UNITED STATES PATENT AND TRADEMARK OFFICE
`
`BEFORE THE PATENT TRIAL AND APPEAL BOARD
`
`APPLE INC.,
`Petitioner,
`v.
`UNIVERSAL SECURE REGISTRY LLC,
`Patent Owner.
`_________________________________________
`Case CBM2018-00025
`U.S. Patent No. 8,577,813
`________________________________________
`
`DECLARATION OF ARI JUELS
`
`Apple 1126
`Apple v. USR
`CBM2018-00025
`
`
`
`BEFORE THE PATENT TRIAL AND APPEAL BOARD
`
`APPLE INC.,
`Petitioner,
`v.
`UNIVERSAL SECURE REGISTRY LLC,
`Patent Owner.
`_________________________________________
`Case CBM2018-00025
`U.S. Patent No. 8,577,813
`________________________________________
`
`DECLARATION OF ARI JUELS
`
`Apple 1126
`Apple v. USR
`CBM2018-00025
`
`
`
`Contents
`
`U.S. Patent No. 8,577,813
`Declaration in Support of Petitioner’s Reply
`
`I. QUALIFICATIONS ....................................................................................... 1
`II. LEGAL PRINCIPLES .................................................................................... 3
`A. Claim Construction.................................................................................... 3
`B. Anticipation............................................................................................... 4
`C. Obviousness .............................................................................................. 5
`D. Person of Ordinary Skill In The Art........................................................... 9
`III. THE ’585 REFERENCE .............................................................................10
`A. Overview ..................................................................................................10
`B. The ’585 Reference Discloses An Authentication System For Financial
`Transactions ......................................................................................................17
`C. The Communication Terminal 140 Is A Point-Of-Sale Device .................19
`D. Disabling The First Device Is Compatible With The Event States Of The
`’585 Reference ..................................................................................................20
`E. The ’585 Reference Discloses An Authentication Code That Allows The
`Identification Of A User (POR, 75-77)..............................................................21
`F. The ’585 Reference Discloses The Claimed Seed........................................22
`IV. AVAILABILITY FOR CROSS-EXAMINATION......................................25
`V. RIGHT TO SUPPLEMENT...........................................................................25
`VI.
`JURAT ........................................................................................................26
`
`i
`
`
`
`U.S. Patent No. 8,577,813
`Declaration in Support of Petitioner’s Reply
`
`I, Ari Juels, declare as follows:
`1.
`I have been retained by Apple Inc. (“Petitioner”) in connection with
`
`the above-captioned inter partes review proceeding.
`
`2.
`
`I am a named inventor of the International Patent Application
`
`Publication No. WO 2004/051585 (the “’585 reference,” which is also referred to
`
`elsewhere in this proceeding as the “Jakobsson” reference). I submit this
`
`Declaration to respond to the statements and opinions provided by Markus
`
`Jakobsson, my co-inventor on the ’585 reference and Patent Owner’s expert
`
`witness. In my opinion, Dr. Jakobsson has again grossly mischaracterized the ’585
`
`reference and interprets its teachings in a way that is inconsistent with the purpose,
`
`spirit, and words of the ’585 reference. In addition, his testimony includes
`
`numerous misleading and/or technically incorrect statements that I rebut in the
`
`following paragraphs.
`
`3.
`
`I am being compensated at my normal consulting rate for my work.
`
`My compensation is not dependent on the outcome of this proceeding or the related
`
`litigation, and does not affect the substance of my statements in this Declaration. I
`
`have no financial interest in Petitioner or the ’813 patent.
`
`I.
`
`QUALIFICATIONS
`4.
`My qualifications are detailed in my curriculum vitae, which is
`
`attached hereto as Appendix A. It includes my academic background, employment
`
`1
`
`
`
`U.S. Patent No. 8,577,813
`Declaration in Support of Petitioner’s Reply
`history, professional experience, and a list of patents and publications for which I
`
`am an inventor and/or author.
`
`5.
