IN THE UNITED STATES PATENT AND TRADEMARK OFFICE
`
`In re Patent of: Asghari-Kamrani, et al.
`
`U.S. Patent No.: 8,266,432
`
`Issue Date:
`
`September 11, 2012
`
`Appl. Serial No.: 12/210,926
`
`Filing Date:
`
`September 15, 2008
`
`Title:
`
`CENTRALIZED IDENTIFICATION AND
`
`AUTHENTICATION SYSTEM AND METHOD
`
`
`
`
`
`DECLARATION OF DR. ALFRED C. WEAVER
`
`I, Dr. Alfred C. Weaver, do hereby declare:
`
`1.
`
`I am making this declaration at the request of Patent Owner Nader
`
`Asghari-Kamrani and Kamran Asghari-Kamrani in the matter of CBM2016-00063
`
`and CBM2016-00064, both of which are directed to US Patent 8,266,432.
`
`I.
`
`QUALIFICATIONS AND ENGAGEMENT
`
`2.
`
`I earned a Bachelor of Science in Engineering Science in 1971 from
`
`the University of Tennessee. I also earned a Master of Science in Computer
`
`Science from the University of Illinois at Urbana-Champaign in 1973. Thereafter,
`
`I earned a Ph.D. in Computer Science at the University of Illinois at Urbana-
`
`Champaign in 1976.
`
`3.
`
`I am currently a Professor of Computer Science and the Associate
`
`Chair of the Department of Computer Science at the University of Virginia
`
`
`
`
`1
`
`KAMRANI 2010
`
`
`
`In re Patent of: Asghari-Kamrani, et al.
`
`U.S. Patent No.: 8,266,432
`
`Issue Date:
`
`September 11, 2012
`
`Appl. Serial No.: 12/210,926
`
`Filing Date:
`
`September 15, 2008
`
`Title:
`
`CENTRALIZED IDENTIFICATION AND
`
`AUTHENTICATION SYSTEM AND METHOD
`
`
`
`
`
`DECLARATION OF DR. ALFRED C. WEAVER
`
`I, Dr. Alfred C. Weaver, do hereby declare:
`
`1.
`
`I am making this declaration at the request of Patent Owner Nader
`
`Asghari-Kamrani and Kamran Asghari-Kamrani in the matter of CBM2016-00063
`
`and CBM2016-00064, both of which are directed to US Patent 8,266,432.
`
`I.
`
`QUALIFICATIONS AND ENGAGEMENT
`
`2.
`
`I earned a Bachelor of Science in Engineering Science in 1971 from
`
`the University of Tennessee. I also earned a Master of Science in Computer
`
`Science from the University of Illinois at Urbana-Champaign in 1973. Thereafter,
`
`I earned a Ph.D. in Computer Science at the University of Illinois at Urbana-
`
`Champaign in 1976.
`
`3.
`
`I am currently a Professor of Computer Science and the Associate
`
`Chair of the Department of Computer Science at the University of Virginia
`
`
`
`
`1
`
`KAMRANI 2010
`
`
`
`(“UVa”). I have been employed at UVa continuously since 1977. Over the period
`
`of my employment at UVa, I have taught more than 25 different courses, including
`
`electronic commerce, operating systems, computer networks, and various
`
`programming courses. Moreover, I have been the graduate advisor for 69 Ph.D.
`
`and master’s students, all in Computer Science.
`
`4.
`
`In addition to my teaching duties, I am also the Founding Director of
`
`UVa’s Applied Research Institute, a group of faculty engaged in research areas
`
`related to national security and funded by both government and industry. To date,
`
`I have published 16 books and book chapters, 30 refereed journal articles, 139
`
`refereed conference publications, and 80 technical reports. I currently serve on the
`
`Advisory Council of the Editorial Board of IEEE Computer magazine.
`
`5.
`
`As a researcher, I have served as Principal Investigator or co-Principal
`
`Investigator of 130+ research projects funded by the federal government and
`
`private industry. Recent research projects include 3D printing, automated analysis
`
`of published scientific literature, secure mobile computing, crowdsourcing, data
`
`integrity, and trustworthy computing.
`
`6.
`
`I have founded five companies. One of these, Network Xpress, Inc.,
`
`was a spin-off from research work in computer networks funded by the U. S. Navy
`
`at UVa. At its peak, another company, Reliacast, Inc., employed 90 people and
`
`
`
`
`2
`
`KAMRANI 2010
`
`
`
`developed software for secure streaming of multimedia. Reliacast was ultimately
`
`sold to Comcast.
`
`7.
