`Petitioner
`v.
`Universal Secure Registry LLC,
`Patent Owner
`IPR2018-00067 (Patent 8,577,813)
`Presentation of Petitioner Unified Patents Inc.
`Oral Hearing –January 30, 2019
`
`Demonstrative Exhibit – Not Evidence
`
`IPR2018-00067
`Unified EX1042
`
`1
`
`
`
`Overview of the ’813 Patent
`
`Demonstrative Exhibit – Not Evidence
`
`2
`
`
`
`Overview of the ’813 Patent
`
`“1. An electronic ID device configured to allow a user to select any one of a plurality of
`accounts associated with the user to employ in a financial transaction, comprising:
`• a biometric sensor configured to receive a biometric input provided by the user;
`• a user interface configured to receive a user input including secret information known
`to the user and identifying information concerning an account selected by the user from
`the plurality of accounts;
`• a communication interface configured to communicate with a secure registry;
`• a processor coupled to the biometric sensor to receive information concerning the
`biometric input, the user interface and the communication interface, the processor being
`programmed to activate the electronic ID device based on successful authentication by
`the electronic ID device of at least one of the biometric input and the secret information,
`the processor also being programmed such that once the electronic ID device is activated
`the processor is configured to generate a non-predictable value and to generate
`encrypted authentication information from the non-predictable value, information
`associated with at least a portion of the biometric input, and the secret information, and
`to communicate the encrypted authentication information via the communication
`interface to the secure registry; and
`• wherein the communication interface is configured to wirelessly transmit the
`encrypted authentication information to a point-of-sale (POS) device, and wherein the
`secure registry is configured to receive at least a portion of the encrypted authentication
`information from the POS device.”
`
`Demonstrative Exhibit – Not Evidence
`
`3
`
`
`
`Overview of the ’813 Patent
`
`Demonstrative Exhibit – Not Evidence
`
`EX1001, ’813 Patent, 3:57-64;
`Pap. 12 at 2.
`
`4
`
`
`
`Overview of the ’813 Patent
`
`Demonstrative Exhibit – Not Evidence
`
`EX1001, ’813 Patent, 44:39-46;
`Pap. 12 at 6.
`
`5
`
`
`
`Overview of the ’813 Patent
`
`“1. An electronic ID device configured to allow a user to select any one of a plurality of
`accounts associated with the user to employ in a financial transaction, comprising:
`• a biometric sensor configured to receive a biometric input provided by the user;
`• a user interface configured to receive a user input including secret information known
`to the user and identifying information concerning an account selected by the user from
`the plurality of accounts;
`• a communication interface configured to communicate with a secure registry;
`• a processor coupled to the biometric sensor to receive information concerning the
`biometric input, the user interface and the communication interface, the processor being
`programmed to activate the electronic ID device based on successful authentication by
`the electronic ID device of at least one of the biometric input and the secret information,
`the processor also being programmed such that once the electronic ID device is activated
`the processor is configured to generate a non-predictable value and to generate
`information, and to communicate the encrypted authentication information via the
`communication interface to the secure registry; and
`• wherein the communication interface is configured to wirelessly transmit the
`encrypted authentication informationto a point-of-sale (POS) device, and wherein the
`secure registry is configured to receive at least a portion of the encrypted authentication
`information from the POS device.”
`
`encrypted authentication information from the non-predictable value, information
`associated with at least a portion of the biometric input, and the secret
`
`Demonstrative Exhibit – Not Evidence
`
`6
`
`
`
`Overview of the ’813 Patent
`
`Encrypted Authentication Information
`
`Demonstrative Exhibit – Not Evidence
`
`EX1001, ’813 Patent, 50:14-20, 46:5-8
`Pap. 12 at 2; Pap. 34 at 24-25.
`
`7
`
`
`
`Overview of the ’813 Patent
`
`Demonstrative Exhibit – Not Evidence
`
`EX1001, ’813 Patent, Fig. 31, 44:39-46, 46:27-31
`Pap. 12 at 2, 6, 14-15; see also Pap. 28 at 5.
