`
`
`
`
`UNITED STATES PATENT AND TRADEMARK OFFICE
`____________
`
`BEFORE THE PATENT TRIAL AND APPEAL BOARD
`____________
`
`UNIFIED PATENTS, INC.,
`Petitioner,
`
`v.
`
`UNIVERSAL SECURE REGISTRY LLC,
`Patent Owner.
`____________
`
`Case IPR2018-00067
`Patent 8,577,813 B2
`___________
`
`Record of Oral Hearing
`Held: January 30, 2019
`____________
`
`
`
`
`Before BART A. GERSTENBLITH, SCOTT C. MOORE, JASON W.
`MELVIN, Administrative Patent Judges.
`
`
`
`
`
`
`
`
`
`
`
`
`Case IPR2018-00067
`Patent 8,577,813 B2
`
`
`
`APPEARANCES:
`ON BEHALF OF THE PETITIONER:
`JASON R. MUDD, ESQUIRE
`MICHELLE A. CALLAGHAN, ESQUIRE
`Erise IP
`7015 College Boulevard
`Suite 700
`Overland Park, Kansas 66211
`
`
`ON BEHALF OF PATENT OWNER:
`CHRISTOPHER A. MATHEWS, ESQUIRE
`Quinn Emanuel Urquhart & Sullivan LLP
`865 South Figueroa Street
`10th Floor
`Los Angeles, California 90017
`
`--and--
`
`JAMES M. GLASS, ESQUIRE
`Quinn Emanuel Urquhart & Sullivan LLP
`51 Madison Avenue
`22nd Floor
`New York, New York 10010
`
`
`The above-entitled matter came on for hearing on Wednesday,
`
`
`January 30, 2019, commencing at 1:00 p.m., at the U.S. Patent and
`Trademark Office, 600 Dulany Street, Alexandria, Virginia.
`
`
`
`
`
`
`
`
`
`
`
`
`
` 2
`
`
`
`Case IPR2018-00067
`Patent 8,577,813 B2
`
`
`P R O C E E D I N G S
`- - - - -
`JUDGE MELVIN: Okay. Good afternoon, everyone. This is the
`hearing in IPR2018-00067. We're reviewing Patent number 8,577,813. I'm
`Judge Melvin. With me is Judge Gerstenblith and appearing remotely is
`Judge Moore.
`Will the parties, please, make their appearances.
`MR. MUDD: Your Honor, Jason Mudd for Petitioner Unified
`Patents and with me is Michelle Callaghan.
`JUDGE MELVIN: Thank you.
`MR. GLASS: Good afternoon, Your Honors. Jim Glass, lead
`counsel for PO. With me today, my partners and backup counsel, Tigran
`Guledjian and Chris Mathews. Chris Mathews will be presenting today on
`behalf of PO.
`JUDGE MELVIN: Good afternoon.
`MR. GLASS: Also in the courtroom today is the President of
`USR, Arthur Hagopian. Thank you.
`JUDGE MELVIN: Thank you.
`MR. MUDD: And, Your Honor, I neglected to introduce
`additional backup counsel present today, Jonathan Stroud and Roshan
`Mansinghani from Unified Patents.
`JUDGE MELVIN: Well, we appreciate everyone being here today
`and we look forward to the presentations. Each side has 45 minutes total to
`
`1
`2
`3
`4
`5
`6
`7
`8
`9
`10
`11
`12
`13
`14
`15
`16
`17
`18
`19
`20
`21
`22
`23
`
`
`
`
`
`
`
`
` 3
`
`
`
`Case IPR2018-00067
`Patent 8,577,813 B2
`
`present arguments. Each may reserve time for rebuttal. Before we start
`everything, you can let me know that.
`As I understand it, we have agreed to seal a portion of the
`proceeding should the parties wish to discuss confidential material, so it will
`be up to you to reserve time for that out of your 45 minutes. We're not going
`to remind that time for you.
`Please keep in mind that Judge Moore cannot see what you point to
`or put on the screen, so please be clear when you refer to exhibits or
`demonstratives. That helps him understand where we are and it also makes
`the transcript clear.
`So, Petitioner, how much time would you like to reserve for
`rebuttal?
`MR. MUDD: Your Honor, of my 45 minutes I'd like to reserve
`about 10 minutes for rebuttal and five minutes for discussion on the
`confidential record.
`JUDGE MELVIN: Okay. Well, I will set the timer for 15 minutes
`and you should see the light go yellow at that point. Is that all right?