`
`I have served as an expert witness in 20+ patent infringement cases
`
`since 1988. Six of those cases have gone to trial. In the past four years I have
`
`testified in court in two cases:
`
`VS Technologies v. Twitter, Inc., No. 2:11-cv-00043-HCM-TEM in
`
`the United States District Court for the Eastern District of Virginia
`
`(Norfolk). In that case, I testified on behalf of Twitter.
`
`ePlus, Inc. v. Lawson Software, Inc., No. 3:09-cv-00620-REP in the
`
`United States District Court for the Eastern District of Virginia
`
`(Richmond). In that case, I testified on behalf of ePlus.
`
`8.
`
`A complete list of cases in which I have testified at deposition,
`
`hearing or trial in the past 4 years is attached hereto as Exhibit 2012.
`
`9.
`
`I have authored or co-authored 16 books or book chapters in the
`
`computer science field and have authored or co-authored over 169 refereed journal
`
`and conference papers on various topics related to computer science, computer
`
`systems, computer networks, search agents, databases, the Internet and e-
`
`commerce, among other topics. I am a member of the editorial board of the IEEE
`
`Computer magazine.
`
`10.
`
`I have presented papers at numerous conferences and have served as
`
`Program Chair or Technical Program Chair of a number of conferences around the
`
`
`
`
`3
`
`KAMRANI 2010
`
`
`
`world. For example, I was the Keynote Speaker at the International Workshop on
`
`Privacy, Security, and Trust for Mobile Devices (MobiPST’11), in Maui, Hawaii,
`
`in July 2011 on the topic of “Providing Privacy and Security for Mobile Devices.”
`
`I was the Keynote Speaker at the IEEE International Conference on Industrial
`
`Technology (ICIT’05), in Hong Kong, in December 2005 on the topic of
`
`“Achieving Data Privacy and Security Using Web Services.” I was the Keynote
`
`Speaker at the IEEE International Conference on Emerging Technologies and
`
`Factory Automation (ETFA’05), in Catania, Sicily, Italy, in September 2005 on the
`
`topic of “A Security Architecture for Distributed Data Security.”
`
`11. With my co-authors Sam Dwyer and Kristen Hughes, I wrote chapter
`
`two entitled “Health Insurance Accountability and Portability Act” in the book
`
`Security Issues in the Digital Medical Enterprise, published by the Society for
`
`Computer Applications in Radiology in 2004. I wrote the paper “Secure Sockets
`
`Layer” in Computer in April 2006. With my co-author Andrew Jurik, I wrote
`
`“Securing Mobile Devices with Biotelemetry,” presented at the International
`
`Workshop on Privacy, Security, and Trust in Mobile and Wireless Systems
`
`(MobiPST’11), in Maui, Hawaii, in July, 2011. I presented the NATO Fellowship
`
`Lecture at Bogazici University, in Istanbul, Turkey, in May 2000 on the topic of
`
`“Internet Privacy and Security.” With my master’s student Andrew Snyder, I
`
`wrote “The e-Logistics of Securing Distributed Medical Data,” presented at the
`
`
`
`
`4
`
`KAMRANI 2010
`
`
`
`IEEE International Conference on Industrial Informatics, Banff, Alberta, Canada,
`
`in August 2003. I supervised Andrew Snyder’s master’s thesis on the topic of
`
`“Performance Measurement and Workflow Impact of Securing Medical Data
`
`Using HIPAA Compliant Encryption in a .NET Environment,” in August 2003.
`
`12.
`
`I am a named inventor on U.S. patent 4,217,658 that resulted from my
`
`Ph.D. research at the University of Illinois.
`
`13.
`
`I am a Fellow of the IEEE, an honor awarded to less than two percent
`
`of the IEEE membership.
`
`14.
`
`I have been an invited guest lecturer at numerous meetings sponsored
`
`by various corporations around the world. For example, I spoke on “Reliable
`
`Multicast and Reliable Group Management” for a meeting held at Sun
`
`Microsystems in Palo Alto, California in July, 1999. I gave a presentation entitled
`
`“Xpress Transport Protocol” at a meeting sponsored by General Electric Research
`
`and Development Laboratory, held in Schenectady, New York, in December, 1996.
`
`I was an invited speaker on the topic of “Medical Data Privacy and Security” at the
`
`Microsoft Healthcare Users’ Group meeting in Redmond, Washington in 2006.
`
`15.
