UNITED STATES PATENT AND TRADEMARK OFFICE
`
`
`
`
`
`
`
`
`
`
`
`
`BEFORE THE PATENT TRIAL AND APPEAL BOARD
`
`
`
`
`
`
`
`
`
`
`
`
`PLAID TECHNOLOGIES INC.
`Petitioner
`
`v.
`
`YODLEE, INC.
`Patent Owner
`
`
`
`
`
`
`
`
`
`
`
`
`Case IPR2016-00273
`Patent 6,317,783
`
`
`
`
`
`
`
`
`
`
`
`
`DECLARATION OF ZAYDOON JAWADI IN SUPPORT OF PATENT
`OWNER’S RESPONSE
`
`
`
`1
`
`YODLEE 2007
`PLAID TECHNOLOGIES V. YODLEE, INC.
`IPR2016-00273
`
`

`
`
`
`TABLE OF CONTENTS
`
`I.
`
`LEVEL OF ORDINARY SKILL IN THE ART ........................................ 3
`
`II. CLAIM CONSTRUCTION .......................................................................... 5
`
`A.
`
`“non-public personal information” (claims 1, 18, and 20) ................... 5
`
`1.
`
`“non-public personal information” should be given patentable
`weight .......................................................................................... 8
`
`“intermediary web site” (claims 14, 33) ............................................. 10
`
`“protocol for instructing the processor how to access the securely
`stored personal information via the network” (Claims 1, 18, and 20) 13
`
`B.
`
`C.
`
`III. THE INDEPENDENT CLAIMS OF THE ’783 PATENT ARE VALID16
`
`A.
`
`B.
`
`C.
`
`D.
`
`E.
`
`F.
`
`Sugiarto and Brandt do not disclose the “protocol for instructing the
`processor how to access the securely stored personal information via
`the network” ........................................................................................ 18
`
`Sugiarto and Brandt do not disclose “storing the retrieved personal
`information in [a/the] personal information store” ............................. 22
`
`Sugiarto and Brandt do not disclose “non-public personal
`information” if that term is given patentable weight .......................... 26
`
`Sugiarto and Brandt do not disclose non-public personal information
`“also being accessible by the end user via the network independently
`of the system for delivering personal information” ............................ 29
`
`Petitioner’s proposed combination fails .............................................. 31
`
`The references teach away from Petitioner’s proposed combination . 34
`
`IV. PETITIONER HAS ALSO FAILED TO SHOW THAT MANY OF
`THE DEPENDENT CLAIMS ARE INVALID ........................................ 36
`
`A.
`
`B.
`
`Sugiarto and Brandt do not disclose an “intermediary web site”
`(claims 14-17, 33-36) .......................................................................... 36
`
`Sugiarto and Brandt do not disclose the “associated user interface
`format” / “format associated with the intermediary web site” / “format
`
`
`
`i
`
`
`
`2
`
`

`
`
`
`other than the format associated with the intermediary web site”
`(claims 14, 15, 17, 33, 34, 36) ............................................................. 39
`
`C.
`
`Sugiarto, Brandt, and Chow do not disclose “monitoring information
`providers for changes” (claims 2 and 21) ........................................... 40
`
`V. CONCLUSION ............................................................................................ 41
`
`
`
`
`
`ii
`
`
`
`3
`
`

