`
`Attorney Docket: UKY-778IPR
`
`
`
`IN THE UNITED STATES PATENT AND TRADEMARK OFFICE
`
`Inter partes Review Case No. IPR2015-01440
`
`Inter partes Review of: U.S. Patent No. No. 7,706,778
`
`Issued: April 27, 2010
`
`To: Peter R. Lowe
`
`For: System and Method for Remotely Assigning and Revoking Access
`Credentials Using a Near Field Communication Equipped Mobile Phone
`
`DECLARATION OF BRUCE SCHNEIER IN SUPPORT OF REQUEST
`FOR INTER PARTES REVIEW OF THE ’778 PATENT
`
`1.
`
`I am Bruce Schneier. I have been retained by Proskauer Rose, LLP
`
`on behalf of UniKey Technologies, Inc. (“UniKey”), and have been asked by
`
`counsel to review relevant materials and render my expert opinion in connection
`
`with technical matters related to U.S. Patent No. 7,706,778 (Ex. 1001) (“’778
`
`patent”). I submit this report on behalf of UniKey in support of its petition for
`
`Inter Partes Review (IPR) of the ’778 patent (“Petition”). For at least the reasons
`
`expressed in this declaration, I agree with the contents of the Petition, and I believe
`
`my opinions expressed below are consistent with the Petition.
`
`I.
`
`INTRODUCTION
`2.
`
`I understand that the parties involved in this IPR proceeding are the
`
`Petitioner, UniKey, and the patent owner, Assa Abloy AB.
`
`
`
`UniKey Exhibit 1002, Page 1
`
`
`
`
`
`3.
`
`For my efforts in connection with the preparation of this declaration, I
`
`have been compensated at my standard hourly rate for this type of consulting
`
`activity. However, my compensation is not dependent on the outcome of this
`
`proceeding. I am not an employee, consultant, or contractor of either party.
`
`4.
`
`I have summarized in this next section relevant aspects of my
`
`educational background, career history, publications, and other relevant
`
`qualifications, the full details of which are set for in the curriculum vitae attached
`
`hereto as Appendix A.
`
`II. QUALIFICATIONS
`
`A.
`
`
`
`5.
`
`Educational Background
`
`I hold an M.S. Degree in Computer Science, which I obtained from
`
`American University in 1986, and a B.S. Degree in Physics, which I obtained from
`
`the University of Rochester in 1984.
`
`B.
`
`
`
`6.
`
`Career History
`
`I presently hold the title of Chief Technology Officer of Resilient
`
`Systems, Inc. (formerly Co3 Systems, Inc.), in Cambridge, Massachusetts.
`
`7.
`
`I am a fellow at the Berkman Center for Internet and Society at
`
`Harvard Law School, a program fellow at the New America Foundation's Open
`
`Technology Institute, a board member of the Electronic Frontier Foundation, and
`
`an Advisory Board member of the Electronic Privacy Information Center.
`
`
`
`
`
`
`
`
`UniKey Exhibit 1002, Page 2
`
`
`
`
`
`8.
`
`From 2006 until 2013, I held the titles of Chief Security Technology
`
`Officer and Security Futurologist for British Telecom.
`
`9.
`
`Prior to that, from 1999 until 2006, I was Chief Technology Officer of
`
`Counterpane Internet Security, Inc., and prior to that I was the President of
`
`Counterpane Systems.
`
`C.
`
`
`
`10.
`
`Books and Publications
`
`I am the author of a number of books on the topics of cryptography,
`
`computer security, general security technology, trust, surveillance, and privacy,
`
`including the bestseller Applied Cryptography: Protocols, Algorithms, and Source
`
`Code in C, John Wiley & Sons (1994).
`
`11.
`
`I have also coauthored numerous academic publications, including,
`
`but not limited to, the subjects of cryptography, information security, e-mail
`
`security, electronic commerce security, software encryption, encryption algorithm
`
`design, digital signature authentication, and hash functions.
`
`12.
`
`I have also published numerous articles on the subject of security
`
`technology and its effects at individual and national levels, for publications such as
`
`The New York Times, The Wall Street Journal, The Guardian, Forbes, Wired,
`
`Nature, The Bulletin of the Atomic Scientists, The Sydney Morning Herald, The
`
`Boston Globe, The San Francisco Chronicle, and The Washington Post.
`
`D.
