Unified Patents Inc.,
`Petitioner
`v.
`Universal Secure Registry LLC,
`Patent Owner
`IPR2018-00067 (Patent 8,577,813)
`Presentation of Petitioner Unified Patents Inc.
`Oral Hearing –January 30, 2019
`
`Demonstrative Exhibit – Not Evidence
`
`IPR2018-00067
`Unified EX1042
`
`1
`
`
`Petitioner
`v.
`Universal Secure Registry LLC,
`Patent Owner
`IPR2018-00067 (Patent 8,577,813)
`Presentation of Petitioner Unified Patents Inc.
`Oral Hearing –January 30, 2019
`
`Demonstrative Exhibit – Not Evidence
`
`IPR2018-00067
`Unified EX1042
`
`1
`
`
`
`Overview of the ’813 Patent
`
`Demonstrative Exhibit – Not Evidence
`
`2
`
`
`
`Overview of the ’813 Patent
`
`“1. An electronic ID device configured to allow a user to select any one of a plurality of
`accounts associated with the user to employ in a financial transaction, comprising:
`• a biometric sensor configured to receive a biometric input provided by the user;
`• a user interface configured to receive a user input including secret information known
`to the user and identifying information concerning an account selected by the user from
`the plurality of accounts;
`• a communication interface configured to communicate with a secure registry;
`• a processor coupled to the biometric sensor to receive information concerning the
`biometric input, the user interface and the communication interface, the processor being
`programmed to activate the electronic ID device based on successful authentication by
`the electronic ID device of at least one of the biometric input and the secret information,
`the processor also being programmed such that once the electronic ID device is activated
`the processor is configured to generate a non-predictable value and to generate
`encrypted authentication information from the non-predictable value, information
`associated with at least a portion of the biometric input, and the secret information, and
`to communicate the encrypted authentication information via the communication
`interface to the secure registry; and
`• wherein the communication interface is configured to wirelessly transmit the
`encrypted authentication information to a point-of-sale (POS) device, and wherein the
`secure registry is configured to receive at least a portion of the encrypted authentication
`information from the POS device.”
`
`Demonstrative Exhibit – Not Evidence
`
`3
`
`
`
`Overview of the ’813 Patent
`
`Demonstrative Exhibit – Not Evidence
`
`EX1001, ’813 Patent, 3:57-64;
`Pap. 12 at 2.
`
`4
`
`
`
`Overview of the ’813 Patent
`
`Demonstrative Exhibit – Not Evidence
`
`EX1001, ’813 Patent, 44:39-46;
`Pap. 12 at 6.
`
`5
`
`
`
`Overview of the ’813 Patent
`
`“1. An electronic ID device configured to allow a user to select any one of a plurality of
`accounts associated with the user to employ in a financial transaction, comprising:
`• a biometric sensor configured to receive a biometric input provided by the user;
`• a user interface configured to receive a user input including secret information known
`to the user and identifying information concerning an account selected by the user from
`the plurality of accounts;
`• a communication interface configured to communicate with a secure registry;
`• a processor coupled to the biometric sensor to receive information concerning the
`biometric input, the user interface and the communication interface, the processor being
`programmed to activate the electronic ID device based on successful authentication by
`the electronic ID device of at least one of the biometric input and the secret information,
`the processor also being programmed such that once the electronic ID device is activated
`the processor is configured to generate a non-predictable value and to generate
`information, and to communicate the encrypted authentication information via the
`communication interface to the secure registry; and
`• wherein the communication interface is configured to wirelessly transmit the
`encrypted authentication informationto a point-of-sale (POS) device, and wherein the
`secure registry is configured to receive at least a portion of the encrypted authentication
`information from the POS device.”
`
`encrypted authentication information from the non-predictable value, information
`associated with at least a portion of the biometric input, and the secret
`
`Demonstrative Exhibit – Not Evidence
`
`6
`
`
`
`Overview of the ’813 Patent
`
`Encrypted Authentication Information
`
`Demonstrative Exhibit – Not Evidence
`
`EX1001, ’813 Patent, 50:14-20, 46:5-8
`Pap. 12 at 2; Pap. 34 at 24-25.
`
`7
`
`
`
`Overview of the ’813 Patent
`
`Demonstrative Exhibit – Not Evidence
`
`EX1001, ’813 Patent, Fig. 31, 44:39-46, 46:27-31
`Pap. 12 at 2, 6, 14-15; see also Pap. 28 at 5.
