`
`BEFORE THE PATENT TRIAL AND APPEAL BOARD
`
`APPLE INC.,
`Petitioner,
`v.
`UNIVERSAL SECURE REGISTRY LLC,
`Patent Owner.
`_________________________________________
`Case CBM2018-00025
`U.S. Patent No. 8,577,813
`________________________________________
`
`DECLARATION OF ARI JUELS
`
`Apple 1126
`Apple v. USR
`CBM2018-00025
`
`
`
`Contents
`
`U.S. Patent No. 8,577,813
`Declaration in Support of Petitioner’s Reply
`
`I. QUALIFICATIONS ....................................................................................... 1
`II. LEGAL PRINCIPLES .................................................................................... 3
`A. Claim Construction.................................................................................... 3
`B. Anticipation............................................................................................... 4
`C. Obviousness .............................................................................................. 5
`D. Person of Ordinary Skill In The Art........................................................... 9
`III. THE ’585 REFERENCE .............................................................................10
`A. Overview ..................................................................................................10
`B. The ’585 Reference Discloses An Authentication System For Financial
`Transactions ......................................................................................................17
`C. The Communication Terminal 140 Is A Point-Of-Sale Device .................19
`D. Disabling The First Device Is Compatible With The Event States Of The
`’585 Reference ..................................................................................................20
`E. The ’585 Reference Discloses An Authentication Code That Allows The
`Identification Of A User (POR, 75-77)..............................................................21
`F. The ’585 Reference Discloses The Claimed Seed........................................22
`IV. AVAILABILITY FOR CROSS-EXAMINATION......................................25
`V. RIGHT TO SUPPLEMENT...........................................................................25
`VI.
`JURAT ........................................................................................................26
`
`i
`
`
`
`U.S. Patent No. 8,577,813
`Declaration in Support of Petitioner’s Reply
`
`I, Ari Juels, declare as follows:
`1.
`I have been retained by Apple Inc. (“Petitioner”) in connection with
`
`the above-captioned inter partes review proceeding.
`
`2.
`
`I am a named inventor of the International Patent Application
`
`Publication No. WO 2004/051585 (the “’585 reference,” which is also referred to
`
`elsewhere in this proceeding as the “Jakobsson” reference). I submit this
`
`Declaration to respond to the statements and opinions provided by Markus
`
`Jakobsson, my co-inventor on the ’585 reference and Patent Owner’s expert
`
`witness. In my opinion, Dr. Jakobsson has again grossly mischaracterized the ’585
`
`reference and interprets its teachings in a way that is inconsistent with the purpose,
`
`spirit, and words of the ’585 reference. In addition, his testimony includes
`
`numerous misleading and/or technically incorrect statements that I rebut in the
`
`following paragraphs.
`
`3.
`
`I am being compensated at my normal consulting rate for my work.
`
`My compensation is not dependent on the outcome of this proceeding or the related
`
`litigation, and does not affect the substance of my statements in this Declaration. I
`
`have no financial interest in Petitioner or the ’813 patent.
`
`I.
`
`QUALIFICATIONS
`4.
`My qualifications are detailed in my curriculum vitae, which is
`
`attached hereto as Appendix A. It includes my academic background, employment
`
`1
`
`
`
`U.S. Patent No. 8,577,813
`Declaration in Support of Petitioner’s Reply
`history, professional experience, and a list of patents and publications for which I
`
`am an inventor and/or author.
`
`5.
`
`I am a full professor at the Jacobs Technion-Cornell Institute at
`
`Cornell Tech, with an associated faculty appointment at Cornell University. I have
`
`been on the faculty at Cornell Tech and regularly taught master’s and Ph.D.-level
`
`courses since 2014. I am also a Co-Director of the Initiative for CryptoCurrencies
`
`and Contracts (IC3). I served previously as Chief Scientist at RSA, where I
`
`worked for over sixteen years. I received my Ph.D. in computer science from the
`
`University of California at Berkeley in 1996.
`
`6.
