Paper No. 33
`
`UNITED STATES PATENT AND TRADEMARK OFFICE
`________________
`
`BEFORE THE PATENT TRIAL AND APPEAL BOARD
`________________
`
`APPLE INC.,
`VISA INC., and VISA U.S.A. INC.,
`
`Petitioners,
`
`v.
`
`UNIVERSAL SECURE REGISTRY LLC
`
`Patent Owner
`________________
`
`Case CBM2018-000251
`U.S. Patent No. 8,577,813
`________________
`
`PATENT OWNER’S SUR-REPLY
`
`1 Visa Inc. and Visa U.S.A. Inc., which filed a petition in CBM2019-00026
`have been joined as a party to this proceeding.
`
`

`

`TABLE OF CONTENTS
`
`Case No. CBM2018-00025
`U.S. Patent No. 8,577,813
`
`Page
`
`2.
`
`2.
`
`THE ‘813 PATENT IS NOT CBM ELIGIBLE .............................................. 1
`IBG LLC v. Trading Technologies Int’l, Inc. Requires Dismissal ........ 1
`A.
`B.
`Petitioner Fails To Prove The Claimed Subject Matter As A
`Whole Does Not Recite A Technological Feature That Is Novel
`And Unobvious ...................................................................................... 2
`Petitioner Fails To Prove The Claimed Subject Matter As A
`Whole Does Not Solve A Technological Problem Using A
`Technical Solution ................................................................................. 3
`PETITIONER FAILS TO PROVE THAT THE INDEPENDENT
`CLAIMS WOULD HAVE BEEN OBVIOUS ................................................ 4
`A.
`The Petition Fails to Show the Recited “Secure Registry” (all
`Claims) .................................................................................................. 4
`1.
`The Board Should Reject Petitioner’s Construction As
`Inconsistent with the Intrinsic Evidence. .................................... 5
`The Petition Failed to Show a Secure Registry Because
`the Verification Device Cannot Store Information for
`Multiple Entities. ......................................................................... 6
`The Petition Fails to Show the “Electronic ID Device” (All
`Claims) .................................................................................................. 8
`1.
`Jakobsson Does not Render Obvious the Electronic ID
`Limitation .................................................................................... 9
`Jakobsson in View of Maritzen Does Not Render
`Obvious the Electronic ID Limitation ...................................... 12
`The Petition Fails to Show the “Point-of-Sale Terminal” (All
`Claims) ................................................................................................ 16
`THE PETITION FAILS TO PROVE THAT MANY DEPENDENT
`CLAIMS WOULD HAVE BEEN OBVIOUS .............................................. 18
`A.
`The Petition Fails to Show That Dependent Claims 10 and 19
`Would Have Been Obvious ................................................................. 18
`The Petition Fails to Show That Dependent Claims 6 and 18
`Would Have Been Obvious ................................................................. 21
`
`I.
`
`II.
`
`III.
`
`C.
`
`B.
`
`C.
`
`B.
`
`i
`
`

`

`Case No. CBM2018-00025
`U.S. Patent No. 8,577,813
`
`C.
`
`D.
`
`The Petition Fails to Show That Dependent Claims 4 and 20
`Would Have Been Obvious ................................................................. 23
`The Petition Fails to Show That Dependent Claims 14-15, 22-
`23, and 25-26 Would Have Been Obvious.......................................... 23
`PETITIONER FAILED TO REBUT EVIDENCE OF SECONDARY
`CONSIDERATIONS OF NON-OBVIOUSNESS ........................................ 24
`CONCLUSION .............................................................................................. 25
`
`IV.
`
`V.
`
`ii
`
`