`
`
`
`Patents
`
`
`
`
`
`
`
`
`UniKey Exhibit 1002, Page 3
`
`
`
`
`
`13.
`
`I am also a named co-inventor on eighty-two (82) issued U.S. Patents
`
`relating to cryptography, computer security, security technology, and electronic
`
`commerce.
`
`E.
`
`
`
`14.
`
`Awards & Recognitions
`
`I am the recipient of the following awards, among others:
`
` Electronic Privacy Information Center Lifetime Achievement
`
`Award, 2015;
`
` Berkman Fellow at the Berkman Center for Internet and Society
`
`at Harvard University, 2013–2016 academic years;
`
` named one of the IFSEC 40: The Most Influential People in
`
`Security & Fire, January 2013;
`
` Honorary Doctor of Science (ScD) from University of
`
`Westminster, London, December 2011;
`
` CSO Compass Award, May 2010; (6) Computer Professionals
`
`for Social Responsibility (CPSR) Norbert Weiner Award, January
`
`2008;
`
` Electronic Frontier Foundation (EFF) Pioneer Award, March
`
`2007;
`
`
`
`
`
`
`
`
`UniKey Exhibit 1002, Page 4
`
`
`
`
`
` Dr. Dobb’s Journal Excellence in Programming Award, April
`
`2006;
`
` Infoworld CTO 25 Award, April 2005; and
`
` Productivity Award for Secrets and Lies in the 13th Annual
`
`Software Development Magazine Product Excellence Awards, 2000.
`
`15. Accordingly, I consider myself to be an expert in the field of
`
`cryptography and systems security. Based on my extensive understanding of the
`
`technology at hand, I believe to be qualified to provide an opinion as to what a
`
`person of ordinary skill in the art would have understood, known, or concluded
`
`during and around the timeframe when the ’778 Patent was filed.
`
`16.
`
`In support of my conclusions, I may cite to various representative
`
`teachings within the prior art or disclosures within the ’778 Patent. These citations
`
`are intended to be representative, rather than exhaustive.
`
` Materials Considered
`F.
`17.
`
`In my analysis, I considered the ’778 Patent and its file history, as
`
`well as the prior art references and related documentation discussed below. I have
`
`also reviewed in detail the Petition to which this declaration relates.
`
`18.
`
`I make this declaration based on personal knowledge, and I am
`
`competent to testify about the matters set forth herein.
`
`
`
`
`
`
`
`
`UniKey Exhibit 1002, Page 5
`
`
`
`
`
`19. A copy of my CV is attached to this declaration as Appendix A.
`
`III. UNDERSTANDING OF LEGAL STANDARDS
`20.
`
`I am not a lawyer and I have no legal training. I have been informed
`
`by UniKey’s counsel about certain legal principles and standards, which I have
`
`assumed and applied for purposes of this declaration. Some of these, which form
`
`the legal framework for the opinions I am providing, are summarized below.
`
`A.
`
`
`
`21.
`
`Validity
`
`I have assumed that a patent claim may be found invalid if it is
`
`anticipated or rendered obvious by prior art. I have considered references such as
`
`patents and publications to be prior art to the ’778 patent if they were patented or
`
`published more than one year before the alleged priority date of the ’778 patent, or
`
`if they were patented or filed as an application for a patent, which was
`
`subsequently published, with a date prior to the date the subject matter of the
`
`claims of the ‘778 Patent was allegedly invented. For purposes of this declaration,
`
`I have assumed that the priority date of the claims of the ’778 patent is April 5,
`
`2005, the date on which the provisional application to which the ’778 patent claims
`
`priority was filed.
`
`22.
`
`I have assumed that a patent claim is anticipated under 35 U.S.C. §
`
`102 if each and every limitation of the claim is disclosed in a single prior art
`
`reference as arranged in the claim. I understand that each element of a patent claim
`
`
`
`
`
`
`
`UniKey Exhibit 1002, Page 6
`
`
`
`
`
`may be disclosed by a prior art reference either expressly or inherently. My
`
`understanding is that even an “express” disclosure does not necessarily need to use
`
`the same words as the claim. I also understand that an element of a patent claim is
`
`inherent in a prior art reference if the element must necessarily be present, and its
`
`presence would be recognized by a person of ordinary skill in the art. However, I
`
`understand that inherency cannot be established by mere probabilities or
`
`possibilities.
`
`23.