`
`I was the Lucian Carr III Professor of Engineering and Applied
`
`Science at the University of Virginia from 2002-2004. I was a member of the
`
`Provost’s Promotion and Tenure Committee of the University of Virginia during
`
`2003-2006. I served as the Chairman of the Department of Computer Science
`
`
`
`
`5
`
`KAMRANI 2010
`
`
`
`during 1984-85 and am now the Associate Chair of my department. In 1996-1999
`
`and again in 2012-2015, I served as a member of the Promotion and Tenure
`
`Committee for the School of Engineering and Applied Science at the University of
`
`Virginia and chaired that committee during 1998-1999 and 2014-2015.
`
`16.
`
`I teach the University of Virginia’s CS 4753 course “Electronic
`
`Commerce Technologies.” This course explains the role of encryption in modern
`
`electronic commerce and teaches the details of the mathematical algorithms that
`
`implement symmetric key encryption, public key encryption, and other encryption
`
`techniques. I was the Principal Investigator for “Secure E-Commerce: A Modular
`
`Course Supported by Virtual Laboratories,” a $500,000 research project funded by
`
`the National Science Foundation to develop a course teaching secure e-commerce.
`
`17.
`
`I have also had the opportunity to consult with and/or work in the
`
`commercial sector. For example, I received a $200,000 research grant from
`
`Microsoft for my work in connection with development of a solution to the
`
`problems associated with the privacy and security of medical data. In the past, I’ve
`
`consulted for General Electric, Lockheed Martin, Honeywell, Raytheon, E-
`
`Systems and others. Additionally, I founded five companies of my own which
`
`focused on e-commerce. I was involved in all aspects of the life cycles of these
`
`companies from raising start-up capital funding, to designing and developing
`
`products, to commercializing these products in the marketplace. One of these
`
`
`
`
`6
`
`KAMRANI 2010
`
`
`
`companies, Reliacast, developed secure multimedia distribution software and was
`
`ultimately sold to Comcast.
`
`18. A detailed curriculum vitae showing more of my credentials in these
`
`fields is attached as Exhibit 2011.
`
`19.
`
`I am being compensated for my work in this matter at my standard
`
`hourly rate of $400/hour for consulting services. My compensation for this matter
`
`is not determined by or contingent upon the outcome of this case.
`
`II. MATERIALS REVIEWED AND RELIED UPON
`
`20.
`
`In preparing this Declaration I reviewed and considered all or portions
`
`of the following materials:
`
`Ex. / Doc.
`
`Description
`
`1001 U.S. Patent 8,266,432
`
`1015 U.S. Patent 7,444,676
`
`U.S. Patent 8,281,129
`1005 U.S. Patent 7,356,837
`U.S. Patent 7,356,837
`U.S. Patent 8,266,432 file history
`
`
`
`
`
`
`
`U.S. Patent 8,281,129 file history
`
`Petition for Covered Business Method Patent Review of
`United States Patent No. 8,266,432 Pursuant to 35 U.S.C.
`§ 321 and § 18 of the Leahy-Smith America Invents Act
`(CBM2016-00063)
`
`1003 Declaration of Dr. Seth Nielson
`
`
`
`
`7
`
`KAMRANI 2010
`
`
`
`
`
`
`
`
`
`Petition for Covered Business Method Patent Review of
`United States Patent No. 8,266,432 Pursuant to 35 U.S.C. §
`321 and § 18 of the Leahy-Smith America Invents Act
`(CMB2016-00064)
`
`Decision Granting Institution of Covered Business Method
`
`Patent Review (CBM2016-00063)
`
`Decision Granting Institution of Covered Business Method
`Patent Review (CBM2016-00064)
`
`-
`
`All other documents cited and used in this Declaration.
`
`
`
`21.
`
`
`I have also relied upon my years of education, teaching, research, and
`
`experience concerning software, computer architecture, networks, network
`
`protocols, electronic commerce, privacy and security.
`
`III. STATUS OF THE CLAIMS
`
`A. Grounds of Review in CBM2016-00063
`
`22. The Patent Trials and Appeals Board instituted review of (i) claims 1,
`
`3, 5-8, 12-13, 15-27, 30-42, 44-45, 47-48, 50-52, and 55 under U.S.C. § 102(b) for
`
`being anticipated by U.S. Patent Application Publication No. 2006/0094403
`
`(“Norefors”) (Ex. 1032), and (ii) claims 2, 9-11, 14, 28, 43, 46, 49, and 53 under
`
`U.S.C. 103(a) for being unpatentable over Norefors in view of U.S. Patent No.
`
`5,740,361 (“Brown”) (Ex. 1035).