`

`Case No. CBM2018-00025
`U.S. Patent No. 8,577,813
`TABLE OF AUTHORITIES
`
`Cases
`Apple, Inc. v. Universal Secure Registry LLC,
`CBM2018-00026, (Paper 11), slip op., 24 (PTAB Dec. 10, 2018) ....................... 1
`
`Page
`
`Arendi S.A.R.L. v. Apple Inc.,
`832 F.3d 1355 (Fed. Cir. 2016) ...........................................................................22
`
`Cisco v. C-Cation Techs.,
`IPR2014-00454, Paper, 12 at 7-11 (Aug. 29, 2014) ............................................20
`
`Experian Mktg. Sol’ns, Inc. v. RPost Commc’ns Ltd.,
`CBM2014-0010 (Paper 20) slip op., 9 (PTAB Apr. 22, 2014) ............................. 3
`
`IBG LLC v. Trading Technologies Int’l, Inc.,
`2019 WL 581580 (Fed Cir., Feb. 13, 2019) ................................................. 1, 2, 3
`
`Kaneka Corp. v. Xiamen Kingdomway Grp. Co.,
`790 F.3d 1290 (Fed. Cir. 2015) ...........................................................................14
`
`Microsoft Corp. v. Proxyconn, Inc.,
`789 F.3d 1292 (Fed. Cir. 2015) ............................................................................. 5
`
`Universal Secure Registry, LLC v. Apple, Inc.,
`No. 1:17-cv-00585-CFC-SRF, Doc. 137 (D. Del., 2018) ..................................... 1
`
`Rules and Regulations
`
`37 C.F.R. § 42.6(e) ...................................................................................................28
`
`37 C.F.R. § 42.24 .....................................................................................................27
`
`37 C.F.R. § 42.24(b) ................................................................................................27
`
`37 C.F.R. § 42.301(b) ................................................................................................ 3
`
`Additional Authorities
`
` “A Practical Secure Physical Random Bit Generator” at Introduction,
`http://www.arijuels.com/wp-content/uploads/2013/09/JSHJ98.pdf ....................20
`
`iii
`
`

`

`“A Proposal for an ISO Standard for Public Key Encryption (version 2.1)”,
`p. 17, https://www.shoup.net/papers/iso-2_1.pdf ................................................19
`
`Case No. CBM2018-00025
`U.S. Patent No. 8,577,813
`
`iv
`
`

`

`Case No. CBM2018-00025
`U.S. Patent No. 8,577,813
`
`PATENT OWNER’S LIST OF EXHIBITS
`
`Exhibit
`#
`2001 Declaration of Markus Jakobsson in Support of Patent Owner’s
`Preliminary Response
`
`Description
`
`2002
`
`Curriculum Vitae of Markus Jakobsson
`
`2003 Declaration of Alan Schiffman in Support of Patent Owner’s
`Preliminary Response
`
`2004
`
`Curriculum Vitae of Alan Schiffman
`
`2005
`
`1-1-2014 Unified website
`
`2006
`
`3-2-2016 Unified website
`
`2007
`
`Brief of Amici Curiae Unified Patents
`
`2008 Declaration ISO of Unopposed Motion for Admission Pro Hac Vice
`of Harold A. Barza.
`
`2009 Declaration ISO of Unopposed Motion for Admission Pro Hac Vice
`of Jordan B. Kaericher.
`
`2010 U.S. Application No. 13/237,184.
`
`2011 U.S. Application No. 12/393,586.
`
`2012 Declaration by Dr. Markus Jakobsson Ph.D. in Support of Motion to
`Amend.
`
`2013 Declaration of Markus Jakobsson in Support of Patent Owner’s
`Response
`
`2014 N. Asokan, et. al, The State of the Art in Electronic Payment
`Systems, IEEE Computer, Vol. 30, No. 9, pp. 28-35 (IEEE Computer
`Society Press, Sept. 1997)
`
`v
`
`