`
`
`
`I, Zaydoon Jawadi, declare as follows:
`
`1.
`
`I am making this declaration at the request of the Patent Owner,
`
`Yodlee, Inc. (“Yodlee” or “Patent Owner”) in the matter of Inter Partes Review of
`
`U.S. Patent No. 6,317,783 (the ’783 Patent).
`
`2.
`
`I am being compensated for my work. My compensation does not
`
`depend in any way on the outcome of this proceeding or upon the opinions or
`
`testimony that I provide.
`
`3.
`
`In forming the opinions I express below, I considered all of the
`
`information I cite throughout my analysis, including:
`
`a.
`
`b.
`
`c.
`
`d.
`
`e.
`
`f.
`
`g.
`
`h.
`
`i.
`
`The ’783 Patent (Ex. 1001)
`
`The File History of the ’783 Patent (Ex. 1003)
`
`Petition by Plaid Technologies, Inc. (Paper 1)
`
`Declaration of Petitioner’s Expert, Todd Mowry (Ex. 1008)
`
`U.S. Patent No. 6,278,449 to Sugiarto, et al. (Ex. 1004)
`
`U.S. Patent No. 5,892,905 to Brandt, et al. (Ex. 1005)
`
`U.S. Patent No. 6,029,175 to Chow, et al. (Ex. 1006)
`
`Decision of Institution (Paper 10)
`
`Deposition of Petitioner’s Expert, Todd Mowry (Ex. 2005)
`
`4.
`
`I summarize my relevant knowledge and experience below. My
`
`Curriculum Vitae contains additional information and is Ex. 2008.
`
`
`
`1
`
`
`
`4
`
`

`
`
`
`5.
`
`I received a B.S. in Electrical Engineering from Mosul University in
`
`1977. I received an M.S. in Computer Science from Columbia University in 1981,
`
`with a Citation for Outstanding Achievement – Dean’s Honor Student.
`
`6.
`
`I hold a California community college computer science lifelong
`
`instructor credential. I have taught various computer technologies to thousands of
`
`engineers and academic students.
`
`7.
`
`8.
`
`Prior to 2007, I held a number of jobs in industry.
`
`For example, from 2001 to 2006, I was President and cofounder of
`
`CoAssure, Inc., a provider of automated web-based telecommunication test
`
`services serving Fortune-500 companies. The system included aggregating data
`
`from multiple data sources into an intermediary server and/or website, storing the
`
`aggregated data, and presenting the aggregated data to the end user’s browser
`
`through the internet.
`
`9.
`
`Also, in 1999 I co-founded a company called Can Do, Inc.
`
`CanDo.com was a startup Internet eCommerce company targeting people with
`
`disabilities. The CanDo.com website had over 10,000 items for sale, and extensive
`
`consumer features, such as news, chat, messages, and product information. The
`
`company was funded by leading venture capital firms. Technology included
`
`magnification software to make websites more usable by vision-impaired people
`
`
`
`2
`
`
`
`5
`
`

`
`
`
`and sound adaptation software to make websites more accessible by hearing-
`
`impaired individuals.
`
`10. The CanDo.com website technology included capabilities for
`
`aggregating news and other articles, aggregating pricing and product information,
`
`aggregating order processing and inventory information, and other aggregation.
`
`11. The CanDo.com hearing accessibility technology comprised
`
`adaptation, delivery, and real-time streaming of audio data files through the
`
`Internet to compensate for users’ hearing loss, based on users’ personal hearing
`
`profiles. Audio data is transmitted from audio sources to an intermediary server,
`
`which adapts the audio; the adapted audio is then transmitted to the client, which is
`
`typically the end user’s browser.
`
`12. Additionally, I have experience with data networking, including when
`
`I was General Manager, Data Networking Business Unit, Xyratex International
`
`LTD (NASDAQ: XRTX, now Seagate, NASDAQ: STX) from 1997 to 1998,
`
`where I was responsible for Gigabit Ethernet network protocol analyzer products
`
`used to monitor and analyze network traffic, including TCP/IP packets and other
`
`Internet traffic.
`
`I.
`
`LEVEL OF ORDINARY SKILL IN THE ART
`
`13.
`
`In my opinion, in the late 1990s, persons of ordinary skill in the art in
`
`the field pertinent to the ’783 Patent were people with at least a B.S. degree, or its
`
`
`
`3
`
`
`
`6
`
`

