Trials@uspto.gov
`571-272-7822
`
`
`
`Paper 7
`Entered: March 8, 2017
`
`
`
`UNITED STATES PATENT AND TRADEMARK OFFICE
`____________
`
`BEFORE THE PATENT TRIAL AND APPEAL BOARD
`____________
`
`TWILIO INC.,
`Petitioner,
`
`v.
`
`TELESIGN CORPORATION,
`Patent Owner.
`____________
`
`Case IPR2016-01688
`Patent 9,300,792 B2
`____________
`
`
`Before SALLY C. MEDLEY, MICHAEL W. KIM, and JUSTIN T. ARBES,
`Administrative Patent Judges.
`
`ARBES, Administrative Patent Judge.
`
`
`
`DECISION
`Institution of Inter Partes Review
`37 C.F.R. § 42.108
`
`
`
`

`

`IPR2016-01688
`Patent 9,300,792 B2
`
`
`Petitioner Twilio Inc. filed a Petition (Paper 1, “Pet.”) requesting inter
`
`partes review of claims 1–6, 8, 10–15, and 17 of U.S. Patent No. 9,300,792
`
`B2 (Ex. 1001, “the ’792 patent”) pursuant to 35 U.S.C. § 311(a). Patent
`
`Owner TeleSign Corporation filed a Preliminary Response (Paper 8,
`
`“Prelim. Resp.”) pursuant to 35 U.S.C. § 313. Patent Owner also provided,
`
`with its Preliminary Response, evidence that it filed with the Office a
`
`statutory disclaimer of claims 3, 5, 7, 12, 14, and 16 of the ’792 patent
`
`pursuant to 37 C.F.R. § 1.321(a). See Prelim. Resp. 3; Ex. 2003, 380.
`
`Accordingly, no inter partes review will be instituted for claims 3, 5, 12, and
`
`14. See 37 C.F.R. § 42.107(e).
`
`For the remaining claims 1, 2, 4, 6, 8, 10, 11, 13, 15, and 17, we
`
`determine whether to institute an inter partes review under 35 U.S.C. § 314.1
`
`Pursuant to 35 U.S.C. § 314(a), the Director may not authorize an inter
`
`partes review unless the information in the petition and preliminary response
`
`“shows that there is a reasonable likelihood that the petitioner would prevail
`
`with respect to at least 1 of the claims challenged in the petition.” For the
`
`reasons that follow, we have decided to institute an inter partes review as to
`
`claims 1, 2, 4, 6, 8, 10, 11, 13, 15, and 17 on one ground of unpatentability.
`
`
`
`
`1 See Office Patent Trial Practice Guide, 77 Fed. Reg. 48,756, 48,764–65
`(Aug. 14, 2012) (“[A] patent owner may file a statutory disclaimer of one or
`more challenged claims to streamline the proceedings. Where no challenged
`claims remain, the Board would terminate the proceeding. Where one or
`more challenged claims remain, the Board’s decision on institution would be
`based solely on the remaining claims.”).
`
`
`
`2
`
`

`

`IPR2016-01688
`Patent 9,300,792 B2
`
`
`I. BACKGROUND
`
`A. The ’792 Patent2
`
`The ’792 patent pertains to “on-line or web-site registration,” and
`
`describes processes for (1) “verifying an on-line registration by a telephone
`
`connection separate from the on-line connection between the web-site and
`
`potential registrant,” and (2) “notifying registrants of predetermined events
`
`using information obtained during the registration process.” Ex. 1001,
`
`col. 1, ll. 29–36. According to the ’792 patent, there was a need in the art
`
`for a way to accurately verify an individual’s identity during registration
`
`because “potential registrants often register with untraceable or false e-mail
`
`addresses and phone numbers.” Id. at col. 1, ll. 37–60. Similarly, there was
`
`a need to prevent fraud by subsequently notifying the registered individual
`
`when certain events occur and potentially seeking the individual’s
`
`authorization. Id. at col. 1, l. 61–col. 2, l. 25.
`
`The registration process begins with a user filling out “an on-line
`
`registration form accessed through a website” (i.e., a “first communication
`
`connection”). Id. at col. 4, ll. 15–17, 51–54. “For example, the registrant or
`
`consumer could be an individual attempting to access a web-site and set up
`
`an account with a financial institution.” Id. at col. 4, ll. 35–38. The user
`
`provides certain information requested in the form, such as his or her
`
`telephone number. Id. at col. 4, ll. 55–58. The website then sends a Short
`
`Message Service (SMS) message to the user’s telephone (i.e., a “second
`
`
`2 The ’792 patent also was challenged in Case CBM2016-00099, in which
`the petition seeking covered business method patent review was denied. The
`’792 patent is related to U.S. Patent No. 8,462,920 B2 (“the ’920 patent”),
`challenged in Case IPR2016-00450, and U.S. Patent No. 8,687,038 B2 (“the
`’038 patent”), challenged in Case IPR2016-00451.
`
`
`
`3
`
`