`
`I hold over 120 issued patents, and have published over 100 scholarly
`
`works in peer-reviewed venues. According to Google Scholar, my work has
`
`received over 30,000 citations; four of my papers are among the top hundred most
`
`cited in security. My notable awards over the past ten years include a 2nd-place
`
`prize at the EMC Innovation Showcase in 2011, NYU-Poly Applied Security paper
`
`awards (3rd and 2nd) in 2012 and 2013, my winning the Cisco Internet of Things
`
`Security Grand Challenge in 2014, a Google Faculty Research Award in 2015, an
`
`IBM Faculty Research Award in 2016, Distinguished Student Paper Awards in
`
`2015 and 2016 from IEEE S&P (a top-four international security conference), a
`
`faculty teaching award at Cornell Tech in 2018, and a test-of-time award in 2019
`
`2
`
`
`
`U.S. Patent No. 8,577,813
`Declaration in Support of Petitioner’s Reply
`from NDSS (a top-four international security conference, where I also gave the
`
`keynote talk in 2018).
`
`7.
`
`In preparing this Declaration, I have reviewed the following materials:
`
`(cid:120) Petition (Paper 3) and the exhibits cited therein
`
`(cid:120) U.S. Patent No. 8,577,813 (Ex-1101)
`
`(cid:120) Patent Owner’s Preliminary Response (Paper 7) and the exhibits cited
`therein
`
`(cid:120) Declaration of Markus Jakobsson In Support Of Patent Owner’s Preliminary
`Response (Ex-2001) and the exhibits cited therein
`
`(cid:120) Patent Owner’s Response (Paper 20) and the exhibits cited therein
`
`(cid:120) International Patent Application Publication No. WO 2004/051585 (the
`“’585 reference”) (Ex-1115)
`
`(cid:120) Declaration of Markus Jakobsson In Support Of Patent Owner Response
`(Ex-2013) and the exhibits cited therein
`
`(cid:120) Transcript of April 24, 2019 deposition of Markus Jakobsson (Ex-1127,
`Jakobsson-Dep.)
`LEGAL PRINCIPLES
`8.
`I am not an attorney. For purposes of this Declaration, I have been
`
`II.
`
`informed about certain aspects of the law that may be relevant to my analysis and
`
`opinions.
`
`A.
`9.
`
`Claim Construction
`I have been informed that claim construction is a matter of law and
`
`that the final claim construction will ultimately be determined by the Board.
`
`3
`
`
`
`U.S. Patent No. 8,577,813
`Declaration in Support of Petitioner’s Reply
`I have been informed that the claim terms for this IPR review should
`
`10.
`
`be given their broadest reasonable construction in light of the specification as
`
`commonly understood by a person of ordinary skill in the art (“POSITA”). I have
`
`applied this standard in my analysis. I have been informed that the broadest
`
`reasonable interpretation must be consistent with the ordinary and customary
`
`meaning of the term (unless the term has been given a special definition in the
`
`specification). I have also been informed and understand that the broadest
`
`reasonable interpretation must be consistent with the use of the claim term in the
`
`specification and drawings and must be consistent with the interpretation that those
`
`skilled in the art would reach.
`
`11.
`
`I have been informed and understand that under a broadest reasonable
`
`interpretation, words of the claim must be given their plain meaning, unless such
`
`meaning is inconsistent with the specification. The plain meaning of a term means
`
`the ordinary and customary meaning given to the term by those of ordinary skill in
`
`the art at the time of the invention.
`
`B.
`12.
`
`Anticipation
`I have been informed and understand that a patent claim is invalid as
`
`“anticipated” if each element of that claim is present either explicitly or inherently
`
`in a single prior art reference.
`
`4
`
`
`
`U.S. Patent No. 8,577,813
`Declaration in Support of Petitioner’s Reply
`I have been informed that, under the principle of inherency, a prior art
`
`13.
`
`reference may anticipate a claimed invention even if the reference does not
`
`expressly disclose every limitation of the later invention, so long as any limitation
`
`not expressly disclosed is necessarily present in the reference. I have also been
`
`informed that to be an inherent disclosure, the limitation must necessarily be
`
`contained in the prior art reference and the mere fact that the method or system
`
`described in the reference might possibly (or sometimes) practice or contain a
`
`claimed limitation is insufficient to establish that the reference inherently teaches
`
`the limitation.
`
`14.
`
`I have been informed that material not explicitly contained in a single,
`
`prior art document may still be considered for purposes of anticipation if that
`
`material is incorporated by reference into the prior art document.