`
`8
`
`
`
`Petition for Inter Partes Review - Prior Art
`
`• U.S. Patent 6,016,476 to Maes et al. (“Maes”)
`• U.S. Patent 5,870,723 to Pare et al. (“Pare”)
`• U.S. Pub. 2004/0107170 to Labrou et al. (“Labrou”)
`• WO 2001/024123 to Burger et al. (“Burger”)
`• U.S. Patent 7,865,448 to Pizarro (“Pizarro”)
`
`Demonstrative Exhibit – Not Evidence
`
`9
`
`
`
`Instituted Grounds
`
`Combination
`
`Maes+ Pare
`Maes+ Labrou
`Maes+ Pare+ Labrou
`Maes+ Pare+ Burger
`Maes+ Labrou+ Burger
`Maes+ Pare+ Labrou+ Burger
`Pizarro + Pare
`
`Claim(s)
`
`1, 2, 3, 5, 11, 13–17, 20, 22–26
`1, 2, 3, 5, 11–17, 19–26
`12–15, 17, 19–23, 25, 26
`6–9, 18
`6–10, 18
`10
`1, 2, 5, 11, 13, 16, 17, 24
`
`Demonstrative Exhibit – Not Evidence
`
`Paper 14 at 30-31
`
`10
`
`
`
`Petition for Inter Partes Review – Disputed Issues
`
`• Whether Maesin view of Pareand Maesin view of Labrourenders obvious
`wirelessly transmitting encrypted authentication information
`• Whether Pareteaches away from using electronic ID devices
`• Whether a PHOSITA would be motivated to combine Maesand Pare, including
`using multi-layered authentication
`• Whether Maesteaches a “discrete code associated with the electronic ID
`device” (claim 2)
`• Whether Labrou rendersobviousgenerating encrypted authentication
`information that includes at least a portion of the biometric input
`• Whether Labrouteaches generating account identifying information not
`including account numbers (claims 12, 21)
`• Whether there is a motivation to combine Maesand Labrou
`• Whether there is a motivation to combine Pizarroand Pare
`• Whether Unified Patents is the sole real party-in-interest (confidential)
`
`Demonstrative Exhibit – Not Evidence
`
`11
`
`
`
`The Combinations of Maes& Pare and Maes & LabrouRender
`Obvious Wirelessly Transmitting Encrypted Authentication
`Information via a POS device to a Secure Registry, satisfying
`these limitations of Claims 1, 16, and 24.
`
`Demonstrative Exhibit – Not Evidence
`
`12
`
`
`
`Wirelessly Transmitting Encrypted Authentication Information
`
`Demonstrative Exhibit – Not Evidence
`
`EX1003, Maes, Fig. 3
`Pap. 12 at 10
`
`13
`
`
`
`Wirelessly Transmitting Encrypted Authentication Information
`
`[B]iometric verification must be performed before the card information can be written to the
`Universal Card 26. … PIN or password verification may be utilized in lieu of, or in addition
`to such biometric verification techniques.”
`
`Demonstrative Exhibit – Not Evidence
`
`EX1003, Maes, Fig. 1, 10:49-11:8
`Pap. 12 at 11-13, 15-18
`
`14
`
`
`
`Wirelessly Transmitting Encrypted Authentication Information
`
`certificate from the central server 60 prior to initiating a consumer
`
`“[T]he user must periodically connect the PDA device 10 with the central server
`60 of the service provider (Link LI, FIG. 3) in order to obtain a valid digital
`transaction. Specifically, the digital certificate is binary encrypted file that must
`be downloaded into the PDA device 10 before personal or financial information of
`the user can be written to the Universal Card 26.”
`“[T]hepresentinventionmayutilize PIN or password protectioninadditionto
`… biometric verificationtoobtainthenecessarydigitalcertificatefromcentral
`server60.”
`
`Demonstrative Exhibit – Not Evidence
`
`EX1003, Maes, 7:38-45, 10:18-21
`Pap. 38 at 5-7; Pap. 12 at 14
`
`15
`
`
`
`Wirelessly Transmitting Encrypted Authentication Information
`
`selected card information directly from the PDA device to the ATM or POS
`
`“[T]heinventionmayinteractwithelectronicfundtransfersystemsortransaction
`terminalshaving wireless or direct communication capabilitieswithouteven
`havingtousetheUniversalCard26.Specifically,asdemonstratedbythedotted
`linesinFIG.5,theconsumertransactionmaybeperformedby transmitting the
`transaction terminal through an established communication link L2(step228,
`FIG.3)(i.e.,viatheserialport42,theparallelport44modem42,theIRport54or
`theRFport50),…[I]nthisembodiment,theCPU12ofthePDAdevice10will
`prohibittheselectedcardinformationfrombeingretrievedandtransmittedtothe
`transactionterminal80iftheuserisnotbiometricallyverifiedand/orifthedigital
`certificateisnotvalid(step226).Inthisparticularembodimentofthepresent
`invention, the PDA device 10 itself actually takes the place of the Universal
`terminal.”
`
`Card 26 and, consequently, eliminates the need of having to first write the
`selected card information to the Universal Card 26 and then sweep the
`Universal Card 26 through the magnetic reader of the POS or ATM transaction
`
`Demonstrative Exhibit – Not Evidence
`
`EX1003, Maes, 12:5-29
`Pap. 12 at 23-24
`
`16
`
`
`
`Wirelessly Transmitting Encrypted Authentication Information
`
`“[I]ftheuserisbiometricallyverified(step308)andthePDAdevice10contains
`anunexpireddigitalcertificate(step310),theselectedcardinformationis
`retrievedfrommemory14anddecrypted(step314).Thedesiredcreditcard
`information,aswellasanauthorizationnumber,isthendisplayedontheuser
`interface/display34(step316)…
`The merchant will then transmittheUniversalCardnumber27andthe
`displayed authorization number
`to the
`central server 60. Since the
`authorization number is a function of the unexpired digital certificatethat
`wasobtainedfromthecentralserver60intheclient/servermode,thecentral
`server60informthemerchantthattheuserwasproperlyverified(step318).”