`

`Case No. CBM2018-00025
`U.S. Patent No. 8,577,813
`
`2015 M. Baddeley, Using E-Cash in the New Economy: An Economic
`Analysis of Micropayment Systems, J. Electronic Commerce
`Research, Vol. 5, No. 4, pp. 239-253 (Nov. 2004)
`
`2016 Deposition Transcript of Dr. Victor John Shoup
`
`2017 Universal Secure Registry, LLC v. Apple Inc., No. 1:17-cv-00585-
`CFC-SRF, Doc. 137 (D. Del., Sept. 19, 2018)
`
`2018
`
`2019
`
`2020
`
`2021
`
`2022
`
`IT World Publication, RSA offers token, smart-card reader combo,
`dated January 15, 2002, available at
`https://www.itworld.com/article/2793082/rsa-offers-token-smartcard-
`reader-combo.html
`
`IT Web Publication, RSA SecurID token beefed up with smart card
`reader, dated January 22, 2002, available at
`https://www.itweb.co.za/content/PmxVEMKX8QAqQY85
`
`Practical Unix & Internet Security, Chapter 8, available at
`http://web.deu.edu.tr/doc/oreily/networking/puis/ch08_07.htm
`
`IBM Knowledge Center, SecurID Token authentication,
`https://www.ibm.com/support/knowledgecenter/en/SSPREK_9.0.6/co
`m.ibm.isam.doc/wrp_config/concept/con_securid_token_authe.html
`
`Smart Card Integration Into Physical Access Control Systems,
`available at
`https://www.securetechalliance.org/secure/events/20030715/Technolo
`gyTrack/WT02d_Pfeiffer.pdf
`
`2023
`
`Concise Oxford English Dictionary (11th Ed. 2008)
`
`2024 American Heritage Desk Dictionary (2005)
`
`2025 U.S. Patent No. 6,985,583
`
`vi
`
`

`

`Case No. CBM2018-00025
`U.S. Patent No. 8,577,813
`
`Universal Secure Registry, L.L.C. (“PO”) submits this Sur-Reply in
`
`opposition to Apple Inc.’s (“Petitioner”) Reply (Paper 26, “Reply”) to PO’s
`
`Response (Paper 20, “Response”). Despite ignoring the Board’s rules against the
`
`submission of new evidence and arguments, the Reply still fails to prove invalidity
`
`of the challenged claims.
`
`I.
`
`THE ‘813 PATENT IS NOT CBM ELIGIBLE
`IBG LLC v. Trading Technologies Int’l, Inc. Requires Dismissal
`
`A.
`
`As set forth in the Response, the Federal Circuit recently clarified the
`
`“technological invention” exception to CBM review. IBG LLC v. Trading
`
`Technologies Int’l, Inc., 2019 WL 581580, *1 (Fed Cir., Feb. 13, 2019) (“IBG”).
`
`Specifically, the Court vacated Board decisions holding four patents with the same
`
`specification were not “technological inventions” where both the Board and Federal
`
`courts had found two patents in the family to be eligible under Section 101 because
`
`they were directed to an improvement in computer systems. Id., *1-*3. The present
`
`proceeding presents identical facts: Both the Board and a federal court have found
`
`the ‘813 patent to be eligible because they are directed to an improvement in the
`
`security of mobile devices. See Apple, Inc. v. Universal Secure Registry LLC,
`
`CBM2018-00026 (Paper 11), slip op., 24 (PTAB Dec. 10, 2018); Universal Secure
`
`Registry, LLC v. Apple, Inc., No. 1:17-cv-00585-CFC-SRF, Doc. 137 (D. Del.,
`
`2018).
`
`1
`
`

`

`Case No. CBM2018-00025
`U.S. Patent No. 8,577,813
`
`While the Reply attempts to distinguish IBG on grounds that eligibility has
`
`not been “upheld by any final…determination,” that distinction is inapposite. See
`
`Reply, 3-4. The gravamen of IBG is that eligible patents directed to an improvement
`
`in computer systems are also “technological inventions.” IBG, *2. The decisions of
`
`the Board and a district court—holding the ‘813 patent to be eligible because it is
`
`directed to an improvement in the security of mobile devices—are “instructive to the
`
`technological invention question;” indeed, according to IBG, it would be “internally
`
`inconsistent” to conclude the ‘813 patent to not be a “technological invention.” See
`
`IBG, *1-*3.
`
`Petitioner further argues that IBG is distinguishable because the USPTO has
`
`rejected other claims in other pending applications as ineligible. Reply, 4. This
`
`alleged distinction is misplaced because both the Board and a district court have
`
`addressed the identical patent and claims presented here and found them to be
`
`eligible.
`
`B.
`
`Petitioner Fails To Prove The Claimed Subject Matter As A
`Whole Does Not Recite A Technological Feature That Is Novel
`And Unobvious
`
`As explained in the Response, the Petition should also be dismissed because
`
`the claims solve a “technical problem using a technical solution.” The Reply argues
`
`PO’s expert admits “that all the technology used by the ‘813 patent—from hardware
`
`2
`
`