`
`15.
`
`I have also been informed and understand that a prior art reference is
`
`considered enabling when the reference permits a POSITA to make and use the
`
`disclosed technology without having to conduct undue experimentation. However,
`
`some amount of experimentation to make and use the invention is allowable.
`
`C.
`16.
`
`Obviousness
`I have been informed and understand that a patent claim can be
`
`considered to have been obvious to a POSITA at the time the application was filed.
`
`This means that, even if all the requirements of a claim are not found in a single
`
`5
`
`
`
`U.S. Patent No. 8,577,813
`Declaration in Support of Petitioner’s Reply
`prior art reference, the claim is not patentable if the differences between the subject
`
`matter in the prior art and the subject matter in the claim would have been obvious
`
`to a POSITA at the time the application was filed.
`
`17.
`
`I have been informed and understand that a determination of whether
`
`a claim would have been obvious should be based upon several factors, including,
`
`among others:
`
`(cid:120) the level of ordinary skill in the art at the time the application was
`
`filed;
`
`(cid:120) the scope and content of the prior art; and
`
`(cid:120) what differences, if any, existed between the claimed invention and
`
`the prior art.
`
`18.
`
`I have been informed and understand that the teachings of two or
`
`more references may be combined in the same way as disclosed in the claims, if
`
`such a combination would have been obvious to a POSITA. In determining
`
`whether a combination based on either a single reference or multiple references
`
`would have been obvious, it is appropriate to consider, among other factors:
`
`(cid:120) whether the teachings of the prior art references disclose known
`
`concepts combined in familiar ways, and when combined, would yield
`
`predictable results;
`
`6
`
`
`
`U.S. Patent No. 8,577,813
`Declaration in Support of Petitioner’s Reply
`
`(cid:120) whether a POSITA could implement a predictable variation, and
`
`would see the benefit of doing so;
`
`(cid:120) whether the claimed elements represent one of a limited number of
`
`known design choices, and would have a reasonable expectation of
`
`success by those skilled in the art;
`
`(cid:120) whether a POSITA would have recognized a reason to combine
`
`known elements in the manner described in the claim;
`
`(cid:120) whether there is some teaching or suggestion in the prior art to make
`
`the modification or combination of elements claimed in the patent;
`
`and
`
`(cid:120) whether the innovation applies a known technique that had been used
`
`to improve a similar device or method in a similar way.
`
`19.
`
`I have been informed and understand that a POSITA has ordinary
`
`creativity, and is not an automaton.
`
`20.
`
`I have been informed and understand that in considering obviousness,
`
`it is important not to determine obviousness using the benefit of hindsight derived
`
`from the patent being considered.
`
`21.
`
`I have been informed and understand that certain factors may support
`
`or rebut the obviousness of a claim. I understand that such secondary
`
`considerations include, among other things, commercial success of the patented
`
`7
`
`
`
`U.S. Patent No. 8,577,813
`Declaration in Support of Petitioner’s Reply
`invention, skepticism of those having ordinary skill in the art at the time of
`
`invention, unexpected results of the invention, any long-felt but unsolved need in
`
`the art that was satisfied by the alleged invention, the failure of others to make the
`
`alleged invention, praise of the alleged invention by those having ordinary skill in
`
`the art, and copying of the alleged invention by others in the field. I understand
`
`that there must be a nexus, that is, a connection, between any such secondary
`
`considerations and the alleged invention. I also understand that contemporaneous
`
`and independent invention by others is a secondary consideration tending to show
`
`obviousness.
`
`22.
`
`I have been informed and understand that a claim would have been
`
`obvious if it unites old elements with no change to their respective functions, or
`
`alters prior art by mere substitution of one element for another known in the field,
`
`and that combination yields predictable results. Also, I understand that
`
`obviousness does not require physical combination/bodily incorporation, but rather
`
`consideration of what the combined teachings would have suggested to persons of
`
`ordinary skill in the art at the time of the alleged invention.
`
`23.
`
`I have been informed and understand that while it may be helpful to
`
`identify a reason for this combination, there is no rigid requirement of finding an
`
`express teaching, suggestion, or motivation to combine within the references.