`

`IPR2016-01688
`Patent 9,300,792 B2
`
`communication connection”) containing a verification code. Id. at col. 4,
`
`ll. 61–63, col. 6, ll. 29–36. The user enters the verification code in the
`
`website form and, if there is a match and the information provided shows
`
`that the user is who he or she purports to be, the user is verified and may
`
`login. Id. at col. 2, ll. 57–64, col. 4, ll. 63–67.
`
`“After registration, notification events are established” by the user or
`
`business utilizing the system or by a third party. Id. at col. 2, l. 65–col. 3,
`
`l. 1. A notification event may comprise, for example, “a news event, or a
`
`request to access or alter [the] registrant’s account.” Id. at col. 3, ll. 1–3.
`
`When a previously established notification event occurs, the user is notified
`
`via the telephone number provided during registration. Id. at col. 3, ll. 4–10.
`
`For example, the system may send an SMS message or voice message to the
`
`user’s telephone containing a verification code. Id. at col. 9, ll. 25–37. The
`
`user then enters the verification code into a website form, allowing the user
`
`to verify his or her identity, “provide[ ] confirmation of receipt of the
`
`information and, where necessary, authorization for the event to occur, such
`
`as access to the account, etc.” Id. at col. 9, ll. 37–43.
`
`
`
`
`
`B. Illustrative Claim
`
`Claim 1 of the ’792 patent recites:
`
`1. A verification and notification method implemented by
`a computing system, the method comprising:
`
`receiving, from a user, information via a computing
`interface presented to the user as a result of an attempt by the
`user to access a service, the received information including a
`telephone number associated with the user;
`
`verifying the telephone number by:
`
`4
`
`

`

`IPR2016-01688
`Patent 9,300,792 B2
`
`
`establishing a short message service (SMS)
`connection with the user using the received telephone
`number;
`
`communicating a verification code to the user
`through the SMS connection;
`
`receiving, via the computing interface, a submitted
`verification code that is entered by the user; and
`
`verifying the telephone number if the submitted
`verification code is the same as the communicated
`verification code;
`
`completing a registration of the user based on the
`received information and verified telephone number, wherein
`the completed registration enables the user to access the
`service;
`
`maintaining a record of one or more notification events
`associated with actions that require acknowledgement by the
`user;
`
`upon receiving an indication of an occurrence of an
`established notification event, transmitting a message addressed
`to the verified telephone number indicating the occurrence of
`the notification event; and
`
`receiving, from the user, an acknowledgement of an
`action associated with the established notification event.
`
`
`
`C. The Prior Art
`
`Petitioner relies on the following prior art:
`
`U.S. Patent No. 7,142,840 B1, filed Feb. 20, 2003, issued
`Nov. 28, 2006 (Ex. 1005, “Geddes”);
`
`U.S. Patent No. 8,781,975 B2, filed May 23, 2005, issued
`July 15, 2014 (Ex. 1003, “Bennett”); and
`
`U.S. Patent Application Publication No. 2006/0020816
`A1, filed July 5, 2005, published Jan. 26, 2006 (Ex. 1004,
`“Campbell”).
`
`
`
`5
`
`