`

`Case No. CBM2018-00025
`U.S. Patent No. 8,577,813
`
`components, to the communication interface, to the database and encryption
`
`techniques—was known.” Reply, 1-2. However, this argument is inapposite.
`
`It is insufficient to simply conclude that the claims use “known” features. 37
`
`C.F.R. §42.301(b) requires consideration of “the claimed subject matter as a
`
`whole”—not hardware/software implementation of individual steps. See, e.g.,
`
`Experian Mktg. Sol’ns, Inc. v. RPost Commc’ns Ltd., CBM2014-0010 (Paper 20)
`
`slip op., 9 (PTAB Apr. 22, 2014) (petitioner incorrectly analyzed steps instead of
`
`examining each claim as a whole). Here, the specification and claims make clear
`
`that neither the individual recited components nor individual claimed steps are the
`
`invention; rather, the claims as a whole were the revolutionary advancement for
`
`which the USPTO granted the ‘813 patent. As in IBG, the claims are not subject to
`
`CBM review because they address a specific technical problem and set forth a
`
`“specific implementation of a solution to a problem in the software arts.” IBG, *2.
`
`C.
`
`Petitioner Fails To Prove The Claimed Subject Matter As A
`Whole Does Not Solve A Technological Problem Using A
`Technical Solution
`
`Petitioner also fails to prove the claimed subject matter does not provide
`
`technical solutions to solve technical problems.
`
`In its Reply, Petitioner failed to adequately address PO’s explanations, set
`
`forth in its Response, that Petitioner (1) ignores the software contribution in the
`
`claims, (2) fails to address the claimed invention as a whole, (3) fails to address any
`
`3
`
`

`

`Case No. CBM2018-00025
`U.S. Patent No. 8,577,813
`
`of the claim language, or (4) mischaracterized the problem to be solved and the
`
`claimed solution. Instead, Petitioner merely recycled arguments from pages 16 to
`
`18 of its Petition. See Reply, 2-3. For the reasons set forth in the Response, the
`
`Petition should be denied because Petitioner has failed to prove the claimed subject
`
`matter does not provide technical solutions to solve technical problems.
`
`II.
`
`PETITIONER FAILS TO PROVE THAT THE INDEPENDENT
`CLAIMS WOULD HAVE BEEN OBVIOUS
`
`A.
`
`The Petition Fails to Show the Recited “Secure Registry” (all
`Claims)
`
`The Petition asserts that Jakobsson’s “verifier 105” is the claimed “secure
`
`registry.” See, e.g., Pet. at 26, 38-39, 51-52, 72. The Petition does not rely upon
`
`Maritzen for any aspect of the “secure registry” and cannot do so now. Id.
`
`PO shows in its Response that under the correct construction a “secure
`
`registry” must be capable of storing “user account information associated with
`
`different entities” (e.g., the different entities associated with the “plurality of
`
`accounts”). Response at 13. PO establishes that verifier 105 cannot store account
`
`information associated with different entities, and thus is not the “secure registry.”
`
`Id. at 63-65.
`
`The Reply argues that (1) verifier 105 can be a “secure registry” even if it is
`
`not capable of storing information associated with different entities, and (2) verifier
`
`4
`
`

`

`Case No. CBM2018-00025
`U.S. Patent No. 8,577,813
`
`105 can store information for different financial institutions. Reply at 17-19.
`
`Petitioner is wrong on both accounts.
`
`1.
`
`The Board Should Reject Petitioner’s Construction As
`Inconsistent with the Intrinsic Evidence.
`
`The Reply argues the term “secure registry” should be construed to include a
`
`database that “only ha[s] data relating to a single credit card company,” but fails to
`
`identify any disclosure in the ‘813 patent of such a secure registry (or of any secure
`
`registry storing information associated with only one entity).. Reply at 16-17.2 Nor
`
`does the Reply cite to any other disclosure that supports its position. The “Summary
`
`of the Invention” explains that an object of the secure registry database is to
`
`eliminate the need for “the person to carry multiple forms of identification.” ‘813
`
`patent at 3:57-4:20 (“database of the invention may be used…[to] take the place of
`
`multiple conventional forms of identification.”) A secure registry that only stores
`
`data for a single entity is contrary to this purpose because it could require users to
`
`carry separate electronic ID devices for each account entity (American Express,
`
`Chase, Citibank, etc.). And as explained in PO’s Response, the ‘813 patent
`
`consistently teaches that the secure registry must be able to store data associated with
`
`2 Apple contends that “USR uses the term ‘entities’ to refer to ‘credit card
`companies.’” Id. To be clear, “entities” are not limited to credit card companies.
`A secure registry could also, for example, contain user account information
`associated with different entities constituting banks or other financial institutions.
`
`5
`
`