`
`I understand that not all innovations are patentable; even if a claimed
`
`product or method is not disclosed in its entirety in a single prior art reference, it is
`
`nonetheless invalid if the differences between the patented subject matter and the
`
`prior art are such that the subject matter as a whole would have been obvious to a
`
`person of ordinary skill in the art at the time of the innovation. I am informed that
`
`this standard is set forth in 35 U.S.C. § 103(a).
`
`24.
`
`I have assumed that when considering the issues of obviousness, I am
`
`to do the following: (i) determine the scope and content of the prior art; (ii)
`
`ascertain the differences between the prior art and the claims at issue; (iii) resolve
`
`the level of ordinary skill in the pertinent art; and (iv) consider objective evidence
`
`of non-obviousness (so-called “secondary considerations”). I appreciate that
`
`secondary considerations must be assessed as part of the overall obviousness
`
`
`
`
`
`
`
`
`UniKey Exhibit 1002, Page 7
`
`
`
`
`
`analysis, and should not be considered merely to decide whether they alter any
`
`initial obviousness conclusions that could be drawn based on the prior art.
`
`25.
`
`In determining whether the subject matter as a whole would have been
`
`obvious at the time that the invention was made to a person having ordinary skill in
`
`the art, I have been informed of several principles regarding the combination of
`
`elements of the prior art. First, a combination of familiar elements according to
`
`known methods is likely to be obvious when it yields predictable results. Second,
`
`if a person of ordinary skill in the art can implement a “predictable variation” in a
`
`prior art device, and would see the benefit from doing so, such a variation would
`
`be obvious. In particular, when there is pressure to solve a problem and there are a
`
`finite number of identifiable, predictable solutions, it would be reasonable for a
`
`person of ordinary skill to pursue those options that fall within his or her technical
`
`grasp. If such a process leads to the claimed invention, then the latter is not an
`
`innovation, but more the result of ordinary skill and common sense.
`
`26.
`
`I understand that the “teaching, suggestion, or motivation” test is a
`
`useful guide in establishing a rationale for combining elements of the prior art.
`
`This test poses the question as to whether there is an explicit teaching, suggestion,
`
`or motivation in the prior art to combine prior art elements in a way that realizes
`
`the claimed invention. Though useful to the obviousness inquiry, I understand that
`
`
`
`
`
`
`
`
`UniKey Exhibit 1002, Page 8
`
`
`
`
`
`this test should not be treated as a rigid rule. It is not necessary to seek out precise
`
`teachings; it is permissible to consider the inferences and creative steps that a
`
`person of ordinary skill in the art would employ.
`
`B.
`
`
`
`27.
`
`The Level of Ordinary Skill in the Art
`
`I understand that “a person of ordinary skill in the relevant field” is
`
`presumed to be a person with standard skill, creativity, and knowledge in a
`
`particular field or industry. This person thinks along the line of conventional
`
`wisdom in the art but is neither an automaton nor one who undertakes to innovate,
`
`whether it is by patient, expensive, and systematic research or by extraordinary
`
`insight.
`
`28.
`
`In assessing the level of ordinary skill, I further understand one may
`
`consider several factors including: (1) the educational level of the inventor; (2) the
`
`educational level of active workers in the field; (3) type of problems encountered
`
`in the art; (4) prior art solutions to those problems; (5) the rate of innovation in the
`
`field; and (6) the sophistication of the technology.
`
`29. Based on my experience, I have an understanding of the capabilities
`
`of a person of ordinary skill in the relevant fields. I have supervised, directed, and
`
`worked with many such persons over the course of my career. Further, I had at
`
`least those capabilities myself on the priority date of the ’778.
`
`
`
`
`
`
`
`
`UniKey Exhibit 1002, Page 9
`
`
`
`
`
`30.
`
`I have been informed that the level of skill in the art is evidenced by
`
`prior art references. The prior art discussed herein demonstrates that a person of
`
`ordinary skill in the field, on the assumed priority date of the ’778, was aware of
`
`secure access systems, methods for distributing credentials to mobile devices,
`
`updating such credentials, and other related technologies.
`
`31.
`
`I have been asked to offer an opinion on the characteristics of a person
`
`having ordinary skill in the art as of the priority date of the ’778. In view of the
`
`specification of the ’778 patent and the prior art references of record, it is my
`
`opinion that a person of ordinary skill at that time in the relevant field of the ’778
`
`patent would have an undergraduate degree in computer science or electrical
`
`engineering and two to three years of experience in the field, or an equivalent
`
`combination of education and experience.