`
`I am a full professor at the Jacobs Technion-Cornell Institute at
`
`Cornell Tech, with an associated faculty appointment at Cornell University. I have
`
`been on the faculty at Cornell Tech and regularly taught master’s and Ph.D.-level
`
`courses since 2014. I am also a Co-Director of the Initiative for CryptoCurrencies
`
`and Contracts (IC3). I served previously as Chief Scientist at RSA, where I
`
`worked for over sixteen years. I received my Ph.D. in computer science from the
`
`University of California at Berkeley in 1996.
`
`6.
`
`I hold over 120 issued patents, and have published over 100 scholarly
`
`works in peer-reviewed venues. According to Google Scholar, my work has
`
`received over 30,000 citations; four of my papers are among the top hundred most
`
`cited in security. My notable awards over the past ten years include a 2nd-place
`
`prize at the EMC Innovation Showcase in 2011, NYU-Poly Applied Security paper
`
`awards (3rd and 2nd) in 2012 and 2013, my winning the Cisco Internet of Things
`
`Security Grand Challenge in 2014, a Google Faculty Research Award in 2015, an
`
`IBM Faculty Research Award in 2016, Distinguished Student Paper Awards in
`
`2015 and 2016 from IEEE S&P (a top-four international security conference), a
`
`faculty teaching award at Cornell Tech in 2018, and a test-of-time award in 2019
`
`2
`
`
`
`U.S. Patent No. 8,577,813
`Declaration in Support of Petitioner’s Reply
`from NDSS (a top-four international security conference, where I also gave the
`
`keynote talk in 2018).
`
`7.
`
`In preparing this Declaration, I have reviewed the following materials:
`
`(cid:120) Petition (Paper 3) and the exhibits cited therein
`
`(cid:120) U.S. Patent No. 8,577,813 (Ex-1101)
`
`(cid:120) Patent Owner’s Preliminary Response (Paper 7) and the exhibits cited
`therein
`
`(cid:120) Declaration of Markus Jakobsson In Support Of Patent Owner’s Preliminary
`Response (Ex-2001) and the exhibits cited therein
`
`(cid:120) Patent Owner’s Response (Paper 20) and the exhibits cited therein
`
`(cid:120) International Patent Application Publication No. WO 2004/051585 (the
`“’585 reference”) (Ex-1115)
`
`(cid:120) Declaration of Markus Jakobsson In Support Of Patent Owner Response
`(Ex-2013) and the exhibits cited therein
`
`(cid:120) Transcript of April 24, 2019 deposition of Markus Jakobsson (Ex-1127,
`Jakobsson-Dep.)
`LEGAL PRINCIPLES
`8.
`I am not an attorney. For purposes of this Declaration, I have been
`
`II.
`
`informed about certain aspects of the law that may be relevant to my analysis and
`
`opinions.
`
`A.
`9.
`
`Claim Construction
`I have been informed that claim construction is a matter of law and
`
`that the final claim construction will ultimately be determined by the Board.
`
`3
`
`
`
`U.S. Patent No. 8,577,813
`Declaration in Support of Petitioner’s Reply
`I have been informed that the claim terms for this IPR review should
`
`10.
`
`be given their broadest reasonable construction in light of the specification as
`
`commonly understood by a person of ordinary skill in the art (“POSITA”). I have
`
`applied this standard in my analysis. I have been informed that the broadest
`
`reasonable interpretation must be consistent with the ordinary and customary
`
`meaning of the term (unless the term has been given a special definition in the
`
`specification). I have also been informed and understand that the broadest
`
`reasonable interpretation must be consistent with the use of the claim term in the
`
`specification and drawings and must be consistent with the interpretation that those
`
`skilled in the art would reach.
`
`11.
`
`I have been informed and understand that under a broadest reasonable
`
`interpretation, words of the claim must be given their plain meaning, unless such
`
`meaning is inconsistent with the specification. The plain meaning of a term means
`
`the ordinary and customary meaning given to the term by those of ordinary skill in
`
`the art at the time of the invention.