`

`Case No. CBM2018-00025
`U.S. Patent No. 8,577,813
`
`different entities. Response at 13-14. Petitioner cannot rely on a legally incorrect
`
`interpretation. Microsoft Corp. v. Proxyconn, Inc., 789 F.3d 1292, 1298 (Fed. Cir.
`
`2015) (“giving claims their broadest reasonable interpretation…does not include
`
`giving claims a legally incorrect interpretation” that is “divorced from the
`
`specification.”)
`
`2.
`
`The Petition Failed to Show a Secure Registry Because the
`Verification Device Cannot Store Information for Multiple
`Entities.
`
`Citing Paragraph 76 of Jakobsson, the Reply contends the disclosure suggests
`
`that limiting the verifier to a single entity is “only one potential embodiment.” Pet.
`
`at 17-18; see also Ex. 1128, ¶¶39-40 (expert declaration repeating same arguments
`
`verbatim). The Reply also states that “[n]othing in the ‘585 reference mandates that
`
`each financial institution have a separate verifier” and that having different verifiers
`
`for each institution “is merely an option.” Id.3
`
`Petitioner did not rely upon Paragraph 76 in the Petition and should not be
`
`permitted to do so now. Moreover, Petitioner is wrong. Jakobsson teaches the
`
`verifier cannot “store user account information associated with different entities;”
`
`the verifier is specific to a single entity. Response at 13, 63-65.
`
`3 Petitioner refers to the Jakobsson reference as “the ‘585 reference.”
`
`6
`
`

`

`Case No. CBM2018-00025
`U.S. Patent No. 8,577,813
`
`Petitioner’s assertion that Jakobsson discloses a “secure registry” relies upon
`
`a fundamental misunderstanding of the verifier, as Paragraph 76 does not suggest a
`
`verifier can be associated with more than a single entity. Paragraph 76 incorporates
`
`by reference “co-pending United States Patent Application Serial No. 09/304,775”
`
`(the ‘775 Application). Ex. 1115 (Jakobsson), ¶76. This application (which was
`
`also assigned to RSA Security, Inc. and shares an inventor with Jakobsson) states
`
`that the authentication device is limited to communicating with a single verifier that
`
`is specific to a single service entity:
`
`[A] single device presently cannot be used to access
`
`multiple independent services. For example, the same
`
`device cannot be used to access an enterprise’s computer
`
`system and a financial institution’s web page. Even if each
`
`independent service trusts the user and the device, the
`
`services do not trust each other. In the example just
`
`mentioned, a bank does not trust the user’s employer. If
`
`each of the services share the same secret with the device,
`
`then each service has information that can compromise the
`
`others. This prevents use of a single device from being
`
`used with verifiers associated with independent services.
`
`7
`
`

`

`Case No. CBM2018-00025
`U.S. Patent No. 8,577,813
`
`Ex. 2025 (U.S. Patent No. 6,985,583) at 2:41-51.4 A POSITA would understand
`
`that Jakobsson’s verifier cannot be used to access services provided by independent
`
`entities.
`
`Petitioner attempts to circumvent Jakobsson’s limited disclosure by now
`
`arguing “the secure registry can comprise ‘multiple computers connected over a
`
`computer network.’” Reply at 18 (citing ‘813 patent at 10:60-63). Again, this
`
`improper new argument, relying on a ‘813 patent citation not appearing in the
`
`Petition, should not be considered. And this argument is without merit in any event;
`
`there is no disclosure of verifiers being connected over a “computer network.”
`
`Finally, Petitioner’s unsupported interpretation, encompassing a distributed system
`
`of independent secure registries each storing information for a different entity,
`
`contradicts the patent’s disclosure of a secure registry as a “centralized system to
`
`control access to a plurality of secure networks.” ‘813 patent at 22:58-60, 24:11-15,
`
`24:36-37 (“USR 10 can also provide centralized administration….”), 24:17-24
`
`(“centralized approach”).
`
`B.
`
`The Petition Fails to Show the “Electronic ID Device” (All
`Claims)
`
`The “electronic ID device” of the ‘813 patent claims is in communication with
`
`a “secure registry,” and allows a user to “select any one of a plurality of accounts
`
`4 The ‘775 Application issued as U.S. Patent No. 6,985,583.
`
`8
`
`