`
`Demonstrative Exhibit – Not Evidence
`
`EX1003, Maes, 12:44-49, 12:66-13:5
`Pap. 12 at 23-24, 26-27; see also id. at 14-15
`17
`
`
`
`Wirelessly Transmitting Encrypted Authentication Information
`
`information, as well as the encrypted information file, would be transmitted to
`
`“[D]uringaconsumertransaction,uponlocalverification(biometric,PINand/or
`password)andassuming,ofcourse,thatavaliddigitalcertificatewaspreviously
`downloadedfromthecentralserver60,thePDAdevice10canbeprogrammedto
`downloadtheselectedcardinformationinencryptedform… The selected card
`the POS terminal(viatheUniversalCard, RF or IR) and then transmitted in
`encrypted formdirectlytotheprocessingfinancialinstitutiontogetherwiththe
`purchasedetails.”
`“UserBthenobtainsthe authorization numberproducedbythePDAdeviceof
`UserAuponlocalverification,andenterssuchnumberintothePDAdeviceofUser
`B.Ofcourse, the above procedure may be performed directly (e.g., via IR
`communication)insteadofphysicallyexchangingtheUniversalCard.”
`“[T]hePDAdeviceofUserAmaybeconfiguredsuchthat the authorization
`numberproducedbythePDAdeviceofUserAcontainstheamountofmoneytobe
`transferredtotheaccountofUserB in an encrypted or, otherwise, hidden form.”
`
`Demonstrative Exhibit – Not Evidence
`
`EX1003, Maes at 13:24-38, 14:61-67, 15:15-20
`Pap. 12 at 23-24, Pap. 38 at 7, 10-11
`
`18
`
`
`
`Wirelessly Transmitting Encrypted Authentication Information
`
`Pareteachesgeneratingencryptedauthenticationinformationfrom
`a non-predictable value,
`information associated with at least a
`portionofabiometricinput,andsecretinformation,inthecontextof
`afinancialtransaction:
`“TheBIAusestheDUKPTkeymanagementsystemtoselectthebiometric-PIN
`blockencryption 112-bit DES keyfromtheFutureKeyTable. This key is
`then used to encrypt the Biometric-PIN Blockusingcipherblockchaining
`(CBC).…Allpersonalauthenticationinformation(thebiometricandPIN)is
`storedwithinthebiometric-PINblock. The Biometric-PIN block consists of
`4-12 digit PIN…”
`TheDESkeyisan“unpredictablekey[].”
`
`the following fields:
`300-byte authorization biometric
`
`EX1004, Pare, 17:27-44, 18:51-61; see also id. at Abstract, 4:34-42, 19:43-20:15; see also id. at 4:43-57
`Pap. 12 at 19-20.
`
`Demonstrative Exhibit – Not Evidence
`
`19
`
`
`
`Wirelessly Transmitting Encrypted Authentication Information
`
`Labrou renders obvious generating encrypted authentication
`informationfromanon-predictablevalue,informationassociated
`withatleastaportionofabiometricinput,andsecretinformation,
`inthecontextofafinancialtransaction:
`“Theconsumerdevice102 encrypts the consumer’s PIN [] and the
`consumer's Random Sequence Number…toformtheconsumerKEY
`…Theconsumerdevice102thenencrypts…theTransaction,consumer
`userID,andmerchantdeviceIDusingtheconsumerkey,togeneratethe
`encryptedpartoftheconsumermessage.”
`“[U]serinputreferstothePIEofthesecurityframeworkandprotocol
`foruniversalpervasivetransactions,which in the examples of FIGS.
`Identification Entry) in accordance to the security
`frameworkandprotocolforuniversalpervasivetransactions.”
`
`29-32 is presumed to be a PIN, but it can be any other PIE
`(Personal
`
`Demonstrative Exhibit – Not Evidence
`
`EX1005, Labrou at [0253], [0245]
`Pap. 12 at 20-22, Pap. 38 at 12.
`
`20
`
`
`
`Wirelessly Transmitting Encrypted Authentication Information
`
`“AhashfunctionH1254isthenappliedtotheoutputoftwo-
`argumentfunctionFthatwhenappliedtothelocallygenerated
`RSN1246andthe PIE1248…outputsasingleargument…to
`createthe encryption key K1250…”
`“ThePIEisanalphanumericstring.Inordertospeeduptheuser
`entrytomakeiteasierfortheusertorememberit, the PIE can be
`a number such as 4-digit or 5-digit PIN.Itisapieceofhighly
`secureinformationinthesensethatitisnevertransmittedduring
`theprotocolexecution,itisonlyknowntotheuserandtheAVP
`1106,anditssecrecyshouldbewellprotected.Itisassumedthat
`biometric devicesuchasafingerprintsensor.”
`
`the PIE can be input by the user on an AP device in a secure
`fashion or it may be deterministically generated using a
`
`Demonstrative Exhibit – Not Evidence
`
`EX1005, Labrou at [0537], [0524]
`Pap. 12 at 20-22, Pap. 38 at 12.