`
`
`
`
`8
`
`KAMRANI 2010
`
`
`
`B. Grounds of Review in CBM2016-00064
`
`23. The Patent Trials and Appeals Board instituted review of claims 1–3,
`
`5–28, and 30–55 under 35 U.S.C. 103(a) for being unpatentable over US
`
`2007/0022301 Al (“Nicholson”) (Ex. 1034) in view of U.S. Patent No. 5,740,361
`
`(“Brown”) (Ex. 1035).
`
`C. Challenged Claims
`
`24. With regard to challenged U.S. Patent No. 8,266,432, I understand
`
`that Patent Owner has previously disclaimed claims 4, 11, 29, 46, 49, and 53.
`
`Accordingly, claims 1-3, 5-10, 12-28, 30-45, 47, 48, 50-52, 54, and 55 remain
`
`under challenge.
`
`IV. LEGAL STANDARDS
`
`25.
`
`I am not an attorney. I have been advised of the following general
`
`principles of patent law to be considered in formulating my opinions set forth
`
`below.
`
` Written Description
`
`26.
`
`It is my understanding that a nonprovisional patent application can
`
`claim benefit to one or more prior-filed copending applications. A patent claim is
`
`entitled to the benefit of the filing date of a prior-filed application only if the
`
`original disclosure of the prior-filed application provides written description
`
`support for the patent claim. I understand that the prior-filed application is not
`
`
`
`
`9
`
`KAMRANI 2010
`
`
`
`required to have in haec verba support in the original specification in order to
`
`satisfy the written description requirement. Rather, I understand that the test for
`
`determining compliance with the written description requirement is whether the
`
`original disclosure of the prior-filed application reasonably would have conveyed
`
`to a POSITA that the inventor had possession of the claimed subject matter at the
`
`time of the prior-filed application’s filing date.
`
` Claim Construction
`
`27.
`
`It is my understanding that in determining whether a patent claim is
`
`anticipated or obvious in view of the prior art, the Patent Office must construe the
`
`claim by giving the claim its broadest reasonable interpretation consistent with the
`
`specification from the standpoint of a person of ordinary skill in the art
`
`(“POSITA”). For the purposes of this review, unless otherwise stated, I have
`
`construed each claim term in accordance with its plain and ordinary meaning
`
`under the required broadest reasonable interpretation of the terms.
`
`
`
`Persons of Ordinary Skill in the Art
`
`28.
`
`I believe that the 432 Patent is addressed to a POSITA, i.e., a person
`
`of ordinary skill in the art, with at least a bachelor’s degree or equivalent in digital
`
`electronics, electrical engineering, computer engineering, computer science, or a
`
`related technical degree, possibly with some additional post-degree work
`
`experience in system engineering (or equivalent). In determining who would be a
`
`
`
`
`10
`
`KAMRANI 2010
`
`
`
`POSITA, I considered at least the following criteria: (a) the type of problems
`
`encountered in the art; (b) prior art solutions to those problems; (c) the rapidity
`
`with which innovations are made; (d) the sophistication of the technology; and (e)
`
`the education level of active workers in the field.
`
`V. BACKGROUND TECHNOLOGY OF THE 432 PATENT
`
`29. The 432 Patent relates to “a system and method provided by a central-
`
`entity for centralized identification and authentication of users and their
`
`transactions to increase security in e-commerce.” Ex. 1001 at 2:52-55. As an
`
`example of an embodiment that is consistent with the 432 Patent, a customer (such
`
`as user 10) can attempt an online transaction with a business (such as external-
`
`entity 20). This scenario is supported by FIG. 2, 3:35-40, 4:44-61, and 5:5-10 in
`
`Ex. 1001. Before such a transaction can be completed, the business 20 can request
`
`a digital identity of the customer to assist with the customer’s 10 authentication.
`
`Id. at 5:10-13. The customer 10 then obtains the digital identity from a central-
`
`entity 30. The digital identity provided by central-entity 30 may be generated by
`
`combining one or more types of information that identify the user (such as an
`
`alphanumeric username or ID or login name or other identification phrase) with a
`
`dynamic, non-predictable, and time-dependent code. The customer 10 then
`
`provides that digital identity to the business 20. Id. at 5:13-27. The external-entity
`
`20 then attempts to authenticate the digital identity with the central-entity 30. If
`
`
`
`
`11
`
`KAMRANI 2010
`
`
`
`the digital identity is correct and unexpired, then the central-entity 30 authenticates
`
`the customer 10 to the business 20, after which the business 20 completes the
`
`electronic transaction. Id. at 5:23-43. After the authentication step the central-
`
`entity 30 may invalidate the digital identity such that it cannot be used for any
`
`other transaction. Id. at 6:7-13.