`
`B.
`12.
`
`Anticipation
`I have been informed and understand that a patent claim is invalid as
`
`“anticipated” if each element of that claim is present either explicitly or inherently
`
`in a single prior art reference.
`
`4
`
`
`
`U.S. Patent No. 8,577,813
`Declaration in Support of Petitioner’s Reply
`I have been informed that, under the principle of inherency, a prior art
`
`13.
`
`reference may anticipate a claimed invention even if the reference does not
`
`expressly disclose every limitation of the later invention, so long as any limitation
`
`not expressly disclosed is necessarily present in the reference. I have also been
`
`informed that to be an inherent disclosure, the limitation must necessarily be
`
`contained in the prior art reference and the mere fact that the method or system
`
`described in the reference might possibly (or sometimes) practice or contain a
`
`claimed limitation is insufficient to establish that the reference inherently teaches
`
`the limitation.
`
`14.
`
`I have been informed that material not explicitly contained in a single,
`
`prior art document may still be considered for purposes of anticipation if that
`
`material is incorporated by reference into the prior art document.
`
`15.
`
`I have also been informed and understand that a prior art reference is
`
`considered enabling when the reference permits a POSITA to make and use the
`
`disclosed technology without having to conduct undue experimentation. However,
`
`some amount of experimentation to make and use the invention is allowable.
`
`C.
`16.
`
`Obviousness
`I have been informed and understand that a patent claim can be
`
`considered to have been obvious to a POSITA at the time the application was filed.
`
`This means that, even if all the requirements of a claim are not found in a single
`
`5
`
`
`
`U.S. Patent No. 8,577,813
`Declaration in Support of Petitioner’s Reply
`prior art reference, the claim is not patentable if the differences between the subject
`
`matter in the prior art and the subject matter in the claim would have been obvious
`
`to a POSITA at the time the application was filed.
`
`17.
`
`I have been informed and understand that a determination of whether
`
`a claim would have been obvious should be based upon several factors, including,
`
`among others:
`
`(cid:120) the level of ordinary skill in the art at the time the application was
`
`filed;
`
`(cid:120) the scope and content of the prior art; and
`
`(cid:120) what differences, if any, existed between the claimed invention and
`
`the prior art.
`
`18.
`
`I have been informed and understand that the teachings of two or
`
`more references may be combined in the same way as disclosed in the claims, if
`
`such a combination would have been obvious to a POSITA. In determining
`
`whether a combination based on either a single reference or multiple references
`
`would have been obvious, it is appropriate to consider, among other factors:
`
`(cid:120) whether the teachings of the prior art references disclose known
`
`concepts combined in familiar ways, and when combined, would yield
`
`predictable results;
`
`6
`
`
`
`U.S. Patent No. 8,577,813
`Declaration in Support of Petitioner’s Reply
`
`(cid:120) whether a POSITA could implement a predictable variation, and
`
`would see the benefit of doing so;
`
`(cid:120) whether the claimed elements represent one of a limited number of
`
`known design choices, and would have a reasonable expectation of
`
`success by those skilled in the art;
`
`(cid:120) whether a POSITA would have recognized a reason to combine
`
`known elements in the manner described in the claim;
`
`(cid:120) whether there is some teaching or suggestion in the prior art to make
`
`the modification or combination of elements claimed in the patent;
`
`and
`
`(cid:120) whether the innovation applies a known technique that had been used
`
`to improve a similar device or method in a similar way.
`
`19.
`
`I have been informed and understand that a POSITA has ordinary
`
`creativity, and is not an automaton.
`
`20.
`
`I have been informed and understand that in considering obviousness,
`
`it is important not to determine obviousness using the benefit of hindsight derived
`
`from the patent being considered.
`
`21.
