`
`
`
`
`UNITED STATES PATENT AND TRADEMARK OFFICE
`____________
`
`BEFORE THE PATENT TRIAL AND APPEAL BOARD
`____________
`
`UNIFIED PATENTS, INC.,
`Petitioner,
`
`v.
`
`UNIVERSAL SECURE REGISTRY LLC,
`Patent Owner.
`____________
`
`Case IPR2018-00067
`Patent 8,577,813 B2
`___________
`
`Record of Oral Hearing
`Held: January 30, 2019
`____________
`
`
`
`
`Before BART A. GERSTENBLITH, SCOTT C. MOORE, JASON W.
`MELVIN, Administrative Patent Judges.
`
`
`
`
`
`
`
`
`
`
`
`
`Case IPR2018-00067
`Patent 8,577,813 B2
`
`
`
`APPEARANCES:
`ON BEHALF OF THE PETITIONER:
`JASON R. MUDD, ESQUIRE
`MICHELLE A. CALLAGHAN, ESQUIRE
`Erise IP
`7015 College Boulevard
`Suite 700
`Overland Park, Kansas 66211
`
`
`ON BEHALF OF PATENT OWNER:
`CHRISTOPHER A. MATHEWS, ESQUIRE
`Quinn Emanuel Urquhart & Sullivan LLP
`865 South Figueroa Street
`10th Floor
`Los Angeles, California 90017
`
`--and--
`
`JAMES M. GLASS, ESQUIRE
`Quinn Emanuel Urquhart & Sullivan LLP
`51 Madison Avenue
`22nd Floor
`New York, New York 10010
`
`
`The above-entitled matter came on for hearing on Wednesday,
`
`
`January 30, 2019, commencing at 1:00 p.m., at the U.S. Patent and
`Trademark Office, 600 Dulany Street, Alexandria, Virginia.
`
`
`
`
`
`
`
`
`
`
`
`
`
` 2
`
`
`
`Case IPR2018-00067
`Patent 8,577,813 B2
`
`
`P R O C E E D I N G S
`- - - - -
`JUDGE MELVIN: Okay. Good afternoon, everyone. This is the
`hearing in IPR2018-00067. We're reviewing Patent number 8,577,813. I'm
`Judge Melvin. With me is Judge Gerstenblith and appearing remotely is
`Judge Moore.
`Will the parties, please, make their appearances.
`MR. MUDD: Your Honor, Jason Mudd for Petitioner Unified
`Patents and with me is Michelle Callaghan.
`JUDGE MELVIN: Thank you.
`MR. GLASS: Good afternoon, Your Honors. Jim Glass, lead
`counsel for PO. With me today, my partners and backup counsel, Tigran
`Guledjian and Chris Mathews. Chris Mathews will be presenting today on
`behalf of PO.
`JUDGE MELVIN: Good afternoon.
`MR. GLASS: Also in the courtroom today is the President of
`USR, Arthur Hagopian. Thank you.
`JUDGE MELVIN: Thank you.
`MR. MUDD: And, Your Honor, I neglected to introduce
`additional backup counsel present today, Jonathan Stroud and Roshan
`Mansinghani from Unified Patents.
`JUDGE MELVIN: Well, we appreciate everyone being here today
`and we look forward to the presentations. Each side has 45 minutes total to
`
`1
`2
`3
`4
`5
`6
`7
`8
`9
`10
`11
`12
`13
`14
`15
`16
`17
`18
`19
`20
`21
`22
`23
`
`
`
`
`
`
`
`
` 3
`
`
`
`Case IPR2018-00067
`Patent 8,577,813 B2
`
`present arguments. Each may reserve time for rebuttal. Before we start
`everything, you can let me know that.
`As I understand it, we have agreed to seal a portion of the
`proceeding should the parties wish to discuss confidential material, so it will
`be up to you to reserve time for that out of your 45 minutes. We're not going
`to remind that time for you.
`Please keep in mind that Judge Moore cannot see what you point to
`or put on the screen, so please be clear when you refer to exhibits or
`demonstratives. That helps him understand where we are and it also makes
`the transcript clear.
`So, Petitioner, how much time would you like to reserve for
`rebuttal?