`
`IV. THE BASIS OF MY OPINION, THE RELEVANT FIELD, AND THE
`TIMEFRAME
`32.
`
`I have reviewed the ’778 patent and its file history. I have also
`
`reviewed the prior art and other documents and materials cited herein. My
`
`opinions are also based in part upon my education, training, research, knowledge,
`
`and experience.
`
`33. Based on my review of this material, I believe that the relevant fields
`
`for the purposes of the ’778 patent are secure access systems and other centralized
`
`
`
`
`
`
`
`
`UniKey Exhibit 1002, Page 10
`
`
`
`
`
`or distributed systems in which credentials are distributed. I have been informed
`
`that the relevant timeframe is on or before the earliest claimed priority date of the
`
`’778 patent, namely, April 5, 2005.
`
`34. As described in Section II above and as shown in my CV, I have
`
`extensive experience in the field of systems security, computer networks,
`
`credential management and distribution, and related computer systems. Based on
`
`my experience, I have a good understanding of the relevant fields in the relevant
`
`timeframe.
`
`35.
`
`In order to render my opinions in this matter, I have reviewed the
`
`following materials:
`
` The ’778 patent (Ex. 1001);
`
` The file history for the ’778 patent;
`
` Joint Claim Construction and Prehearing Statement Pursuant to Local Patent
`
`Rule 4-3, Ex. A, Assa Abloy AB v. Spectrum Brands, Inc., Civil Action No.
`
`14-cv-00947-CJC (C.D. CA) (Ex. 1003);
`
` USPN 7,205,882 to Libin (“Libin”) (Ex. 1004);
`
` USPN 7,012,503 by Nielsen (“Nielsen”) (Ex. 1005);
`
` USPN 7,873,989 by Kärkäs et al. (“Kärkäs”) (Ex. 1006).
`
`
`
`
`
`
`
`
`UniKey Exhibit 1002, Page 11
`
`
`
`
`
`V.
`
`TECHNICAL BACKGROUND UNDERLYING THE ’778 PATENT
`36.
`
`I will sometimes refer to the state of the art as “before the ’778
`
`patent.” Accordingly, when I speak about the state of the art “before the ’778
`
`patent,” I mean before the claimed priority date of the ’778 patent.
`
`
`
`A.
`
`Access Control Systems
`37. Systems for controlling physical access to protected areas were well
`
`known before the ’778 patent. As an example, a secure access system can include
`
`a central database that stores information about the users, which assets users have
`
`access to, which access cards are assigned to a user, and other information relating
`
`to accessing protected areas. A protected area, such as a secure room, can be
`
`protected by a door that is controlled by a reader. For example, the reader can
`
`control whether the door is locked or unlocked. When a person wishes to access
`
`the protected area, the person can use a card, key fob, or other devices to transmit
`
`information to the reader. Before the ’778 patent, it was known to use cell phones
`
`for this. The reader, or in other instances a server connected to the database, can
`
`evaluate the information received from the card, key fob or other device to
`
`determine if the door should be unlocked for the person.
`
`VI. THE ’778 PATENT
`
`A.
`
` Overview
`
`
`
`
`
`
`
`
`UniKey Exhibit 1002, Page 12
`
`
`
`
`
`38. The independent claims of the ’778 patent recite basic systems and
`
`methods for distributing updated credentials to mobile devices. The dependent
`
`claims do not add anything more than routine implementation details that would be
`
`known to persons of ordinary skill designing systems for distributing the
`
`credentials to mobile devices.
`
`39. Further, persons of ordinary skill understood before the ’778 patent
`
`that these techniques could be applied in the context of, for example, a secure
`
`access system, as I discuss below.
`
`
`
`B.
`
`Prior Art
`40. As part of my analysis for this proceeding, I have carefully reviewed
`
`each of the prior art references cited in the Petition (Exs. 1004-1005), and I deem
`
`each to be relevant to demonstrating the invalidity of the ’778 Patent. In the
`
`remaining paragraphs of this section, I provide a brief summary of each reference
`
`and explain what each discloses to a person of ordinary skill.
`
`1.