`
`I have been informed and understand that certain factors may support
`
`or rebut the obviousness of a claim. I understand that such secondary
`
`considerations include, among other things, commercial success of the patented
`
`7
`
`
`
`U.S. Patent No. 8,577,813
`Declaration in Support of Petitioner’s Reply
`invention, skepticism of those having ordinary skill in the art at the time of
`
`invention, unexpected results of the invention, any long-felt but unsolved need in
`
`the art that was satisfied by the alleged invention, the failure of others to make the
`
`alleged invention, praise of the alleged invention by those having ordinary skill in
`
`the art, and copying of the alleged invention by others in the field. I understand
`
`that there must be a nexus, that is, a connection, between any such secondary
`
`considerations and the alleged invention. I also understand that contemporaneous
`
`and independent invention by others is a secondary consideration tending to show
`
`obviousness.
`
`22.
`
`I have been informed and understand that a claim would have been
`
`obvious if it unites old elements with no change to their respective functions, or
`
`alters prior art by mere substitution of one element for another known in the field,
`
`and that combination yields predictable results. Also, I understand that
`
`obviousness does not require physical combination/bodily incorporation, but rather
`
`consideration of what the combined teachings would have suggested to persons of
`
`ordinary skill in the art at the time of the alleged invention.
`
`23.
`
`I have been informed and understand that while it may be helpful to
`
`identify a reason for this combination, there is no rigid requirement of finding an
`
`express teaching, suggestion, or motivation to combine within the references.
`
`When a product is available, design incentives and other market forces can prompt
`
`8
`
`
`
`U.S. Patent No. 8,577,813
`Declaration in Support of Petitioner’s Reply
`variations of it, either in the same field or a different one. If a person of ordinary
`
`skill in the art can implement a predictable variation, obviousness likely bars its
`
`patentability. For the same reason, if a technique has been used to improve one
`
`device and a person of ordinary skill in the art would recognize that it would
`
`improve similar devices in the same way, using the technique would have been
`
`obvious. I understand that a claim would have been obvious if a person of
`
`ordinary skill in the art would have had reason to combine multiple prior art
`
`references or add missing features to reproduce the alleged invention recited in the
`
`claims.
`
`D.
`24.
`
`Person of Ordinary Skill In The Art
`I have been informed that a POSITA is a hypothetical person to whom
`
`an expert in the relevant field could assign a routine task with reasonable
`
`confidence that the task would be successfully carried out. I understand that the
`
`level of ordinary skill may be reflected by the prior art of record, and that a person
`
`of ordinary skill in the art to which the claimed subject matter pertains would have
`
`the capability of understanding the scientific and engineering principles applicable
`
`to the pertinent art. I understand that one of ordinary skill in the art has ordinary
`
`creativity, and is not an automaton robot.
`
`25.
`
`I understand there are multiple factors relevant to determining the
`
`level of ordinary skill in the art, including: (1) the levels of education and
`
`9
`
`
`
`U.S. Patent No. 8,577,813
`Declaration in Support of Petitioner’s Reply
`experience of persons working in the field at the time of the invention; (2) the
`
`sophistication of the technology; (3) the types of problems encountered in the field;
`
`and (4) the prior art solutions to those problems
`
`26. At the time the ’813 patent was effectively filed, a POSITA would
`
`have had a Bachelor’s Degree in electrical engineering, computer science, or a
`
`related scientific field. A POSITA would also have approximately two years of
`
`work experience in the computer science field or a related scientific field such as
`
`operating systems, database management, encryption, security algorithms, and
`
`secure transaction systems. However, additional education could substitute for less
`
`work experience and vice versa.
`
`27.
`
`Based on my experience, I have an understanding of the capabilities
`
`of a person of ordinary skill in the relevant field. I have supervised and directed
`
`many such persons over the course of my career. Further, I had at least those
`
`capabilities myself at the time the patent was filed.
`
`III. THE ’585 REFERENCE
`A.
`Overview
`28.
`I am a named inventor of the ’585 reference.
`
`29.
