`
`BEFORE THE PATENT TRIAL AND APPEAL BOARD
`
`APPLE INC.,
`Petitioner,
`v.
`UNIVERSAL SECURE REGISTRY LLC,
`Patent Owner.
`_________________________________________
`Case CBM2018-00024
`U.S. Patent No. 8,577,813
`________________________________________
`
`DECLARATION OF ARI JUELS
`
`Apple 1226
`Apple v. USR
`CBM2018-00024
`
`
`
`Contents
`
`I. QUALIFICATIONS ........................................................................................... 1
`II. LEGAL PRINCIPLES ........................................................................................ 3
`A. Claim Construction ........................................................................................ 3
`B. Anticipation ................................................................................................... 4
`C. Obviousness ................................................................................................... 5
`D. Person of Ordinary Skill In The Art .............................................................. 9
`III. THE ’585 REFERENCE ................................................................................ 10
`A. Overview ..................................................................................................... 10
`B. The ’585 Reference Is Not Limited To One-Way Functions ...................... 17
`C. The ’585 Reference Discloses The Claimed Seed ...................................... 19
`IV. AVAILABILITY FOR CROSS-EXAMINATION ....................................... 23
`V. RIGHT TO SUPPLEMENT ............................................................................. 24
`VI.
`JURAT ............................................................................................................ 25
`
`
`
`
`i
`
`
`
`U.S. Patent No. 8,577,813
`Declaration in Support of Petitioner’s Reply
`
`I, Ari Juels, declare as follows:
`1.
`I have been retained by Apple Inc. (“Petitioner”) in connection with
`
`the above-captioned inter partes review proceeding.
`
`2.
`
`I am a named inventor of the International Patent Application
`
`Publication No. WO 2004/051585 (the “’585 reference,” which is also referred to
`
`elsewhere in this proceeding as the “Jakobsson” reference). I submit this
`
`Declaration to respond to the statements and opinions provided by Markus
`
`Jakobsson, my co-inventor on the ’585 reference and Patent Owner’s expert
`
`witness. In my opinion, Dr. Jakobsson has again grossly mischaracterized the ’585
`
`reference and interprets its teachings in a way that is inconsistent with the purpose,
`
`spirit, and words of the ’585 reference. In addition, his testimony includes
`
`numerous misleading and/or technically incorrect statements that I rebut in the
`
`following paragraphs.
`
`3.
`
`I am being compensated at my normal consulting rate for my work.
`
`My compensation is not dependent on the outcome of this proceeding or the related
`
`litigation, and does not affect the substance of my statements in this Declaration. I
`
`have no financial interest in Petitioner or the ’813 patent.
`
`I.
`
`QUALIFICATIONS
`4. My qualifications are detailed in my curriculum vitae, which is
`
`attached hereto as Appendix A. It includes my academic background, employment
`
`1
`
`
`
`U.S. Patent No. 8,577,813
`Declaration in Support of Petitioner’s Reply
`history, professional experience, and a list of patents and publications for which I
`
`am an inventor and/or author.
`
`5.
`
`I am a full professor at the Jacobs Technion-Cornell Institute at
`
`Cornell Tech, with an associated faculty appointment at Cornell University. I have
`
`been on the faculty at Cornell Tech and regularly taught master’s and Ph.D.-level
`
`courses since 2014. I am also a Co-Director of the Initiative for CryptoCurrencies
`
`and Contracts (IC3). I served previously as Chief Scientist at RSA, where I
`
`worked for over sixteen years. I received my Ph.D. in computer science from the
`
`University of California at Berkeley in 1996.
`
`6.
`
`I hold over 120 issued patents, and have published over 100 scholarly
`
`works in peer-reviewed venues. According to Google Scholar, my work has
`
`received over 30,000 citations; four of my papers are among the top hundred most
`
`cited in security. My notable awards over the past ten years include a 2nd-place
`
`prize at the EMC Innovation Showcase in 2011, NYU-Poly Applied Security paper
`
`awards (3rd and 2nd) in 2012 and 2013, my winning the Cisco Internet of Things
`
`Security Grand Challenge in 2014, a Google Faculty Research Award in 2015, an
`
`IBM Faculty Research Award in 2016, Distinguished Student Paper Awards in
`
`2015 and 2016 from IEEE S&P (a top-four international security conference), a
`
`faculty teaching award at Cornell Tech in 2018, and a test-of-time award in 2019
`
`2
`
`
`
`U.S. Patent No. 8,577,813
`Declaration in Support of Petitioner’s Reply
`from NDSS (a top-four international security conference, where I also gave the
`
`keynote talk in 2018).