`MR. MUDD: Your Honor, of my 45 minutes I'd like to reserve
`about 10 minutes for rebuttal and five minutes for discussion on the
`confidential record.
`JUDGE MELVIN: Okay. Well, I will set the timer for 15 minutes
`and you should see the light go yellow at that point. Is that all right?
`MR. MUDD: At 15 minutes, Your Honor?
`JUDGE MELVIN: 15 minutes remaining.
`MR. MUDD: Yes. Okay. Thank you.
`JUDGE MELVIN: And, Patent Owner?
`
`1
`2
`3
`4
`5
`6
`7
`8
`9
`10
`11
`12
`13
`14
`15
`16
`17
`18
`19
`20
`21
`
`
`
`
`
`
`
`
` 4
`
`
`
`Case IPR2018-00067
`Patent 8,577,813 B2
`
`
`MR. MATHEWS: Good afternoon. I'd like to reserve -- well, at
`this time I think I'd like to reserve 15 minutes. That may change after I hear
`Petitioner's presentation, but currently 15 minutes reserved.
`JUDGE MELVIN: Okay. And that's for your rebuttal and your
`confidential portion.
`MR. MATHEWS: That's correct.
`JUDGE MELVIN: Great. Okay. With that, we are prepared
`when you are.
`MR. MUDD: Thank you, Your Honor.
`May it please the Board. Jason Mudd for Petitioner Unified
`Patents. Starting with slide 2, the '813 patent is entitled Universal Secure
`Registry. It describes an electronic ID device, such as a PDA or mobile
`phone, that allows a user to select one account from a plurality of accounts
`to use in a financial transaction. The device receives biometric and PIN
`input. A local authentication is performed. And, in addition, the device
`generates encrypted authentication information that is sent to a central server
`for remote verification.
`Turning to slide 3, we see this concept of selecting an account
`from among a plurality as front and center in the preamble of the claim.
`And if we turn to slide 4, in the summary of the invention the '813
`patent states that it seeks to address the problem of users having to carry
`around multiple cards to engage in financial transactions.
`
`1
`2
`3
`4
`5
`6
`7
`8
`9
`10
`11
`12
`13
`14
`15
`16
`17
`18
`19
`20
`21
`22
`
`
`
`
`
`
`
`
` 5
`
`
`
`Case IPR2018-00067
`Patent 8,577,813 B2
`
`
`As shown in slide 5, the '813 patent seeks to address this problem
`by using the USR to provide what it calls a secure wallet or an electronic
`wallet as elsewhere discussed in the patent. This secure wallet prevents the
`need from having to carry around multiple financial cards.
`Each of the prior art references that Petitioner is relying on in this
`proceeding are directed to this very same problem of avoiding the need to
`carry around multiple financial cards. They're all trying to reduce the risk of
`fraud from a loss or theft of these multiple cards and all the prior art uses a
`central server who is communicated with via a merchant device to remotely
`authenticate transactions.
`Not surprisingly the parties' dispute does not even focus on this
`purported invention of the '813 patent. Instead, the dispute focuses on a
`motivation to combine. As we see here on slide 6, we can see Claim 1 of the
`'813 patent.
`Now, Patent Owner does not dispute that the combinations of prior
`art relied on by Petitioner teach all the limitations. The dispute is as to the
`combinability of those references and specifically the combinability of those
`references with regard to these limitations highlighted here, specifically
`generating encrypted authentication information from a set of three claimed
`ingredients, as I'll call them, a non-predictable value, biometric input and
`secret information such as a PIN.
`After local authentication is performed, these three ingredients are
`used to generate encrypted authentication information that is then wirelessly
`
`1
`2
`3
`4
`5
`6
`7
`8
`9
`10
`11
`12
`13
`14
`15
`16
`17
`18
`19
`20
`21
`22
`23
`
`
`
`
`
`
`
`
` 6
`
`
`
`Case IPR2018-00067
`Patent 8,577,813 B2
`
`transmitted to a point-of-sale device, which then passes that on to the central
`server for remote authentication.
`Turning to slide 7, importantly, the '813 patent does not suggest
`that this encrypted authentication information is new. Instead, the patent
`states that these multiple pieces of data can be combined using known
`encryption techniques. So the claims and the spec do not specify any
`particular manner in which these three ingredients have to be used to
`generate the encrypted authentication information, and our prior art teaches
`using these three ingredients.