`
`8
`
`
`
`Petition for Inter Partes Review - Prior Art
`
`• U.S. Patent 6,016,476 to Maes et al. (“Maes”)
`• U.S. Patent 5,870,723 to Pare et al. (“Pare”)
`• U.S. Pub. 2004/0107170 to Labrou et al. (“Labrou”)
`• WO 2001/024123 to Burger et al. (“Burger”)
`• U.S. Patent 7,865,448 to Pizarro (“Pizarro”)
`
`Demonstrative Exhibit – Not Evidence
`
`9
`
`
`
`Instituted Grounds
`
`Combination
`
`Maes+ Pare
`Maes+ Labrou
`Maes+ Pare+ Labrou
`Maes+ Pare+ Burger
`Maes+ Labrou+ Burger
`Maes+ Pare+ Labrou+ Burger
`Pizarro + Pare
`
`Claim(s)
`
`1, 2, 3, 5, 11, 13–17, 20, 22–26
`1, 2, 3, 5, 11–17, 19–26
`12–15, 17, 19–23, 25, 26
`6–9, 18
`6–10, 18
`10
`1, 2, 5, 11, 13, 16, 17, 24
`
`Demonstrative Exhibit – Not Evidence
`
`Paper 14 at 30-31
`
`10
`
`
`
`Petition for Inter Partes Review – Disputed Issues
`
`• Whether Maesin view of Pareand Maesin view of Labrourenders obvious
`wirelessly transmitting encrypted authentication information
`• Whether Pareteaches away from using electronic ID devices
`• Whether a PHOSITA would be motivated to combine Maesand Pare, including
`using multi-layered authentication
`• Whether Maesteaches a “discrete code associated with the electronic ID
`device” (claim 2)
`• Whether Labrou rendersobviousgenerating encrypted authentication
`information that includes at least a portion of the biometric input
`• Whether Labrouteaches generating account identifying information not
`including account numbers (claims 12, 21)
`• Whether there is a motivation to combine Maesand Labrou
`• Whether there is a motivation to combine Pizarroand Pare
`• Whether Unified Patents is the sole real party-in-interest (confidential)
`
`Demonstrative Exhibit – Not Evidence
`
`11
`
`
`
`The Combinations of Maes& Pare and Maes & LabrouRender
`Obvious Wirelessly Transmitting Encrypted Authentication
`Information via a POS device to a Secure Registry, satisfying
`these limitations of Claims 1, 16, and 24.
`
`Demonstrative Exhibit – Not Evidence
`
`12
`
`
`
`Wirelessly Transmitting Encrypted Authentication Information
`
`Demonstrative Exhibit – Not Evidence
`
`EX1003, Maes, Fig. 3
`Pap. 12 at 10
`
`13
`
`
`
`Wirelessly Transmitting Encrypted Authentication Information
`
`[B]iometric verification must be performed before the card information can be written to the
`Universal Card 26. … PIN or password verification may be utilized in lieu of, or in addition
`to such biometric verification techniques.”
`
`Demonstrative Exhibit – Not Evidence
`
`EX1003, Maes, Fig. 1, 10:49-11:8
`Pap. 12 at 11-13, 15-18
`
`14
`
`
`
`Wirelessly Transmitting Encrypted Authentication Information
`
`certificate from the central server 60 prior to initiating a consumer
`
`“[T]he user must periodically connect the PDA device 10 with the central server
`60 of the service provider (Link LI, FIG. 3) in order to obtain a valid digital
`transaction. Specifically, the digital certificate is binary encrypted file that must
`be downloaded into the PDA device 10 before personal or financial information of
`the user can be written to the Universal Card 26.”
`“[T]hepresentinventionmayutilize PIN or password protectioninadditionto
`… biometric verificationtoobtainthenecessarydigitalcertificatefromcentral
`server60.”
`
`Demonstrative Exhibit – Not Evidence
`
`EX1003, Maes, 7:38-45, 10:18-21
`Pap. 38 at 5-7; Pap. 12 at 14
`
`15
`
`
`
`Wirelessly Transmitting Encrypted Authentication Information
`
`selected card information directly from the PDA device to the ATM or POS
`
`“[T]heinventionmayinteractwithelectronicfundtransfersystemsortransaction
`terminalshaving wireless or direct communication capabilitieswithouteven
`havingtousetheUniversalCard26.Specifically,asdemonstratedbythedotted
`linesinFIG.5,theconsumertransactionmaybeperformedby transmitting the
`transaction terminal through an established communication link L2(step228,
`FIG.3)(i.e.,viatheserialport42,theparallelport44modem42,theIRport54or
`theRFport50),…[I]nthisembodiment,theCPU12ofthePDAdevice10will
`prohibittheselectedcardinformationfrombeingretrievedandtransmittedtothe
`transactionterminal80iftheuserisnotbiometricallyverifiedand/orifthedigital
`certificateisnotvalid(step226).Inthisparticularembodimentofthepresent
`invention, the PDA device 10 itself actually takes the place of the Universal
`terminal.”
`
`Card 26 and, consequently, eliminates the need of having to first write the
`selected card information to the Universal Card 26 and then sweep the
`Universal Card 26 through the magnetic reader of the POS or ATM transaction
`
`Demonstrative Exhibit – Not Evidence
`
`EX1003, Maes, 12:5-29
`Pap. 12 at 23-24
`
`16
`
`
`
`Wirelessly Transmitting Encrypted Authentication Information
`
`“[I]ftheuserisbiometricallyverified(step308)andthePDAdevice10contains
`anunexpireddigitalcertificate(step310),theselectedcardinformationis
`retrievedfrommemory14anddecrypted(step314).Thedesiredcreditcard
`information,aswellasanauthorizationnumber,isthendisplayedontheuser
`interface/display34(step316)…
`The merchant will then transmittheUniversalCardnumber27andthe
`displayed authorization number
`to the
`central server 60. Since the
`authorization number is a function of the unexpired digital certificatethat
`wasobtainedfromthecentralserver60intheclient/servermode,thecentral
`server60informthemerchantthattheuserwasproperlyverified(step318).”