`
`7.
`
`In preparing this Declaration, I have reviewed the following materials:
`
`• Petition (Paper 3) and the exhibits cited therein
`• U.S. Patent No. 8,577,813 (Ex-1101)
`• Patent Owner’s Preliminary Response (Paper 7) and the exhibits cited
`therein
`• Declaration of Markus Jakobsson In Support Of Patent Owner’s Preliminary
`Response (Ex-2001) and the exhibits cited therein
`• Patent Owner’s Response (Paper 20) and the exhibits cited therein
`• International Patent Application Publication No. WO 2004/051585 (the
`“’585 reference”) (Ex-1214)
`• Declaration of Markus Jakobsson In Support Of Patent Owner Response
`(Ex-2013) and the exhibits cited therein
`• Transcript of April 24, 2019 deposition of Markus Jakobsson (Ex-XXXX,
`Jakobsson-Dep.)
`II. LEGAL PRINCIPLES
`8.
`I am not an attorney. For purposes of this Declaration, I have been
`
`informed about certain aspects of the law that may be relevant to my analysis and
`
`opinions.
`
`A. Claim Construction
`9.
`I have been informed that claim construction is a matter of law and
`
`that the final claim construction will ultimately be determined by the Board.
`
`3
`
`
`
`U.S. Patent No. 8,577,813
`Declaration in Support of Petitioner’s Reply
`I have been informed that the claim terms for this IPR review should
`
`10.
`
`be given their broadest reasonable construction in light of the specification as
`
`commonly understood by a person of ordinary skill in the art (“POSITA”). I have
`
`applied this standard in my analysis. I have been informed that the broadest
`
`reasonable interpretation must be consistent with the ordinary and customary
`
`meaning of the term (unless the term has been given a special definition in the
`
`specification). I have also been informed and understand that the broadest
`
`reasonable interpretation must be consistent with the use of the claim term in the
`
`specification and drawings and must be consistent with the interpretation that those
`
`skilled in the art would reach.
`
`11.
`
`I have been informed and understand that under a broadest reasonable
`
`interpretation, words of the claim must be given their plain meaning, unless such
`
`meaning is inconsistent with the specification. The plain meaning of a term means
`
`the ordinary and customary meaning given to the term by those of ordinary skill in
`
`the art at the time of the invention.
`
`B. Anticipation
`12.
`I have been informed and understand that a patent claim is invalid as
`
`“anticipated” if each element of that claim is present either explicitly or inherently
`
`in a single prior art reference.
`
`4
`
`
`
`U.S. Patent No. 8,577,813
`Declaration in Support of Petitioner’s Reply
`I have been informed that, under the principle of inherency, a prior art
`
`13.
`
`reference may anticipate a claimed invention even if the reference does not
`
`expressly disclose every limitation of the later invention, so long as any limitation
`
`not expressly disclosed is necessarily present in the reference. I have also been
`
`informed that to be an inherent disclosure, the limitation must necessarily be
`
`contained in the prior art reference and the mere fact that the method or system
`
`described in the reference might possibly (or sometimes) practice or contain a
`
`claimed limitation is insufficient to establish that the reference inherently teaches
`
`the limitation.
`
`14.
`
`I have been informed that material not explicitly contained in a single,
`
`prior art document may still be considered for purposes of anticipation if that
`
`material is incorporated by reference into the prior art document.
`
`15.
`
`I have also been informed and understand that a prior art reference is
`
`considered enabling when the reference permits a POSITA to make and use the
`
`disclosed technology without having to conduct undue experimentation. However,
`
`some amount of experimentation to make and use the invention is allowable.
`
`C. Obviousness
`16.
`I have been informed and understand that a patent claim can be
`
`considered to have been obvious to a POSITA at the time the application was filed.