`
`
`
`equivalent, in computer science or a related field and approximately two years of
`
`practical experience working with design and implementation of computer
`
`software and networked systems, or an equivalent combination of academic study
`
`and work experience.
`
`14.
`
`I have also considered the level of ordinary skill set forth by
`
`Petitioner’s expert: “one having a Bachelor’s Degree in electrical engineering,
`
`computer science, or a related scientific field, and some work experience in the
`
`computer science field which could include programming experience”. Ex. 1008
`
`at ¶ 20.
`
`15.
`
`I believe myself to have been one of ordinary skill in the art through
`
`my education and work experience during the relevant timeframe, under either
`
`proposed level of skill. I am also familiar with the knowledge and capabilities of
`
`one of ordinary skill in art in 1998. Specifically, my experience at CoAssure, Inc.,
`
`and at Can Do, Inc., and my other roles in industry allowed me to become
`
`personally familiar with the level of skill of individuals and the general state of the
`
`art at that time.
`
`16. The opinions that I provide in this declaration are consistent with the
`
`knowledge and experience of one of ordinary skill in the art at the priority date for
`
`the ’783 patent, under either proposed level of skill. My opinions regarding
`
`
`
`4
`
`
`
`7
`
`

`
`
`
`validity do not change when I consider and apply Petitioner’s proposed level of
`
`ordinary skill in the art.
`
`II. CLAIM CONSTRUCTION
`
`17.
`
`I understand that in proceedings before the Board, patent claims are to
`
`be given their broadest reasonable interpretation, consistent with the teachings of
`
`the specification and file history.
`
`18.
`
`I have reviewed Patent Owner’s proposed constructions as explicitly
`
`identified in the Response and I agree that those constructions reflect the broadest
`
`reasonable interpretation of those claims. I have also reviewed Petitioner’s and the
`
`Board’s constructions (where applicable) and discuss those constructions below.
`
`A.
`
`“non-public personal information” (claims 1, 18, and 20)
`
`19. Petitioner proposes that only the term “non-pubic” be construed, but
`
`in every instance, the term “non-public” appears in the claims as part of the larger
`
`phrase “non-public personal information.” Thus, in my opinion, the larger phrase
`
`should be construed to give full meaning to this claim term.
`
`20. The specification of the ’783 patent explains the meaning of personal
`
`information:
`
`Personal Information’ is all of the data that companies,
`
`information providers, have that is specific or unique to
`
`each person such as monthly bills, bank account
`
`
`
`5
`
`
`
`8
`
`

`
`
`
`balances, investments information, health care benefits,
`
`email, voice and fax messages, 401(k) holdings or
`
`potentially any other information pertinent to a particular
`
`end user.
`
`Ex. 1001 at 4:15-21 (emphasis added).
`
`21. The file history further confirms my understanding of the claimed
`
`non-public personal information:
`
`the essence of personal information is that it is not
`
`accessible to the general public, i.e., other end users;
`
`rather, each information provider protects personal
`
`information relating to a specific end user against
`
`access by persons other than that end user or one acting
`
`under the authority of that end user.
`
`Ex. 1003 at 168 (emphasis added).
`
`22. The ’783 Patent also explains the difference between personal
`
`information like a local weather forecast (which it refers to as “Generic PI”), and
`
`the non-public personal information upon which the claims operate:
`
`Generic PI refers to PI of interest to the particular end
`
`user that does not require specific identity verification to
`
`obtain. For example, an end user might be interested in
`
`
`
`6
`
`
`
`9
`
`

`
`
`
`the weather forecast for his local area. This information
`
`could be integrated into a portal page without requiring
`
`identity verification of the particular end user receiving
`
`this PI. The individualized portal page provides a
`
`significant benefit to users seeking to aggregate generic
`
`PI. However, current portal pages do not generally
`
`provide PI requiring identity verification such as an end
`
`user's stock portfolio or bank balance.
`
`Ex. 1001 at 2:52-62 (emphasis added).
`
`23. Accordingly, one of ordinary skill in the art would conclude that
`
`“non-public personal information” within the ’783 Patent claims should be
`
`interpreted as “information relating to a specific end user that is not intended for
`
`access by persons other than that end user or those authorized by that end user.”
`
`24. Petitioner’s reliance solely on information protected by a login is
`
`misplaced. While information protected by a login may share similar security
`
`features as “non-public personal information,” the security features used to protect
`
`information cannot convert information into “non-public personal information.”
`
`Instead, Petitioner is effectively reading the word “personal” out of the claim
`
`language, which I understand is improper.
`
`
`
`7
`
`
`
`10
`
`