`
`Demonstrative Exhibit – Not Evidence
`
`EX1003, Maes, 12:44-49, 12:66-13:5
`Pap. 12 at 23-24, 26-27; see also id. at 14-15
`17
`
`
`
`Wirelessly Transmitting Encrypted Authentication Information
`
`information, as well as the encrypted information file, would be transmitted to
`
`“[D]uringaconsumertransaction,uponlocalverification(biometric,PINand/or
`password)andassuming,ofcourse,thatavaliddigitalcertificatewaspreviously
`downloadedfromthecentralserver60,thePDAdevice10canbeprogrammedto
`downloadtheselectedcardinformationinencryptedform… The selected card
`the POS terminal(viatheUniversalCard, RF or IR) and then transmitted in
`encrypted formdirectlytotheprocessingfinancialinstitutiontogetherwiththe
`purchasedetails.”
`“UserBthenobtainsthe authorization numberproducedbythePDAdeviceof
`UserAuponlocalverification,andenterssuchnumberintothePDAdeviceofUser
`B.Ofcourse, the above procedure may be performed directly (e.g., via IR
`communication)insteadofphysicallyexchangingtheUniversalCard.”
`“[T]hePDAdeviceofUserAmaybeconfiguredsuchthat the authorization
`numberproducedbythePDAdeviceofUserAcontainstheamountofmoneytobe
`transferredtotheaccountofUserB in an encrypted or, otherwise, hidden form.”
`
`Demonstrative Exhibit – Not Evidence
`
`EX1003, Maes at 13:24-38, 14:61-67, 15:15-20
`Pap. 12 at 23-24, Pap. 38 at 7, 10-11
`
`18
`
`
`
`Wirelessly Transmitting Encrypted Authentication Information
`
`Pareteachesgeneratingencryptedauthenticationinformationfrom
`a non-predictable value,
`information associated with at least a
`portionofabiometricinput,andsecretinformation,inthecontextof
`afinancialtransaction:
`“TheBIAusestheDUKPTkeymanagementsystemtoselectthebiometric-PIN
`blockencryption 112-bit DES keyfromtheFutureKeyTable. This key is
`then used to encrypt the Biometric-PIN Blockusingcipherblockchaining
`(CBC).…Allpersonalauthenticationinformation(thebiometricandPIN)is
`storedwithinthebiometric-PINblock. The Biometric-PIN block consists of
`4-12 digit PIN…”
`TheDESkeyisan“unpredictablekey[].”
`
`the following fields:
`300-byte authorization biometric
`
`EX1004, Pare, 17:27-44, 18:51-61; see also id. at Abstract, 4:34-42, 19:43-20:15; see also id. at 4:43-57
`Pap. 12 at 19-20.
`
`Demonstrative Exhibit – Not Evidence
`
`19
`
`
`
`Wirelessly Transmitting Encrypted Authentication Information
`
`Labrou renders obvious generating encrypted authentication
`informationfromanon-predictablevalue,informationassociated
`withatleastaportionofabiometricinput,andsecretinformation,
`inthecontextofafinancialtransaction:
`“Theconsumerdevice102 encrypts the consumer’s PIN [] and the
`consumer's Random Sequence Number…toformtheconsumerKEY
`…Theconsumerdevice102thenencrypts…theTransaction,consumer
`userID,andmerchantdeviceIDusingtheconsumerkey,togeneratethe
`encryptedpartoftheconsumermessage.”
`“[U]serinputreferstothePIEofthesecurityframeworkandprotocol
`foruniversalpervasivetransactions,which in the examples of FIGS.
`Identification Entry) in accordance to the security
`frameworkandprotocolforuniversalpervasivetransactions.”
`
`29-32 is presumed to be a PIN, but it can be any other PIE
`(Personal
`
`Demonstrative Exhibit – Not Evidence
`
`EX1005, Labrou at [0253], [0245]
`Pap. 12 at 20-22, Pap. 38 at 12.
`
`20
`
`
`
`Wirelessly Transmitting Encrypted Authentication Information
`
`“AhashfunctionH1254isthenappliedtotheoutputoftwo-
`argumentfunctionFthatwhenappliedtothelocallygenerated
`RSN1246andthe PIE1248…outputsasingleargument…to
`createthe encryption key K1250…”
`“ThePIEisanalphanumericstring.Inordertospeeduptheuser
`entrytomakeiteasierfortheusertorememberit, the PIE can be
`a number such as 4-digit or 5-digit PIN.Itisapieceofhighly
`secureinformationinthesensethatitisnevertransmittedduring
`theprotocolexecution,itisonlyknowntotheuserandtheAVP
`1106,anditssecrecyshouldbewellprotected.Itisassumedthat
`biometric devicesuchasafingerprintsensor.”