`

`IPR2016-01688
`Patent 9,300,792 B2
`
`
`D. The Asserted Grounds
`
`Petitioner challenges claims 1, 2, 4, 6, 8, 10, 11, 13, 15, and 17 of the
`
`’792 patent3 on the following grounds:
`
`References
`
`Basis
`
`Claims Challenged
`
`Bennett and
`Campbell
`
`Bennett and
`Geddes
`
`
`
`35 U.S.C. § 103(a)4
`
`35 U.S.C. § 103(a)
`
`1, 2, 4, 6, 8, 10, 11, 13,
`15, and 17
`
`1, 2, 4, 6, 8, 10, 11, 13,
`15, and 17
`
`E. Claim Interpretation
`
`The Board interprets claims in an unexpired patent using the “broadest
`
`reasonable construction in light of the specification of the patent in which
`
`[they] appear[ ].” 37 C.F.R. § 42.100(b); Cuozzo Speed Techs., LLC v. Lee,
`
`136 S. Ct. 2131, 2144–46 (2016) (upholding the use of the broadest
`
`reasonable interpretation standard). The parties provide proposed
`
`interpretations for various claim limitations. See Pet. 22–25; Prelim. Resp.
`
`15–26. For purposes of this Decision, we conclude that only “notification
`
`event” requires interpretation.
`
`The Board previously interpreted the term “notification event” in
`
`similar claims of the related ’920 and ’038 patents (Cases IPR2016-00450
`
`and IPR2016-00451, respectively), which are parents of the ’792 patent and
`
`share the same specification. In Case IPR2016-00450, the claim recited
`
`3 As explained above, Patent Owner disclaimed claims 3, 5, 12, and 14.
`
`4 The Leahy-Smith America Invents Act, Pub. L. No. 112-29, 125 Stat. 284
`(2011) (“AIA”), amended 35 U.S.C. §§ 102 and 103. Because the
`challenged claims of the ’792 patent have an effective filing date before the
`effective date of the applicable AIA amendments, we refer to the pre-AIA
`versions of 35 U.S.C. §§ 102 and 103.
`
`
`
`6
`
`

`

`IPR2016-01688
`Patent 9,300,792 B2
`
`“establishing a notification event,” “identifying an occurrence of the
`
`established notification event,” and “after identifying the occurrence of the
`
`established notification event, re-verifying the registrant electronic contact,”
`
`and the Board interpreted “notification event” to mean “an event that results
`
`in the registrant being notified that the event occurred.” IPR2016-00450,
`
`Paper 17, 7–11 (“-450 Dec.”). In Case IPR2016-00451, the claims recited
`
`“establishing a notification event associated with the user” and “upon
`
`detecting an occurrence of the established notification event, re-verifying the
`
`electronic contact address,” and the Board interpreted “notification event” to
`
`mean “an event that results in the user being notified that the event
`
`occurred.” IPR2016-00451, Paper 17, 7–11 (“-451 Dec.”). The only
`
`difference between the two interpretations was the use of “registrant” or
`
`“user” to mirror the surrounding language in the respective claims.
`
`Petitioner argues that “notification event” in the claims of the ’792
`
`patent should be interpreted to mean “either ‘an event that results in the user
`
`being contacted either for re-verification or for notification that the event
`
`occurred’ or ‘an event that results in the registrant being notified that the
`
`event occurred.’” Pet. 12 (emphases added). Citing the previous decisions
`
`in Cases IPR2016-00450 and IPR2016-00451, Petitioner states that
`
`[d]epending upon how the Board is interpreting “notified that
`the event occurred,” Petitioner may disagree with the Board’s
`construction. If sending a verification code to the user as a
`result of the occurrence of an event for use in re-verification
`qualifies as notification under
`the Board’s construction,
`Petitioner agrees with the Board’s construction. If the Board is
`requiring a particular form of notification, such as a sentence
`stating
`that a particular event has occurred,
`then
`the
`construction of “notification” is not consistent with the
`[broadest reasonable interpretation].
`
`
`
`7
`
`