`
`
`
`25. Additionally, Patent Owner’s proposed construction is further
`
`supported by claim 1’s recitation of “securely storing” as a requirement separate
`
`and apart from “non-public personal information.” If, as Petitioner asserts, all
`
`information that is protected by a login and password were “non-public personal
`
`information,” there would be no need to separately recite “securely storing” in the
`
`claims. The recitation of “securely storing” would render the “non-public
`
`personal” recitation wholly redundant under Petitioner’s proposed construction.
`
`1.
`“non-public personal information” should be given
`patentable weight
`
`26. The Board construed the phrase “non-public personal information” as
`
`merely “information” in its institution decision based on the printed matter
`
`doctrine. Paper 10.
`
`27.
`
`I understand that under the printed matter doctrine, claim terms are
`
`given patentable weight (and therefore should be construed by the Board) when
`
`they have “a functional or structural relation” to the remaining aspects of the claim.
`
`28. The fact that the claimed information is “non-public personal”
`
`information has a functional and structural relationship to other claim terms,
`
`specifically the following elements that appear in each independent claim of the
`
`’783 Patent: (1) the “protocol for instructing the processor how to access the
`
`securely stored personal information via the network”; (2) the “end user data”; and
`
`(3) the “information providers securely storing the personal information.”
`
`
`
`8
`
`
`
`11
`
`

`
`
`
`29. The “protocol” limitation is functionally and structurally related to the
`
`fact that the information is “non-public personal information.” As I explain below,
`
`the protocol term should be construed as a “software script detailing the steps
`
`necessary for instructing the processor how to log in to a specific information
`
`provider as the end user, and return requested information via the network.” The
`
`nature of the information as “non-public” and “personal” is what necessitates that
`
`the protocol contain instructions for how to log in as an end user and return the
`
`requested information.
`
`30. Additionally, the claimed “end user data” is functionally and
`
`structurally related to the fact that the information is “non-public personal
`
`information.” The ’783 Patent explains that end user data is stored in a user store
`
`that contains “the verification and access data” necessary to authenticate to a
`
`website. Ex. 1001, ’783 Patent at 9:37-41.
`
`31. Finally, the “information providers securely storing the personal
`
`information” are functionally and structurally related to the fact that the claimed
`
`information is “non-public personal information.” The reason the claimed
`
`information is “securely stor[ed]” is because it is non-public personal information
`
`that should not be available to any user except the specific end user to whom the
`
`information relates.
`
`
`
`9
`
`
`
`12
`
`

`
`
`
`32. Petitioner’s expert Dr. Mowry appears to agree that the status of the
`
`information as “non-public personal” information is essential to the operation of
`
`the ’783 Patent claims. Specifically, Dr. Mowry stated that the fact that the
`
`information is non-public “affect[s] how the mechanism functions” – where the
`
`mechanism refers to the claim as a whole. Ex. 2005, Mowry Dep. at 47:13-48:24.
`
`Dr. Mowry also stated that the functionality of the claims is “motivated by” the
`
`fact that users have to log in to access the non-public personal information. Id. at
`
`48:25-49:8. Dr. Mowry also agreed that each of the specific limitations discussed
`
`above are motivated by the fact that the information is non-public personal
`
`information. Id. at 58:18-24 and 60:18-61:7 (“protocol” limitation); 59:4-14
`
`(“securely storing”); and 66:1-11 (“end user data”).
`
`33. Based on my own review of the ’783 Patent and Dr. Mowry’s
`
`apparent agreement, it is clear that one of ordinary skill in the art would find the
`
`term “non-public personal information” to have a functional and structural
`
`relationship to multiple elements of each independent claim of the ’783 Patent.
`
`B.
`
`“intermediary web site” (claims 14, 33)
`
`34. The ’783 Patent describes that an “intermediary web site” is a website
`
`interposed between the user’s computer and the PI engine. This is shown in Figure
`
`5, where the intermediary web site 510 is located separately from the user’s
`
`
`
`10
`
`
`
`13
`
`