`
`The ’585 reference is titled “Identity Authentication System and
`
`Method,” and discloses a variety of systems and methods for authenticating a user
`
`for a variety of applications. Specifically, it describes means by which what are
`
`10
`
`
`
`U.S. Patent No. 8,577,813
`Declaration in Support of Petitioner’s Reply
`referred to as event states may be transmitted to a receiver through embedding in
`
`authentication codes. Event states, which is information about the state of the
`
`device associated with the occurrence or non-occurrence of an event, are, broadly
`
`speaking, data that usefully informs the process of authenticating users. They can
`
`include anything from reports on token tampering to biometric authentication
`
`results. The benefit of embedding event states in authentication codes is that the
`
`event states can provide context for these codes and/or supplement them with
`
`additional authentication information that can lead to higher-fidelity user
`
`authentication. In the exemplary embodiment disclosed in Figure 1, the ’585
`
`reference discloses a user 110 using user authentication device 120 can
`
`communicate with a verifier 105.
`
`Ex-1115, ’585 reference, Fig. 1.
`
`11
`
`
`
`U.S. Patent No. 8,577,813
`Declaration in Support of Petitioner’s Reply
`The ’585 reference discloses that the user can be authenticated at the
`
`30.
`
`user authentication device 120 (i.e., a “local authentication”). See Ex-1115, ’585
`
`reference, [0059] (“a first authentication of user 110 is performed by the user
`
`authentication device 120 based on information supplied to the authentication
`
`device 120 by the user 110”). This local authentication is usually performed by
`
`comparing a value received from the user with a value stored by the user
`
`authentication device 120. These values can comprise PINs, passwords, or
`
`biometric information. Id. (“the information supplied by the user may be a PIN, a
`
`password or biometric information”).
`
`31.
`
`The ’585 reference also discloses various methods for authenticating
`
`the user with the verifier 105 (i.e., a “remote authentication”). These methods
`
`generally involve generating an authentication code using the user authentication
`
`device 120 that is sent to the verifier. The verifier validates the authentication code
`
`generated by the user authentication device 120 to authenticate the user 110. As
`
`illustrated in Figure 2, the ’585 reference discloses that the user authentication
`
`device 120 uses a number of different algorithms performed by the combination
`
`function 230 to generate an authentication code.
`
`12
`
`
`
`U.S. Patent No. 8,577,813
`Declaration in Support of Petitioner’s Reply
`
`Ex-1115, ’585 reference, Fig. 2.
`
`32. As shown in Figure 2, the combination function combines various
`
`inputs to generate an authentication code. Ex-1115, ’585 reference, [0060]
`
`(“various values are combined by a combination function 230 to generate an
`
`authentication code”). These values include “device secret (K) associated with the
`
`user authentication device 120, a dynamic, time-varying value (T) generated by the
`
`user authentication device 120, and an event state (E) representing the occurrence
`
`of one or more events.” Id. The user authentication device 120 can also use
`
`various forms of user data called “User Data (P)” as an input to the combination
`
`function 230. Id., [0072] (“User data (P) can also be provided as input to the
`
`combination function 230.”). User Data (P) includes PINs, passwords, and
`
`biometric information. Id. (“The user data (P) is a unit of information such as an
`
`alphanumeric character string, or a strictly numerical value, for example a personal
`
`identification number (PIN) or password. In one embodiment, the user data (P) is
`
`13
`
`
`
`U.S. Patent No. 8,577,813
`Declaration in Support of Petitioner’s Reply
`information uniquely associated with the user 110. The user data (P) can also be
`
`obtained by biometric measurement or observation.”).
`
`33.