`
`VI. CLAIM CONSTRUCTION
`
` Central-Entity
`
`30. The Background section of the 432 Patent discloses:
`
`As used herein, a “Central-Entity” is any party [(i.e., any entity)] that
`
`has user’s personal and/or financial information, UserName, Password
`
`and generates dynamic, non-predictable and time dependable
`
`SecureCode for the user.
`
`Id. at 2:13-18 and 2:56-3:26.
`
`31. Using the broadest reasonable interpretation standard, a POSITA
`
`would not interpret the “central-entity,” as claimed, to have all of the particular
`
`information described in the above passage of the Background section. For
`
`example, the claims of the 432 Patent do not require “financial information.”
`
`Instead, for example, independent claim 1 recites, “user-specific information.”
`
`And, dependent claim 15 recites, “user information comprises one or more of the
`
`following: an alphanumeric name, an ID, a login name, and an identification
`
`phrase.” Thus, I believe that “central-entity” means “a party that has at least some
`
`
`
`
`12
`
`KAMRANI 2010
`
`
`
`of a user’s personal information, financial information, UserName, and/or
`
`Password, and generates a dynamic, non-predictable and time-dependent code for
`
`the user.”
`
`32. Additionally, using the broadest reasonable interpretation standard, a
`
`POSITA would interpret the claimed “central-entity” to include one or more
`
`computing systems. Each of independent claims 1, 25, 48, and 52 recite at least
`
`one “computer.” Claims 25 and 48 each recite more than one computer. For
`
`example, claim 25 recites:
`
`a first central-entity computer adapted to … generate a dynamic
`
`code for the user in response to a request during the electronic
`
`transaction, wherein the dynamic code is valid for a predefined time
`
`and becomes invalid after being used; and
`
`a second central-entity computer adapted to … validate a digital
`
`identity in response to an authentication request from the external-
`
`entity …
`
`
`33. A POSITA would understand that the Central-Entity 30 disclosed in
`
`the 432 Patent may include one or more computing devices. For example, FIG. 2
`
`(a portion of which is reproduced below for reference) illustrates the Central-Entity
`
`30 as including a computing device (e.g., a server connected to a user 10 and an
`
`External-Entity 20 via a communications network 50). See, also, FIG. 1. FIG. 2
`
`illustrates the computing system of the Central-Entity performing functions,
`
`
`
`
`13
`
`KAMRANI 2010
`
`
`
`including “Account Creation,” “SecureCode Generation,” and “Digital Identity
`
`Comparison.”
`
`
`
`
`
`34. A POSITA would understand that the functions of the “computing
`
`systems” recited in the claims of the 432 Patent, and disclosed in the 432 Patent,
`
`could be performed by separate computer software processes (e.g., a code
`
`generation process and a separate digital identity comparison process), or by
`
`separate computing devices (e.g., a random number generation device and a
`
`separate digital identity authentication device). Such functions could be combined
`
`into a single software application (e.g., one combined identification and
`
`authentication process) or into a single computer (e.g., one combined identification
`
`and authentication device).
`
`35. For the above reasons, when the term is given its broadest reasonable
`
`interpretation in light of the entire specification, I believe that “central-entity”
`
`means “a party comprising one or more computing devices, that has a user’s
`
`
`
`
`14
`
`KAMRANI 2010
`
`
`
`personal, financial, identification information, UserName, and/or Password, and
`
`that provides dynamic, non-predictable and time-dependent codes for the user.”
`
` Authenticating
`
`36. The purpose of authentication is to determine whether an individual
`
`actually is the individual that the individual purports to be. “Ideally, a secure
`
`identification and authorization system 1 would identify legitimate users 10 and
`
`unauthorized users 10. This would increase the user’s trust, which leads to more
`
`sales and cash flow for merchants/service providers. Id. at 4:48-52. Given its
`
`broadest reasonable interpretation in light of the entire specification, I believe that
`
`“authenticating” means “verifying the identity of a user.”
`
` Transaction
`
`37.
`
`In the Decision to Institute, the Board construed the term
`
`“transaction” as “a single electronic transaction between the user and the external
`
`entity.” Paper 14, pp. 24-25. However, a POSITA would understand that the term
`
`“single” in the Board’s construction of “transaction” is superfluous and
`
`unnecessarily confuses the meaning of the term because a transaction can involve
`
`more than one sub-transaction. For example, a POSITA would understand that
`
`transferring funds between accounts (e.g., a checking account and a savings
`
`account) would involve debiting a first account and crediting a second account.