`
`computer 220 and separately from the PI engine 240. The intermediary website is
`
`served by its own web servers, which communicate with the PI engine.
`
`
`
`
`
`This understanding is confirmed by the description of the intermediary web site in
`
`the specification. Ex. 1001 at 12:12-27
`
`35. The Board recognized this fundamental concept of the separation
`
`between the intermediary website and the user’s computer and the PI engine.
`
`Paper 10 at 10-11. However, the Board’s construction only requires separation
`
`from the “personal information store” of the claims, which is only one part of the
`
`PI engine. The PI engine of the ’783 patent includes multiple claimed elements,
`
`not just the “personal information store,” and thus the intermediary website should
`
`be separate from each of those claimed elements as well.
`
`
`
`11
`
`
`
`14
`
`

`
`
`
`36. The patent explains that the PI engine includes storage elements and
`
`processing components: “The PI engine 240 is composed of both storage and
`
`processing components.” Ex. 1001 at 4:53-54. The ’783 Patent identifies the
`
`storage elements: “The three primary storage components are the PI store 280, the
`
`PI Provider store 310 and the user store 360.” Id. at 4:54-56. And the ’783 Patent
`
`also identifies the processing components: “The four primary processing
`
`components access and manipulate the data in the three stores. . . . These four
`
`processing components are the Baseline configure component 320, the end user
`
`configure component 330, the PI access/transact component 340 and the PI
`
`delivery component 350 as seen in FIG. 3.” Id. at 6:13-21.
`
`37. Thus, the intermediary website should be served by a computer in a
`
`separate location from the entire PI engine, i.e., separate from the PI store, the PI
`
`provider store, and the user store (the storage elements) and separate from the
`
`Baseline configure component, the end user configure component, the PI
`
`access/transact component, and the PI delivery component (the processing
`
`components).
`
`38. These elements of the PI engine correspond to several claim elements.
`
`First, the PI store is the “personal information store” of each independent claim.
`
`Second, the “PI provider store” is claimed as a “provider store” in claim 20 and as
`
`“information provider data” in claims 1, 18, and 20. See Ex. 1001, ’783 Patent at
`
`
`
`12
`
`
`
`15
`
`

`
`
`
`3:22 (“a provider store including information provider data”). Third, the “user
`
`store” is claimed as a “user store” in claim 20 and as “end user data” in claims 1,
`
`18 and 20. See Ex. 1001, ’783 Patent at 3:21-22 (“a user store including end user
`
`data”). Finally, the access/transact component is performed by the “processor” in
`
`each of claims 1, 18, and 20, because the processor is “retrieving personal
`
`information for the selected end user.”
`
`39. The proper construction of the term “intermediary web site” would
`
`require it to be separate from all elements of the PI engine. Thus, one of ordinary
`
`skill in the art would conclude that Patent Owner’s proposed construction is
`
`proper: “a web site served from a location other than the end user’s computer and
`
`other than the ‘processor’ and all associated data/storage (including the ‘personal
`
`information store,’ ‘end user data,’ ‘user store,’ ‘information provider data,’ and
`
`‘provider store’).”
`
`40. Petitioner’s proposed construction, like the Board’s, includes only a
`
`part of the PI engine (the “processor”) and therefore also fails to provide an
`
`appropriate construction.
`
`C.
`“protocol for instructing the processor how to access the securely
`stored personal information via the network” (Claims 1, 18, and 20)
`
`41.
`
`I agree that Patent Owner’s proposed construction of this term as
`
`“software script detailing the steps necessary for instructing the processor how to
`
`
`
`13
`
`
`
`16
`
`