`
`The combination function 230 combines input values using a variety
`
`of algorithms. For example, the combination function 230 can generate an
`
`authentication code by arithmetically adding inputs. Ex-1115, ’585 reference,
`
`[0058] (“user authentication device 120 generates an authentication code by
`
`arithmetically combining a secret stored by the user authentication device 120 and
`
`a user-supplied PIN”). In some embodiments, the combination function can use a
`
`one-way function1 to combine the input values. Ex-1115, ’585 reference, [0071]
`
`(“For example, in one simplistic embodiment, a one-way function such as a hash
`
`function, is applied to the values (K, T, E), and the result truncated to the right
`
`length, in order to arrive at a resulting authentication code.”). In still other
`
`embodiments, the combination function can generate an authentication code by
`
`“prepending or appending” inputs, or combining inputs “using a block cipher or
`
`other one-way function, or other algorithm, or a combination of these and other
`
`1 As the ’585 reference explains, a one-way function is “a mathematical function
`
`that maps a universe of input values to a universe of output values in such a way
`
`that knowledge of the output of the function does not allow one to reconstruct the
`
`input provided.” Ex-1115, ’585 reference, [0071].
`
`14
`
`
`
`U.S. Patent No. 8,577,813
`Declaration in Support of Petitioner’s Reply
`techniques that combine two or more input values together.” Id., [0073], [0093].
`
`Prepending or appending can consist of concatenating bits that represent each of
`
`the various inputs together such that the end of a string of bits that represents one
`
`input is adjacent to the beginning of a string of bits that represents a second input.
`
`34. Once the authentication code is generated, it is generally transmitted
`
`to the verifier 105 to conduct a remote authentication. This remote authentication
`
`can also occur in multiple ways. In one embodiment, “the verifier 105 performs an
`
`algorithmic calculation on a received authentication code that ‘reverses’ some or
`
`all of an algorithmic calculation performed by the user authentication device 120.”
`
`Ex-1115, ’585 reference, [0058]. In this example, the “verifier 105 compares the
`
`result … to the value of the secret stored on the user's authentication device 120, or
`
`to the value that should have been generated at that time by the device 120.
`
`. . . If
`
`they match, the user is authenticated. If they do not match, user authentication
`
`fails.” Id.
`
`35.
`
`The remote authentication can also be conducted in other ways. In
`
`one example, the authentication code is encrypted by the user authentication device
`
`and decrypted by the verifier 105. Id. (“In some embodiments the verifier 105
`
`decrypts a value encrypted by the user authentication device 120 using symmetric
`
`key encryption or asymmetric encryption techniques, such as public key
`
`encryption.”). In some examples, the verifier 105 calculates a series of
`
`15
`
`
`
`U.S. Patent No. 8,577,813
`Declaration in Support of Petitioner’s Reply
`authentication codes depending on the possible authentication codes generated by
`
`the user authentication device 120. Id. (“In some embodiments, the verifier 105
`
`also calculates the authentication code with an input that indicates whether one or
`
`more events have occurred.”); id., [0050] (“In some embodiments, the verifier can
`
`determine authentication codes for a number of possible events and event states
`
`such that a number of authentication codes that can successfully authenticate the
`
`user 110 are possible.”). In this example, the verifier 105 “compares the
`
`authentication information received over communications channel 170 and the
`
`authentication information generated by the verifier 105 to determine whether any
`
`match.” Ex-1115, ’585 reference, [0050]; see also id. (“In further embodiments,
`
`where a plurality of authentication codes that can successfully verify the user 110
`
`are possible, the verifier 105 first determines an expected authentication code for
`
`an expected event state, and if the verifier receives a different authentication code,
`
`determines and compares authentication codes for other possible event states
`
`before indicating whether the authentication device has been successfully
`
`verified.”).
`
`36.
`
`Following a remote authentication attempt, the verifier “can
`
`communicate positive or negative acknowledgement . . . to the device 120 or
`
`directly to the user” to indicate a successful or failed authentication attempt. ’585
`
`reference, [0050].
`
`16
`
`
`
`U.S. Patent No. 8,577,813
`Declaration in Support of Petitioner’s Reply
`The ’585 Reference Discloses An Authentication System For
`B.
`Financial Transactions
`37.