`As shown on slide 8, Figure 3 of the '813 patent provides an
`overview of its architecture. The user device is shown highlighted in blue
`on the left-hand side, the merchant device is shown highlighted in orange
`and the central server is shown highlighted here in green. Importantly, there
`is a triangular architecture between these three components, which are each
`in a communication with each other. And as we'll talk about, as we'll see,
`each of the prior art references that Petitioner relies on uses this very same
`three-component triangular architecture.
`Turning now to slide 10. Slide 10 lists grounds that were instituted
`by the Board. We'll be primarily talking about the combination of Maes plus
`Pare and Maes plus Labrou.
`Turning to slide 12, I'd like to address the issue of combining Maes
`and Pare or Maes and Labrou to render obvious wirelessly transmitting the
`
`1
`2
`3
`4
`5
`6
`7
`8
`9
`10
`11
`12
`13
`14
`15
`16
`17
`18
`19
`20
`21
`22
`
`
`
`
`
`
`
`
` 7
`
`
`
`Case IPR2018-00067
`Patent 8,577,813 B2
`
`encrypted authentication information via a point-of-sale device to the secure
`registry.
`Turning to slide 13, slide 13 shows Figure 3 of Maes, which is the
`primary reference. Maes uses the exact same architecture as used by the
`'813 patent. The user device, PDA 10, is shown highlighted in blue, the
`central server is shown highlighted in green and the merchant device is
`shown highlighted in orange. It uses the very same triangular architecture as
`the '813 patent.
`Slide 14 shows a detailed description, a detailed view of the PDA
`10, the user device. Of note, it includes a biometric sensor. It has a user
`interface for selecting accounts and for providing a PIN. The CPU includes
`an encryptor/decrypter module for purposes of performing encryption and
`decryption. It also includes an RF and an IR port for wireless
`communication. Also shown is the Universal Card 26. However, as we'll
`discuss in a moment, Maes teaches that this Universal Card 26 is actually
`not necessary and the PDA itself can replace the need for the Universal
`Card.
`
`JUDGE MELVIN: But, Mr. Mudd, Patent Owner argues that
`PDA/universal card, either one, is nonetheless a token of the type that Pare
`teaches away from, right?
`MR. MUDD: Yes. That is an argument that Patent Owner raises.
`JUDGE MELVIN: Well, that's their sort of main argument, right?
`MR. MUDD: Yes.
`
`1
`2
`3
`4
`5
`6
`7
`8
`9
`10
`11
`12
`13
`14
`15
`16
`17
`18
`19
`20
`21
`22
`23
`
`
`
`
`
`
`
`
` 8
`
`
`
`Case IPR2018-00067
`Patent 8,577,813 B2
`
`
`JUDGE MELVIN: So why don't you address that more directly
`because I believe you said in the beginning that Patent Owner doesn't
`dispute the teachings.
`MR. MUDD: Sure.
`JUDGE MELVIN: So I don't think we need to spend too much
`time on the teachings unless Patent Owner is disputing them.
`MR. MUDD: Sure, that's fine. I'll jump ahead real quick to the
`issue of Pare and its token. So the argument that Patent Owner makes with
`regard to Pare and tokens, it requires one to misconstrue the teachings of
`Pare. So Pare never actually says don't use an electronic device for
`transactions. What Pare teaches away from is tokens in the form of credit
`cards or smartcards.
`If we go to slide 27, what Patent Owner focuses on is language like
`this where Pare says tokens such as portable man-made memory devices
`such as smartcards or swipe cards, Pare doesn't ever criticize all portable
`man-made memory devices. It is criticizing credit cards and smartcards.
`And, in fact, if we look at Pare on slide 29 looking at the second
`box, Pare teaches that it's BIA, the biometric input apparatus, can actually be
`integrated with a cellular telephone.
