thus, I conclude that “external entity,” as disclosed and claimed in the
`
`‘432 Patent, is broader than “business,” as disclosed in the ‘129 Patent, and the
`
`‘129 Patent therefore does not provide sufficient written description support.
`
`D.
`‘129 Patent: Dynamic Code vs. Dynamic Key
` According to Dr. Weaver, the “dynamic code” of the ‘432 Patent is
`
`“the same or similar to dynamic keys” of the ‘129 Patent. (Ex. 2010 at ¶ 53).
`
`“Accordingly,” Dr. Weaver concludes, “a POSITA would understand that the
`
`‘dynamic key,’ as disclosed in the 676 Patent, provides sufficient written
`
`description support for the claimed ‘dynamic code’ of the 432 Patent.” (Ex. 2010
`
`at ¶ 53).
`
`
`
`I disagree. While Dr. Weaver cites to the specification of the ‘432
`
`Patent to define a “SecureCode,” which Patent Owner has stated corresponds to the
`
`claimed dynamic code, as “any dynamic, non-predictable and time dependent
`
`alphanumeric code, secret code, PIN or other code … and may be used as part of a
`
`digital identity to identify a user as an authorized user,” (Ex. 2010 at ¶ 53
`
`(emphasis added)), he errs in that this is an embodiment of the term and not its
`
`only definition. For example, from that disclosure, the dynamic code is a dynamic,
`
`non-predictable and time dependent alphanumeric code, or a dynamic, non-
`
`predictable and time dependent secret code, or a dynamic, non-predictable and
`
`
`
`
`Page 17 of 52
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`time dependent PIN or other code, with the secret code, PIN, or other code
`
`including non-alphanumeric codes.
`
` Moreover, the term “dynamic code” does not have to be alphanumeric
`
`as used in claims 1 and 25 of the ‘432 Patent. I understand from counsel that the
`
`principle of “claim differentiation” indicates that if two independent claims recite
`
`similar elements, and one introduces a new limitation not found in the other with
`
`respect to one of those elements, it is implied that the limitation is not present
`
`where it is not mentioned, and thus the element has a broader meaning. As claims
`
`48 and 52 of the ‘432 Patent explicitly require that the dynamic code be
`
`alphanumeric, a POSITA would understand that the other independent claims 1
`
`and 25 do not require the dynamic code to be alphanumeric, such that the dynamic
`
`code includes a non-alphanumeric code. An example of a non-alphanumeric code
`
`is a series of symbols or non-alphanumeric characters, i.e., characters that are not
`
`letters or numbers. Alternatively, an example of a non-alphanumeric code is a
`
`code containing only numbers or a code containing only letters. See USAA-1064,
`
`1-2. On the other hand, there is no support in the ‘129 Patent for the “dynamic
`
`key” to be anything other than alphanumeric.
`
` Thus, I conclude that “dynamic code,” as disclosed in the ‘432 Patent,
`
`is broader than “dynamic key,” as disclosed in the ‘129 Patent, and the ‘129 Patent
`
`therefore does not provide sufficient written description support.
`
`Page 18 of 52
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`V. Analysis of the Lack of Written Description Support in the ‘129
`Patent for the Claims of the ‘432 Patent
`A. The ‘129 Patent Does Not Provide Sufficient Written
`Description for Independent Claim 1 of the ‘432 Patent
` Dr. Weaver implies (but does not directly say) that it is his opinion
`
`that the ‘129 Patent provides sufficient written description support for Claim 1 of
`
`the ‘432 Patent. (Ex. 2010 at ¶¶ 41-61)
`
`
`
`I disagree. I understand from counsel that for there to be sufficient
`
`written description support for Claim 1, the ‘129 Patent must provide sufficient
`
`written description for each limitation therein. Nevertheless, all of the limitations
`
`do not have sufficient written description support for the reasons set forth below.
`
` Claim 1’s preamble reads: “A method for authenticating a user during
`
`an electronic transaction between the user and an external-entity, the method
`
`comprising:” Claim 1 then lists the following limitations (emphasis added for later
`
`analysis):
`
`a. [Limitation 1[a]] “receiving electronically a request for a dynamic
`
`code for the user by a computer associated with a central-entity
`
`during the transaction between the user and the external entity;”
`
`b. [Limitation 1[b]] “generating by the central-entity during the
`
`transaction a dynamic code for the user in response to the request,
`
`
`
`
`Page 19 of 52
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`wherein the dynamic code is valid for a predefined time and becomes
`
`invalid after being used;”
`
`c. [Limitation 1[c]] “providing by the computer associated with the
`
`central entity said generated dynamic code to the user during the
`
`transaction;”
`
`d. [Limitation 1[d]] “receiving electronically by the central-entity a
`
`request for authenticating the user from a computer associated with
`
`the external-entity based on a user-specific information and the
`
`dynamic code as a digital identity included in the request which said
`
`dynamic code was received by the user during the transaction and was
`
`provided to the external-entity by the user during the transaction; and”
`
`e. [Limitation 1[e]] “authenticating by the central-entity the user and
`
`providing a result of the authenticating to the external-entity during
`
`the transaction if the digital identity is valid.”