`
`This funds transfer would be within the scope of the example illustrated, e.g., in
`
`
`
`
`15
`
`KAMRANI 2010
`
`
`
`FIG. 2 of the 432 Patent, in which the External-Entity 30 could be a bank
`
`performing a banking service for a user 10. See, e.g., Ex. 1001 at 2:23-26.
`
`Accordingly, I believe that “transaction” means “an electronic transaction between
`
`the user and the external entity.”
`
`D. During the Transaction
`
`38. While the 432 Patent does not explicitly define “during the
`
`transaction,” it does provide a description of a transaction in Ex. 1001 at FIGS. 2,
`
`4, 5, and 5:5-22. A transaction phase may begin when a user 10 attempts to access
`
`a restricted web site or attempts to buy services or products 110 of an External-
`
`Entity 20. Id. at 5:5-22. Thereafter, an authentication phase must be completed
`
`before the external-entity completes the attempted transaction. Id. at 5:23-41.
`
`According to my understanding of the 432 Patent, the External-Entity 20 must
`
`receive a message from the Central-Entity 30 approving the transaction based on a
`
`result of the authentication before completing the transaction phase. Id. Thus, I
`
`believe that the phrase “during the transaction” means “a period after the initiation
`
`of a transaction between a user and an external-entity and before the transaction is
`
`completed.”
`
`E. Dynamic Code
`
`39.
`
`In the 432 Patent, the claimed “dynamic code” corresponds to the
`
`disclosed “SecureCode.” For example, the 432 Patent states:
`
`
`
`
`16
`
`KAMRANI 2010
`
`
`
`The term “SecureCode” is used herein to denote any dynamic,
`
`non-predictable and time dependent alphanumeric code, secret
`
`code, PIN or other code, which may be broadcast to the user over
`
`a communication network, and may be used as part of a digital
`
`identity to identify a user as an authorized user. Ex. 1001 at 2:35-
`
`40.
`
`40.
`
`In its Decision, the Board construed the term “dynamic code” as “an
`
`alphanumeric code that is non-predictable and time dependent, which may be
`
`broadcast to the user over a communication network, and may be used as a part of
`
`a digital identity to identify a user as an authorized user.” Paper 14 at p. 18.
`
`However, the Board’s construction is not consistent with BRI because the 432
`
`Patent does not require that the SecureCode be alphanumeric. Rather, as evident in
`
`the passage above, it can also be “… a secret code, PIN or other code.”
`
`Additionally, the term “may be” in the above passage of the 432 Patent, as in “may
`
`be broadcast to the user over a communication network, and may be used as part of
`
`a digital identity to identify a user as an authorized user,” is optional language that
`
`does not limit the meaning of the term “dynamic code” when the term is given its
`
`broadest reasonable interpretation. Accordingly, I believe that the term “dynamic
`
`code” means “a code that is non-predictable and time-dependent.”
`
`VII. WRITTEN DESCRIPTION SUPPORT IN THE 129 PATENT
`
`41. To provide my opinions that the original disclosure of a prior-filed
`
`application no. 11/333,400 (“the 400 application”) provides written description
`
`
`
`
`17
`
`KAMRANI 2010
`
`
`
`support for the 432 Patent claims, I herein cite to the disclosure of the 129 Patent
`
`issued from the 400 application for convenience because the original disclosure of
`
`the 400 application is substantially identical to that of the 129 Patent.
`
`A. User vs. Individual
`
`42. The 129 Patent discloses the meaning of the term “individual” as:
`
`[B]roadly refer[ing] to a person, company or organization that has
`
`established a trusted relationship with a trusted-authenticator 30. Ex.
`
`2004 at 7:51-53.
`
`43. Thus the definition of “individual” is tied to a trusted relationship
`
`rather than to a single human. The “individual” may be a person, or a company, or
`
`an organization. Further, the 129 Patent discloses that an individual 10 can be,
`
`e.g., a customer 10 of a business 20, such as a website, car dealership or creditor.
`
`Id. at Abstract, 1:12-15, 3:25-28, 4:67-5:4, 7:54-58, 8:59-67, 9:1-12, and 11:24-31.
`
`44.
`
`In the 432 Patent:
`
`For convenience, the term “user” is used throughout to represent both
`
`a typical person consuming goods and services as well as a business
`
`consuming good and services. Ex. 1001 at 2:10-12.
`
`45. Thus, a POSITA would understand that the description of the
`
`individual 10 in the 129 Patent provides sufficient written description support for
`
`the “user” in the 432 Patent.