`

`Case No. CBM2018-00025
`U.S. Patent No. 8,577,813
`
`associated with the user to employ in a financial transaction.” ‘813 patent at 51:65-
`
`67, 52:7-10. The Petition alleges that Jakobsson’s “authentication device 120”
`
`discloses the claimed “electronic ID device,” or that in view of Maritzen it would
`
`have been obvious to modify Jakobsson’s system in some undisclosed manner to
`
`arrive at the electronic ID device. Pet. at 27-35. PO showed in its Response that
`
`Jakobsson’s authentication device does not allow a user to select “any one of a
`
`plurality of accounts associated with the user to employ in a financial transaction,”
`
`and the addition of Maritzen does not cure this deficiency. Response at 36-54.
`
`Although Petitioner’s Reply introduces improper new arguments and
`
`evidence, including a declaration from a new declarant (Ari Juels, Ex. 1126; see
`
`Paper 30 (PO’s Motion to Strike), Petitioner is still unable to show the “electronic
`
`ID device.”
`
`1.
`
`Jakobsson Does not Render Obvious the Electronic ID
`Limitation
`
`Relying on Jakobsson’s statement that the combination function can employ
`
`“unique names and numbers, or other information,” Petitioner newly asserts a
`
`“POSITA would have understood” the “authentication device 120 [electronic ID
`
`device]” could be used to select “a particular account” for use in a financial
`
`transaction. Reply at 5-6 (citing Ex. 1128, ¶23). The Board should decline to
`
`consider this new argument.
`
`9
`
`

`

`Case No. CBM2018-00025
`U.S. Patent No. 8,577,813
`
`Further, this argument highlights Petitioner’s inability to identify any
`
`disclosure in Jakobsson for this limitation. Jakobsson’s mention of names, numbers,
`
`and “other information” is silent about selecting an account from a plurality of
`
`accounts. Ex. 1115 (Jakobsson), ¶61. And, it is undisputed that the patent makes
`
`clear that the claimed “plurality of accounts” can be associated with different entities
`
`and services (e.g., American Express, Chase, Citibank, etc.). ‘813 patent at 44:39-
`
`53 (“accounts” can be “credit card accounts” such as those “serviced by Visa,
`
`Mastercard, Discover and American Express” or they can be “debit accounts
`
`associated with the various bank accounts held by the user.”). In contrast,
`
`Jakobsson’s authentication device “cannot be used to access multiple independent
`
`services” (e.g., American Express, Chase, Citibank, etc.) because Jakobsson’s
`
`verifier is specific to a single entity and service. See Section 0.
`
`The Reply also attacks as “lacking in objectivity” Dr. Jakobsson’s testimony
`
`that the reference to a credit card in the Jakobsson reference describes the “form
`
`factor” of the authentication device, and not that the authentication system, including
`
`its authentication code, is used to conduct credit card transactions. Reply at 6-7. But
`
`Dr. Jakobsson’s testimony is correct. First, the Petitioner previously characterized
`
`these disclosures as teaching that the authentication device can be a “credit card sized
`
`and shaped device” in the Petition. Pet. at 27-28 (stating disclosure teaches “credit
`
`card sized shaped device” and “credit card sized embodiment”). The Petition never
`
`10
`
`

`

`Case No. CBM2018-00025
`U.S. Patent No. 8,577,813
`
`argued that Jakobsson discloses an actual credit card that uses Jakobsson’s
`
`authentication system and authentication code. Id. Second, credit cards are
`
`mentioned in a paragraph that begins with “[t]he user authentication device 120 can
`
`take various forms in various embodiments of the invention,” and then proceeds to
`
`describe the device form factor (e.g., that the device can be incorporated into a “key
`
`fob” or a “USB dongle”). Ex. 1114 (Jakobsson), ¶41. Tellingly, Petitioner fails to
`
`identify any discussion in Jakobsson describing how an alleged credit card
`
`embodiment would work. Third, the Jakobsson reference teaches that the
`
`authenticate device can be from the patent’s assignee, RSA SecurID. SecurID
`
`offered credit card shaped devices (shown below), but there is no evidence that
`
`SecureID offered devices for credit card transactions:
`
`Response at 45; Ex. 2013 (Markus Decl.), ¶65.
`
`11
`
`