`
`When a product is available, design incentives and other market forces can prompt
`
`8
`
`
`
`U.S. Patent No. 8,577,813
`Declaration in Support of Petitioner’s Reply
`variations of it, either in the same field or a different one. If a person of ordinary
`
`skill in the art can implement a predictable variation, obviousness likely bars its
`
`patentability. For the same reason, if a technique has been used to improve one
`
`device and a person of ordinary skill in the art would recognize that it would
`
`improve similar devices in the same way, using the technique would have been
`
`obvious. I understand that a claim would have been obvious if a person of
`
`ordinary skill in the art would have had reason to combine multiple prior art
`
`references or add missing features to reproduce the alleged invention recited in the
`
`claims.
`
`D.
`24.
`
`Person of Ordinary Skill In The Art
`I have been informed that a POSITA is a hypothetical person to whom
`
`an expert in the relevant field could assign a routine task with reasonable
`
`confidence that the task would be successfully carried out. I understand that the
`
`level of ordinary skill may be reflected by the prior art of record, and that a person
`
`of ordinary skill in the art to which the claimed subject matter pertains would have
`
`the capability of understanding the scientific and engineering principles applicable
`
`to the pertinent art. I understand that one of ordinary skill in the art has ordinary
`
`creativity, and is not an automaton robot.
`
`25.
`
`I understand there are multiple factors relevant to determining the
`
`level of ordinary skill in the art, including: (1) the levels of education and
`
`9
`
`
`
`U.S. Patent No. 8,577,813
`Declaration in Support of Petitioner’s Reply
`experience of persons working in the field at the time of the invention; (2) the
`
`sophistication of the technology; (3) the types of problems encountered in the field;
`
`and (4) the prior art solutions to those problems
`
`26. At the time the ’813 patent was effectively filed, a POSITA would
`
`have had a Bachelor’s Degree in electrical engineering, computer science, or a
`
`related scientific field. A POSITA would also have approximately two years of
`
`work experience in the computer science field or a related scientific field such as
`
`operating systems, database management, encryption, security algorithms, and
`
`secure transaction systems. However, additional education could substitute for less
`
`work experience and vice versa.
`
`27.
`
`Based on my experience, I have an understanding of the capabilities
`
`of a person of ordinary skill in the relevant field. I have supervised and directed
`
`many such persons over the course of my career. Further, I had at least those
`
`capabilities myself at the time the patent was filed.
`
`III. THE ’585 REFERENCE
`A.
`Overview
`28.
`I am a named inventor of the ’585 reference.
`
`29.
`
`The ’585 reference is titled “Identity Authentication System and
`
`Method,” and discloses a variety of systems and methods for authenticating a user
`
`for a variety of applications. Specifically, it describes means by which what are
`
`10
`
`
`
`U.S. Patent No. 8,577,813
`Declaration in Support of Petitioner’s Reply
`referred to as event states may be transmitted to a receiver through embedding in
`
`authentication codes. Event states, which is information about the state of the
`
`device associated with the occurrence or non-occurrence of an event, are, broadly
`
`speaking, data that usefully informs the process of authenticating users. They can
`
`include anything from reports on token tampering to biometric authentication
`
`results. The benefit of embedding event states in authentication codes is that the
`
`event states can provide context for these codes and/or supplement them with
`
`additional authentication information that can lead to higher-fidelity user
`
`authentication. In the exemplary embodiment disclosed in Figure 1, the ’585
`
`reference discloses a user 110 using user authentication device 120 can
`
`communicate with a verifier 105.
`
`Ex-1115, ’585 reference, Fig. 1.
`
`11
`
`
`
`U.S. Patent No. 8,577,813
`Declaration in Support of Petitioner’s Reply
`The ’585 reference discloses that the user can be authenticated at the
`
`30.
`
`user authentication device 120 (i.e., a “local authentication”). See Ex-1115, ’585
`
`reference, [0059] (“a first authentication of user 110 is performed by the user
`
`authentication device 120 based on information supplied to the authentication
`
`device 120 by the user 110”). This local authentication is usually performed by
`
`comparing a value received from the user with a value stored by the user
`
`authentication device 120. These values can comprise PINs, passwords, or
`
`biometric information. Id. (“the information supplied by the user may be a PIN, a
`
`password or biometric information”).
`
`31.