`
` Limitations 1[a], 1[b], 1[c], and 1[d] all require the use of a “dynamic
`
`code”. However, the claimed “dynamic code” is not described in the ‘129 Patent.
`
`Dr. Weaver, although never asserting that these claim limitations are met, does
`
`assert that a POSITA would understand the term “dynamic key” as described in the
`
`‘129 Patent would provide sufficient written description support for the “dynamic
`
`code.” I disagree. The term “dynamic code” is broader than the term “dynamic
`
`Page 20 of 52
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`key” because a “dynamic key” is limited to alphanumeric sequences while a
`
`“dynamic key” is not. These opinions are set forth in more detail above in Section
`
`IV. D. of this declaration.
`
` Limitations 1[a], 1[d], and 1[e] all require the interaction of a “user”.
`
`However, the claimed “user” is not described in the ‘129 Patent. Dr. Weaver,
`
`although never asserting that these claim limitations are met, does assert that a
`
`POSITA would understand the term “individual” as described in the ‘129 Patent
`
`would provide sufficient written description support for the “user.” I disagree.
`
`The term “user” is broader than the term “individual” because an “individual” is
`
`limited to parties that already have a trusted relationship with a trusted-
`
`authenticator while a “user” is not. These opinions are set forth in more detail
`
`above in Section IV. A. of this declaration.
`
` Limitations 1[a], 1[b], 1[c], 1[d], and 1[e] all require the interaction of
`
`a “central-entity”. However, the claimed “central-entity” is not described in the
`
`‘129 Patent. Dr. Weaver, although never asserting that these claim limitations are
`
`met, does assert that a POSITA would understand the term “trusted-authenticator”
`
`as described in the ‘129 Patent would provide sufficient written description support
`
`for the “central-entity.” I disagree. The term “central-entity” is broader than the
`
`term “trusted-authenticator” because a “trusted-authenticator” is required to (1)
`
`already know the user and (2) already have a trusted relationship with the user. A
`
`Page 21 of 52
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`“central-entity” does not have these limitations. These opinions are set forth in
`
`more detail above in Section IV. B. of this declaration.
`
` Limitations 1[a], 1[b], 1[c], 1[d], and 1[e] all require the interaction of
`
`an “external-entity”. However, the claimed “external-entity” is not described in
`
`the ‘129 Patent. Dr. Weaver, although never asserting that these claim limitations
`
`are met, does assert that a POSITA would understand the term “business” as
`
`described in the ‘129 Patent would provide sufficient written description support
`
`for the “external-entity.” I disagree. The term “external-entity” is broader than the
`
`term “business” because a “business” is required to already have a trusted
`
`relationship with its trusted-authenticator. Not only does an “external-entity” not
`
`have this limitation, but an “external-entity” and a “central-entity” can be the same
`
`entity while a “business” and a “trusted-authenticator” cannot. These opinions are
`
`set forth in more detail above in Section IV. C. of this declaration.
`
`B.
`The ‘129 Patent Does Not Provide Sufficient Written
`Description for Independent Claim 25 of the ‘432 Patent
` Dr. Weaver implies (but does not directly say) that it is his opinion
`
`that the ‘129 Patent provides sufficient written description support for Claim 25 of
`
`the ‘432 Patent. (Ex. 2010 at ¶¶ 41-61)
`
`
`
`I disagree. I understand from counsel that for there to be sufficient
`
`written description support for Claim 25, the ‘129 Patent must provide sufficient
`
`
`
`
`Page 22 of 52
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`written description for each limitation therein. Nevertheless, all of the limitations
`
`do not have sufficient written description support for the reasons set forth below.
`
` Claim 25’s preamble reads: “An apparatus for authenticating a user
`
`during an electronic transaction with an external-entity, the apparatus
`
`comprising…” Claim 25 then lists the following limitations (emphasis added for
`
`later analysis):
`
`a. [Limitation 25[a]] “a first central-entity computer adapted to”
`
`b. [Limitation 25[b]] “generate a dynamic code for the user in response
`
`to a request during the electronic transaction, wherein the dynamic
`
`code is valid for a predefined time and becomes invalid after being
`
`used; and”
`
`c. [Limitation 25[c]] “provide said dynamic code to the user during the
`
`electronic transaction;”
`
`d. [Limitation 25[d]] “a second central-entity computer adapted to
`
`validate a digital identity in response to an authentication request from
`
`the ex