`
`the PIE can be input by the user on an AP device in a secure
`fashion or it may be deterministically generated using a
`
`Demonstrative Exhibit – Not Evidence
`
`EX1005, Labrou at [0537], [0524]
`Pap. 12 at 20-22, Pap. 38 at 12.
`
`21
`
`
`
`Obvious to Combine Maes with Pare or Labrou
`
`Pare at Abstract; Labrou at [0059], Maes at Abstract, 4:1-5; Paper 12 at 8, 9-10.
`
`Pare at Abstract, 4:34-40, 9:59-10:1, 11:37-40; Labrou at [0421], [0158], [0416]-[0418], [0456]; Maes at 10:50-11:18;
`Paper 12 at 11-13, 17-18, 21; Paper 38 at 12.
`
`“[A] court or examiner may find a motivation to combine prior
`art references in the nature of the problem to be solved.”
`
`•Allowing a buyer to select one of multiple accounts without having to
`carry around multiple cards.
`•Biometric and PIN verification.
`•Using encryption to protect data in a financial transaction, a well-
`established practice to address fraud.
`•Wirelessly and remotely verifying a user’s transaction, using a
`merchant as a conduit.
`
`Pare at Abstract, 4:34-42, 17:27-46, 18:51-61, 19:43-20:15, Fig. 7; Labrou at [0253], [0259], [0537]; Maes at 10:10-15,
`12:66-13:5, 13:24-38; Paper 12 at 19-22.
`
`Pare at Abstract, 4:34-58, 6:12-17, 23:60-24:17, 30:63-31:27; Labrou at Abstract, [0188]-[0190], [0210]-[0212]; Maes at
`12:55-13:5; Paper 12 at 23-24.
`
`Demonstrative Exhibit – Not Evidence
`
`Ruiz v. A.B. Chance Co., 357 F.3d 1270, 1276 (Fed. Cir. 2004)
`Pap. 12 at 7-9, 11-13, 19-24; Pap. 38 at 10
`22
`
`
`
`Obvious to Combine Maes with Pare or Labrou
`
`“Itistobeunderstoodthatthepresentinvention
`mayemployanyknownencryptiontechniqueor
`algorithmfortheencryption/decryptionprocess....”
`
`Demonstrative Exhibit – Not Evidence
`
`EX1003, Maes at 10:11-14; see also id. at 13:34-50, 15:15-20
`Paper 12 at 21-23, Paper 38 at 9-11
`
`23
`
`
`
`Wirelessly Transmitting Encrypted Authentication Information
`
`PO’s arguments that the proposed combinations render Maes
`inoperable “to provide biometric security for non-electronic
`transactions”ortobe“compatiblewiththeexistinginfrastructure”
`areincorrectandirrelevant:
`• Non-electronic transactions are not
`the “principle of
`operation” of Maes; Maes
`itself
`teaches wirelessly
`transmittingencryptedinformationandtransmittingthe
`authorization number to remotely verify a user, and it
`promotesenhancementstoexistinginfrastructure
`• Thattheauthorizationnumbermayalsobedisplayedor
`verballycommunicatedisirrelevantanddoesnotdetract
`fromthefactthatitwouldhavebeenobvioustowirelessly
`transmitencryptedauthenticationinformation
`
`Demonstrative Exhibit – Not Evidence
`
`See Pap. 27 at 27-29;
`Pap. 12 at 23-24, 27 (citing EX1003, Maes at 15:21-25);
`Pap. 38 at 7-8 (citing EX1003, Maes at 14:58-67), id. at 15.
`24
`
`
`
`Wirelessly Transmitting Encrypted Authentication Information
`
`Patent Owner’s Expert:
`
`“Maesdescribeshowtobe backwards compatiblewiththe
`existinginfrastructure.And in addition to that, Maes also
`describes additional features,suchasthewritingofthe
`receiptontotheuniversalcard,thatwerenotsupportedby
`theexistinginfrastructurebutwhichwerenotvitaltothe
`transactionbeingpossibletoperform.SoMaes[]describesa
`system that allows users to transact using the existing
`infrastructureandthendescribes enhancements that can
`existing credit cards and/or the system of Maes as
`describedinthecorefunctionality.”
`
`be rolled out gradually and which would enable
`additional
`features but still allowing people to use
`
`Demonstrative Exhibit – Not Evidence
`
`EX1033, Jakobsson Tr. at 93:13-94:2; see also EX1032, Cole Reply Decl. at ¶21
`Pap. 38 at 7-8.
`
`25
`
`
`
`PareDoes Not Teach Away from
`Electronic ID Devices
`
`Demonstrative Exhibit – Not Evidence
`
`26
`
`
`
`Pare Does Not Teach Away from Electronic ID Devices
`
`“Asaresultoftheinvention,abuyercanconductcommercial
`transactions without having to use any tokens such as
`or swipe cards.Theinventionallowsbuyerstoquicklyselect
`oneofagroupofdifferentfinancialaccountsfromwhichto
`transferfunds.”
`
`portable man-made memory devices such as smartcards
`
`Demonstrative Exhibit – Not Evidence
`
`EX1004, Pare at Abstract
`Pap. 38 at 3-4.