`

`IPR2016-01688
`Patent 9,300,792 B2
`
`Id. at 23. According to Petitioner, the Specification of the ’792 patent does
`
`not require “any particular form of notification,” such that merely “sending a
`
`verification code to the user” can be a form of notification.5 Id. at 23–25.
`
`Patent Owner disagrees, arguing that “notification event” should be
`
`interpreted the same as in the previous proceedings. Prelim. Resp. 15–26.
`
`We agree with Patent Owner.
`
`Claims 1 and 10 recite “maintaining a record of one or more
`
`notification events associated with actions that require acknowledgement by
`
`the user,” “upon receiving an indication of an occurrence of an established
`
`notification event, transmitting a message . . . indicating the occurrence of
`
`the notification event,” and receiving an “acknowledgement of an action
`
`associated with the established notification event” from the user. As with
`
`the claims of the related patents, the claims recite a “notification event,” not
`
`merely an “event.” If Petitioner were correct that a “notification event” can
`
`be an event that results in merely sending a verification code to the user for
`
`use in re-verification (rather than notifying the user that the event occurred),
`
`the word “notification” would be superfluous. See Merck & Co., Inc. v.
`
`Teva Pharms. USA, Inc., 395 F.3d 1364, 1372 (Fed. Cir. 2005) (rejecting a
`
`proposed claim construction that would render a claim term superfluous).
`
`Interpreting “notification event” to be an event that results in the user being
`
`notified that the event occurred also is consistent with the surrounding
`
`language of the claims, which recite receiving an indication of the
`
`“occurrence” of an “established notification event” and transmitting a
`
`
`5 Petitioner states, however, that the interpretation of “notification event” is
`“immaterial” because Petitioner “presents arguments under both
`constructions in [its] element-by-element analysis.” Pet. 23, 25.
`
`
`
`8
`
`

`

`IPR2016-01688
`Patent 9,300,792 B2
`
`message “indicating the occurrence of the notification event.” It is
`
`consistent with the Specification of the ’792 patent as well, which describes
`
`users being notified of the occurrence of notification events. See, e.g.,
`
`Ex. 1001, Abstract (“Upon the occurrence of a notification event, an
`
`indication of the occurrence of the notification event is transmitted to the
`
`verified telephone number.”), col. 1, ll. 33–36 (“The present invention also
`
`relates to a process for notifying registrants of predetermined events using
`
`information obtained during the registration process.”), ll. 62–64 (“For
`
`example, to prevent fraud or identity theft, either the business or individual
`
`may wish to be alerted to certain events.”), col. 3, ll. 4–10 (“Upon the
`
`occurrence of a previously established notification event, the registrant is
`
`notified . . . .”).
`
`Petitioner’s arguments in favor of a broader interpretation are not
`
`persuasive. According to Petitioner, the Specification uses the term
`
`“notification event” broadly, referring to examples like a credit card
`
`transaction, withdrawal of a particular amount from a checking account,
`
`or news event. Pet. 24 (citing Ex. 1001, col. 2, l. 65–col. 3, l. 10, col. 9,
`
`ll. 14–17, col. 11, ll. 16–18, 26–28, 34–67). The cited portions, however,
`
`merely describe types of events, without indicating what activity occurs after
`
`the event. Similarly, Petitioner points to the disclosure in the Specification
`
`that when a “previously established event” occurs, “the system will notify
`
`and/or verify the user” such that a “verification message is played, . . . which
`
`includes either the verification code and/or occurrence of the notification
`
`event.” Id. at 24–25 (quoting Ex. 1001, col. 9, ll. 25–43, col. 10, ll. 2–4).
`
`We are not persuaded that the “and/or” language supports Petitioner’s
`
`reading, however, because the claims themselves recite transmitting a
`
`
`
`9
`
`