`JUDGE MELVIN: But isn't this about the functionality of that
`device, not the form it takes, in that I understand Patent Owner's argument to
`be that a token, be it a smartcard, swipe card or a PDA, a certain type of
`PDA, a token is a problem if it stores or because it stores information locally
`
`1
`2
`3
`4
`5
`6
`7
`8
`9
`10
`11
`12
`13
`14
`15
`16
`17
`18
`19
`20
`21
`22
`23
`
`
`
`
`
`
`
`
` 9
`
`
`
`Case IPR2018-00067
`Patent 8,577,813 B2
`
`on the device, right? So it's not that Patent Owner is arguing that Pare has a
`problem with all electronic devices. I think that Patent Owner is arguing,
`hey, it's any device that stores information and, therefore, has large
`consequences with loss.
`MR. MUDD: So you raise a good point in that their argument is
`somewhat morphed. Their original argument was Pare teaches away from
`using electronic devices. When we pointed out Pare itself uses a cellphone
`with memory, they backtrack that to say, okay, well, Pare just teaches away
`from storing information and that's Pare's concern. So Pare's concern is with
`loss of the token, loss of the card, the risk of threat or loss. That's the exact
`same thing that Maes itself is addressing with its invention is avoiding the
`need to carry around these multiple tokens that there's a risk of loss for.
`Now, Maes addresses any concern Pare has with tokens because it
`has multiple layers of encryption and authentication that are required that
`protect that data. So Pare in no way teaches away from either all electronic
`devices and Pare in no way teaches away from ever storing sensitive
`information. What Pare says is if you do it, it needs to be secure, it needs to
`be safe.
`
`And, in fact, this is shown here on slide 28 when Pare says, yeah,
`there can be security issues when you integrate with a phone, but higher
`security versions with more complete enclosures are possible and
`encouraged. So Pare is not actively criticizing and saying never use this.
`
`1
`2
`3
`4
`5
`6
`7
`8
`9
`10
`11
`12
`13
`14
`15
`16
`17
`18
`19
`20
`21
`22
`
`
`
`
`
`
`
`
` 10
`
`
`
`Case IPR2018-00067
`Patent 8,577,813 B2
`
`Pare, you know, is expressing a preference for it and under the appropriate
`legal standard that does not rise to a teaching away.
`So going back to, I believe I was at slide 15. So Maes teaches that
`the device first performs a client server mode where the user contacts the
`central server to obtain a digital certificate that the device then downloads
`and encrypts in memory of the device. Then when a user wants to perform a
`transaction, they engage in local mode. Then they, again, pass a PIN and
`biometric verification to commence a transaction.
`Now, in slide 16 while Maes does teach that the Universal Card
`can in some instances be ejected from the PDA and swiped through a
`traditional point-of-sale terminal, importantly as shown in this slide Maes
`teaches that the Universal Card is not necessary. The PDA can take its place
`and it can wirelessly communicate with the point-of-sale terminal.
`Turning to slide 17. When the user has passed local verification
`and local mode, the digital certificate is decrypted and the card information
`is similarly decrypted and an authorization number is displayed on the
`device that is then shown or verbally communicated to the merchant. The
`merchant then transmits that authorization number to the central server for
`the purpose of remotely authenticating the transaction with the central
`server. Importantly, that is the purpose of the authorization number. The
`merchant has no way to verify the user on its own. It doesn't store the -- any
`way to do so, so it relies on the central server to do that and, again, the
`
`1
`2
`3
`4
`5
`6
`7
`8
`9
`10
`11
`12
`13
`14
`15
`16
`17
`18
`19
`20
`21
`22
`
`
`
`
`
`
`
`
` 11
`
`
`
`Case IPR2018-00067
`Patent 8,577,813 B2
`
`merchant is being used as a conduit to transmit this information to the
`central server.
`Now, although Maes teaches that the authorization number is
`displayed and verbally communicated, as discussed in the Petition it would
`have been obvious to wirelessly transmit the authorization number to the
`merchant. First, as shown in the first box here on slide 18, Maes teaches in a
`similar context wirelessly transmitting an encrypted information file via a
`merchant device to remotely verify the user and, second, Maes teaches in a
`situation where a User A is performing a transaction with a User B from
`PDA to PDA that the authorization number can be wirelessly transmitted via
`IR communication for purposes of then allowing user B to verify that
`authorization number with the central server.
`JUDGE MELVIN: So those are all different embodiments of
`
`Maes.
`
`MR. MUDD: That's correct. We're not relying on a direct
`anticipation or direct teaching.