`MR. MUDD: At 15 minutes, Your Honor?
`JUDGE MELVIN: 15 minutes remaining.
`MR. MUDD: Yes. Okay. Thank you.
`JUDGE MELVIN: And, Patent Owner?
`
`1
`2
`3
`4
`5
`6
`7
`8
`9
`10
`11
`12
`13
`14
`15
`16
`17
`18
`19
`20
`21
`
`
`
`
`
`
`
`
` 4
`
`
`
`Case IPR2018-00067
`Patent 8,577,813 B2
`
`
`MR. MATHEWS: Good afternoon. I'd like to reserve -- well, at
`this time I think I'd like to reserve 15 minutes. That may change after I hear
`Petitioner's presentation, but currently 15 minutes reserved.
`JUDGE MELVIN: Okay. And that's for your rebuttal and your
`confidential portion.
`MR. MATHEWS: That's correct.
`JUDGE MELVIN: Great. Okay. With that, we are prepared
`when you are.
`MR. MUDD: Thank you, Your Honor.
`May it please the Board. Jason Mudd for Petitioner Unified
`Patents. Starting with slide 2, the '813 patent is entitled Universal Secure
`Registry. It describes an electronic ID device, such as a PDA or mobile
`phone, that allows a user to select one account from a plurality of accounts
`to use in a financial transaction. The device receives biometric and PIN
`input. A local authentication is performed. And, in addition, the device
`generates encrypted authentication information that is sent to a central server
`for remote verification.
`Turning to slide 3, we see this concept of selecting an account
`from among a plurality as front and center in the preamble of the claim.
`And if we turn to slide 4, in the summary of the invention the '813
`patent states that it seeks to address the problem of users having to carry
`around multiple cards to engage in financial transactions.
`
`1
`2
`3
`4
`5
`6
`7
`8
`9
`10
`11
`12
`13
`14
`15
`16
`17
`18
`19
`20
`21
`22
`
`
`
`
`
`
`
`
` 5
`
`
`
`Case IPR2018-00067
`Patent 8,577,813 B2
`
`
`As shown in slide 5, the '813 patent seeks to address this problem
`by using the USR to provide what it calls a secure wallet or an electronic
`wallet as elsewhere discussed in the patent. This secure wallet prevents the
`need from having to carry around multiple financial cards.
`Each of the prior art references that Petitioner is relying on in this
`proceeding are directed to this very same problem of avoiding the need to
`carry around multiple financial cards. They're all trying to reduce the risk of
`fraud from a loss or theft of these multiple cards and all the prior art uses a
`central server who is communicated with via a merchant device to remotely
`authenticate transactions.
`Not surprisingly the parties' dispute does not even focus on this
`purported invention of the '813 patent. Instead, the dispute focuses on a
`motivation to combine. As we see here on slide 6, we can see Claim 1 of the
`'813 patent.
`Now, Patent Owner does not dispute that the combinations of prior
`art relied on by Petitioner teach all the limitations. The dispute is as to the
`combinability of those references and specifically the combinability of those
`references with regard to these limitations highlighted here, specifically
`generating encrypted authentication information from a set of three claimed
`ingredients, as I'll call them, a non-predictable value, biometric input and
`secret information such as a PIN.
`After local authentication is performed, these three ingredients are
`used to generate encrypted authentication information that is then wirelessly
`
`1
`2
`3
`4
`5
`6
`7
`8
`9
`10
`11
`12
`13
`14
`15
`16
`17
`18
`19
`20
`21
`22
`23
`
`
`
`
`
`
`
`
` 6
`
`
`
`Case IPR2018-00067
`Patent 8,577,813 B2
`
`transmitted to a point-of-sale device, which then passes that on to the central
`server for remote authentication.
`Turning to slide 7, importantly, the '813 patent does not suggest
`that this encrypted authentication information is new. Instead, the patent
`states that these multiple pieces of data can be combined using known
`encryption techniques. So the claims and the spec do not specify any
`particular manner in which these three ingredients have to be used to
`generate the encrypted authentication information, and our prior art teaches
`using these three ingredients.
`As shown on slide 8, Figure 3 of the '813 patent provides an
`overview of its architecture. The user device is shown highlighted in blue
`on the left-hand side, the merchant device is shown highlighted in orange
`and the central server is shown highlighted here in green. Importantly, there
`is a triangular architecture between these three components, which are each
`in a communication with each other. And as we'll talk about, as we'll see,
`each of the prior art references that Petitioner relies on uses this very same
`three-component triangular architecture.