`

`IPR2016-01688
`Patent 9,300,792 B2
`
`message “indicating the occurrence of the notification event.” The cited
`
`language also pertains to two separate actions and does not define or
`
`otherwise shed light on what constitutes a “notification event” by itself.
`
`On this record, applying the broadest reasonable interpretation of the
`
`claims in light of the Specification, we interpret “notification event” to mean
`
`an event that results in the user being notified that the event occurred.
`
`
`
`II. DISCUSSION
`
`A. Effective Filing Date of the Challenged Claims of the ’792 Patent
`
`As an initial matter, Petitioner argues that the earliest effective filing
`
`date of the challenged claims is October 5, 2006. Pet. 9–16. Petitioner
`
`provides on page 10 of the Petition a chart depicting the lineage of the
`
`’792 patent:
`
`As shown in the chart above, the ’792 patent claims priority as a
`
`continuation or divisional application of a series of applications, and as a
`
`continuation-in-part (CIP) of U.S. Patent Application No. 11/034,421
`
`(Ex. 1027, “the ’421 application”), filed on January 11, 2005. See Ex. 1001,
`
`
`
`
`
`10
`
`

`

`IPR2016-01688
`Patent 9,300,792 B2
`
`col. 1, ll. 7–25. Petitioner points out that there is no presumption that the
`
`challenged claims are entitled to the filing date of the ’421 application
`
`because the Office did not consider priority during prosecution of the
`
`’792 patent. Pet. 10 (citing Ex. 10336); see PowerOasis, Inc. v. T-Mobile
`
`USA, Inc., 522 F.3d 1299, 1305 (Fed. Cir. 2008) (“When neither the [Office]
`
`nor the Board has previously considered priority, there is simply no reason
`
`to presume that claims in a CIP application are entitled to the effective filing
`
`date of an earlier filed application.”).
`
`Petitioner argues that the ’421 application does not provide written
`
`description support for independent claims 1 and 10 of the ’792 patent, in
`
`particular, the limitations of “maintaining a record of one or more
`
`notification events associated with actions that require acknowledgement by
`
`the user” and, “upon receiving an indication of an occurrence of an
`
`established notification event, transmitting a message . . . indicating the
`
`occurrence of the notification event.” Pet. 11–15. As Petitioner correctly
`
`points out, the ’421 application only discloses a verification process for an
`
`on-line registration; it does not describe a notification process after such
`
`verification. See id. at 11; Ex. 1027 ¶¶ 1, 20–36; compare Ex. 1027, claim 1
`
`(“process for verifying an on-line registration”), with Ex. 1001, claim 1
`
`
`6 On September 21, 2016, Petitioner filed a corrected version of the
`prosecution history of the ’792 patent as Exhibit 1033 and sent an email to
`the Board requesting that the original version be expunged. In an email to
`the Board dated October 26, 2016, Patent Owner stated that it did not oppose
`Petitioner’s request, but reserved the right to object to the exhibit under our
`rules as, for example, “inadmissible or insufficient.” To ensure a clear
`record, and because the prosecution history of the ’792 patent is publicly
`available, we will expunge the original version of Exhibit 1033 filed on
`August 29, 2016.
`
`
`
`11
`
`

`

`IPR2016-01688
`Patent 9,300,792 B2
`
`(“verification and notification method”). Indeed, the term “notification
`
`event” does not appear in the ’421 application, and appears for the first time
`
`in the following application, U.S. Patent Application No. 11/538,989
`
`(Ex. 1021), which was filed on October 5, 2006 and issued as the ’920
`
`patent. Patent Owner does not dispute Petitioner’s assertions regarding the
`
`effective filing date of the challenged claims in its Preliminary Response.
`
`Based on our review of the current record, we agree with Petitioner that the
`
`challenged claims are not entitled to the filing date of the ’421 application,
`
`and the earliest effective filing date of the challenged claims is October 5,
`
`2006. Accordingly, Petitioner has shown sufficiently, on the present record,
`
`that all of the asserted references (Bennett, Campbell, and Geddes) are prior
`
`art under 35 U.S.C. § 102.7 See Pet. 15.
`
`
`
`B. Obviousness Ground Based on Bennett and Campbell
`
`Petitioner contends that claims 1, 2, 4, 6, 8, 10, 11, 13, 15, and 17 are
`
`unpatentable over Bennett and Campbell under 35 U.S.C. § 103(a), citing
`
`the testimony of Michael Shamos, Ph.D. as support. Pet. 26–64 (citing
`
`Ex. 1002). We are persuaded that Petitioner has established a reasonable
`
`likelihood of prevailing on its asserted ground for the reasons explained
`
`below.
`
`
`
`
`7 Bennett was filed on May 23, 2005, and Campbell was filed on July 5,
`2005—both prior to October 5, 2006. Thus, we need not determine at this
`time whether either is entitled to the filing date of its corresponding
`provisional application.
`
`
`
`12
`
`