`
`This means that, even if all the requirements of a claim are not found in a single
`
`5
`
`
`
`U.S. Patent No. 8,577,813
`Declaration in Support of Petitioner’s Reply
`prior art reference, the claim is not patentable if the differences between the subject
`
`matter in the prior art and the subject matter in the claim would have been obvious
`
`to a POSITA at the time the application was filed.
`
`17.
`
`I have been informed and understand that a determination of whether
`
`a claim would have been obvious should be based upon several factors, including,
`
`among others:
`
`• the level of ordinary skill in the art at the time the application was
`
`filed;
`• the scope and content of the prior art; and
`• what differences, if any, existed between the claimed invention and
`
`the prior art.
`
`18.
`
`I have been informed and understand that the teachings of two or
`
`more references may be combined in the same way as disclosed in the claims, if
`
`such a combination would have been obvious to a POSITA. In determining
`
`whether a combination based on either a single reference or multiple references
`
`would have been obvious, it is appropriate to consider, among other factors:
`
`• whether the teachings of the prior art references disclose known
`
`concepts combined in familiar ways, and when combined, would yield
`
`predictable results;
`
`6
`
`
`
`U.S. Patent No. 8,577,813
`Declaration in Support of Petitioner’s Reply
`• whether a POSITA could implement a predictable variation, and
`
`would see the benefit of doing so;
`• whether the claimed elements represent one of a limited number of
`
`known design choices, and would have a reasonable expectation of
`
`success by those skilled in the art;
`• whether a POSITA would have recognized a reason to combine
`
`known elements in the manner described in the claim;
`• whether there is some teaching or suggestion in the prior art to make
`
`the modification or combination of elements claimed in the patent;
`
`and
`• whether the innovation applies a known technique that had been used
`
`to improve a similar device or method in a similar way.
`
`19.
`
`I have been informed and understand that a POSITA has ordinary
`
`creativity, and is not an automaton.
`
`20.
`
`I have been informed and understand that in considering obviousness,
`
`it is important not to determine obviousness using the benefit of hindsight derived
`
`from the patent being considered.
`
`21.
`
`I have been informed and understand that certain factors may support
`
`or rebut the obviousness of a claim. I understand that such secondary
`
`considerations include, among other things, commercial success of the patented
`
`7
`
`
`
`U.S. Patent No. 8,577,813
`Declaration in Support of Petitioner’s Reply
`invention, skepticism of those having ordinary skill in the art at the time of
`
`invention, unexpected results of the invention, any long-felt but unsolved need in
`
`the art that was satisfied by the alleged invention, the failure of others to make the
`
`alleged invention, praise of the alleged invention by those having ordinary skill in
`
`the art, and copying of the alleged invention by others in the field. I understand
`
`that there must be a nexus, that is, a connection, between any such secondary
`
`considerations and the alleged invention. I also understand that contemporaneous
`
`and independent invention by others is a secondary consideration tending to show
`
`obviousness.
`
`22.
`
`I have been informed and understand that a claim would have been
`
`obvious if it unites old elements with no change to their respective functions, or
`
`alters prior art by mere substitution of one element for another known in the field,
`
`and that combination yields predictable results. Also, I understand that
`
`obviousness does not require physical combination/bodily incorporation, but rather
`
`consideration of what the combined teachings would have suggested to persons of
`
`ordinary skill in the art at the time of the alleged invention.
`
`23.
`
`I have been informed and understand that while it may be helpful to
`
`identify a reason for this combination, there is no rigid requirement of finding an
`
`express teaching, suggestion, or motivation to combine within the references.
`
`When a product is available, design incentives and other market forces can prompt
`
`8
`
`
`
`U.S. Patent No. 8,577,813
`Declaration in Support of Petitioner’s Reply
`variations of it, either in the same field or a different one. If a person of ordinary
`
`skill in the art can implement a predictable variation, obviousness likely bars its
`
`patentability. For the same reason, if a technique has been used to improve one
`
`device and a person of ordinary skill in the art would recognize that it would
`
`improve similar devices in the same way, using the technique would have been
`
`obvious. I understand that a claim would have been obvious if a person of
`
`ordinary skill in the art would have had reason to combine multiple prior art
`
`references or add missing features to reproduce the alleged invention recited in the
`
`claims.