`Turning now to slide 10. Slide 10 lists grounds that were instituted
`by the Board. We'll be primarily talking about the combination of Maes plus
`Pare and Maes plus Labrou.
`Turning to slide 12, I'd like to address the issue of combining Maes
`and Pare or Maes and Labrou to render obvious wirelessly transmitting the
`
`1
`2
`3
`4
`5
`6
`7
`8
`9
`10
`11
`12
`13
`14
`15
`16
`17
`18
`19
`20
`21
`22
`
`
`
`
`
`
`
`
` 7
`
`
`
`Case IPR2018-00067
`Patent 8,577,813 B2
`
`encrypted authentication information via a point-of-sale device to the secure
`registry.
`Turning to slide 13, slide 13 shows Figure 3 of Maes, which is the
`primary reference. Maes uses the exact same architecture as used by the
`'813 patent. The user device, PDA 10, is shown highlighted in blue, the
`central server is shown highlighted in green and the merchant device is
`shown highlighted in orange. It uses the very same triangular architecture as
`the '813 patent.
`Slide 14 shows a detailed description, a detailed view of the PDA
`10, the user device. Of note, it includes a biometric sensor. It has a user
`interface for selecting accounts and for providing a PIN. The CPU includes
`an encryptor/decrypter module for purposes of performing encryption and
`decryption. It also includes an RF and an IR port for wireless
`communication. Also shown is the Universal Card 26. However, as we'll
`discuss in a moment, Maes teaches that this Universal Card 26 is actually
`not necessary and the PDA itself can replace the need for the Universal
`Card.
`
`JUDGE MELVIN: But, Mr. Mudd, Patent Owner argues that
`PDA/universal card, either one, is nonetheless a token of the type that Pare
`teaches away from, right?
`MR. MUDD: Yes. That is an argument that Patent Owner raises.
`JUDGE MELVIN: Well, that's their sort of main argument, right?
`MR. MUDD: Yes.
`
`1
`2
`3
`4
`5
`6
`7
`8
`9
`10
`11
`12
`13
`14
`15
`16
`17
`18
`19
`20
`21
`22
`23
`
`
`
`
`
`
`
`
` 8
`
`
`
`Case IPR2018-00067
`Patent 8,577,813 B2
`
`
`JUDGE MELVIN: So why don't you address that more directly
`because I believe you said in the beginning that Patent Owner doesn't
`dispute the teachings.
`MR. MUDD: Sure.
`JUDGE MELVIN: So I don't think we need to spend too much
`time on the teachings unless Patent Owner is disputing them.
`MR. MUDD: Sure, that's fine. I'll jump ahead real quick to the
`issue of Pare and its token. So the argument that Patent Owner makes with
`regard to Pare and tokens, it requires one to misconstrue the teachings of
`Pare. So Pare never actually says don't use an electronic device for
`transactions. What Pare teaches away from is tokens in the form of credit
`cards or smartcards.
`If we go to slide 27, what Patent Owner focuses on is language like
`this where Pare says tokens such as portable man-made memory devices
`such as smartcards or swipe cards, Pare doesn't ever criticize all portable
`man-made memory devices. It is criticizing credit cards and smartcards.
`And, in fact, if we look at Pare on slide 29 looking at the second
`box, Pare teaches that it's BIA, the biometric input apparatus, can actually be
`integrated with a cellular telephone.
`JUDGE MELVIN: But isn't this about the functionality of that
`device, not the form it takes, in that I understand Patent Owner's argument to
`be that a token, be it a smartcard, swipe card or a PDA, a certain type of
`PDA, a token is a problem if it stores or because it stores information locally
`
`1
`2
`3
`4
`5
`6
`7
`8
`9
`10
`11
`12
`13
`14
`15
`16
`17
`18
`19
`20
`21
`22
`23
`
`
`
`
`
`
`
`
` 9
`
`
`
`Case IPR2018-00067
`Patent 8,577,813 B2
`
`on the device, right? So it's not that Patent Owner is arguing that Pare has a
`problem with all electronic devices. I think that Patent Owner is arguing,
`hey, it's any device that stores information and, therefore, has large
`consequences with loss.
`MR. MUDD: So you raise a good point in that their argument is
`somewhat morphed. Their original argument was Pare teaches away from
`using electronic devices. When we pointed out Pare itself uses a cellphone
`with memory, they backtrack that to say, okay, well, Pare just teaches away
`from storing information and that's Pare's concern. So Pare's concern is with
`loss of the token, loss of the card, the risk of threat or loss. That's the exact
`same thing that Maes itself is addressing with its invention is avoiding the
`need to carry around these multiple tokens that there's a risk of loss for.