`

`IPR2016-01688
`Patent 9,300,792 B2
`
`
`1. Bennett
`
`Bennett describes a system for “extending authentication to a two
`
`factor, out of band form, requiring an additional data element or code via a
`
`channel different from the channel used for the primary transaction.”
`
`Ex. 1003, Abstract. The user first provides information, such as his or her
`
`telephone number, to the system via a website (i.e., a “first communication
`
`channel”). Id. at col. 2, ll. 61–63, col. 14, ll. 46–56. The system then
`
`establishes a telephone connection with the user (i.e., a “second
`
`communication channel”) and sends a completion code to the user (e.g., in
`
`an SMS message). Id. at col. 2, ll. 63–67, col. 5, ll. 32–35, col. 10, l. 62–col.
`
`11, l. 5, col. 15, ll. 8–13. The user enters the completion code into the
`
`website and the system determines, if there is a match, the user is allowed to
`
`complete the transaction. Id. at col. 2, l. 67–col. 3, l. 4, col. 15, ll. 14–42.
`
`The user may be required to go through the authentication process only for
`
`certain transactions, such as when the user is accessing the system from a
`
`different device than what was used in the past, or for “each and every
`
`transaction.” Id. at col. 11, ll. 44–45, col. 18, ll. 4–16. In Bennett’s
`
`disclosed system, a decision making module determines whether a particular
`
`transaction requires the “two-factor” authentication process based on various
`
`factors, such as, for example, the current “alert level.” Id. at col. 11,
`
`l. 28–col. 13, l. 23, col. 16, ll. 3–13.
`
`
`
`2. Campbell
`
`Campbell describes a system for managing “authentication attempts
`
`using . . . a real time communication channel with the end user that is
`
`separate from the channel being used for authentication.” Ex. 1004,
`
`
`
`13
`
`

`

`IPR2016-01688
`Patent 9,300,792 B2
`
`Abstract. The system receives information about an authentication attempt
`
`(an “event”), such as a user attempting to access the Internet from a
`
`particular location, and determines whether the event meets certain criteria
`
`that would warrant additional procedures to prevent fraud. Id. ¶¶ 13–18.
`
`For example, an authentication attempt may be made where the same user
`
`ID was already used and Internet access is still active, or where multiple
`
`authentication attempts during a particular time period indicate “atypical
`
`use.” Id. ¶¶ 18–22.
`
`If additional processing is required, the system communicates with the
`
`requesting user via a “separate communications channel,” such as a cellular
`
`network. Id. ¶¶ 23–24. For example, the system may automatically change
`
`the user’s password and send an SMS message to the user’s telephone with
`
`the new password “along with a message explaining the reason a new
`
`password is being sent.” Id. ¶ 25. “An example message could read ‘Your
`
`password has been changed to XXXXXXX due to a risk that your old
`
`password has been compromised.’ Thus the valid user is automatically
`
`equipped with and informed of a change in password.” Id. ¶ 39. Or, if the
`
`number of authentication attempts in a particular time period exceeds a
`
`designated threshold,
`
`[t]he SMS message would indicate that the User account has
`been suspended and
`request
`the User
`to contact
`the
`authentication authority. The authentication authority could be
`a service provider or company that is granting access to, in this
`case, the internet. An example SMS message could read “Your
`account has been suspended due to a risk that your password
`has been compromised. Please contact 800-555-5555 for
`further information.” Thus the valid user is informed of the
`issue and can contact the authentication authority.
`
`Id. ¶ 41.
`
`
`
`14
`
`