`
`Libin
`41. Libin generally relates to a security systems. (See, e.g., Ex. 1004,
`
`Abstract.) For example, Libin discusses “a security system 30 includes the doors
`
`24, 24', 24'' and the controllers 26, 26', 26'' that are described above in connection
`
`with FIG. 1.” (See, e.g., Ex. 1004, 4:48-50.) Libin further describes “system 30
`
`also includes a cell phone 32 that may transmit access codes to one or more of the
`
`
`
`
`
`
`
`UniKey Exhibit 1002, Page 13
`
`
`
`
`
`controllers, 26, 26', 26'' to cause a corresponding one of the doors 24, 24', 24'' to
`
`open and allow access to a restricted area.” (See, e.g., Ex. 1004, 4:50-54.)
`
`42. Libin discloses approaches to programming cell phones with access
`
`codes for use in security systems. Figure 3 of Libin, for example, illustrates a
`
`computer workstation 42 that transmits access codes and/or programming
`
`information to a cell phone 32 over a cellular phone network. (See, e.g., Ex. 1004,
`
`5:38-48, FIG. 3.)
`
`43. Libin describes that the software on workstation 42 used for
`
`
`
`programming cell phones includes table 202 and table 204. (See, e.g., Ex. 1004,
`
`12:19-31, FIG. 11.) Table 202 contains entries that each correspond to a possible
`
`user of cell phones and “[e]ach entry includes identifying information for the user
`
`as well as information needed to program the cell phone of the user.” (See, e.g.,
`
`Ex. 1004, 12:21-25, FIG. 11.) Table 204 contains “special purpose users that may
`
`be used to access the physical access security systems” and “identifying
`
`
`
`
`
`
`
`
`UniKey Exhibit 1002, Page 14
`
`
`
`
`
`information as well as corresponding access codes.” (See, e.g., Ex. 1004, 12:27-
`
`31, FIG. 11.)
`
`44. To program the cell phone 32, a generation module 206 on
`
`workstation 42 receives “authorization information data that indicates to the
`
`generation module which of the users from the first table 202 is to have his cell
`
`phone programmed with which access codes from the second table 204.” (See,
`
`e.g., Ex. 1004, 12:32-37, FIG. 11.) The generation module then transmits via
`
`network 44 the programming information/access codes to the cell phone 32. (See,
`
`e.g., Ex. 1004, 12:47-50, FIG. 11.)
`
`
`
`
`
`
`
`
`
`
`UniKey Exhibit 1002, Page 15
`
`
`
`
`
`2.
`
`Nielsen
`45. Nielsen also discusses security systems. In Nielsen, “electronic key
`
`devices,” such as cell phones, are programmed with access codes. (See, e.g., Ex.
`
`1005, 11:46-51.) Figure 2b, for example, illustrates the interaction between the
`
`electronic key device 201, the lock control unit 22, and the access code
`
`management system 211. The electronic key device 201 can emit a signal
`
`including an access code that can cause lock control unit 221 to lock or unlock.
`
`46. The access code management system 211 generates and administers
`
`the access codes. (See, e.g., Ex. 1005, 12:27-29.) The access code management
`
`system 211 provides access codes to the electronic key device 201 and/or the lock
`
`control unit 221, either automatically or upon request from a user. (See, e.g., Ex.
`
`1005, 12:29-33.)
`
`
`
`
`
`
`
`
`UniKey Exhibit 1002, Page 16
`
`
`
`
`
`
`47. Nielsen discloses “access code management system 211 generates and
`
`administers the access codes.” (See, e.g., Ex. 1005, 12:27-28.) For example,
`
`“access code management system 211 transmits access codes to the electronic key
`
`device 201 and/or the lock control unit 221.” automatically. (See, e.g., Ex. 1005,
`
`12:22-42.)
`
`3.
`
`Kärkäs
`48. Kärkäs also relates to a security system. The system of Kärkäs
`
`includes a mobile device or mobile station 8, a BLUETOOTH wireless PC card
`
`device 24, and a server 40. (See, e.g., Ex. 1006, 4:3-5, 4:60-63, FIG. 4.)
`
`BLUETOOTH wireless PC card device 24 can be a lock or an access device, such
`
`as on a hotel door. (See, e.g., Ex. 1006, 4:11-14.)
`
`
`
`
`
`
`
`
`UniKey Exhibit 1002, Page 17
`
`
`
`
`
`
`
`49. Figure 5 illustrates the operation of the system in Kärkäs. The server
`
`40 provides the mobile station 8 with a key and additional information (step S2).