`Now, Maes addresses any concern Pare has with tokens because it
`has multiple layers of encryption and authentication that are required that
`protect that data. So Pare in no way teaches away from either all electronic
`devices and Pare in no way teaches away from ever storing sensitive
`information. What Pare says is if you do it, it needs to be secure, it needs to
`be safe.
`
`And, in fact, this is shown here on slide 28 when Pare says, yeah,
`there can be security issues when you integrate with a phone, but higher
`security versions with more complete enclosures are possible and
`encouraged. So Pare is not actively criticizing and saying never use this.
`
`1
`2
`3
`4
`5
`6
`7
`8
`9
`10
`11
`12
`13
`14
`15
`16
`17
`18
`19
`20
`21
`22
`
`
`
`
`
`
`
`
` 10
`
`
`
`Case IPR2018-00067
`Patent 8,577,813 B2
`
`Pare, you know, is expressing a preference for it and under the appropriate
`legal standard that does not rise to a teaching away.
`So going back to, I believe I was at slide 15. So Maes teaches that
`the device first performs a client server mode where the user contacts the
`central server to obtain a digital certificate that the device then downloads
`and encrypts in memory of the device. Then when a user wants to perform a
`transaction, they engage in local mode. Then they, again, pass a PIN and
`biometric verification to commence a transaction.
`Now, in slide 16 while Maes does teach that the Universal Card
`can in some instances be ejected from the PDA and swiped through a
`traditional point-of-sale terminal, importantly as shown in this slide Maes
`teaches that the Universal Card is not necessary. The PDA can take its place
`and it can wirelessly communicate with the point-of-sale terminal.
`Turning to slide 17. When the user has passed local verification
`and local mode, the digital certificate is decrypted and the card information
`is similarly decrypted and an authorization number is displayed on the
`device that is then shown or verbally communicated to the merchant. The
`merchant then transmits that authorization number to the central server for
`the purpose of remotely authenticating the transaction with the central
`server. Importantly, that is the purpose of the authorization number. The
`merchant has no way to verify the user on its own. It doesn't store the -- any
`way to do so, so it relies on the central server to do that and, again, the
`
`1
`2
`3
`4
`5
`6
`7
`8
`9
`10
`11
`12
`13
`14
`15
`16
`17
`18
`19
`20
`21
`22
`
`
`
`
`
`
`
`
` 11
`
`
`
`Case IPR2018-00067
`Patent 8,577,813 B2
`
`merchant is being used as a conduit to transmit this information to the
`central server.
`Now, although Maes teaches that the authorization number is
`displayed and verbally communicated, as discussed in the Petition it would
`have been obvious to wirelessly transmit the authorization number to the
`merchant. First, as shown in the first box here on slide 18, Maes teaches in a
`similar context wirelessly transmitting an encrypted information file via a
`merchant device to remotely verify the user and, second, Maes teaches in a
`situation where a User A is performing a transaction with a User B from
`PDA to PDA that the authorization number can be wirelessly transmitted via
`IR communication for purposes of then allowing user B to verify that
`authorization number with the central server.
`JUDGE MELVIN: So those are all different embodiments of
`
`Maes.
`
`MR. MUDD: That's correct. We're not relying on a direct
`anticipation or direct teaching.
`JUDGE MELVIN: I understand, but the fact that the embodiment
`you rely on uses a display and verbal communication might suggest that
`although wireless communication was known to Maes, it wasn't appropriate
`for the embodiment that we're talking about.
`MR. MUDD: Well, Maes does not limit the authorization number
`to being used just in that non-electronic embodiment. Because as Maes
`teaches, the authorization number can be wirelessly transmitted, and we're
`
`1
`2
`3
`4
`5
`6
`7
`8
`9
`10
`11
`12
`13
`14
`15
`16
`17
`18
`19
`20
`21
`22
`23
`
`
`
`
`
`
`
`
` 12
`
`
`
`Case IPR2018-00067
`Patent 8,577,813 B2
`
`talking about obviousness here and what this would suggest reasonably to a
`person of ordinary skill in the art. And, again, each of Pare and Labrou,
`which we'll talk about here in a moment, also similarly transmit wireless
`encrypted authentication data for purposes of authenticating the transaction
`via the merchant device with the central server.