`

`IPR2016-01688
`Patent 9,300,792 B2
`
`
`3. Level of Ordinary Skill in the Art
`
`Section 103(a) forbids issuance of a patent when “the
`differences between the subject matter sought to be patented
`and the prior art are such that the subject matter as a whole
`would have been obvious at the time the invention was made to
`a person having ordinary skill in the art to which said subject
`matter pertains.”
`
`KSR Int’l Co. v. Teleflex Inc., 550 U.S. 398, 406 (2007) (quoting 35 U.S.C.
`
`§ 103(a)). Petitioner argues that a person of ordinary skill in the art at the
`
`time of the ’792 patent would have had “at least an undergraduate degree in
`
`computer science, or equivalent experience, and in addition would be
`
`familiar with Internet and telephone communications.” Pet. 22 (citing
`
`Ex. 1002 ¶¶ 11–20). Patent Owner does not dispute Petitioner’s assessment
`
`in its Preliminary Response. Based on the current record, including our
`
`review of the ’792 patent and the types of problems and solutions described
`
`in the ’792 patent and cited prior art, we agree with Petitioner’s assessment
`
`of the level of ordinary skill in the art and apply it for purposes of this
`
`Decision.
`
`
`
`4. Analysis
`
`Petitioner relies on Bennett for the majority of the limitations of
`
`independent claims 1 and 10. Pet. 26–59. For example, Petitioner argues
`
`that Bennett teaches receiving a telephone number from a user via a
`
`“computing interface presented to the user as a result of an attempt by the
`
`user to access a service” (i.e., a web page provided to the user),
`
`communicating a “verification code” (i.e., completion code) to the user
`
`through an “SMS” or “telephonic” connection, receiving the completion
`
`code entered by the user via the “computing interface,” verifying the user’s
`
`
`
`15
`
`

`

`IPR2016-01688
`Patent 9,300,792 B2
`
`telephone number if there is a match, and completing the registration of the
`
`user. Id. at 26–37.
`
`With respect to the “notification event” limitations of the claims,
`
`Petitioner first relies on Bennett. Id. at 37–44. Petitioner argues that
`
`Bennett teaches “notification events associated with actions that require
`
`acknowledgement by the user,” as recited in the claims, because after initial
`
`authentication, Bennett’s “per-user” decision rules “define which
`
`transactions (actions) require notifying the user and receiving user
`
`acknowledgement, in the form of two-factor authentication.” Id. at 38–41.
`
`For example, two-factor authentication may be required “when a logon
`
`attempt is detected from a new device” or when there were “log-in attempts
`
`from suspicious IP addresses and password recovery attempts.” Id. at
`
`40–41. According to Petitioner, Bennett requires that the user “acknowledge
`
`the action that triggered the notification” by entering the completion code;
`
`“[f]or the user to enter the code, she first reads it and is thereby notified.”
`
`Id. at 38–39. Alternatively, Petitioner contends that notification is inherent
`
`in Bennett because “the user is necessarily notified that an event requiring
`
`re-verification has occurred.” Id. at 41. Petitioner argues that the SMS
`
`message in Bennett identifies the source of the message (i.e., the sending
`
`telephone number) and “the user will know” that the completion code in the
`
`SMS message “corresponds to the occurrence of an event requiring
`
`two-factor authentication from past experience with the system, for example
`
`during her initial account sign-up.” Id. (citing Ex. 1002 ¶¶ 104, 110).
`
`As explained above, a “notification event” is an event that results in
`
`the user being notified that the event occurred. See supra Section I.E.
`
`Petitioner does not point to any specific disclosure in Bennett of notifying
`
`
`
`16
`
`