`
`(See, e.g., Ex. 1006, 5:20-21.) After the mobile station 8 has received a key, it can
`
`transmit the key to the BLUETOOTH wireless PC card device 24 (step S4). (See,
`
`e.g., Ex. 1006, 5:20-21.) The BLUETOOTH wireless PC card device 24 can then
`
`permit access, e.g., to the hotel room, if it determines that the key is valid (step S5-
`
`S6). (See, e.g., Ex. 1006, 6:1-8.)
`
`
`
`
`
`
`
`
`UniKey Exhibit 1002, Page 18
`
`
`
`
`
`
`
`VII. SUMMARY OF CONCLUSIONS REGARDING INVALIDITY
`50. As discussed below, in my opinion the claims of the ’778 patent are
`
`invalid for at least the following reasons:
`
` Claims 1, 3-12, 14-16, and 20-42 are anticipated by Libin.
`
` Claims 2, 13, and 17-19 are rendered obvious by Libin in view of Nielsen.
`
`
`
`
`
`
`
`
`UniKey Exhibit 1002, Page 19
`
`
`
`
`
` Claims 1-8, 9-25, and 27-42 are rendered obvious by Nielsen in view of
`
`Kärkäs.
`
`A. Claims 1, 3-12, 14-16, and 20-42 are anticipated by Libin; claims
`2, 13, and 17-19 are rendered obvious by Libin in view of Nielsen
`
`51.
`
`In my opinion, Libin discloses each element of claims 1, 3-12, 14-16,
`
`and 20-42.
`
`52.
`
`In my opinion, Libin in view of Nielsen renders obvious each element
`
`of claims 2, 13, and 17-19.
`
`53.
`
`In my opinion, one of ordinary skill would be motivated to combine
`
`the teachings of Libin and Nielsen.
`
`54. Libin discloses a security system in which access codes are provided
`
`to a wireless device, and the wireless device transmits the access codes to a
`
`controller that actuates the security system. (See, e.g., Ex. 1004, Abstract; see also
`
`FIG. 2.)
`
`55. Nielsen discloses a similar system in which an electronic key device is
`
`used to access a location by transmitting an access code to the lock control unit.
`
`(See, e.g., Ex. 1005, Abstract.)
`
`56.
`
`In my opinion, the systems of Libin and Nielsen utilize similar
`
`structures to provide similar functionality, namely distributing credentials to
`
`mobile devices that can then be transmitted to a lock controller in order to gain
`
`
`
`
`
`
`
`
`UniKey Exhibit 1002, Page 20
`
`
`
`
`
`access to an asset. One of skill in the art would be motivated to incorporate
`
`functionality described in Nielsen into Libin to, for example, increase the overall
`
`security of the system described in Libin.
`
`1.
`
`Claim 1
`
`a.
`
`[1a.] A method of remotely maintaining a secure
`access system, comprising:
`57. Libin discloses a secure access system: “a security system 30 includes
`
`the doors 24, 24', 24'' and the controllers 26, 26', 26'' . . . The system 30 also
`
`includes a cell phone 32 that may transmit access codes to one or more of the
`
`controllers 26, 26', 26'' to cause a corresponding one of the doors 24, 24', 24'' to
`
`open and allow access to a restricted area.” (See, e.g., Ex. 1004, 4:48-54.) Libin
`
`discloses maintaining the secure access system by programming the cell phone 32
`
`with the access codes used for gaining access to the restricted areas. (See, e.g., Ex.
`
`1004, 4:48-57, 5:38-54, FIGS. 2-3.)
`
`b.
`
`[1b.] receiving, at a secure access system controller, a
`credential update for at least one user of the secure
`access system;
`58. Libin discloses a secure access controller system (the workstation 42)
`
`that controls programming the cell phone 32. The workstation 42 stores a first
`
`table 202 that lists the users of the security system and a second table 204 that
`
`
`
`
`
`
`
`
`UniKey Exhibit 1002, Page 21
`
`
`
`
`
`contains the access codes for the security system. (See, e.g., Ex. 1004, 12:32-37,
`
`FIG. 11.)
`
`59. The workstation 42 includes a generation module 206 that receives a
`
`credential update (authorization information) that “indicates to the generation
`
`module which of the users from the first table 202 is to have his cell phone
`
`programmed with which access codes from the second table 204.” (See, e.g., Ex.