`
`21
`
`
`
`Obvious to Combine Maes with Pare or Labrou
`
`Pare at Abstract; Labrou at [0059], Maes at Abstract, 4:1-5; Paper 12 at 8, 9-10.
`
`Pare at Abstract, 4:34-40, 9:59-10:1, 11:37-40; Labrou at [0421], [0158], [0416]-[0418], [0456]; Maes at 10:50-11:18;
`Paper 12 at 11-13, 17-18, 21; Paper 38 at 12.
`
`“[A] court or examiner may find a motivation to combine prior
`art references in the nature of the problem to be solved.”
`
`•Allowing a buyer to select one of multiple accounts without having to
`carry around multiple cards.
`•Biometric and PIN verification.
`•Using encryption to protect data in a financial transaction, a well-
`established practice to address fraud.
`•Wirelessly and remotely verifying a user’s transaction, using a
`merchant as a conduit.
`
`Pare at Abstract, 4:34-42, 17:27-46, 18:51-61, 19:43-20:15, Fig. 7; Labrou at [0253], [0259], [0537]; Maes at 10:10-15,
`12:66-13:5, 13:24-38; Paper 12 at 19-22.
`
`Pare at Abstract, 4:34-58, 6:12-17, 23:60-24:17, 30:63-31:27; Labrou at Abstract, [0188]-[0190], [0210]-[0212]; Maes at
`12:55-13:5; Paper 12 at 23-24.
`
`Demonstrative Exhibit – Not Evidence
`
`Ruiz v. A.B. Chance Co., 357 F.3d 1270, 1276 (Fed. Cir. 2004)
`Pap. 12 at 7-9, 11-13, 19-24; Pap. 38 at 10
`22
`
`
`
`Obvious to Combine Maes with Pare or Labrou
`
`“Itistobeunderstoodthatthepresentinvention
`mayemployanyknownencryptiontechniqueor
`algorithmfortheencryption/decryptionprocess....”
`
`Demonstrative Exhibit – Not Evidence
`
`EX1003, Maes at 10:11-14; see also id. at 13:34-50, 15:15-20
`Paper 12 at 21-23, Paper 38 at 9-11
`
`23
`
`
`
`Wirelessly Transmitting Encrypted Authentication Information
`
`PO’s arguments that the proposed combinations render Maes
`inoperable “to provide biometric security for non-electronic
`transactions”ortobe“compatiblewiththeexistinginfrastructure”
`areincorrectandirrelevant:
`• Non-electronic transactions are not
`the “principle of
`operation” of Maes; Maes
`itself
`teaches wirelessly
`transmittingencryptedinformationandtransmittingthe
`authorization number to remotely verify a user, and it
`promotesenhancementstoexistinginfrastructure
`• Thattheauthorizationnumbermayalsobedisplayedor
`verballycommunicatedisirrelevantanddoesnotdetract
`fromthefactthatitwouldhavebeenobvioustowirelessly
`transmitencryptedauthenticationinformation
`
`Demonstrative Exhibit – Not Evidence
`
`See Pap. 27 at 27-29;
`Pap. 12 at 23-24, 27 (citing EX1003, Maes at 15:21-25);
`Pap. 38 at 7-8 (citing EX1003, Maes at 14:58-67), id. at 15.
`24
`
`
`
`Wirelessly Transmitting Encrypted Authentication Information
`
`Patent Owner’s Expert:
`
`“Maesdescribeshowtobe backwards compatiblewiththe
`existinginfrastructure.And in addition to that, Maes also
`describes additional features,suchasthewritingofthe
`receiptontotheuniversalcard,thatwerenotsupportedby
`theexistinginfrastructurebutwhichwerenotvitaltothe
`transactionbeingpossibletoperform.SoMaes[]describesa
`system that allows users to transact using the existing
`infrastructureandthendescribes enhancements that can
`existing credit cards and/or the system of Maes as
`describedinthecorefunctionality.”
`
`be rolled out gradually and which would enable
`additional
`features but still allowing people to use
`
`Demonstrative Exhibit – Not Evidence
`
`EX1033, Jakobsson Tr. at 93:13-94:2; see also EX1032, Cole Reply Decl. at ¶21
`Pap. 38 at 7-8.
`
`25
`
`
`
`PareDoes Not Teach Away from
`Electronic ID Devices
`
`Demonstrative Exhibit – Not Evidence
`
`26
`
`
`
`Pare Does Not Teach Away from Electronic ID Devices
`
`“Asaresultoftheinvention,abuyercanconductcommercial
`transactions without having to use any tokens such as
`or swipe cards.Theinventionallowsbuyerstoquicklyselect
`oneofagroupofdifferentfinancialaccountsfromwhichto
`transferfunds.”
`
`portable man-made memory devices such as smartcards
`
`Demonstrative Exhibit – Not Evidence
`
`EX1004, Pare at Abstract
`Pap. 38 at 3-4.
`
`27
`
`
`
`Pare Does Not Teach Away from Electronic ID Devices
`
`“ThePhone/CATVversionofBIAhardwareisamultichipmodule
`combinedwithasingle-printscannerandaserialport.…This
`version is designed to be integrated with telephones and
`televisionremotecontrols.Asaresult,itmakesuseoftheexisting
`keypadsandLCDortelevisionscreenstoenterordisplayvalues,
`ratherthanhavingitsowndisplayandkeypadentrydevice.…
`This hardware model
`is (in comparison with other models)
`relativelyinsecure,asitisintendedthatthesedevicescostaslittle
`aspossible,belightweight,andintegrateeasilywithexistinglow-
`costdevices.