`

`IPR2016-01688
`Patent 9,300,792 B2
`
`the user that an event occurred. Rather, Bennett discloses “transactions” that
`
`trigger a completion code being sent to the user, such as “online or other
`
`transactions, interactions, enrollment to a service, re-enrollment and
`
`password recovery using some sort of authentication/challenge or use of
`
`various services.” Ex. 1003, col. 12, ll. 33–39, col. 12, l. 56–col. 13, l. 23.
`
`The system determines that a transaction warrants two-factor authentication
`
`and sends an SMS message with a completion code to the user, but the
`
`completion code is simply a code generated by the system and then
`
`“entered” by the user in response. See id. at col. 9, ll. 58–65, col. 15,
`
`ll. 8–42. We are not persuaded that the completion code notifies the user
`
`that a particular event occurred. Nor are we persuaded that such notification
`
`necessarily occurs in Bennett, as the code may simply be, for example, a set
`
`of numbers that the user then enters into his or her telephone, which say
`
`nothing about a particular event having occurred. In that case, the
`
`underlying transaction that triggered two-factor authentication would not
`
`result in the user being notified that the transaction occurred. Thus, based on
`
`the current record, we are not persuaded that Bennett discloses, expressly or
`
`inherently, the “notification event” limitations of the claims.8
`
`Petitioner, however, also relies on the combined teachings of Bennett
`
`and Campbell for the “notification event” limitations of claims 1 and 10.
`
`Pet. 44–59. Petitioner cites Campbell’s disclosure of determining based on
`
`set criteria that additional processing is required and sending an SMS
`
`message to the user with an explanation. Id. at 44–45. One example in
`
`
`8 The Board similarly found in related Cases IPR2016-00450 and
`IPR2016-00451 that Petitioner had not shown that Bennett discloses
`“notification events.” See -450 Dec. 13–14; -451 Dec. 13–14.
`
`
`
`17
`
`

`

`IPR2016-01688
`Patent 9,300,792 B2
`
`Campbell is “suspension of the user’s account as the result of multiple
`
`attempts to access the account using invalid user ID and password
`
`combinations within a certain time period,” where the corresponding SMS
`
`message reads “‘Your account has been suspended due to a risk that your
`
`password has been compromised. Please contact 800-555-5555 for further
`
`assistance.’” Id. (citing Ex. 1004 ¶¶ 40–41). Suspension of the user’s
`
`account, therefore, is a “notification event” (i.e., an event that results in the
`
`user being notified that the event occurred) according to Petitioner. Id.
`
`Petitioner asserts that it would have been obvious to combine this
`
`teaching with Bennett and “include a sentence [in Bennett’s SMS message
`
`along with the completion code] that describes the occurrence of the event
`
`that triggered the notification” (i.e., the reason why the user is being sent a
`
`completion code). Id. at 45–47. Petitioner provides, with supporting
`
`testimony from Dr. Shamos, reasons as to why a person of ordinary skill in
`
`the art would have been motivated to do so, including that doing so would
`
`“provide better customer service.” Id. at 42–47 (citing Ex. 1002 ¶¶ 116–18).
`
`“In cases of fraudulent attempts to access the service, the receipt of a
`
`completion code may alarm a user that has not attempted to access their
`
`account.” Id. at 47. “Including additional information with the SMS
`
`message would, as taught by Campbell, have been obvious to a [person of
`
`ordinary skill in the art], in order to keep the customer informed and instill
`
`confidence in the service.” Id. Based on the current record, we are
`
`persuaded that Petitioner has provided sufficient explanation as to how
`
`Bennett and Campbell teach the “notification event” limitations and why a
`
`person of ordinary skill in the art would have combined their teachings. See
`
`id. at 44–59.
`
`
`
`18
`
`

`

`IPR2016-01688
`Patent 9,300,792 B2
`
`
`Patent Owner makes a number of arguments in response. First, Patent
`
`Owner argues that Petitioner’s arguments as to why Bennett teaches certain
`
`limitations pertaining to “notification events” fail, and that there was “no
`
`apparent reason to combine Campbell with Bennett,” because Bennett itself
`
`does not teach “notification events.” Prelim. Resp. 42–45, 49–54. Although
`
`we agree that Bennett alone does not teach “notification events,” we are
`
`persuaded based on the current record that the combination of Bennett and
`
`Campbell teaches such events, and that adding an explanatory sentence to
`
`Bennett’s SMS message would make the underlying event in Bennett a
`
`“notification event” (beca