`The ’585 reference discloses that authentication systems can provide
`
`access to financial services. Ex-1115, ’585 reference, [0039] (“Authentication can
`
`result in the performance of one or more actions including, without limitation,
`
`providing access or privileges, taking action, or enabling some combination of the
`
`two. Access includes, without limitation: access to a physical location,
`
`communications network, computer system, and so on; access to such services as
`
`financial services and records, health services and records and so on; or access to
`
`levels of information or services.”). The ’585 reference discloses that a successful
`
`authentication provided by the authentication system can be used to trigger access
`
`to various services including financial services, which includes a financial
`
`transaction such as a credit card transaction. Dr. Jakobsson testified that the ’585
`
`reference “does not teach or suggest an electronic ID device that is used to conduct
`
`financial transactions.” Ex-2013, Jakobsson-Decl., ¶¶57-58. I disagree with this
`
`interpretation of the ‘585 reference. A POSITA would have understood that access
`
`to financial services includes financial transactions such as the purchase of goods,
`
`and that a successful authentication using the system described in the ’585
`
`reference could be used to grant access to a financial transaction. Dr. Jakobsson
`
`also suggests that the authentication device of the ’585 reference is only for
`
`authenticating a device for accessing records such as in website. Ex-2013,
`
`17
`
`
`
`U.S. Patent No. 8,577,813
`Declaration in Support of Petitioner’s Reply
`Jakobsson-Decl., ¶¶56-59. I disagree. The ’585 reference discloses the provision
`
`of access to both records and services. Ex-1115, ’585 reference, [0039]. Dr.
`
`Jakobsson appears to ignore the disclosure that the system is used to access
`
`financial services as well as financial records.
`
`38.
`
`The ’585 reference discloses authentication techniques that can be
`
`applied to financial transactions such as credit card transactions and ATM
`
`transactions. The ’585 reference also discloses that the user authentication device
`
`can itself be a credit card, which is clearly for a financial transaction. Ex-1115,
`
`’585 reference, [0041] (“In still other embodiments, a credit-card sized device 120
`
`is a card such as a credit card including a magnetic strip or other data store on one
`
`of its sides.”). Indeed, the only purpose of a credit card is for a financial
`
`transaction. Moreover, a POSITA would have understood how the authentication
`
`system of the ’585 reference could be applied to a credit card transaction because it
`
`provides an electronic authentication mechanism that could have been applied to
`
`many different applications including financial transactions such as a credit card
`
`transaction.
`
`18
`
`
`
`U.S. Patent No. 8,577,813
`Declaration in Support of Petitioner’s Reply
`The Communication Terminal 140 Is A Point-Of-Sale Device
`C.
`39. Dr. Jakobsson testified that the communication terminal 140 is not a
`
`point-of sale device because the ’585 reference is “not for conducting financial
`
`transactions.” Ex-2013, Jakobsson-Decl., ¶¶76-78. I disagree because, as
`
`discussed above, the ’585 reference is applicable financial transactions.
`
`40. Dr. Jakobsson also argues that the communication terminal 140 “is a
`
`device specific to the user of the authentication device, not a device located at a
`
`‘point-of-sale’ that would be used by many different people and devices.” Ex-
`
`2013, Jakobsson-Decl., ¶78. Again, I disagree. The ’585 reference discloses that
`
`the communications terminal 140 can be a “card reader” (Ex-1115, ’585 reference,
`
`[0044]-[0045]), and that the system is designed to authenticate a “a large number
`
`of users.” Ex-1115, ’585 reference, [0037] (“The inclusion of a single user 110 is
`
`exemplary, and typically a verifier 105 will be used to verify a large number of
`
`users 110.”). While there are examples where the authentication device 120 and
`
`terminal 140 are integrated, the ’585 reference also makes clear that they can be
`
`implemented separately. Ex-1115, ’585 reference, [0041], [0045]. When the
`
`system is configured to facilitate financial services (as disclosed), the
`
`communications terminal 140 would be a point-of-sale terminal.
`
`19
`
`
`
`U.S. Patent No. 8,577,813
`Declaration in Support of Petitioner’s Reply
`Disabling The First Device Is Compatible With The Event States
`D.