`JUDGE MELVIN: But isn't Patent Owner's argument specific to
`this particular embodiment of Maes, and that is that in this embodiment it's
`important that it be useful for non-electronic transactions, right?
`MR. MUDD: Yes. So they argue that this is Maes' principle of
`operation that non-electronic transactions is the principle of operation and
`we dispute that and our expert disputes that. The key function is that the
`authorization number is used to remotely verify the user with the central
`server whether you're talking about non-electronic or electronic. So the
`non-electronic transaction, sure, that's one use case, but it's not the principle
`of operation of Maes.
`JUDGE MELVIN: Because the principle of operation must be
`something that applies across all embodiments?
`MR. MUDD: Well, because the principle of operation is -- well,
`that's a fair point, yeah, and I don't know that you can refer to a principle of
`operation of an embodiment. I don't know if Patent Owner has cited any law
`on that point, but the basic principle of operation of Maes is using this
`three-component architecture to remotely verify transactions, and that
`
`1
`2
`3
`4
`5
`6
`7
`8
`9
`10
`11
`12
`13
`14
`15
`16
`17
`18
`19
`20
`21
`22
`
`
`
`
`
`
`
`
` 13
`
`
`
`Case IPR2018-00067
`Patent 8,577,813 B2
`
`happens, you know, regardless of whether you're talking non-electronic or
`electronic. So that's the principle of operation of Maes.
`So returning then to slide 19. While Maes does not specifically
`teach how its authorization number is generated, Petitioner's obviousness
`combination of Maes with each of Pare or Labrou simply substitutes one
`piece of authentication information for another. It substitutes Maes'
`transmitted authorization number with either Pare's encrypted authentication
`information or Labrou's.
`Turning first to Pare. Patent Owner does not dispute that Pare
`teaches the claimed three ingredients. It has an unpredictable DES key, it
`has a biometric and it has a PIN. So there is no dispute on whether Pare
`teaches a limitation.
`With regard to Labrou, Labrou teaches using the three
`components. Now, what it teaches is using a unpredictable value in the form
`of a random number and it also teaches using a PIE, a personal identification
`entry. As shown on slide 21, it says this could be a PIN or biometric. And
`now I'll address this issue in a moment of why it would have been obvious to
`use both PIN and biometric to provide for multifactored authentication in
`Labrou.
`But first turning to slide 23, there are a host of reasons to make this
`combination. First, as shown on slide 23, Maes teaches that it's to be
`understood the present invention may employ any known encryption
`technique or algorithm for the encryption/decryption process, which would
`
`1
`2
`3
`4
`5
`6
`7
`8
`9
`10
`11
`12
`13
`14
`15
`16
`17
`18
`19
`20
`21
`22
`23
`
`
`
`
`
`
`
`
` 14
`
`
`
`Case IPR2018-00067
`Patent 8,577,813 B2
`
`suggest to a person of skill in the art to look to known encryption processes
`such as those used by Pare or Labrou.
`Turning to slide 22. Next, each of the prior art references here are
`all directed towards the very same problem as the '813 patent of allowing the
`user to avoid carrying around multiple cards, which pose a risk of theft or
`loss. Next, Maes also already includes both biometric and PIN. Pare and
`Labrou also both use biometric and PIN in their encryption. So Maes
`already includes all the necessary hardware and the necessary data, the
`necessary ingredients. It would just require a simple substitution of one
`piece of data for another. So Maes is ripe for improvement.
`Next, this would have been using encryption for its well-known
`purpose of protecting data in a financial transaction to address fraud. And,
`last, each of the references are using wireless communications and they're
`remotely verifying a user's transaction using a merchant as a conduit.
`I believe we discussed the issue that Patent Owner has raised with
`regard to the principle of operation. Just to reiterate, the principle of
`operation of Maes is not limited to a non-electronic transaction and it's
`irrelevant to the combination that Petitioner is relying on in this proceeding.
`Next, with regard to the issue of backwards compatibility, the
`second argument Patent Owner makes on principle of operation is that Maes
`is intended to be compatible with existing infrastructure, but the feature that
`provides this backwards compatibility is the Universal Card, right, that can
`be ejected from the device, swiped through a traditional card swipe in a
`
`1
`2
`3
`4
`5
`6
`7
`8
`9
`10
`11
`12
`13
`14
`15
`16
`17
`18
`19
`20
`21
`22
`23
`
`
`
`
`
`
`
`
` 15
`
`
`
`Case IPR2018-00067
`Patent 8,577,813 B2
`
`point-of-sale device, but Maes teaches that the Universal Card is not
`necessary and the PDA can replace this. So that backwards compatibility
`from the Universal Card is not part of Maes' principle of operation.