`
`
`
`log in to a specific information provider as the end user, and return requested
`
`information via the network” is proper.
`
`42. The ’783 Patent explains that the protocol instructs the processor on
`
`how to log in and access the securely stored PI from an information provider.
`
`Each information provider typically has a unique login protocol involving steps
`
`where a user navigates to the website, enters credentials such as username and
`
`password, and then submits them for verification by the website. Ex. 1001, ’783
`
`Patent at 2:12-18, 6:24-38.
`
`43. The protocol must do more than access the information provider,
`
`however. Access is only the first level, the second level is retrieving the specific
`
`information requested:
`
`These processes would be utilized at two levels: the first
`
`level being the set of data and steps required for general
`
`access to the particular PI provider and the second
`
`level being the set of additional data and steps
`
`required for accessing each particular piece of PI on
`
`the PI provider's site.
`
`Ex. 1001 at 6:24-38.
`
`44. The file history further confirms that the claimed protocol must do
`
`more than access the information provider: it must follow “whatever other protocol
`
`
`
`14
`
`
`
`17
`
`

`
`
`
`steps may be required to access and retrieve the personal information.” Ex. 1003
`
`at 168-169.
`
`45. The protocol is a software script detailing these steps to retrieve and
`
`access the non-public personal information. This is because a processor does not
`
`log in by visually studying a web browser or other application for input
`
`instructions, and because, in this invention, the processor, not a human, is logging
`
`in for access, so the processor must be specially equipped with a software script to
`
`interpret and communicate with a particular information provider website running
`
`forms, scripts, and applets. Ex. 1001 at 10:5-24.
`
`46. While Petitioner did not offer a construction of the protocol limitation,
`
`Petitioner’s expert did offer several relevant opinions at his deposition. First, Dr.
`
`Mowry agreed that the claimed protocol supplies a log in/password or
`
`authenticates as a user somehow. Ex. 2005, Mowry Dep. at 61:8-15. Dr. Mowry
`
`also agrees that the protocol is a software script. Id. at 70:24-71:1. Finally, Dr.
`
`Mowry agrees that the protocol must do more than authenticate, it must also know
`
`the steps necessary to actually access and retrieve the personal information. Id. at
`
`116:13-19. Each of these concepts is captured by Patent Owner’s proposed
`
`construction.
`
`47. Thus, one of ordinary skill in the art would conclude that the proper
`
`construction of the term “protocol for instructing the processor how to access the
`
`
`
`15
`
`
`
`18
`
`

`
`
`
`securely stored personal information via the network” is “software script detailing
`
`the steps necessary for instructing the processor how to log in to a specific
`
`information provider as the end user, and return requested information via the
`
`network.”
`
`III. THE INDEPENDENT CLAIMS OF THE ’783 PATENT ARE VALID
`
`48.
`
`I understand that to make a showing of obviousness, Petitioner must
`
`show that “the differences between the subject matter sought to be patented and the
`
`prior art are such that the subject matter as a whole would have been obvious at the
`
`time the invention was made to a person having ordinary skill in the art.” Global
`
`Tel*Link Corp. v. Securus Techs., Inc., IPR2014-00785, Paper 41 at 6 (PTAB Oct
`
`7, 2015) (citing KSR Int’l Co. v. Teleflex Inc., 550 U.S. 398, 406 (2007)).
`
`Importantly, “all the claim limitations must be taught or suggested by the prior
`
`art.” Id. at 6-7 (emphasis added) (citing CFMT, Inc. v. Yieldup Int’l Corp., 349
`
`F.3d 1333, 1342 (Fed. Cir. 2003); In re Royka, 490 F.2d 981, 985 (CCPA 1974)).
`
`49. Petitioner has failed to show that all limitations of any of the ’783
`
`Patent claims are disclosed by Petitioner’s proposed combination of Sugiarto and
`
`Brandt. There are several limitations that are common to each of the independent
`
`claims that are not found in Sugiarto or Brandt. In particular, the following
`
`limitations are found in each independent claim of the ’783 Patent and are each
`
`missing from both Sugiarto and Brandt: “non-public personal information,”
`
`
`
`16
`
`
`
`19
`
`