`enclosures are possible and encouraged.”
`
`Of course, higher-security versions with more complete
`
`Demonstrative Exhibit – Not Evidence
`
`EX1004, Pare at 14:19-38
`Pap. 38 at 3-4.
`
`28
`
`
`
`Pare Does Not Teach Away from Electronic ID Devices
`
`“Dependingonthetaskathand, BIA modelsareeither
`partiallyor fully integrated with the terminal.Partially
`integrateddevicesarephysicallyseparatefromtheterminal,
`andtheyincludewirelessandstandardretailpointofsale
`BIAs. Fully integrated devices are contained within the
`physical enclosure of the terminal
`itself,
`for instance a
`telephone.”
`“ThePPTacceptsbiometricidentificationusinga BIA/Catv
`connectedtoand integrated withacordless, cellular,or
`standard telephone.”
`
`Demonstrative Exhibit – Not Evidence
`
`EX1004, Pare at 11:22-28, 30:48-50
`Pap. 38 at 3-4.
`
`29
`
`
`
`Pare Does Not Teach Away from Electronic ID Devices
`
`“The biometric input device is further equipped with
`computingmodules16,devicedrivers,and erasable and
`non-erasable memory modules.Thebiometricinputdevice
`communicateswiththeterminalthroughpreferablyaserial
`port17.Theterminal2communicatesthroughamodem18
`withtheDPC1throughmessages19andresponses20using
`oneoftheinterconnectingmeansinFIG.1suchasacableTV
`network, cellular telephone network,telephonenetwork,
`the Internet,oranX.25network.”
`
`Demonstrative Exhibit – Not Evidence
`
`EX1004, Pare at 9:65-10:7
`Pap. 38 at 3-4.
`
`30
`
`
`
`Pare Does Not Teach Away from Electronic ID Devices
`
`“[E]venif messages are decrypted, turning a digital biometric-
`PIN into a physical fingerprint is much harder than turning an
`account number-PIN into a plastic card, which is one of the
`significant benefits of the tokenlesssystems.”
`“Areferencethat‘merelyexpressesageneralpreferencefor
`analternativeinventionbutdoesnotcriticize,discredit,or
`otherwise discourage
`investigation into’
`the
`claimed
`inventiondoesnotteachaway.”
`
`Meiresonne v. Google, Inc., 849 F.3d 1379, 1382 (Fed. Cir. 2017) (quoting Galderma Labs., L.P. v. Tolmar, Inc.,
`737 F.3d 731, 738 (Fed. Cir. 2013)); EX1004, Pare at 20:4-9, Pap. 38 at 3-4.
`Demonstrative Exhibit – Not Evidence
`
`31
`
`
`
`The Proposed Combination of Maesand Pare
`is not Redundant for Providing Multi-
`Layered Authentication
`
`Demonstrative Exhibit – Not Evidence
`
`32
`
`
`
`The Combination of Maes and Pare is not Redundant
`
`• Multi-layered authentication enhances security and is,
`therefore,notredundant–localandremoteservedifferent
`purposes(e.g.,notrustrelationshipbetweenlocaldevice
`andremoteserver)
`– Maesemploysbothlocalandremoteauthentication
`–Dr. Cole has supported his testimony that multi-layered
`authenticationenhancessecurity
`• The ’813 Patent
`itself uses
`local and remote
`authentication:
`“Invariousembodiments,theauthenticationofthebiometric
`occursattheuserdevice352,atthePOSdevice354,atthe
`USR356 or at a combination of the preceding.”
`
`Demonstrative Exhibit – Not Evidence
`
`’813 Patent at 47:35-38; EX1032, Cole Reply Decl. at ¶¶7-8; see also id. at ¶¶9, 15-20
`Pap. 38 at 5-7
`33
`
`
`
`LabrouRenders Obvious Encryption
`Employing a PIE Comprising a PIN and
`Biometric Information
`
`Demonstrative Exhibit – Not Evidence
`
`34
`
`
`
`Obvious to Use Both Biometrics and PIN for Labrou’s PIE
`
`• Labrou’sPIEisnotlimitedtoPINsonly,butcan
`alsobederivedfromabiometric
`• Itwouldhavebeenobviousinlightof Labrou’s
`teachingstoemploybothaPINandbiometricto
`derivethePIE,particularlyinlightof Maes
`• As PO’s expert conceded,
`it was known to a
`PHOSITA
`how to
`generate
`a
`repeatable
`cryptographicstringfrombiometricinputs
`
`Demonstrative Exhibit – Not Evidence
`
`Paper 12 at 21; Paper 38 at 12-15
`35
`
`
`
`Obvious to Use Both Biometrics and PIN for Labrou’s PIE
`
`“PrivateIdentificationEntry(PIE):Thesharedsecretinputbytheuser.It
`isenteredbytheuserwhenevertheuserattemptsatransaction.… The
`PIE is an alphanumeric string.…[T]hePIEcanbeanumbersuchas4-
`digitor5-digitPIN.…ItisassumedthatthePIEcanbeinputbytheuser
`onanAPdeviceinasecurefashionor it may be deterministically
`generated using a biometric device such as a fingerprint sensor.For
`example,acomputationappliedonthefingerprintdatareceivedfromthe
`fingerprint sensor can be used to generate a PIE that is initially
`communicatedtotheAVPbytheuser. Whenever the user attempts a
`thus generating the PIE.