`
`D.
`24.
`
`Person of Ordinary Skill In The Art
`I have been informed that a POSITA is a hypothetical person to whom
`
`an expert in the relevant field could assign a routine task with reasonable
`
`confidence that the task would be successfully carried out. I understand that the
`
`level of ordinary skill may be reflected by the prior art of record, and that a person
`
`of ordinary skill in the art to which the claimed subject matter pertains would have
`
`the capability of understanding the scientific and engineering principles applicable
`
`to the pertinent art. I understand that one of ordinary skill in the art has ordinary
`
`creativity, and is not an automaton robot.
`
`25.
`
`I understand there are multiple factors relevant to determining the
`
`level of ordinary skill in the art, including: (1) the levels of education and
`
`9
`
`
`
`U.S. Patent No. 8,577,813
`Declaration in Support of Petitioner’s Reply
`experience of persons working in the field at the time of the invention; (2) the
`
`sophistication of the technology; (3) the types of problems encountered in the field;
`
`and (4) the prior art solutions to those problems
`
`26. At the time the ’813 patent was effectively filed, a POSITA would
`
`have had a Bachelor’s Degree in electrical engineering, computer science, or a
`
`related scientific field. A POSITA would also have approximately two years of
`
`work experience in the computer science field or a related scientific field such as
`
`operating systems, database management, encryption, security algorithms, and
`
`secure transaction systems. However, additional education could substitute for less
`
`work experience and vice versa.
`
`27. Based on my experience, I have an understanding of the capabilities
`
`of a person of ordinary skill in the relevant field. I have supervised and directed
`
`many such persons over the course of my career. Further, I had at least those
`
`capabilities myself at the time the patent was filed.
`
`III. THE ’585 REFERENCE
`A. Overview
`28.
`I am a named inventor of the ’585 reference.
`
`29. The ’585 reference is titled “Identity Authentication System and
`
`Method,” and discloses a variety of systems and methods for authenticating a user
`
`for a variety of applications. Specifically, it describes means by which what are
`
`10
`
`
`
`U.S. Patent No. 8,577,813
`Declaration in Support of Petitioner’s Reply
`referred to as event states may be transmitted to a receiver through embedding in
`
`authentication codes. Event states, which is information about the state of the
`
`device associated with the occurrence or non-occurrence of an event, are, broadly
`
`speaking, data that usefully informs the process of authenticating users. They can
`
`include anything from reports on token tampering to biometric authentication
`
`results. The benefit of embedding event states in authentication codes is that the
`
`event states can provide context for these codes and/or supplement them with
`
`additional authentication information that can lead to higher-fidelity user
`
`authentication. In the exemplary embodiment disclosed in Figure 1, the ’585
`
`reference discloses a user 110 using user authentication device 120 can
`
`communicate with a verifier 105.
`
`Ex-1214, ’585 reference, Fig. 1.
`
`
`
`11
`
`
`
`U.S. Patent No. 8,577,813
`Declaration in Support of Petitioner’s Reply
`30. The ’585 reference discloses that the user can be authenticated at the
`
`user authentication device 120 (i.e., a “local authentication”). See Ex-1214, ’585
`
`reference, [0059] (“a first authentication of user 110 is performed by the user
`
`authentication device 120 based on information supplied to the authentication
`
`device 120 by the user 110”). This local authentication is usually performed by
`
`comparing a value received from the user with a value stored by the user
`
`authentication device 120. These values can comprise PINs, passwords, or
`
`biometric information. Id. (“the information supplied by the user may be a PIN, a
`
`password or biometric information”).
`
`31. The ’585 reference also discloses various methods for authenticating
`
`the user with the verifier 105 (i.e., a “remote authentication”). These methods
`
`generally involve generating an authentication code using the user authentication
`
`device 120 that is sent to the verifier. The verifier validates the authentication code
`
`generated by the user authentication device 120 to authenticate the user 110. As
`
`illustrated in Figure 2, the ’585 reference discloses that the user authentication
`
`device 120 uses a number of different algorithms performed by the combination
`
`function 230 to generate an authentication code.