`JUDGE MELVIN: I understand, but the fact that the embodiment
`you rely on uses a display and verbal communication might suggest that
`although wireless communication was known to Maes, it wasn't appropriate
`for the embodiment that we're talking about.
`MR. MUDD: Well, Maes does not limit the authorization number
`to being used just in that non-electronic embodiment. Because as Maes
`teaches, the authorization number can be wirelessly transmitted, and we're
`
`1
`2
`3
`4
`5
`6
`7
`8
`9
`10
`11
`12
`13
`14
`15
`16
`17
`18
`19
`20
`21
`22
`23
`
`
`
`
`
`
`
`
` 12
`
`
`
`Case IPR2018-00067
`Patent 8,577,813 B2
`
`talking about obviousness here and what this would suggest reasonably to a
`person of ordinary skill in the art. And, again, each of Pare and Labrou,
`which we'll talk about here in a moment, also similarly transmit wireless
`encrypted authentication data for purposes of authenticating the transaction
`via the merchant device with the central server.
`JUDGE MELVIN: But isn't Patent Owner's argument specific to
`this particular embodiment of Maes, and that is that in this embodiment it's
`important that it be useful for non-electronic transactions, right?
`MR. MUDD: Yes. So they argue that this is Maes' principle of
`operation that non-electronic transactions is the principle of operation and
`we dispute that and our expert disputes that. The key function is that the
`authorization number is used to remotely verify the user with the central
`server whether you're talking about non-electronic or electronic. So the
`non-electronic transaction, sure, that's one use case, but it's not the principle
`of operation of Maes.
`JUDGE MELVIN: Because the principle of operation must be
`something that applies across all embodiments?
`MR. MUDD: Well, because the principle of operation is -- well,
`that's a fair point, yeah, and I don't know that you can refer to a principle of
`operation of an embodiment. I don't know if Patent Owner has cited any law
`on that point, but the basic principle of operation of Maes is using this
`three-component architecture to remotely verify transactions, and that
`
`1
`2
`3
`4
`5
`6
`7
`8
`9
`10
`11
`12
`13
`14
`15
`16
`17
`18
`19
`20
`21
`22
`
`
`
`
`
`
`
`
` 13
`
`
`
`Case IPR2018-00067
`Patent 8,577,813 B2
`
`happens, you know, regardless of whether you're talking non-electronic or
`electronic. So that's the principle of operation of Maes.
`So returning then to slide 19. While Maes does not specifically
`teach how its authorization number is generated, Petitioner's obviousness
`combination of Maes with each of Pare or Labrou simply substitutes one
`piece of authentication information for another. It substitutes Maes'
`transmitted authorization number with either Pare's encrypted authentication
`information or Labrou's.
`Turning first to Pare. Patent Owner does not dispute that Pare
`teaches the claimed three ingredients. It has an unpredictable DES key, it
`has a biometric and it has a PIN. So there is no dispute on whether Pare
`teaches a limitation.
`With regard to Labrou, Labrou teaches using the three
`components. Now, what it teaches is using a unpredictable value in the form
`of a random number and it also teaches using a PIE, a personal identification
`entry. As shown on slide 21, it says this could be a PIN or biometric. And
`now I'll address this issue in a moment of why it would have been obvious to
`use both PIN and biometric to provide for multifactored authentication in
`Labrou.
`But first turning to slide 23, there are a host of reasons to make this
`combination. First, as shown on slide 23, Maes teaches that it's to be
`understood the present invention may employ any known encryption
`technique or algorithm for the encryption/decryption process, which would
`
`1
`2
`3
`4
`5
`6
`7
`8
`9
`10
`11
`12
`13
`14
`15
`16
`17
`18
`19
`20
`21
`22
`23
`
`
`
`
`
`
`
`
` 14
`
`
`
`Case IPR2018-00067
`Patent 8,577,813 B2
`
`suggest to a person of skill in the art to look to known encryption processes
`such as those used by Pare or Labrou.
`Turning to slide 22. Next, each of the prior art references here are
`all directed towards the very same problem as the '813 patent of allowing the
`user to avoid carrying around multiple cards, which pose a risk of theft or
`loss. Next, Maes also already includes both biometric and PIN. Pare and
`Labrou also both use biometric and PIN in their encryption. So Maes
`already includes all the necessary hardware and the necessary data, the
`necessary ingredients. It would just require a simple substitution of one
`piece of data for another. So Maes is ripe for improvement.