`
`1004, 5:63-6:17, FIG. 4.)
`
`60. The updates may be periodic, causing new access codes to be sent to
`
`the cell phone 32. (See, e.g., Ex. 1004, 6:67-7:3 (“as long as a user who has
`
`possession of the cell phone 32 is authorized for a particular type of access, new
`
`access codes may be periodically sent to the cell phone 32 as appropriate.”))
`
`c.
`
`[1c.] in response to receiving the credential update,
`said controller automatically initiating a system
`update process, the system update process
`comprising:
`61. Libin discloses that in response to receiving the authorization
`
`information 206, the workstation 42 automatically initiates a system update process
`
`when “[t]he generation module 206 interfaces with the network 44 to provide
`
`appropriate programming information/access codes to the cell phone 32” (See,
`
`e.g., Ex. 1004, 12:47-50)
`
`
`
`
`
`
`
`
`UniKey Exhibit 1002, Page 22
`
`
`
`
`
`62. Libin discloses that the update process is automatic because, after
`
`receiving the authorization information, the generation module 206 transmits the
`
`programming information/access codes to cell phone 32 without requiring any
`
`party to request transmission of the programming information/access codes.
`
`d.
`
`[1d.] generating a message comprising information
`representing the credential update;
`63. Libin discloses generating a message comprising information
`
`representing the credential update (the programming information/access codes)
`
`that represents the access granted by the authorization information: “The
`
`generation module 206 also receives authorization information data that indicates
`
`to the generation module which of the users from the first table 202 is to have his
`
`cell phone programmed with which access codes from the second table 204. . . .
`
`The generation module 206 interfaces with the network 44 to provide appropriate
`
`programming information/access codes to the cell phone 32.” (See, e.g., Ex. 1004,
`
`12:33-50 (emphasis added).)
`
`e.
`
`[1e.] determining at least one target for said message,
`wherein said at least one target comprises at least one
`mobile device associated with the at least one user;
`and
`64. Libin discloses determining at least one target, a cell phone, for the
`
`message containing the programming information/access codes based on the
`
`authorization information: “The generation module 206 also receives authorization
`
`
`
`
`
`
`
`UniKey Exhibit 1002, Page 23
`
`
`
`
`
`information data that indicates to the generation module which of the users from
`
`the first table 202 is to have his cell phone programmed with which access codes
`
`from the second table 204. . . . The generation module 206 interfaces with the
`
`network 44 to provide appropriate programming information/access codes to the
`
`cell phone 32.” (See, e.g., Ex. 1004, 12:33-50 (emphasis added).)
`
`f.
`
`[1f.] transmitting said message to said at least one
`target; and
`65. Libin discloses transmitting the programming information/access
`
`codes to the target cell phone: “The generation module 206 interfaces with the
`
`network 44 to provide appropriate programming information/access codes to the
`
`cell phone 32.” (See, e.g., Ex. 1004, 12:48-50.)
`
`g.
`
`[1g.] wherein said at least one mobile device has a first
`set of credential data stored thereon,
`66. Libin discloses the cell phone stores, e.g., access codes in the access
`
`code data element 62. (See, e.g., Ex. 1004, 6:30-41, FIG. 5.)
`
`67. The access codes are the credentials provided to controllers 26, 26',
`
`26'' to gain access to restricted areas. Libin further discloses that cell phone 32
`
`receives new access codes while already having stored other access codes. (See,
`
`e.g., Ex. 1004, 6:67-7:3 (“as long as a user who has possession of the cell phone 32
`
`is authorized for a particular type of access, new access codes may be periodically
`
`sent to the cell phone 32 as appropriate.”))
`
`
`
`
`
`
`
`UniKey Exhibit 1002, Page 24
`
`
`
`
`
`h.
`
`[1h.] wherein upon receiving said message from said
`controller, said first set of credential data is changed
`to a second different set of credential data,
`68. Libin discloses that upon reception, “the access codes are stored in the
`
`cell phone 32 in, for example, the access code data element 62.” (See, e.g., Ex.
`
`1004, 11:24-29, FIG. 10.) By storing the new access codes with those access
`
`codes already stored in the access code data element 62, the access codes stored in
`
`access code data element 62 become a different set of credential data.
`
`i.