`
`27
`
`
`
`Pare Does Not Teach Away from Electronic ID Devices
`
`“ThePhone/CATVversionofBIAhardwareisamultichipmodule
`combinedwithasingle-printscannerandaserialport.…This
`version is designed to be integrated with telephones and
`televisionremotecontrols.Asaresult,itmakesuseoftheexisting
`keypadsandLCDortelevisionscreenstoenterordisplayvalues,
`ratherthanhavingitsowndisplayandkeypadentrydevice.…
`This hardware model
`is (in comparison with other models)
`relativelyinsecure,asitisintendedthatthesedevicescostaslittle
`aspossible,belightweight,andintegrateeasilywithexistinglow-
`costdevices.
`enclosures are possible and encouraged.”
`
`Of course, higher-security versions with more complete
`
`Demonstrative Exhibit – Not Evidence
`
`EX1004, Pare at 14:19-38
`Pap. 38 at 3-4.
`
`28
`
`
`
`Pare Does Not Teach Away from Electronic ID Devices
`
`“Dependingonthetaskathand, BIA modelsareeither
`partiallyor fully integrated with the terminal.Partially
`integrateddevicesarephysicallyseparatefromtheterminal,
`andtheyincludewirelessandstandardretailpointofsale
`BIAs. Fully integrated devices are contained within the
`physical enclosure of the terminal
`itself,
`for instance a
`telephone.”
`“ThePPTacceptsbiometricidentificationusinga BIA/Catv
`connectedtoand integrated withacordless, cellular,or
`standard telephone.”
`
`Demonstrative Exhibit – Not Evidence
`
`EX1004, Pare at 11:22-28, 30:48-50
`Pap. 38 at 3-4.
`
`29
`
`
`
`Pare Does Not Teach Away from Electronic ID Devices
`
`“The biometric input device is further equipped with
`computingmodules16,devicedrivers,and erasable and
`non-erasable memory modules.Thebiometricinputdevice
`communicateswiththeterminalthroughpreferablyaserial
`port17.Theterminal2communicatesthroughamodem18
`withtheDPC1throughmessages19andresponses20using
`oneoftheinterconnectingmeansinFIG.1suchasacableTV
`network, cellular telephone network,telephonenetwork,
`the Internet,oranX.25network.”
`
`Demonstrative Exhibit – Not Evidence
`
`EX1004, Pare at 9:65-10:7
`Pap. 38 at 3-4.
`
`30
`
`
`
`Pare Does Not Teach Away from Electronic ID Devices
`
`“[E]venif messages are decrypted, turning a digital biometric-
`PIN into a physical fingerprint is much harder than turning an
`account number-PIN into a plastic card, which is one of the
`significant benefits of the tokenlesssystems.”
`“Areferencethat‘merelyexpressesageneralpreferencefor
`analternativeinventionbutdoesnotcriticize,discredit,or
`otherwise discourage
`investigation into’
`the
`claimed
`inventiondoesnotteachaway.”
`
`Meiresonne v. Google, Inc., 849 F.3d 1379, 1382 (Fed. Cir. 2017) (quoting Galderma Labs., L.P. v. Tolmar, Inc.,
`737 F.3d 731, 738 (Fed. Cir. 2013)); EX1004, Pare at 20:4-9, Pap. 38 at 3-4.
`Demonstrative Exhibit – Not Evidence
`
`31
`
`
`
`The Proposed Combination of Maesand Pare
`is not Redundant for Providing Multi-
`Layered Authentication
`
`Demonstrative Exhibit – Not Evidence
`
`32
`
`
`
`The Combination of Maes and Pare is not Redundant
`
`• Multi-layered authentication enhances security and is,
`therefore,notredundant–localandremoteservedifferent
`purposes(e.g.,notrustrelationshipbetweenlocaldevice
`andremoteserver)
`– Maesemploysbothlocalandremoteauthentication
`–Dr. Cole has supported his testimony that multi-layered
`authenticationenhancessecurity
`• The ’813 Patent
`itself uses
`local and remote
`authentication:
`“Invariousembodiments,theauthenticationofthebiometric
`occursattheuserdevice352,atthePOSdevice354,atthe
`USR356 or at a combination of the preceding.”