`Next, this would have been using encryption for its well-known
`purpose of protecting data in a financial transaction to address fraud. And,
`last, each of the references are using wireless communications and they're
`remotely verifying a user's transaction using a merchant as a conduit.
`I believe we discussed the issue that Patent Owner has raised with
`regard to the principle of operation. Just to reiterate, the principle of
`operation of Maes is not limited to a non-electronic transaction and it's
`irrelevant to the combination that Petitioner is relying on in this proceeding.
`Next, with regard to the issue of backwards compatibility, the
`second argument Patent Owner makes on principle of operation is that Maes
`is intended to be compatible with existing infrastructure, but the feature that
`provides this backwards compatibility is the Universal Card, right, that can
`be ejected from the device, swiped through a traditional card swipe in a
`
`1
`2
`3
`4
`5
`6
`7
`8
`9
`10
`11
`12
`13
`14
`15
`16
`17
`18
`19
`20
`21
`22
`23
`
`
`
`
`
`
`
`
` 15
`
`
`
`Case IPR2018-00067
`Patent 8,577,813 B2
`
`point-of-sale device, but Maes teaches that the Universal Card is not
`necessary and the PDA can replace this. So that backwards compatibility
`from the Universal Card is not part of Maes' principle of operation.
`JUDGE MELVIN: Well, that issue then becomes about the degree
`of modification required, right, to implement the changes in your proposed
`combination? Patent Owner takes the position that the changes are dramatic
`and you, of course, take the position that they're fairly straightforward.
`MR. MUDD: That's correct. Patent Owner has argued that it
`would require updates in software. They make no argument about any
`changes in hardware. And, in fact, the only concrete example they ever give
`of the actual software change that has to be made would be the addition of a
`seller registration step, because they say, for example, Pare in some
`embodiments has a seller code included in its encrypted authentication
`information that is sent.
`As we explained in our Reply, seller registration has long been a
`conventional part of how point-of-sale systems operate. Maes doesn't
`specifically talk about seller registration, but why would it? It was long a
`conventional step. So adding seller registration would be a very minor
`change to the software in the system. And, in fact, in Sur-Reply, then,
`Patent Owner does not rebut that point.
`We've already addressed the issue raised by Patent Owner with
`regard to the teaching away from electronic ID devices. One slide I want to
`note here is in slide 31, which provides a nice reference where Pare is
`
`1
`2
`3
`4
`5
`6
`7
`8
`9
`10
`11
`12
`13
`14
`15
`16
`17
`18
`19
`20
`21
`22
`23
`
`
`
`
`
`
`
`
` 16
`
`
`
`Case IPR2018-00067
`Patent 8,577,813 B2
`
`referring to a plastic card. When Pare talks about tokens, it's focusing on
`smartcards and credit cards that are carried around. It does not teach away
`from portable electronic devices that have security to protect the data that's
`stored therein.
`An additional argument that Patent Owner makes is shown on slide
`33 is one of redundancy. Patent Owner had argued that it was redundant to
`perform both local and remote authentication potentially of the same data.
`But as Petitioner pointed out in reply is, well, that's what the '813 patent
`itself already does. And, in fact, there's this statement here in the
`specification that says in various embodiments the authentication of the
`biometric occurs at the user device, at the POS device, at the USR or at a
`combination of the preceding.
`So if there's any alleged redundancy, it's in the '813 patent itself.
`And as our expert explained, it makes sense to do both local and remote
`authentication because it enhances security and, again, we think this is a
`position that Patent Owner has dropped. They did not continue to argue this
`point in their Sur-Reply.
`Turning back to the issue of Maes plus Labrou, so one argument
`that -- and I'm here on slide 36. Patent Owner has argued that it would not
`have been obvious to use both the biometric and PIN to generate the PIE in
`Labrou. Now, Labrou already teaches using both biometric and PIN for
`authentication. It also teaches the PIE can be generated from PIN or
`
`1
`2
`3
`4
`5
`6
`7
`8
`9
`10
`11
`12
`13
`14
`15
`16
`17
`18
`19
`20
`21
`22
`
`
`
`
`
`
`
`
` 17
`
`
`
`Case IPR2018-00067
`Patent 8,577,813 B2
`
`biometric. And then as shown in the bottom box here on slide 36, Labrou
`teaches any other type of PIE can be used.