`
`[1i.] wherein said message is transmitted to said at
`least one mobile device without receiving a request for
`said message from said at least one user,
`69. Libin discloses that after receiving the authorization information, the
`
`generation module 206 transmits the programming information/access codes to the
`
`cell phone. (See, e.g., Ex. 1004, 12:32-50, FIG. 11.) Libin describes that the
`
`generation module 206 transmits the programming information/access codes to cell
`
`phone 32 without requiring any party request transmission of the programming
`
`information/access codes.
`
`j.
`
`[1j.] wherein said at least one mobile device is a smart
`mobile device,
`70. Libin discloses at least one mobile device is a smart mobile device,
`
`e.g., a cell phone. (See, e.g., Ex. 1004, 4:48-57, FIG. 2.)
`
`
`
`
`
`
`
`
`UniKey Exhibit 1002, Page 25
`
`
`
`
`
`k.
`
`[1k.] wherein said first set of credential data
`comprises self-authenticating data,
`
`71.
`
`In my opinion, Libin discloses two forms of “self-authenticating data”
`
`that meet the petitioner’s proposed construction of “data that can assist the mobile
`
`device in determining if it is eligible to gain access to a particular asset.”
`
`72. First, Libin discloses the cell phone 32 “determine[s] which of the
`
`access codes from the access codes data element 62 should be transmitted” to the
`
`controller. (See, e.g., Ex. 1004, 7:29-8:3, FIG. 7.) As a part of this process, “it is
`
`determined if the reader (e.g., the card reader associated with the controller 26) has
`
`provided location information to the cell phone 32.” (See, e.g., Ex. 1004, 7:45-47,
`
`FIG. 7.) Libin discloses “the number of possible access codes is reduced based on
`
`information from the reader,” for example “if the reader indicates that the reader is
`
`in a particular city, access codes for other cities are not to be used, and thus are
`
`eliminated as possible access codes to transmit.” (See, e.g., Ex. 1004, 7:52-59,
`
`FIG. 7.)
`
`73.
`
`In my opinion, Libin inherently discloses that location data associated
`
`with the access codes must be stored on the cell phone 32. This location data must
`
`be present so that it can be compared to the information received from the reader to
`
`determine if the cell phone 32 has a possible access code for the reader. (See, e.g.,
`
`Ex. 1004, 7:52-59, FIG. 7.) The location data stored on cell phone 32 can assist
`
`
`
`
`
`
`
`
`UniKey Exhibit 1002, Page 26
`
`
`
`
`
`the cell phone 32 in determining if it is eligible to gain access to a particular asset
`
`by determining if cell phone 32 has a possible code for a particular controller 26.
`
`74. Second, Libin discloses that access codes can have an associated
`
`expiration data that specifies the access codes’ expiration date. (See, e.g., Ex.
`
`1004, 7:20-23 (“[f]or some or all of the access codes in the access code data
`
`element 62, the expiration data 66 may have a corresponding expiration date”).)
`
`Libin describes cell phone 32 determines if an acc
Accessing this document will incur an additional charge of $.
After purchase, you can access this document again without charge.
Accept $ Charge
Still Working On It
This document is taking longer than usual to download. This can happen if we need to contact the court directly to obtain the document and their servers are running slowly.
Give it another minute or two to complete, and then try the refresh button.
A few More Minutes ... Still Working
It can take up to 5 minutes for us to download a document if the court servers are running slowly.
Thank you for your continued patience.
This document could not be displayed.
We could not find this document within its docket. Please go back to the docket page and check the link. If that does not work, go back to the docket and refresh it to pull the newest information.
Your account does not support viewing this document.
You need a Paid Account to view this document. Click here to change your account type.
Your account does not support viewing this document.
Set your membership
status to view this document.
With a Docket Alarm membership, you'll
get a whole lot more, including:
- Up-to-date information for this case.
- Email alerts whenever there is an update.
- Full text search for other cases.
- Get email alerts whenever a new case matches your search.
One Moment Please
The filing “” is large (MB) and is being downloaded.
Please refresh this page in a few minutes to see if the filing has been downloaded. The filing will also be emailed to you when the download completes.
Your document is on its way!
If you do not receive the document in five minutes, contact support at support@docketalarm.com.
Sealed Document
We are unable to display this document, it may be under a court ordered seal.
If you have proper credentials to access the file, you may proceed directly to the court's system using your government issued username and password.
Access Government Site