`
`
`
`“protocol for instructing the processor how to access the securely stored personal
`
`information via the network,” “storing the retrieved personal information in [a/the]
`
`personal information store,” and the non-public personal information “also being
`
`accessible by the end user via the network independently of the system for
`
`delivering personal information.”
`
`50. Petitioner has also failed to show that all limitations of the ’783 Patent
`
`claims are disclosed by Petitioner’s proposed combination of Sugiarto and Brandt,
`
`regardless of whether “non-public personal information” is given patentable
`
`weight. Specifically, Sugiarto and Brandt fail to disclose the following limitations
`
`regardless of the construction of “non-public personal information:” “protocol for
`
`instructing the processor how to access the securely stored personal information
`
`via the network” and “storing the retrieved personal information in [a/the] personal
`
`information store.”
`
`51. Additionally, Petitioner’s proposed combination of Brandt and
`
`Sugiarto is deficient: Petitioner fails to provide any explanation of how to combine
`
`the two references, and the references themselves explicitly teach away from such
`
`a combination.
`
`
`
`17
`
`
`
`20
`
`

`
`
`
`A.
`Sugiarto and Brandt do not disclose the “protocol for instructing
`the processor how to access the securely stored personal information via
`the network”
`
`52. Neither Sugiarto nor Brandt discloses the “protocol for instructing the
`
`processor how to access the securely stored personal information via the network.”
`
`Sugiarto and Brandt fail to disclose this limitation regardless of whether “non-
`
`public personal information” is given patentable weight.
`
`53. As I explained above, this term should be construed as a “software
`
`script detailing the steps necessary for instructing the processor how to log in to a
`
`specific information provider as the end user, and return requested information via
`
`the network.” However, under any reasonable construction, it is clear that neither
`
`Sugiarto nor Brandt discloses the protocol claimed in the ’783 Patent.
`
`54. Sugiarto only discloses retrieving public information from public
`
`websites. See, e.g., Ex. 1004, Sugiarto at 4:12-53, Figs. 7-10. Sugiarto does not
`
`disclose any sort of authentication method for logging in as the end user, and thus
`
`does not disclose the claimed protocol.
`
`55. Petitioner’s expert agrees that Sugiarto does not disclose this
`
`limitation. Dr. Mowry agrees that Sugiarto does not disclose any non-public
`
`information. Ex. 2005, Mowry Dep. at 147:3-12. Dr. Mowry also admits that
`
`Sugiarto does not disclose any authentication method. Id. at 107:7-9 (“Q: You are
`
`
`
`18
`
`
`
`21
`
`

`
`
`
`not stating that Sugiarto discloses any sort of authentication mechanism? A:
`
`That’s correct”), 146:9-15.
`
`56. Brandt also fails to disclose the claimed “protocol.” There is no
`
`authentication script in Brandt – the user must manually input a password and log
`
`in to gain access to the software applications. The “protocol” limitation, however,
`
`requires a script detailing for the processor how to log in and return the requested
`
`information.1 Critically, this protocol (via the software script) enables the
`
`processor to automatically retrieve non-public personal information without
`
`requiring the user to manually request that information every time. This
`
`innovation precisely overcomes the problems of using a system like Brandt where
`
`a user is required to log in every single time they want to access an application.
`
`
`1 The requirement for a software script is also present in the district court
`
`construction of the “protocol” limitation. See Ex. 2006 at 23. Even Plaid’s
`
`proposed construction to the district court – while not using the term “software
`
`script” – requires the protocol to include “specific step-by-step” instructions
`
`directing “how to access the securely stored personal information via the network.”
`
`Ex. 2006 at 23. As Brandt is a completely manual system, even under the District
`
`Court’s construction or the Petitioners, Brandt cannot cure the deficiency of
`
`Sugiarto.
`
`
`
`19
`
`
`
`22
`
`