`Of The ’585 Reference
`41. Dr. Jakobsson testified that de-activating a device upon a failed
`
`authentication attempt would “remove key components of [the ’585 reference] and
`
`would change the basic principles under which [it] was designed to operate.” Ex-
`
`2013, Jakobsson-Decl., ¶¶98-99. He also testified that the ’585 reference “relies
`
`upon failed authentication information to communicate an event state” and that “a
`
`critical part of the [’585] invention is to transmit such event state data, e.g.,
`
`information regarding potential tampering” and that disabling the device upon a
`
`failed authentication would run contrary to this “critical part.” Id., ¶99.
`
`42.
`
`I disagree. Disablement of the device would not be inconsistent with
`
`the communication of event states, except in the specific sense addressed in the
`
`discussion of “funkspiel schemes,” which are identified in the ’585 reference as
`
`background art. Ex-1115, ’585 reference, [0009]. Funkspiel schemes do “indicate
`
`to a verifier that tampering has occurred, without revealing to an adversary whether
`
`the tampering has been detected.” Id. In that context, there is a desire to signal
`
`tampering attempts covertly to the verifier to enable monitoring of an adversary, so
`
`disablement on the basis of tampering would be counterproductive. Even in that
`
`context, however, disablement on the basis of, for instance, an erroneous PIN,
`
`would be consistent with the goals of the invention, something I can attest as a co-
`
`inventor of Funkspiel schemes. Such disablement would not affect the covert
`
`20
`
`
`
`U.S. Patent No. 8,577,813
`Declaration in Support of Petitioner’s Reply
`nature of communication of the tampering event state, and would have other
`
`security benefits—for example, preventing PIN guessing attacks.
`
`43. Additionally, the ’585 reference is much broader than the approach to
`
`the detection of tampering referred to as “funkspiel schemes.” The ’585 reference
`
`notably discloses a much broader array of event states, with properties different
`
`than those of tamper detection. Event states in the (cid:1932)585 reference not contemplated
`
`in the Funkspiel reference include, “an event external to the device detected by the
`
`device; an environmental event, such as temperature exceeding or falling below a
`
`threshold; static discharge; high or low battery power; geographic presence at a
`
`particular location; confidence level in a biometric reading; and so on.” Ex-1115,
`
`’585 reference, [0011]. If one of these forms of event state is transmitted, instead
`
`of a tampering event state, then it might in fact be desirable to disable a token in
`
`which tampering is detected. If this is not done, then the token foregoes potentially
`
`valuable tampering
Accessing this document will incur an additional charge of $.
After purchase, you can access this document again without charge.
Accept $ Charge
Still Working On It
This document is taking longer than usual to download. This can happen if we need to contact the court directly to obtain the document and their servers are running slowly.
Give it another minute or two to complete, and then try the refresh button.
A few More Minutes ... Still Working
It can take up to 5 minutes for us to download a document if the court servers are running slowly.
Thank you for your continued patience.
This document could not be displayed.
We could not find this document within its docket. Please go back to the docket page and check the link. If that does not work, go back to the docket and refresh it to pull the newest information.
Your account does not support viewing this document.
You need a Paid Account to view this document. Click here to change your account type.
Your account does not support viewing this document.
Set your membership
status to view this document.
With a Docket Alarm membership, you'll
get a whole lot more, including:
- Up-to-date information for this case.
- Email alerts whenever there is an update.
- Full text search for other cases.
- Get email alerts whenever a new case matches your search.
One Moment Please
The filing “” is large (MB) and is being downloaded.
Please refresh this page in a few minutes to see if the filing has been downloaded. The filing will also be emailed to you when the download completes.
Your document is on its way!
If you do not receive the document in five minutes, contact support at support@docketalarm.com.
Sealed Document
We are unable to display this document, it may be under a court ordered seal.
If you have proper credentials to access the file, you may proceed directly to the court's system using your government issued username and password.
Access Government Site