`
`Demonstrative Exhibit – Not Evidence
`
`’813 Patent at 47:35-38; EX1032, Cole Reply Decl. at ¶¶7-8; see also id. at ¶¶9, 15-20
`Pap. 38 at 5-7
`33
`
`
`
`LabrouRenders Obvious Encryption
`Employing a PIE Comprising a PIN and
`Biometric Information
`
`Demonstrative Exhibit – Not Evidence
`
`34
`
`
`
`Obvious to Use Both Biometrics and PIN for Labrou’s PIE
`
`• Labrou’sPIEisnotlimitedtoPINsonly,butcan
`alsobederivedfromabiometric
`• Itwouldhavebeenobviousinlightof Labrou’s
`teachingstoemploybothaPINandbiometricto
`derivethePIE,particularlyinlightof Maes
`• As PO’s expert conceded,
`it was known to a
`PHOSITA
`how to
`generate
`a
`repeatable
`cryptographicstringfrombiometricinputs
`
`Demonstrative Exhibit – Not Evidence
`
`Paper 12 at 21; Paper 38 at 12-15
`35
`
`
`
`Obvious to Use Both Biometrics and PIN for Labrou’s PIE
`
`“PrivateIdentificationEntry(PIE):Thesharedsecretinputbytheuser.It
`isenteredbytheuserwhenevertheuserattemptsatransaction.… The
`PIE is an alphanumeric string.…[T]hePIEcanbeanumbersuchas4-
`digitor5-digitPIN.…ItisassumedthatthePIEcanbeinputbytheuser
`onanAPdeviceinasecurefashionor it may be deterministically
`generated using a biometric device such as a fingerprint sensor.For
`example,acomputationappliedonthefingerprintdatareceivedfromthe
`fingerprint sensor can be used to generate a PIE that is initially
`communicatedtotheAVPbytheuser. Whenever the user attempts a
`thus generating the PIE.
`“[U]serinput refers to the PIE of the security framework and protocol for
`universal pervasive transactions, which in the examples of FIGS. 29-32 is
`presumed to be a PIN, but it can be any other PIE(Personal
`Identification Entry)”
`
`transaction, the user applies her finger to the fingerprint sensor,
`
`Demonstrative Exhibit – Not Evidence
`
`Labrou at [0524], [0245]
`Pap. 12 at 20-22; Pap. 38 at 12
`36
`
`
`
`Obvious to Use Both Biometrics and PIN for Labrou’s PIE
`
`of multi-factor
`the benefits
`testified to
`Dr. Cole
`authenticationinenhancingsecurity:
`• Systemsemployingmultiplemethodsrepresentasecurity
`improvementoversystemsemployingonemethod
`– Eachmethodreconcilesdeficienciesoftheothers(PINrepresents
`informationthatmustbeknown;biometricrepresentswhouseris)
`– Moreworkforawould-beattacker
`
`EX1009, Cole Decl. at ¶¶33-34; see also id. at ¶53 (obvious to use both PIN and biometric for Labrou’s PIE);
`see also EX1032, Cole Reply Decl. at ¶¶4-6, 29
`Pap. 12 at 20-22; Pap. 38 at 12
`Demonstrative Exhibit – Not Evidence
`
`37
`
`
`
`Obvious to Use Both Biometrics and PIN for Labrou’s PIE
`
`Demonstrative Exhibit – Not Evidence
`
`Ex. 1033, Jakobsson Tr. at 101:6-25, 102:21-103:9; see also id. at 108:24-109:11, 110:13-19
`Paper 38 at 12-15
`38
`
`
`
`Obvious to Use Both Biometrics and PIN for Labrou’s PIE
`
`U.S. Patent 6,901,145 to Bohannon et al. (Ex. 1030)
`“Generation of Repeatable Cryptographic Key Based on Varying Parameters”
`Filed: Feb. 10, 2000
`Issued: May 31, 2005
`“One of
`the advantages of
`the present
`invention is
`its
`ability
`to generate
`a
`repeatable cryptographic key in view of
`varyingmeasurements.”
`
`Demonstrative Exhibit – Not Evidence
`
`Ex. 1030, Bohannon, at 4:65-5:3
`Ex. 1033, Jakobsson Tr. at 110:20-113:5
`Pap. 38 at 13-14
`
`39
`
`
`
`Obvious to Use Both Biometrics and PIN for Labrou’s PIE
`
`…
`
`Demonstrative Exhibit – Not Evidence
`
`Ex. 1033, Jakobsson Tr. at 114:14-116:9
`Pap. 38 at 13-14; see also EX1032, Cole Decl. at ¶¶10-12, 30
`40
`
`
`
`Obvious to Combine Maes & Pare, Maes &
`Labrou, and Maes, Pare, & Labrou
`
`Demonstrative Exhibit – Not Evidence
`
`41
`
`
`
`Obvious to Combine Maes with Pare or Labrou
`
`Pare at Abstract; Labrou at [0059], Maes at Abstract, 4:1-5; Paper 12 at 8, 9-10.
`
`Pare at Abstract, 4:34-40, 9:59-10:1, 11:37-40; Labrou at [0421], [0158], [0416]-[0418], [0456]; Maes at 10:50-11:18;
`Paper 12 at 11-13, 17-18, 21; Paper 38 at 12.
`
`“[A] court or examiner may find a motivation to combine prior
`art references in the nature of the problem to be solved.”
`
`•Allowing a buyer to select one of multiple accounts without having to
`carry around multiple cards.
`•Biometric and PIN verification.
`•Using encryption to protect data in a financial transaction, a well-
`established practice to address fraud.
`•Wirelessly and remotely verifying a user’s transaction, using a
`merchant as a conduit.