`
`
`
`57. Specifically, Brandt describes how it authenticates as a user in
`
`columns 11 and 12. In that section, Brandt explains that “a user at client
`
`workstation 210 performs an action that causes web browser 212 to request
`
`access to a software application via the WWW by inputting data to web server
`
`application 222. The input data may include an HTML form with input blanks
`
`used for entering appropriate authentication data.” Ex. 1005, Brandt at 11:52-57.
`
`Brandt goes on to explain that this authentication data includes “a userID, a
`
`password and a key.” Id. at 11:59-60.
`
`58. Brandt explains that it uses this user-provided authentication data to
`
`grant access to an application. The Brandt web server passes this user-input
`
`authentication data to the gateway to request access to a particular software
`
`application. Id. at 11:65-12:3. The gateway then compares the user-input
`
`authentication data to a user library to confirm that the user is authorized to access
`
`an application. Id. at 12:37-43. Only then does the Brandt system finally grant the
`
`user access to an application. Id. at 12:19-21.
`
`59. Petitioner’s expert confirmed that he shares the same understanding of
`
`Brandt at his deposition. Dr. Mowry agreed that Brandt discloses a manual login
`
`that requires the user to authenticate before the system grants access to an
`
`application:
`
`
`
`20
`
`
`
`23
`
`

`
`
`
`
`
`Ex. 2005, Mowry Dep. at 98:25-99:9. Dr. Mowry also could not identify any
`
`disclosure in Brandt of authenticating to an application without requiring some sort
`
`of user input. Id. at 111:23-112:12.
`
`60. Brandt also fails to disclose the claimed “protocol,” because Brandt
`
`does not disclose retrieving information of any kind, as I explain above. To the
`
`contrary, Brandt merely grants access to applications, and then the user can interact
`
`with the application through a standard GUI. See Ex. 1005, Brandt at 3:56-65.
`
`Petitioner’s expert also agrees that Brandt simply provides access to applications
`
`through a GUI that the user may choose to interact with in a number of different
`
`ways. Ex. 2005, Mowry Dep. at 131:5-16.
`
`61. One of ordinary skill in the art would therefore conclude that neither
`
`Sugiarto nor Brandt discloses a “protocol for instructing the processor how to
`
`access the securely stored personal information via the network.”
`
`
`
`21
`
`
`
`24
`
`

`
`
`
`B.
`Sugiarto and Brandt do not disclose “storing the retrieved
`personal information in [a/the] personal information store”
`
`62. Neither Sugiarto nor Brandt discloses “storing the retrieved personal
`
`information in [a/the] personal information store,” a term that appears in each
`
`independent claim of the ’783 Patent.
`
`63. Sugiarto does not disclose storing information. Sugiarto only
`
`discloses retrieving information from public websites and forwarding that
`
`information along to a user:
`
`Depending on the information contained in the user's
`
`configuration file, the uploaded module opens the
`
`appropriate HTTP connection, fetches the
`
`appropriate web pages from the internet, and selects
`
`the appropriate predefined portions therefrom, and
`
`formats them into a single page in a predefined user
`
`format in accordance with the configuration file that is
`
`viewable on display screen 10 of handset 6. Finally, this
`
`formatted page is transmitted to handset 6 for
`
`viewing by the user, and the uploaded module notifies
`
`the HTTP daemon that the request has been honored.
`
`Ex. 1004, Sugiarto at 8:61-9:4. Sugiarto never discloses any storage, simply that
`
`the information is retrieved, formatted, and then presented to the user.
`
`
`
`22
`
`
`
`25
`
`

`
`
`
`64. Sugiarto also never discusses retrieving the type of