`
`The ’585 reference also discloses various methods for authenticating
`
`the user with the verifier 105 (i.e., a “remote authentication”). These methods
`
`generally involve generating an authentication code using the user authentication
`
`device 120 that is sent to the verifier. The verifier validates the authentication code
`
`generated by the user authentication device 120 to authenticate the user 110. As
`
`illustrated in Figure 2, the ’585 reference discloses that the user authentication
`
`device 120 uses a number of different algorithms performed by the combination
`
`function 230 to generate an authentication code.
`
`12
`
`
`
`U.S. Patent No. 8,577,813
`Declaration in Support of Petitioner’s Reply
`
`Ex-1115, ’585 reference, Fig. 2.
`
`32. As shown in Figure 2, the combination function combines various
`
`inputs to generate an authentication code. Ex-1115, ’585 reference, [0060]
`
`(“various values are combined by a combination function 230 to generate an
`
`authentication code”). These values include “device secret (K) associated with the
`
`user authentication device 120, a dynamic, time-varying value (T) generated by the
`
`user authentication device 120, and an event state (E) representing the occurrence
`
`of one or more events.” Id. The user authentication device 120 can also use
`
`various forms of user data called “User Data (P)” as an input to the combination
`
`function 230. Id., [0072] (“User data (P) can also be provided as input to the
`
`combination function 230.”). User Data (P) includes PINs, passwords, and
`
`biometric information. Id. (“The user data (P) is a unit of information such as an
`
`alphanumeric character string, or a strictly numerical value, for example a personal
`
`identification number (PIN) or password. In one embodiment, the user data (P) is
`
`13
`
`
`
`U.S. Patent No. 8,577,813
`Declaration in Support of Petitioner’s Reply
`information uniquely associated with the user 110. The user data (P) can also be
`
`obtained by biometric measurement or observation.”).
`
`33.
`
`The combination function 230 combines input values using a variety
`
`of algorithms. For example, the combination function 230 can generate an
`
`authentication code by arithmetically adding inputs. Ex-1115, ’585 reference,
`
`[0058] (“user authentication device 120 generates an authentication code by
`
`arithmetically combining a secret stored by the user authentication device 120 and
`
`a user-supplied PIN”). In some embodiments, the combination function can use a
`
`one-way function1 to combine the input values. Ex-1115, ’585 reference, [0071]
`
`(“For example, in one simplistic embodiment, a one-way function such as a hash
`
`function, is applied to the values (K, T, E), and the result truncated to the right
`
`length, in order to arrive at a resulting authentication code.”). In still other
`
`embodiments, the combination function can generate an authentication code by
`
`“prepending or appending” inputs, or combining inputs “using a block cipher or
`
`other one-way function, or other algorithm, or a combination of these and other
`
`1 As the ’585 reference explains, a one-way function is “a mathematical function
`
`that maps a universe of input values to a universe of output values in such a way
`
`that knowledge of the output of the function does not allow one to reconstruct the
`
`input provided.” Ex-1115, ’585 reference, [0071].
`
`14
`
`
`
`U.S. Patent No. 8,577,813
`Declaration in Support of Petitioner’s Reply
`techniques that combine two or more input values together.” Id., [0073], [0093].
`
`Prepending or appending can consist of concatenating bits that represent each of
`
`the various inputs together such that the end of a string of bits that represents one
`
`input is adjacent to the beginning of a string of bits that represents a second input.
`
`34. Once the authentication code is generated, it is generally transmitted
`
`to the verifier 105 to conduct a remote authentication. This remote authentication
`
`can also occur in multiple ways. In one embodiment, “the verifier 105 performs an
`
`algorithmic calculation on a received authentication code that ‘reverses’ some or
`
`all of an algorithmic calculation performed by the user authentication device 120.”
`
`Ex-1115, ’585 reference, [0058]. In this example, the “verifier 105 compares the
`
`result … to the value of the secret stored on the user's authentication device 120, or
`
`to the value that should have been generated at that time by the device 120.
`
`. . . If
`
`they match, the user is authenticated. If they do not match, user authentication
`
`fails.” Id.
`
`35.