`
`Pare at Abstract, 4:34-42, 17:27-46, 18:51-61, 19:43-20:15, Fig. 7; Labrou at [0253], [0259], [0537]; Maes at 10:10-15,
`12:66-13:5, 13:24-38; Paper 12 at 19-22.
`
`Pare at Abstract, 4:34-58, 6:12-17, 23:60-24:17, 30:63-31:27; Labrou at Abstract, [0188]-[0190], [0210]-[0212]; Maes at
`12:55-13:5; Paper 12 at 23-24.
`
`Demonstrative Exhibit – Not Evidence
`
`Ruiz v. A.B. Chance Co., 357 F.3d 1270, 1276 (Fed. Cir. 2004)
`Pap. 12 at 7-9, 11-13, 19-24; Pap. 38 at 10
`42
`
`
`
`Obvious to Combine Maes with Pare or Labrou
`
`“Itistobeunderstoodthatthepresentinvention
`mayemployanyknownencryptiontechniqueor
`algorithmfortheencryption/decryptionprocess....”
`
`Demonstrative Exhibit – Not Evidence
`
`EX1003, Maes at 10:11-14; see also id. at 13:34-50, 15:15-20
`Paper 12 at 21-23, Paper 38 at 9-11
`
`43
`
`
`
`Obvious to Combine Maes with Pare or Labrou
`
`“[D]uring a consumer transaction, upon local verification (biometric, PIN and/or
`password) and assuming, of course, that a valid digital certificate was previously
`downloaded from the central server 60, the PDA device 10 can be programmed
`to download the selected card information in encrypted form … The selected
`card information, as well as the encrypted information file, would be
`transmitted to the POS terminal (via the Universal Card, RF or IR) and then
`transmitted in encrypted form directly to the processing financial institution
`together with the purchase details.”
`
`Demonstrative Exhibit – Not Evidence
`
`EX1003, Maes at 13:24-38, 14:61-67, 15:15-20
`Pap. 12 at 22, 23-24; Pap. 38 at 7, 10-11
`
`44
`
`
`
`Obvious to Combine Maes and Labrou
`
`a user’s
`that
`teaches
`“Labrou
`information is encryptedbytheuser’sdeviceusing
`a ‘Private Identification Entry (PIE),’ … and a
`‘randomsequencenumber’(i.e.,anon-predictable
`value)....”
`
`transaction
`
`Demonstrative Exhibit – Not Evidence
`
`Pap. 12 at 20; see also Pap. 38 at 14-15
`45
`
`
`
`MaesTeaches the Limitation of Claim 2
`(Discrete Code Associated With the Electronic ID Device)
`
`Demonstrative Exhibit– Not Evidence
`
`46
`
`
`
`Maes Teaches the Limitation of Claim 2
`(“a discrete code associated with the electronic ID device)
`
`“Thedigitalcertificatecontainsinformation
`relatingto(butnotlimitedto)the account
`number of the PDA device 10…”
`“[T]heUniversalCard26witha unique account number
`27isprovidedbytheserviceprovider.”
`“[T]heinventionmayinteractwithelectronicfundtransfer
`systemsortransactionterminalshavingwirelessordirect
`communicationcapabilitieswithoutevenhavingtousethe
`UniversalCard26.… Inthisparticularembodimentofthe
`presentinvention, the PDA device 10 itself actually takes
`the place of the Universal Card 26…”
`
`Demonstrative Exhibit – Not Evidence
`
`EX1003, Maes at 7:45-49, 7:26-27, 12:5-29
`Pap. 12 at 27-28, Pap. 38 at 9-11; Pap. 12 at 10
`47
`
`
`
`LabrouTeaches the
`Limitations of Claims 12 and 21
`(Generating Account Identifying Information/Identifier for a
`Selected Account Without Including the Account Number)
`
`Demonstrative Exhibit – Not Evidence
`
`48
`
`
`
`Labrou Teaches The Limitations of Claims 12 and 21
`(Account Identifying Information/Account Identifier)
`
`identifying information for the
`respective one of the plurality of accounts, wherein the account
`
`12. The electronic ID device of claim 11, wherein the processor is
`configured to generate account
`identifying information does not identify an account numberofthe
`respectiveoneofthepluralityofaccounts.
`21.Themethodofclaim16,furthercomprisinganactof generating an
`that does not include an account number, and wherein the act of
`generating encrypted authentication information includes using the
`accountidentifierfortheidentifyinginformation.
`
`account identifier for the selected one of the plurality of user accounts
`
`Demonstrative Exhibit – Not Evidence
`
`49
`
`
`
`Labrou Teaches The Limitations of Claims 12 and 21
`(Account Identifying Information/Account Identifier)
`
`• Theclaimsdonotrequirethattheaccountidentifying
`informationbegenerated afterselectionofanaccount;
`onlythatitbegeneratedforaselectedaccount
`• Even if
`the claims did require generation of such
`informationafterselectionofanaccountforatransaction,
`Labrouteachesthis.