`
`12
`
`
`
`U.S. Patent No. 8,577,813
`Declaration in Support of Petitioner’s Reply
`
`Ex-1214, ’585 reference, Fig. 2.
`
`
`
`32. As shown in Figure 2, the combination function combines various
`
`inputs to generate an authentication code. Ex-1214, ’585 reference, [0060]
`
`(“various values are combined by a combination function 230 to generate an
`
`authentication code”). These values include “device secret (K) associated with the
`
`user authentication device 120, a dynamic, time-varying value (T) generated by the
`
`user authentication device 120, and an event state (E) representing the occurrence
`
`of one or more events.” Id. The user authentication device 120 can also use
`
`various forms of user data called “User Data (P)” as an input to the combination
`
`function 230. Id., [0072] (“User data (P) can also be provided as input to the
`
`combination function 230.”). User Data (P) includes PINs, passwords, and
`
`biometric information. Id. (“The user data (P) is a unit of information such as an
`
`alphanumeric character string, or a strictly numerical value, for example a personal
`
`identification number (PIN) or password. In one embodiment, the user data (P) is
`
`13
`
`
`
`U.S. Patent No. 8,577,813
`Declaration in Support of Petitioner’s Reply
`information uniquely associated with the user 110. The user data (P) can also be
`
`obtained by biometric measurement or observation.”).
`
`33. The combination function 230 combines input values using a variety
`
`of algorithms. For example, the combination function 230 can generate an
`
`authentication code by arithmetically adding inputs. Ex-1214, ’585 reference,
`
`[0058] (“user authentication device 120 generates an authentication code by
`
`arithmetically combining a secret stored by the user authentication device 120 and
`
`a user-supplied PIN”). In some embodiments, the combination function can use a
`
`one-way function1 to combine the input values. Id., [0071] (“For example, in one
`
`simplistic embodiment, a one-way function such as a hash function, is applied to
`
`the values (K, T, E), and the result truncated to the right length, in order to arrive at
`
`a resulting authentication code.”). In still other embodiments, the combination
`
`function can generate an authentication code by “prepending or appending” inputs,
`
`or combining inputs “using a block cipher or other one-way function, or other
`
`algorithm, or a combination of these and other techniques that combine two or
`
`
`1 As the ’585 reference explains, a one-way function is “a mathematical function
`
`that maps a universe of input values to a universe of output values in such a way
`
`that knowledge of the output of the function does not allow one to reconstruct the
`
`input provided.” Ex-1214, ’585 reference, [0071].
`
`14
`
`
`
`U.S. Patent No. 8,577,813
`Declaration in Support of Petitioner’s Reply
`more input values together.” Id., [0073], [0093]. Prepending or appending can
`
`consist of concatenating bits that represent each of the various inputs together such
`
`that the end of a string of bits that represents one input is adjacent to the beginning
`
`of a string of bits that represents a second input.
`
`34. Once the authentication code is generated, it is generally transmitted
`
`to the verifier 105 to conduct a remote authentication. This remote authentication
`
`can also occur in multiple ways. In one embodiment, “the verifier 105 performs an
`
`algorithmic calculation on a received authentication code that ‘reverses’ some or
`
`all of an algorithmic calculation performed by the user authentication device 120.”
`
`Ex-1214, ’585 reference, [0058]. In this example, the “verifier 105 compares the
`
`result … to the value of the secret stored on the user's authentication device 120, or
`
`to the value that should have been generated at that time by the device 120. . . . If
`
`they match, the user is authenticated. If they do not match, user authentication
`
`fails.” Id.