`
`
`
`
`18
`
`KAMRANI 2010
`
`
`
`B. Central-Entity vs. Trusted-Authenticator
`
`46. The Abstract of the 129 Patent discloses that “The proposed method
`
`enables businesses to determine whether the customer is truly the person who he
`
`says he is by adopting a new two-factor authentication technique and
`
`authenticating customer’s identity utilizing trusted authenticator.” As illustrated
`
`in, e.g., FIGS. 2a and 2b of the 129 Patent, the trusted-authenticator 30 includes at
`
`least one computing device. Also, according to my understanding, the trusted-
`
`authenticator 30 can be a bank or other financial institution. 129 Patent at 4:11-16.
`
`Therefore, the trusted-authenticator 30 possesses an individual’s 10 personal or
`
`financial information. And, because the trusted-authenticator 30 maintains the
`
`static key, it follows that the trusted-authenticator 30 possesses an individual’s 10
`
`password, name, UserName, SSN, alias, account number, customer number, etc.
`
`Id. at 6:45-67 and 8:4-12. Further, the actions illustrated in Figure 2a and
`
`described at lines 9:13-10:20 of the 129 Patent are mirrored by similar descriptions
`
`in the 432 Patent’s claim terms. Thus, a POSITA would understand that the
`
`trusted authenticator 30 of the 129 Patent provides sufficient written description
`
`support for the “central-entity” in the 432 Patent.
`
`C. External-Entity vs. Business
`
`47. The 129 Patent describes a “business” 20 as follows:
`
`
`
`
`19
`
`KAMRANI 2010
`
`
`
`Furthermore, as used herein, “business” 20 broadly refers to a
`
`company or organization (online or offline) that has established a
`
`trusted relationship with a trusted-authenticator 40 and that needs to
`
`authenticate the identity of the individual 10. Ex. 2004 at 7:54-58.
`
`48. As shown in Figures 2a and 2b, the business 20 is a party or entity
`
`that needs to authenticate an Individual’s 10 digital identity in an e-commerce
`
`transaction. From this description it is clear that the Business 20 of the 129 Patent
`
`performs substantially the same functionality as the “external-entity 20” of the 432
`
`Patent. For example, looking at the 129 Patent’s Figure 2a, the business 20 sends
`
`120 an authentication (request) message to trusted-authenticator 30 for
`
`authenticating a user 10 and receives 126 a confirmation or denial message in
`
`return; looking at the 432 Patent’s Figure 2, the external-entity 20 sends the
`
`central-entity 30 an authentication request at step “J” and receives a “valid” or
`
`“failed” authorization message in return. Thus, a POSITA would understand that
`
`the Business 20 of the 129 Patent provides sufficient written description support
`
`for the “external-entity” recited in the 432 Patent.
`
`D. During the Transaction
`
`49. While the 129 Patent does not explicitly state which functions occur
`
`“during the transaction” (as they are enumerated in the claims of the 432 Patent), a
`
`POSITA would reasonably conclude that the functions described in the 432 Patent
`
`are disclosed by the 129 Patent.
`
`
`
`
`20
`
`KAMRANI 2010
`
`
`
`50. Figure 2 of the 432 Patent discloses a process in which the central-
`
`entity 30 authenticates a user during a period of time before a transaction can be
`
`completed between the user 10 and external-entity 20. Figure 2a of the 129 Patent
`
`discloses that the trusted-authenticator 30 authenticates an individual 10 before a
`
`transaction can be completed between the individual 10 and the business 20.
`
`51. This process is detailed in the 129 Patent as shown in the table below.
`
`Actions to be performed before
`transaction can be completed
`
`Support in 129 Patent
`
`Business 20 requests validation of
`individual 10
`
`Figure 2a, step 110, 9:15-18
`
`Individual 10 requests dynamic key
`from trusted-authenticator 30
`
`Figure 2a, step 100, 9:19-22
`
`Trusted-authenticator 30 calculates a
`dynamic key, sends it to individual
`10, and retains copy
`
`Figure 2a, step 102, 9:23-25
`
`Individual 10 provides dynamic key
`and static key to business 20
`
`Figure 2a, step 112, 9:29-31
`
`Business 20 sends authentication
`(request) message to trusted-
`authenticator 30 to validate
`individual 10
`
`Trusted-authenticator 30
`authenticates individual 10 by
`comparing static and dynamic keys
`against stored copies
`
`Trusted-authenticator 30 sends a
`confirmation or denial message to
`business 20
`
`Figure 2a, step 120, 9:29-31
`
`Figure 2a, 9:29-31
`
`Figure 2a, step 125, 9:37-46
`
`
`
`
`21
`
`KAMRANI 2010
`
`
`
`
`
`52. Thus a POSITA would understand that the functions and actions
`
`described in the 432 Patent have adequate written description support from the 129
`
`Patent’s description of functions and actions occurring “during the transaction,” as
`
`shown in Figure 2a and lines 9:13-46.