`“[U]serinput refers to the PIE of the security framework and protocol for
`universal pervasive transactions, which in the examples of FIGS. 29-32 is
`presumed to be a PIN, but it can be any other PIE(Personal
`Identification Entry)”
`
`transaction, the user applies her finger to the fingerprint sensor,
`
`Demonstrative Exhibit – Not Evidence
`
`Labrou at [0524], [0245]
`Pap. 12 at 20-22; Pap. 38 at 12
`36
`
`
`
`Obvious to Use Both Biometrics and PIN for Labrou’s PIE
`
`of multi-factor
`the benefits
`testified to
`Dr. Cole
`authenticationinenhancingsecurity:
`• Systemsemployingmultiplemethodsrepresentasecurity
`improvementoversystemsemployingonemethod
`– Eachmethodreconcilesdeficienciesoftheothers(PINrepresents
`informationthatmustbeknown;biometricrepresentswhouseris)
`– Moreworkforawould-beattacker
`
`EX1009, Cole Decl. at ¶¶33-34; see also id. at ¶53 (obvious to use both PIN and biometric for Labrou’s PIE);
`see also EX1032, Cole Reply Decl. at ¶¶4-6, 29
`Pap. 12 at 20-22; Pap. 38 at 12
`Demonstrative Exhibit – Not Evidence
`
`37
`
`
`
`Obvious to Use Both Biometrics and PIN for Labrou’s PIE
`
`Demonstrative Exhibit – Not Evidence
`
`Ex. 1033, Jakobsson Tr. at 101:6-25, 102:21-103:9; see also id. at 108:24-109:11, 110:13-19
`Paper 38 at 12-15
`38
`
`
`
`Obvious to Use Both Biometrics and PIN for Labrou’s PIE
`
`U.S. Patent 6,901,145 to Bohannon et al. (Ex. 1030)
`“Generation of Repeatable Cryptographic Key Based on Varying Parameters”
`Filed: Feb. 10, 2000
`Issued: May 31, 2005
`“One of
`the advantages of
`the present
`invention is
`its
`ability
`to generate
`a
`repeatable cryptographic key in view of
`varyingmeasurements.”
`
`Demonstrative Exhibit – Not Evidence
`
`Ex. 1030, Bohannon, at 4:65-5:3
`Ex. 1033, Jakobsson Tr. at 110:20-113:5
`Pap. 38 at 13-14
`
`39
`
`
`
`Obvious to Use Both Biometrics and PIN for Labrou’s PIE
`
`…
`
`Demonstrative Exhibit – Not Evidence
`
`Ex. 1033, Jakobsson Tr. at 114:14-116:9
`Pap. 38 at 13-14; see also EX1032, Cole Decl. at ¶¶10-12, 30
`40
`
`
`
`Obvious to Combine Maes & Pare, Maes &
`Labrou, and Maes, Pare, & Labrou
`
`Demonstrative Exhibit – Not Evidence
`
`41
`
`
`
`Obvious to Combine Maes with Pare or Labrou
`
`Pare at Abstract; Labrou at [0059], Maes at Abstract, 4:1-5; Paper 12 at 8, 9-10.
`
`Pare at Abstract, 4:34-40, 9:59-10:1, 11:37-40; Labrou at [0421], [0158], [0416]-[0418], [0456]; Maes at 10:50-11:18;
`Paper 12 at 11-13, 17-18, 21; Paper 38 at 12.
`
`“[A] court or examiner may find a motivation to combine prior
`art references in the nature of the problem to be solved.”
`
`•Allowing a buyer to select one of multiple accounts without having to
`carry around multiple cards.
`•Biometric and PIN verification.
`•Using encryption to protect data in a financial transaction, a well-
`established practice to address fraud.
`•Wirelessly and remotely verifying a user’s transaction, using a
`merchant as a conduit.
`
`Pare at Abstract, 4:34-42, 17:27-46, 18:51-61, 19:43-20:15, Fig. 7; Labrou at [0253], [0259], [0537]; Maes at 10:10-15,
`12:66-13:5, 13:24-38; Paper 12 at 19-22.
`
`Pare at Abstract, 4:34-58, 6:12-17, 23:60-24:17, 30:63-31:27; Labrou at Abstract, [0188]-[0190], [0210]-[0212]; Maes at
`12:55-13:5; Paper 12 at 23-24.
`
`Demonstrative Exhibit – Not Evidence
`
`Ruiz v. A.B. Chance Co., 357 F.3d 1270, 1276 (Fed. Cir. 2004)
`Pap. 12 at 7-9, 11-13, 19-24; Pap. 38 at 10
`42
`
`
`
`Obvious to Combine Maes with Pare or Labrou
`
`“Itistobeunderstoodthatthepresentinvention
`mayemployanyknownencryptiontechniqueor
`algorithmfortheencryption/decryptionprocess....”