`
`The remote authentication can also be conducted in other ways. In
`
`one example, the authentication code is encrypted by the user authentication device
`
`and decrypted by the verifier 105. Id. (“In some embodiments the verifier 105
`
`decrypts a value encrypted by the user authentication device 120 using symmetric
`
`key encryption or asymmetric encryption techniques, such as public key
`
`encryption.”). In some examples, the verifier 105 calculates a series of
`
`15
`
`
`
`U.S. Patent No. 8,577,813
`Declaration in Support of Petitioner’s Reply
`authentication codes depending on the possible authentication codes generated by
`
`the user authentication device 120. Id. (“In some embodiments, the verifier 105
`
`also calculates the authentication code with an input that indicates whether one or
`
`more events have occurred.”); id., [0050] (“In some embodiments, the verifier can
`
`determine authentication codes for a number of possible events and event states
`
`such that a number of authentication codes that can successfully authenticate the
`
`user 110 are possible.”). In this example, the verifier 105 “compares the
`
`authentication information received over communications channel 170 and the
`
`authentication information generated by the verifier 105 to determine whether any
`
`match.” Ex-1115, ’585 reference, [0050]; see also id. (“In further embodiments,
`
`where a plurality of authentication codes that can successfully verify the user 110
`
`are possible, the verifier 105 first determines an expected authentication code for
`
`an expected event state, and if the verifier receives a different authentication code,
`
`determines and compares authentication codes for other possible event states
`
`before indicating whether the authentication device has been successfully
`
`verified.”).
`
`36.
`
`Following a remote authentication attempt, the verifier “can
`
`communicate positive or negative acknowledgement . . . to the device 120 or
`
`directly to the user” to indicate a successful or failed authentication attempt. ’585
`
`reference, [0050].
`
`16
`
`
`
`U.S. Patent No. 8,577,813
`Declaration in Support of Petitioner’s Reply
`The ’585 Reference Discloses An Authentication System For
`B.
`Financial Transactions
`37.
`The ’585 reference discloses that authentication systems can provide
`
`access to financial services. Ex-1115, ’585 reference, [0039] (“Authentication can
`
`result in the performance of one or more actions including, without limitation,
`
`providing access or privileges, taking action, or enabling some combination of the
`
`two. Access includes, without limitation: access to a physical location,
`
`communications network, computer system, and so on; access to such services as
`
`financial services and records, health services and records and so on; or access to
`
`levels of information or services.”). The ’585 reference discloses that a successful
`
`authentication provided by the authentication system can be used to trigger access
`
`to various services including financial services, which includes a financial
`
`transaction such as a credit card transaction. Dr. Jakobsson testified that the ’585
`
`reference “does not teach or suggest an electronic ID device that is used to conduct
`
`financial transactions.” Ex-2013, Jakobsson-Decl., ¶¶57-58. I disagree with this
`
`interpretation of the ‘585 reference. A POSITA would have understood that access
`
`to financial services includes financial transactions such as the purchase of goods,
`
`and that a successful authentication using the system described in the ’585
`
`reference could be used to grant access to a financial transaction. Dr. Jakobsson
`
`also suggests that the authentication device of the ’585 reference is only for
`
`authenticating a device for accessing records such as in website. Ex-2013,
`
`17
`
`
`
`U.S. Patent No. 8,577,813
`Declaration in Support of Petitioner’s Reply
`Jakobsson-Decl., ¶¶56-59. I disagree. The ’585 reference discloses the provision
`
`of access to both records and services. Ex-1115, ’585 reference, [0039]. Dr.
`
`Jakobsson appears to ignore the disclosure that the system is used to access
`
`financial services as well as financial records.
`
`38.
`
`The ’585 reference discloses authentication techniques that can be
`
`applied to financial transactions such as credit card transactions and ATM
`
`transactions. The ’585 reference also discloses that the user authentication device
`
`can itself be a credit card, which is clearly for a financial transaction. Ex-1115,
`
`’585 reference, [0041] (“In still other embodiments, a credit-card sized device 120
`
`is a card such as a credit card including a magnetic strip or other data store on one
`
`of its sides.”). Indeed, the only purpose of a credit card is for a financial
`
`transaction. Moreover, a POSITA would have understood how the authentication
`
`system of the ’585 reference could be applied to a credit card transaction because it
`
`provides an electronic authentication mechanism that could have been applied to
`
`many different applications including financial transactions such as a credit card
`
`transaction.