`
`Demonstrative Exhibit – Not Evidence
`
`Paper 12 at 31, 37-38; Paper 38 at 15-17
`50
`
`
`
`Labrou Teaches The Limitations of Claims 12 and 21
`(Account Identifying Information/Account Identifier)
`
`“No actual account numbers are stored on
`the device 102; only aliasesfortheaccounts
`arestoredonthedevice102.”
`“Forthepurposesofthepresentedmethod,it
`isnotnecessarythatthedevice102maintains
`accountnumberslocally,aprecautionwhich
`addstothesecurityoftheoverallmethod.…
`After the user selects the account…, the
`is generated and
`transmittedasdescribedpreviously..”
`
`transaction request
`
`Demonstrative Exhibit – Not Evidence
`
`EX1005, Labrou at [0421], [0293], Fig. 52; see also id. at [0532], Figs. 53-55
`Paper 12 at 31, 37-38; Paper 38 at 15-17
`
`51
`
`
`
`Obvious to Combine Pizarro and Pare
`
`Demonstrative Exhibit – Not Evidence
`
`52
`
`
`
`Obvious to Combine Pizarro and Pare
`
`Demonstrative Exhibit – Not Evidence
`
`EX1007, Pizarro at Fig. 2;
`Paper 12 at 48-49, 52, 59
`
`53
`
`
`
`Obvious to Combine Pizarro and Pare
`
`• Multi-layered Authentication is Not Redundant in the
`ContextofSecureTransactions
`• PareDoesNotTeachAwayfromtheUseofElectronicID
`Devices
`• Multi-factor Authentication is Not Redundant in the
`Context of Secure Transactions, and PO does not Dispute
`that it Would havebeen Obvious to Combine Pare’sPIN
`with Pizarro
`
`Demonstrative Exhibit – Not Evidence
`
`Paper 38 at 17-18
`54
`
`
`
`OPPOSITION TO MOTION TO AMEND
`
`Demonstrative Exhibit – Not Evidence
`
`55
`
`
`
`Prior Art Cited
`
`• Maes
`• Labrou
`• Burger
`
`• U.S.Pat.5,280,527toGullman et al.(“Gullman”)
`• U.S.Pat.App.Pub.2004/0172535toJakobsson et
`al.(“Jakobsson”)
`• U.S.Pat.5,479,512to Weiss(“Weiss”)
`
`Demonstrative Exhibit – Not Evidence
`
`56
`
`
`
`Opposition to Motion to Amend - Combinations
`
`Combination
`
`Maes+ Labrou
`Maes+ Labrou + Gullman
`Maes+ Labrou + Jakobsson
`Maes+ Labrou + Weiss
`Maes+ Labrou+ Weiss+ Gullman
`Maes+ Labrou+ Weiss+ Jakobsson
`Maes+ Labrou+ Gullman+ Burger
`Maes+ Labrou+ Jakobsson + Burger
`Maes+ Labrou+ Weiss+ Burger
`
`Claim(s)
`
`27-31, 37-44, and 46-52
`27-31, 37-41, and 50-52
`27-31, 37-41, and 50-52
`42-43 and 46-49
`45
`45
`32-36
`32-36
`44
`
`Demonstrative Exhibit – Not Evidence
`
`57
`
`
`
`Opposition to Motion to Amend – Proposed Amendments
`
`The Seed Limitation
`(Claims 27 & 50, Former Claims 1 & 24)
`
`is further
`“wherein the processor
`configured to generate/generating a
`seedusingatleasttwoofanelectronic
`serial number,
`a
`discrete
`code
`associated with the electronic
`ID
`device,aPIN,atimevalue,andthe
`[information associated with at least a
`portion of the] biometric input/of a
`to generate the
`encrypted
`authentication information, the seed
`being employed/wherein the seed is
`employed by theprocessor/electronic
`to generate
`the non-
`predictablevalue”
`
`user
`
`ID device
`
`The Math Limitation
`(Claim 42, Former Claim 16)
`
`“whereindatastoredintheelectronic
`IDdeviceissubjecttoamathematical
`operation
`employing
`the
`secret
`information that acts to modify the
`datasuchthatitisunintelligibleuntil
`theelectronicIDdeviceisactivated,
`andtheelectronicIDdeviceusesthe
`secret
`information to reverse the
`mathematical operation and render
`thedatalegible”
`
`Demonstrative Exhibit – Not Evidence
`
`58
`
`
`
`Opposition to Motion to Amend – Disputed Issues
`
`is obvious over the
`• Whether the “Seed Limitation”
`combinationof Maesand Labrou
`– The proper construction of“discrete code associated with the
`electronicIDdevice”
`• Whetherthe“MathLimitation”isobviousover Maesand
`obviousoverthecombinationof Maesand Labrou
`• Whether the “Seed Limitation”
`is obvious over the
`combinationof Maes, Labrou,and Gullman
`• Whether a PHOSITA would have been motivated to
`combine Jakobsson’steachingswith Maesinviewof Labrou
`• WhetheraPHOSITAwouldhave