`
`35. The remote authentication can also be conducted in other ways. In
`
`one example, the authentication code is encrypted by the user authentication device
`
`and decrypted by the verifier 105. Id. (“In some embodiments the verifier 105
`
`decrypts a value encrypted by the user authentication device 120 using symmetric
`
`key encryption or asymmetric encryption techniques, such as public key
`
`encryption.”). In some examples, the verifier 105 calculates a series of
`
`15
`
`
`
`U.S. Patent No. 8,577,813
`Declaration in Support of Petitioner’s Reply
`authentication codes depending on the possible authentication codes generated by
`
`the user authentication device 120. Id. (“In some embodiments, the verifier 105
`
`also calculates the authentication code with an input that indicates whether one or
`
`more events have occurred.”); id., [0050] (“In some embodiments, the verifier can
`
`determine authentication codes for a number of possible events and event states
`
`such that a number of authentication codes that can successfully authenticate the
`
`user 110 are possible.”). In this example, the verifier 105 “compares the
`
`authentication information received over communications channel 170 and the
`
`authentication information generated by the verifier 105 to determine whether any
`
`match.” Ex-1214, ’585 reference, [0050]; see also id. (“In further embodiments,
`
`where a plurality of authentication codes that can successfully verify the user 110
`
`are possible, the verifier 105 first determines an expected authentication code for
`
`an expected event state, and if the verifier receives a different authentication code,
`
`determines and compares authentication codes for other possible event states
`
`before indicating whether the authentication device has been successfully
`
`verified.”).
`
`36. Following a remote authentication attempt, the verifier “can
`
`communicate positive or negative acknowledgement . . . to the device 120 or
`
`directly to the user” to indicate a successful or failed authentication attempt. Ex-
`
`1214, ’585 reference at [0050].
`
`16
`
`
`
`U.S. Patent No. 8,577,813
`Declaration in Support of Petitioner’s Reply
`B.
`The ’585 Reference Is Not Limited To One-Way Functions
`37. Dr. Jakobsson testified that the ’585 reference stands in “direct
`
`contrast” to a system that uses encryption and decryption to protect user
`
`information and insists that “there is no decryption” in the ’585 reference. Ex-
`
`2011, Jakobsson-Decl., ¶82. I disagree. This testimony is simply not credible
`
`because the ’585 reference repeatedly discloses that encryption and decryption are
`
`used in connection with creating and verifying authentication codes. Ex-1214,
`
`’585 reference, [0058], [0072].
`
`38. Dr. Jakobsson also testified that the ’585 reference “utilizes a one-way
`
`function for user protection,” but as discussed above, the ’585 reference discloses
`
`many examples of authentication techniques and a number of algorithms that can
`
`be used by the combination function 230 to generate an authentication code. The
`
`’585 reference does not require the use of one-way functions to create an
`
`authentication code and discloses examples that do not use one-way functions. For
`
`example, in [0058], the ’585 reference discloses that the user authentication device
`
`120 generates an authentication code by arithmetically combining a secret stored
`
`by the user authentication device 120 and a user-supplied PIN. When the verifier
`
`receives the authentication code described in [0058], the verifier decrypts the
`
`authentication code and then compares the result of the decryption with a stored
`
`secret to authenticate it. This example uses an encrypt-decrypt model where an
`
`17
`
`
`
`U.S. Patent No. 8,577,813
`Declaration in Support of Petitioner’s Reply
`authentication code is created, encrypted, sent to the verifier, decrypted and then
`
`verified (i.e., an “encrypt and decrypt” model). It does not involve any hash
`
`function or any other one-way functions. In contrast to the encrypt and decrypt
`
`model described in [0058], other examples in the ’585 reference disclose using a
`
`hash function to create an authentication code. These examples are different from
`
`the encrypt and decrypt model because an authentication code is created, processed
`
`using a hash function, and transmitted to the verifier, which creates its own
`
`authentication code. The verifier processes the authentication code it created using
`
`a hash function, and then compares the two hashed authentication codes to
`
`authenticate the user (i.e., a “hash and compare” model).
`
`39.
`
`In other examples, the ’585 reference discloses the use of asymmetric
`
`encryption techniques to authenticate the user. Ex-1214, ’585 reference, [0058]
`
`(“In some embodiments the verifier 105 decrypts a value encrypted by the user
`
`authentication device 120 using symmetric key encryption or asymmetric
`
`encryption techniques, such as public key encryption.”). A POSITA would have
`
`understood that the use of asymmetric encryption would obviate the need for use of
`
`one-way functions in the combination function. Use of a one-way function in a
`
`combination function serves to incorporate event states into a token emission in a
`
`cryptographically concealed form. Asymmetric encryption also accomplishes this
`
`goal. In fact, it provides stronger security than a one-way function, in the sense
`
`18
`
`
`
`U.S. Patent No. 8,577,813
`Declaration in Support of Petitioner’s Reply
`that it can achieve forward security, meaning that an adversary that compromises a
`
`token and learns its stored keys cannot determine the plaintext associated with an
`
`asymmetric ciphertext. In contrast, such an adversary can extract low-entropy data
`
`input to a one-way function, and indeed, in a setting where a one-way function
`
`alone is used, the adversary possesses knowledge equivalent to that of the verifier.