`
`E. Dynamic Code vs. Dynamic Key
`
`53. The central-entity of the 432 Patent and the trusted-authenticator of
`
`the 129 Patent both generate dynamic codes (the same or similar to dynamic keys)
`
`as part of the trust-enforcement algorithm. The 432 Patent calls this dynamic code
`
`a “SecureCode” and describes it as being “any dynamic, non-predictable and time
`
`dependent alphanumeric code, secret code, PIN or other code … and may be used
`
`as part of a digital identity to identify a user as an authorized user.” Ex. 1001 at
`
`2:35-40. The 129 Patent describes the dynamic key as a SecureCode “which is a
`
`key or information that is variable and is provided to the individual 10 by the
`
`individual’s trusted-authenticator 30 at the time it is needed for authentication.
`
`The dynamic key is an alphanumeric code and will have a different value each
`
`time the individual 10 receives it from his/her trusted-authenticator 40 for
`
`authorization purposes. To increase security a dynamic key may have a non-
`
`repeating value, may be time dependent (valid for some period of time) and may be
`
`in encrypted format.” Ex. 2004 at 8:13-22. Accordingly, a POSITA would
`
`
`
`
`22
`
`KAMRANI 2010
`
`
`
`understand that the “dynamic key,” as disclosed in the 676 Patent, provides
`
`sufficient written description support for the claimed “dynamic code” of the 432
`
`Patent.
`
`F.
`
`Standard Interface
`
`54. Claim 19 of the 432 Patent recites, “said request is initiated by said
`
`user through a standard interface provided to said user.” The 432 does not define
`
`this term. It merely says, “a standard interface provided by the External-Entity 20,
`
`similar to what exists today …” Ex. 1001 at 5:5-9. It does, however, disclose
`
`communicating over the Internet and mentions using a Website. Similarly, the
`
`129 Patent describes: “An email would contain a link that takes the customer to an
`
`authentication screen on the trusted authenticator's website.” Ex. 2004 at 4:52-53.
`
`“When an individual is on a business's site (offline or online), for
`
`successful direct authentication, the business requires the individual to
`
`provide his/her static and dynamic keys. The individual requests a
`
`dynamic key from his/her trusted-authenticator (using any
`
`communication network such as Internet or wireless) …” Id. at 7:3-8.
`
`55.
`
`Internet communications use standard communication protocols
`
`(internet protocol or IP) and standard languages interpretable by browsers (e.g.,
`
`HTML) to render websites as computer-user interfaces. Thus, a POSITA would
`
`interpret “standard interface” to be a standard authentication screen at a website.
`
`
`
`
`23
`
`KAMRANI 2010
`
`
`
`G.
`
` Comparing
`
`56. Claim 2 of the 432 Patent recites, “comparing the combined dynamic
`
`code and user specific information with a rec
Accessing this document will incur an additional charge of $.
After purchase, you can access this document again without charge.
Accept $ Charge
Still Working On It
This document is taking longer than usual to download. This can happen if we need to contact the court directly to obtain the document and their servers are running slowly.
Give it another minute or two to complete, and then try the refresh button.
A few More Minutes ... Still Working
It can take up to 5 minutes for us to download a document if the court servers are running slowly.
Thank you for your continued patience.
This document could not be displayed.
We could not find this document within its docket. Please go back to the docket page and check the link. If that does not work, go back to the docket and refresh it to pull the newest information.
Your account does not support viewing this document.
You need a Paid Account to view this document. Click here to change your account type.
Your account does not support viewing this document.
Set your membership
status to view this document.
With a Docket Alarm membership, you'll
get a whole lot more, including:
- Up-to-date information for this case.
- Email alerts whenever there is an update.
- Full text search for other cases.
- Get email alerts whenever a new case matches your search.
One Moment Please
The filing “” is large (MB) and is being downloaded.
Please refresh this page in a few minutes to see if the filing has been downloaded. The filing will also be emailed to you when the download completes.
Your document is on its way!
If you do not receive the document in five minutes, contact support at support@docketalarm.com.
Sealed Document
We are unable to display this document, it may be under a court ordered seal.
If you have proper credentials to access the file, you may proceed directly to the court's system using your government issued username and password.
Access Government Site