`
`Demonstrative Exhibit – Not Evidence
`
`EX1003, Maes at 10:11-14; see also id. at 13:34-50, 15:15-20
`Paper 12 at 21-23, Paper 38 at 9-11
`
`43
`
`
`
`Obvious to Combine Maes with Pare or Labrou
`
`“[D]uring a consumer transaction, upon local verification (biometric, PIN and/or
`password) and assuming, of course, that a valid digital certificate was previously
`downloaded from the central server 60, the PDA device 10 can be programmed
`to download the selected card information in encrypted form … The selected
`card information, as well as the encrypted information file, would be
`transmitted to the POS terminal (via the Universal Card, RF or IR) and then
`transmitted in encrypted form directly to the processing financial institution
`together with the purchase details.”
`
`Demonstrative Exhibit – Not Evidence
`
`EX1003, Maes at 13:24-38, 14:61-67, 15:15-20
`Pap. 12 at 22, 23-24; Pap. 38 at 7, 10-11
`
`44
`
`
`
`Obvious to Combine Maes and Labrou
`
`a user’s
`that
`teaches
`“Labrou
`information is encryptedbytheuser’sdeviceusing
`a ‘Private Identification Entry (PIE),’ … and a
`‘randomsequencenumber’(i.e.,anon-predictable
`value)....”
`
`transaction
`
`Demonstrative Exhibit – Not Evidence
`
`Pap. 12 at 20; see also Pap. 38 at 14-15
`45
`
`
`
`MaesTeaches the Limitation of Claim 2
`(Discrete Code Associated With the Electronic ID Device)
`
`Demonstrative Exhibit– Not Evidence
`
`46
`
`
`
`Maes Teaches the Limitation of Claim 2
`(“a discrete code associated with the electronic ID device)
`
`“Thedigitalcertificatecontainsinformation
`relatingto(butnotlimitedto)the account
`number of the PDA device 10…”
`“[T]heUniversalCard26witha unique account number
`27isprovidedbytheserviceprovider.”
`“[T]heinventionmayinteractwithelectronicfundtransfer
`systemsortransactionterminalshavingwirelessordirect
`communicationcapabilitieswithoutevenhavingtousethe
`UniversalCard26.… Inthisparticularembodimentofthe
`presentinvention, the PDA device 10 itself actually takes
`the place of the Universal Card 26…”
`
`Demonstrative Exhibit – Not Evidence
`
`EX1003, Maes at 7:45-49, 7:26-27, 12:5-29
`Pap. 12 at 27-28, Pap. 38 at 9-11; Pap. 12 at 10
`47
`
`
`
`LabrouTeaches the
`Limitations of Claims 12 and 21
`(Generating Account Identifying Information/Identifier for a
`Selected Account Without Including the Account Number)
`
`Demonstrative Exhibit – Not Evidence
`
`48
`
`
`
`Labrou Teaches The Limitations of Claims 12 and 21
`(Account Identifying Information/Account Identifier)
`
`identifying information for the
`respective one of the plurality of accounts, wherein the account
`
`12. The electronic ID device of claim 11, wherein the processor is
`configured to generate account
`identifying information does not identify an account numberofthe
`respectiveoneofthepluralityofaccounts.
`21.Themethodofclaim16,furthercomprisinganactof generating an
`that does not include an account number, and wherein the act of
`generating encrypted authentication information includes using the
`accountidentifierfortheidentifyinginformation.
`
`account identifier for the selected one of the plurality of user accounts
`
`Demonstrative Exhibit – Not Evidence
`
`49
`
`
`
`Labrou Teaches The Limitations of Claims 12 and 21
`(Account Identifying Information/Account Identifier)
`
`• Theclaimsdonotrequirethattheaccountidentifying
`informationbegenerated afterselectionofanaccount;
`onlythatitbegeneratedforaselectedaccount
`• Even if
`the claims did require generation of such
`informationafterselectionofanaccountforatransaction,
`Labrouteachesthis.
`
`Demonstrative Exhibit – Not Evidence
`
`Paper 12 at 31, 37-38; Paper 38 at 15-17
`50
`
`
`
`Labrou Teaches The Limitations of Claims 12 and 21
`(Account Identifying Information/Account Identifier)
`
`“No actual account numbers are stored on
`the device 102; only aliasesfortheaccounts
`arestoredonthedevice102.”
`“Forthepurposesofthepresentedmethod,it
`isnotnecessarythatthedevice102maintains
`accountnumberslocally,aprecautionwhich
`addstothesecurityoftheoverallmethod.…
`After the user selects the account…, the
`is generated and
`transmittedasdescribedpreviously..”