`As our expert explained, as shown on slide 37, it was well-known
`to use multifactor authentication. It would have made sense to a person of
`skill in the art to use both biometric and PIN. Now, what response does
`Patent Owner provide? So on slide 38 Patent Owner's position was its
`expert said, look, you can't use a biometric. It would have been impossible.
`Even though Labrou says use a biometric to generate the PIE string, it would
`have been impossible to repeatedly -- reproducibly or repeatably consistently
`generate a PIE string from a biometric.
`He contended this was an open problem for a long time and was
`still an open problem almost up to today, but we confronted it in deposition
`as shown here on slide 39 with one of his own -- one of their experts own
`prior art patents from the year 2000. So this is years prior. And in this
`patent, he states that he has an invention to generate a repeatable
`cryptographic key in view of varying biometric measurements. It was
`already known in the art on how you can generate repeatably a string from
`biometric data.
`As shown on slide 40, when confronted with this, he finally gave
`in and said, yes, okay, it was possible to do so, but I don't think it would
`work with Labrou. And his point was, well, Labrou doesn't specifically go
`into the details of how to do it. Well, the law doesn't require that if it was
`
`1
`2
`3
`4
`5
`6
`7
`8
`9
`10
`11
`12
`13
`14
`15
`16
`17
`18
`19
`20
`21
`22
`
`
`
`
`
`
`
`
` 18
`
`
`
`Case IPR2018-00067
`Patent 8,577,813 B2
`
`known in the art and Labrou says do it, that's all that's required. So their
`argument there on Labrou combining biometric and PIN is misplaced.
`Next, jumping to slide 45, the next issue they take with the
`Maes-Labrou combination is that they claim that we were not specific
`enough about what was being combined from Labrou and they say Labrou
`teaches both a user message and a merchant message. Are you combining
`the merchant message, too? No, we're not. That's irrelevant. The merchant
`message is irrelevant to our combination. As we set out in our Petition as
`shown here on slide 45, what we're talking about is the user's information
`that is encrypted and sent to the server.
`JUDGE MELVIN: Mr. Mudd, on the PIE in Labrou, why isn't
`Patent Owner right that the question here is whether you've shown the
`teaching in Labrou or another reference? I mean, you assert that it was
`known in the art, but there must be some burden on you to identify how it
`was known, right?
`MR. MUDD: So as we explained, Labrou teaches using both PIN
`and biometric for authentication and it teaches the PIE can be generated
`from either PIN or biometric, and Labrou teaches any type of PIE string can
`be used. And as our expert explained, it would have been obvious to use
`both of these because it was well-known in the art to use multifactored
`authentication. Deficiencies in PINs are rectified by biometric. Deficiencies
`in biometrics are rectified by PIN. So a person of skill in the art would have
`been motivated to use both.
`
`1
`2
`3
`4
`5
`6
`7
`8
`9
`10
`11
`12
`13
`14
`15
`16
`17
`18
`19
`20
`21
`22
`23
`
`
`
`
`
`
`
`
` 19
`
`
`
`Case IPR2018-00067
`Patent 8,577,813 B2
`
`
`With regard to Claim 2, Dependent Claim 2, Patent Owner -- what
`Claim 2 requires is a discrete code associated with the electronic ID device.
`As shown here on slide 47, Maes directly teaches an account number of the
`PDA device. We contend this teaches the discrete code associated with the
`device.
`
`Now, what Patent Owner argues is that, well, yes, but this is also
`an account number that's associated with the Universal Card. That's fine if
`it's also associated with the card. The claim just requires it to be associated
`with the electronic ID device. That satisfies Claim 2.
`Next, I'd like to turn to Dependent Claims 12 and 21, which relate
`to generating account identifying information for the respective one of the
`accounts wherein the account identifying information does not identify an
`account number as shown here in slide 49.