`
`18
`
`
`
`U.S. Patent No. 8,577,813
`Declaration in Support of Petitioner’s Reply
`The Communication Terminal 140 Is A Point-Of-Sale Device
`C.
`39. Dr. Jakobsson testified that the communication terminal 140 is not a
`
`point-of sale device because the ’585 reference is “not for conducting financial
`
`transactions.” Ex-2013, Jakobsson-Decl., ¶¶76-78. I disagree because, as
`
`discussed above, the ’585 reference is applicable financial transactions.
`
`40. Dr. Jakobsson also argues that the communication terminal 140 “is a
`
`device specific to the user of the authentication device, not a device located at a
`
`‘point-of-sale’ that would be used by many different people and devices.” Ex-
`
`2013, Jakobsson-Decl., ¶78. Again, I disagree. The ’585 reference discloses that
`
`the communications terminal 140 can be a “card reader” (Ex-1115, ’585 reference,
`
`[0044]-[0045]), and that the system is designed to authenticate a “a large number
`
`of users.” Ex-1115, ’585 reference, [0037] (“The inclusion of a single user 110 is
`
`exemplary, and typically a verifier 105 will be used to verify a large number of
`
`users 110.”). While there are examples where the authentication device 120 and
`
`terminal 140 are integrated, the ’585 reference also makes clear that they can be
`
`implemented separately. Ex-1115, ’585 reference, [0041], [0045]. When the
`
`system is configured to facilitate financial services (as disclosed), the
`
`communications terminal 140 would be a point-of-sale terminal.
`
`19
`
`
`
`U.S. Patent No. 8,577,813
`Declaration in Support of Petitioner’s Reply
`Disabling The First Device Is Compatible With The Event States
`D.
`Of The ’585 Reference
`41. Dr. Jakobsson testified that de-activating a device upon a failed
`
`authentication attempt would “remove key components of [the ’585 reference] and
`
`would change the basic principles under which [it] was designed to operate.” Ex-
`
`2013, Jakobsson-Decl., ¶¶98-99. He also testified that the ’585 reference “relies
`
`upon failed authentication information to communicate an event state” and that “a
`
`critical part of the [’585] invention is to transmit such event state data, e.g.,
`
`information regarding potential tampering” and that disabling the device upon a
`
`failed authentication would run contrary to this “critical part.” Id., ¶99.
`
`42.
`
`I disagree. Disablement of the device would not be inconsistent with
`
`the communication of event states, except in the specific sense addressed in the
`
`discussion of “funkspiel schemes,” which are identified in the ’585 reference as
`
`background art. Ex-1115, ’585 reference, [0009]. Funkspiel schemes do “indicate
`
`to a verifier that tampering has occurred, without revealing to an adversary whether
`
`the tampering has been detected.” Id. In that context, there is a desire to signal
`
`tampering attempts covertly to the verifier to enable monitoring of an adversary, so
`
`disablement on the basis of tampering would be counterproductive. Even in that
`
`context, however, disablement on the basis of, for instance, an erroneous PIN,
`
`would be consistent with the goals of the invention, something I can attest as a co-
`
`inventor of Funkspiel schemes. Such disablement would not affect the covert
`
`20
`
`
`
`U.S. Patent No. 8,577,813
`Declaration in Support of Petitioner’s Reply
`nature of communication of the tampering event state, and would have other
`
`security benefits—for example, preventing PIN guessing attacks.
`
`43. Additionally, the ’585 reference is much broader than the approach to
`
`the detection of tampering referred to as “funkspiel schemes.” The ’585 reference
`
`notably discloses a much broader array of event states, with properties different
`
`than those of tamper detection. Event states in the (cid:1932)585 reference not contemplated
`
`in the Funkspiel reference include, “an event external to the device detected by the
`
`device; an environmental event, such as temperature exceeding or falling below a
`
`threshold; static discharge; high or low battery power; geographic presence at a
`
`particular location; confidence level in a biometric reading; and so on.” Ex-1115,
`
`’585 reference, [0011]. If one of these forms of event state is transmitted, instead
`
`of a tampering event state, then it might in fact be desirable to disable a token in
`
`which tampering is detected. If this is not done, then the token foregoes potentially
`
`valuable tampering