`

`Case No. CBM2018-00025
`U.S. Patent No. 8,577,813
`
` The Reply also relies upon new arguments from new declarant Ari Juels to
`
`allege that the authentication device can be a credit card for use in financial
`
`transactions. First, this new argument and evidence should not be considered
`
`because the Petition does not include any assertion that the authentication device is
`
`an actual credit card for use in a financial transaction. Second, the mention of credit
`
`cards refers to the authentication device’s form factor, as mentioned above. Ex. 1115
`
`(Jakobsson), ¶41. At 65 pages in length (not including its figures) and over sixty
`
`claims, if the Jakobsson reference disclosed a credit card embodiment for financial
`
`transactions, Petitioner would have been able to point to a clear discussion of such
`
`an embodiment. Third, a credit card does not permit a user to select one of a plurality
`
`of accounts. Thus, even if Jakobsson taught using its authentication code in a credit
`
`card transaction (and it does not), that would not satisfy the claims.
`
`2.
`
`Jakobsson in View of Maritzen Does Not Render Obvious the
`Electronic ID Limitation
`
`The Petition also asserts it would have been obvious to modify Jakobsson in
`
`view of Maritzen to arrive at the claimed electronic ID device because Maritzen
`
`discloses a “personal transaction device” (PTD) that “allows a user selection of an
`
`account from a ‘list’ prior to executing a financial transaction.” Pet. at 8. But PO
`
`showed in its Response that the Petition was misrepresenting Maritzen. Pet. at 44,
`
`n.4. Martizen discloses its PTD may use a pre-funded cash account that “is pre-
`
`12
`
`

`

`Case No. CBM2018-00025
`U.S. Patent No. 8,577,813
`
`established by the user prior to conducting a financial transaction with PTD 100.”
`
`Petitioner’s citation to Maritzen’s statement that “[t]he user may select a different
`
`account from a list of accounts displayed” without including the disclosure’s prior
`
`sentence that a selection only occurs if the pre-established account is first rejected
`
`for “insufficient funds,” mischaracterizes the disclosure. Response at 43-44; Pet. at
`
`29; Ex. 1116 (Maritzen), ¶105.
`
`The Reply does not dispute PO’s description of Maritzen, but instead changes
`
`course to argue the claims do not require selecting an account prior to generating the
`
`authentication information. Reply at 8-9. This new argument is meritless. The
`
`claims make clear that account selection must occur prior to generating the
`
`authentication information. For example, claim 24 recites that the “encrypted
`
`authentication information” is “authenticated” to “authoriz[e]” or “deny[]” a
`
`“transfer of funds to or from the account selected.” Ex. 1101 at 54:39-46. To use
`
`encrypted authentication information to authorize or deny transfer from a selected
`
`account, the account selection must be completed before generating the
`
`authentication information. Similarly, a POSITA would also understand that in
`
`claims 1 and 16 an account is selected from a plurality of accounts, and the encrypted
`
`authentication information is generated and used to authenticate the user and
`
`complete the transaction involving the selected account. Petitioner’s new arguments
`
`to the contrary lack merit. See, e.g., Kaneka Corp. v. Xiamen Kingdomway Grp.
`
`13
`
`