`Now, first Patent Owner argues the account number has to be
`selected or the account, rather, has to be selected first before this identifying
`information is generated, and they argue that the aliases that we point to in
`Labrou are already pre-existing in the device. So, first, the claim is not clear
`on whether or not this temporal limitation exists and whether the aliases can
`exist before a selection or not. But irregardless, in Labrou it teaches that
`there are no actual account numbers stored on the device as shown on slide
`51. Only aliases are stored on the device. And when the user selects one of
`those aliases, a message is generated that is communicated to the server
`identifying that selected account.
`
`1
`2
`3
`4
`5
`6
`7
`8
`9
`10
`11
`12
`13
`14
`15
`16
`17
`18
`19
`20
`21
`22
`23
`
`
`
`
`
`
`
`
` 20
`
`
`
`Case IPR2018-00067
`Patent 8,577,813 B2
`
`
`So as we explain, a person of skill in the art would understand that
`a message identifying that account of an alias that does not include an
`account number is generated after selection and communicated to the server.
`JUDGE MELVIN: So it's your position that an alias exists. And
`then when the message is generated containing the alias, that is generating
`account identifying information.
`MR. MUDD: Yes, that's correct. That's what a person of --
`JUDGE MELVIN: Even though the account identifying
`information already existed.
`MR. MUDD: The selection of the account and the generation of
`the message identifying that alias is generated after selection and then
`transmitted.
`JUDGE MELVIN: But the only information in the device is the
`
`alias.
`
`MR. MUDD: That's correct.
`JUDGE MELVIN: And the alias pre-existed the message.
`MR. MUDD: That's right.
`JUDGE MELVIN: So the message was generated incorporating
`the alias, but the claim says generating account identifying information.
`MR. MUDD: But their argument is that that has to be account
`identifying information identifying the selected account after selection.
`JUDGE MELVIN: Right.
`
`1
`2
`3
`4
`5
`6
`7
`8
`9
`10
`11
`12
`13
`14
`15
`16
`17
`18
`19
`20
`21
`22
`
`
`
`
`
`
`
`
` 21
`
`
`
`Case IPR2018-00067
`Patent 8,577,813 B2
`
`
`MR. MUDD: So the device has to store some indication of which
`alias was selected. That indication of which alias was selected is itself
`identifying an account and it's communicated to the server for that purpose.
`Next, I'll briefly touch on the combination of Pizarro and Pare. As
`shown here on slide 53, Pizarro also uses the exact same triangular
`architecture of a user device, in this case a cellular telephone,
`communicating with a merchant device and with a central server here as
`shown on slide 53.
`Now, Patent Owner largely rehashes the same arguments that
`multilayered authentication is redundant. We've already addressed that
`argument. They argue Pare teaches away. We've addressed that argument.
`And they don't dispute that it would have been obvious to combine Pare's
`PIN with Pizarro. So the same issues that have been raised with regard to
`Pizarro and Pare have already been addressed.
Accessing this document will incur an additional charge of $.
After purchase, you can access this document again without charge.
Accept $ Charge
Still Working On It
This document is taking longer than usual to download. This can happen if we need to contact the court directly to obtain the document and their servers are running slowly.
Give it another minute or two to complete, and then try the refresh button.
A few More Minutes ... Still Working
It can take up to 5 minutes for us to download a document if the court servers are running slowly.
Thank you for your continued patience.
This document could not be displayed.
We could not find this document within its docket. Please go back to the docket page and check the link. If that does not work, go back to the docket and refresh it to pull the newest information.
Your account does not support viewing this document.
You need a Paid Account to view this document. Click here to change your account type.
Your account does not support viewing this document.
Set your membership
status to view this document.
With a Docket Alarm membership, you'll
get a whole lot more, including:
- Up-to-date information for this case.
- Email alerts whenever there is an update.
- Full text search for other cases.
- Get email alerts whenever a new case matches your search.
One Moment Please
The filing “” is large (MB) and is being downloaded.
Please refresh this page in a few minutes to see if the filing has been downloaded. The filing will also be emailed to you when the download completes.
Your document is on its way!
If you do not receive the document in five minutes, contact support at support@docketalarm.com.
Sealed Document
We are unable to display this document, it may be under a court ordered seal.
If you have proper credentials to access the file, you may proceed directly to the court's system using your government issued username and password.
Access Government Site