`
`A POSITA would therefore prefer use of asymmetric encryption where feasible.
`
`Asymmetric ciphertexts are longer than typical passcodes, and thus feasible only
`
`where wireless transmission of token data is supported. This is an option that the
`
`‘585 reference explicitly teaches as a possible embodiment.
`
`40. The ’585 reference never specifies that one-way functions are critical
`
`to the disclosure of the reference because one-way functions are not required, but
`
`are instead exemplary techniques (as are the prepending, appending, and
`
`asymmetric encryption techniques).
`
`C. The ’585 Reference Discloses The Claimed Seed
`41. Dr. Jakobsson testified that “it makes no sense to call authentication
`
`code 290” a seed because “[t]here is no other use of this value – ever.” Ex-2011,
`
`Jakobsson-Decl., ¶¶98-100 (“it makes no sense to call authentication code 290, i.e.,
`
`the output of Jakobsson’s combination function, a seed. Indeed, the Petition uses
`
`this output of the combination function only as an input to another application of
`
`the same combination function.”). I disagree.
`
`19
`
`
`
`U.S. Patent No. 8,577,813
`Declaration in Support of Petitioner’s Reply
`42. The term “seed” denotes in the literature on cryptography a secret
`
`value that is provided as input to a cryptographic operation, such as a pseudo-
`
`random function, whose goal is to generate unpredictable outputs. Consistent with
`
`this definition, the term may also refer to a secret value used generate the codes
`
`produced by an authentication device, such as RSA SecurID. The ’813 patent
`
`specification uses the term “seed” in this sense.
`
`43. The ’813 patent specification includes only two paragraphs that use
`
`the term “seed” and they describe a construct whereby a seed is a combination of
`
`input values that are used to create an authentication code. See Ex-1201, ’813
`
`patent, 46:46-67 (“any two of the PIN, the biometric information, the electronic
`
`serial number, a discrete code associated with the device and the identifying
`
`information concerning the selected account are employed to generate a seed from
`
`which further authentication information is generated, for example, to generate a
`
`seed from which a non-predictable value can be generated by the user device 352.
`
`…In accordance with another embodiment, all four of the PIN, the biometric
`
`information, the electronic serial number and the identifying information
`
`concerning the selected account are employed to generate the seed.”) (emphases
`
`added).
`
`44.
`
`It is my opinion that the ʼ585 patent specification teaches the
`
`generation of a value that corresponds to a seed as disclosed in the ’813 patent
`
`20
`
`
`
`U.S. Patent No. 8,577,813
`Declaration in Support of Petitioner’s Reply
`specification. For example, [0073] of the ’585 patent specification discloses
`
`authentication code generation in a manner that is multi-stage or recursive. Ex-
`
`1214, ’585 reference, [0073] (“In one particular embodiment, the user
`
`authentication device 120 first combines (K, T, E) to generate an authentication
`
`code A (K, T, E) 291 as described above. The combination function 230 then
`
`combines the generated authentication code 291 with the PIN (P) to generate an
`
`authentication code 292 that is a function of (K, T, E, P).”). Additionally, it
`
`explicitly notes that generation can involve use of these values in any order. Ex-
`
`1214, ’585 reference, [0073] (“The combination function 230 can combine these
`
`values (K, T, E, P) in any order (and with other values not mentioned) to generate
`
`the authentication code 292.”).
`
`45. Consequently, the ’585 patent specification teachings include, for
`
`example, a computation in which a first authentication code is generated by
`
`combining K, E, and P and said first authentication code is then combined by the
`
`combination function 230 with T to generate a second authentication code 292 that
`
`is subsequently transmitted to the verifier. In such an embodiment, the first
`
`authentication code is consistent with a seed that includes “any two o