`

`Case No. CBM2018-00025
`U.S. Patent No. 8,577,813
`
`Co., 790 F.3d 1290, 1306 (Fed. Cir. 2015) (“Where the steps of a method claim
`
`actually recite an order, we ordinarily construe the claim to require order. A method
`
`claim can also be construed to require that steps be performed in order where the
`
`claim implicitly requires order, for example, if the language of a claimed step refers
`
`to the completed results of the prior step.”) (internal citations omitted).
`
`The Reply also incorrectly argues that Maritzen discloses selecting an account
`
`before generating encrypted authentication information, abandoning the citations
`
`relied upon in the Petition for this limitation in favor of two new paragraphs. Reply
`
`at 9 (citing Maritzen, ¶¶48-49). Not only is Petitioner’s new evidence and argument
`
`improper, Petitioner’s arguments again misrepresent Maritzen’s disclosures. While
`
`Petitioner argues Maritzen’s paragraphs 48 and 49 disclose that “the user may select
`
`a transaction key (associated with a specific account) on the user interface prior to
`
`conducting a transaction” (Reply at 9), nothing in these paragraphs teaches that a
`
`user selects an account or transaction key on the user interface of the PTD. Indeed,
`
`neither paragraph mentions the PTD. Ex. 1116, ¶¶48-49. Rather, the paragraphs
`
`discuss the “clearing house 130,” and explain that the “clear house 130 selects a pre-
`
`existing account” if it determines a transaction key is valid. Id.
`
`Relatedly, Petitioner now argues that Maritzen’s PTD 100 can “store a
`
`transaction key 340 that corresponds to a specific account,” and that it would have
`
`therefore been obvious “to incorporate Maritzen’s storage of account information to
`
`14
`
`

`

`Case No. CBM2018-00025
`U.S. Patent No. 8,577,813
`
`the ‘585 reference.” Reply at 10. Petitioner’s reliance on the transaction key and its
`
`relationship to an account, in addition to being a new argument, is also wrong.
`
`Maritzen’s PTD generates “transaction key 340” if the biometric key is valid, and
`
`its “transaction key information” is only stored temporarily. Ex. 1116 (Maritzen),
`
`¶¶68, 89. Further, Maritzen discloses that the transaction key includes either (1) “a
`
`biometric key 350 and a PTD identifier,” or (2) “only a biometric key.” Id., ¶89.
`
`Maritzen’s temporary storage of a PTD identifier and/or biometric key is not a
`
`disclosure of storing account information for a plurality of accounts, nor is it a
`
`disclosure of selecting an account from a plurality of accounts stored on the
`
`electronic ID device. Maritzen does not include any such teaching because it
`
`expressly states that account information is stored on the remote clearing house
`
`server, not the PTD. Response at 43, 52.
`
`PO also demonstrated in its Response that the Petition fails to explain how a
`
`POSITA would modify Jakobsson in view of Maritzen to arrive at the claimed
`
`limitation. In Response, the Reply asserts that “[a]n account selection is a simple
`
`user interface feature” that “would have been obvious to implement to improve the
`
`user experience.” Reply at 9. This conclusory assertion highlights the problem with
`
`Petitioner’s analysis. Petitioner fails to consider the complexities of the claims and
`
`its proposed combination. For example, even if it were obvious to modify the user
`
`interface to allow selection of multiple accounts (it is not), Petitioner has failed to
`
`15
`
`

`

`Case No. CBM2018-00025
`U.S. Patent No. 8,577,813
`
`show how other components, for instance Jakobsson’s verifier, would be modified
`
`to work with multiple accounts. As explained in Section 0, Jakobsson’s verifier is
`
`specific to a single entity and cannot handle accounts associated with different
`
`entities.5
`
`C.
`
`The Petition Fails to Show the “Point-of-Sale Terminal” (All
`Claims)
`
`The Reply introduces new expert testimony (including from a new declarant,
`
`Dr. Juels) to argue that “communication terminal 140 could be a POS terminal
`
`capable of receiving a swipe from a user’s credit card.” Reply at 14. But Petitioner
`
`remains unable to cite to any portion of Jakobsson that teaches the communication
`
`terminal is located at a point-of-sale or that it is a POS terminal.
`
`Petitioner points to Jakobsson’s disclosure that the communication terminal
`
`can be a smart card reader and that the authentication device can have a credit card
`
`5 Further, Petitioner’s reliance on the ‘813 patent’s mention of the SecureID token
`
`is misplaced. The disclosure does not teach or suggest that a SecureID token
`
`performs the claimed invention or that it is used to select a financial account for
`
`conducting a financial transaction. At best, the disclosure only teaches that the
`
`claimed invention is more than just a SecureID token like the one disclosed in
`
`Jakobsson.
`
`16
`
`

`

`Case No. CBM201