`
`transaction request
`
`Demonstrative Exhibit – Not Evidence
`
`EX1005, Labrou at [0421], [0293], Fig. 52; see also id. at [0532], Figs. 53-55
`Paper 12 at 31, 37-38; Paper 38 at 15-17
`
`51
`
`
`
`Obvious to Combine Pizarro and Pare
`
`Demonstrative Exhibit – Not Evidence
`
`52
`
`
`
`Obvious to Combine Pizarro and Pare
`
`Demonstrative Exhibit – Not Evidence
`
`EX1007, Pizarro at Fig. 2;
`Paper 12 at 48-49, 52, 59
`
`53
`
`
`
`Obvious to Combine Pizarro and Pare
`
`• Multi-layered Authentication is Not Redundant in the
`ContextofSecureTransactions
`• PareDoesNotTeachAwayfromtheUseofElectronicID
`Devices
`• Multi-factor Authentication is Not Redundant in the
`Context of Secure Transactions, and PO does not Dispute
`that it Would havebeen Obvious to Combine Pare’sPIN
`with Pizarro
`
`Demonstrative Exhibit – Not Evidence
`
`Paper 38 at 17-18
`54
`
`
`
`OPPOSITION TO MOTION TO AMEND
`
`Demonstrative Exhibit – Not Evidence
`
`55
`
`
`
`Prior Art Cited
`
`• Maes
`• Labrou
`• Burger
`
`• U.S.Pat.5,280,527toGullman et al.(“Gullman”)
`• U.S.Pat.App.Pub.2004/0172535toJakobsson et
`al.(“Jakobsson”)
`• U.S.Pat.5,479,512to Weiss(“Weiss”)
`
`Demonstrative Exhibit – Not Evidence
`
`56
`
`
`
`Opposition to Motion to Amend - Combinations
`
`Combination
`
`Maes+ Labrou
`Maes+ Labrou + Gullman
`Maes+ Labrou + Jakobsson
`Maes+ Labrou + Weiss
`Maes+ Labrou+ Weiss+ Gullman
`Maes+ Labrou+ Weiss+ Jakobsson
`Maes+ Labrou+ Gullman+ Burger
`Maes+ Labrou+ Jakobsson + Burger
`Maes+ Labrou+ Weiss+ Burger
`
`Claim(s)
`
`27-31, 37-44, and 46-52
`27-31, 37-41, and 50-52
`27-31, 37-41, and 50-52
`42-43 and 46-49
`45
`45
`32-36
`32-36
`44
`
`Demonstrative Exhibit – Not Evidence
`
`57
`
`
`
`Opposition to Motion to Amend – Proposed Amendments
`
`The Seed Limitation
`(Claims 27 & 50, Former Claims 1 & 24)
`
`is further
`“wherein the processor
`configured to generate/generating a
`seedusingatleasttwoofanelectronic
`serial number,
`a
`discrete
`code
`associated with the electronic
`ID
`device,aPIN,atimevalue,andthe
`[information associated with at least a
`portion of the] biometric input/of a
`to generate the
`encrypted
`authentication information, the seed
`being employed/wherein the seed is
`employed by theprocessor/electronic
`to generate
`the non-
`predictablevalue”
`
`user
`
`ID device
`
`The Math Limitation
`(Claim 42, Former Claim 16)
`
`“whereindatastoredintheelectronic
`IDdeviceissubjecttoamathematical
`operation
`employing
`the
`secret
`information that acts to modify the
`datasuchthatitisunintelligibleuntil
`theelectronicIDdeviceisactivated,
`andtheelectronicIDdeviceusesthe
`secret
`information to reverse the
`mathematical operation and render
`thedatalegible”
`
`Demonstrative Exhibit – Not Evidence
`
`58
`
`
`
`Opposition to Motion to Amend – Disputed Issues
`
`is obvious over the
`• Whether the “Seed Limitation”
`combinationof Maesand Labrou
`– The proper construction of“discrete code associated with the
`electronicIDdevice”
`• Whetherthe“MathLimitation”isobviousover Maesand
`obviousoverthecombinationof Maesand Labrou
`• Whether the “Seed Limitation”
`is obvious over the
`combinationof Maes, Labrou,and Gullman
`• Whether a PHOSITA would have been motivated to
`combine Jakobsson’steachingswith Maesinviewof Labrou
`• WhetheraPHOSITAwouldhave
Accessing this document will incur an additional charge of $.
After purchase, you can access this document again without charge.
Accept $ Charge
Still Working On It
This document is taking longer than usual to download. This can happen if we need to contact the court directly to obtain the document and their servers are running slowly.
Give it another minute or two to complete, and then try the refresh button.
A few More Minutes ... Still Working
It can take up to 5 minutes for us to download a document if the court servers are running slowly.
Thank you for your continued patience.
This document could not be displayed.
We could not find this document within its docket. Please go back to the docket page and check the link. If that does not work, go back to the docket and refresh it to pull the newest information.
Your account does not support viewing this document.
You need a Paid Account to view this document. Click here to change your account type.
Your account does not support viewing this document.
Set your membership
status to view this document.
With a Docket Alarm membership, you'll
get a whole lot more, including:
- Up-to-date information for this case.
- Email alerts whenever there is an update.
- Full text search for other cases.
- Get email alerts whenever a new case matches your search.
One Moment Please
The filing “” is large (MB) and is being downloaded.
Please refresh this page in a few minutes to see if the filing has been downloaded. The filing will also be emailed to you when the download completes.
Your document is on its way!
If you do not receive the document in five minutes, contact support at support@docketalarm.com.
Sealed Document
We are unable to display this document, it may be under a court ordered seal.
If you have proper credentials to access the file, you may proceed directly to the court's system using your government issued username and password.
Access Government Site