`JUDGE MELVIN: Well, that issue then becomes about the degree
`of modification required, right, to implement the changes in your proposed
`combination? Patent Owner takes the position that the changes are dramatic
`and you, of course, take the position that they're fairly straightforward.
`MR. MUDD: That's correct. Patent Owner has argued that it
`would require updates in software. They make no argument about any
`changes in hardware. And, in fact, the only concrete example they ever give
`of the actual software change that has to be made would be the addition of a
`seller registration step, because they say, for example, Pare in some
`embodiments has a seller code included in its encrypted authentication
`information that is sent.
`As we explained in our Reply, seller registration has long been a
`conventional part of how point-of-sale systems operate. Maes doesn't
`specifically talk about seller registration, but why would it? It was long a
`conventional step. So adding seller registration would be a very minor
`change to the software in the system. And, in fact, in Sur-Reply, then,
`Patent Owner does not rebut that point.
`We've already addressed the issue raised by Patent Owner with
`regard to the teaching away from electronic ID devices. One slide I want to
`note here is in slide 31, which provides a nice reference where Pare is
`
`1
`2
`3
`4
`5
`6
`7
`8
`9
`10
`11
`12
`13
`14
`15
`16
`17
`18
`19
`20
`21
`22
`23
`
`
`
`
`
`
`
`
` 16
`
`
`
`Case IPR2018-00067
`Patent 8,577,813 B2
`
`referring to a plastic card. When Pare talks about tokens, it's focusing on
`smartcards and credit cards that are carried around. It does not teach away
`from portable electronic devices that have security to protect the data that's
`stored therein.
`An additional argument that Patent Owner makes is shown on slide
`33 is one of redundancy. Patent Owner had argued that it was redundant to
`perform both local and remote authentication potentially of the same data.
`But as Petitioner pointed out in reply is, well, that's what the '813 patent
`itself already does. And, in fact, there's this statement here in the
`specification that says in various embodiments the authentication of the
`biometric occurs at the user device, at the POS device, at the USR or at a
`combination of the preceding.
`So if there's any alleged redundancy, it's in the '813 patent itself.
`And as our expert explained, it makes sense to do both local and remote
`authentication because it enhances security and, again, we think this is a
`position that Patent Owner has dropped. They did not continue to argue this
`point in their Sur-Reply.
`Turning back to the issue of Maes plus Labrou, so one argument
`that -- and I'm here on slide 36. Patent Owner has argued that it would not
`have been obvious to use both the biometric and PIN to generate the PIE in
`Labrou. Now, Labrou already teaches using both biometric and PIN for
`authentication. It also teaches the PIE can be generated from PIN or
`
`1
`2
`3
`4
`5
`6
`7
`8
`9
`10
`11
`12
`13
`14
`15
`16
`17
`18
`19
`20
`21
`22
`
`
`
`
`
`
`
`
` 17
`
`
`
`Case IPR2018-00067
`Patent 8,577,813 B2
`
`biometric. And then as shown in the bottom box here on slide 36, Labrou
`teaches any other type of PIE can be used.
`As our expert explained, as shown on slide 37, it was well-known
`to use multifactor authentication. It would have made sense to a person of
`skill in the art to use both biometric and PIN. Now, what response does
`Patent Owner provide? So on slide 38 Patent Owner's position was its
`expert said, look, you can't use a biometric. It would have been impossible.
`Even though Labrou says use a biometric to generate the PIE string, it would
`have been impossible to repeatedly -- reproducibly or repeatably consistently
`generate a PIE string from a biometric.
`He contended this was an open problem for a long time and was
`still an open problem almost up to today, but we confronted it in deposition
`as shown here on slide 39 with one of his own -- one of their experts own
`prior art patents from the year 2000. So this is years prior. And in this
`patent, he states that he has an invention to generate a repeatable
`cryptographic key in view of varying biometric measurements. It was
`already known in the art on how you can generate repeatably a string from
`biometric data.
`As shown on slide 40, when confronted with this, he finally gave
`in and said, yes, okay, it was possible to do so, but I don't think it would
`work with Labrou. And his point was, well, Labrou doesn't specifically go
`into the details of how to do it. Well, the law doesn't require that if it was
`
`1
`2
`3
`4
`5
`6
`7
`8
`9
`10
`11
`12
`13
`14
`15
`16
`17
`18
`19
`20
`21
`22
`
`
`
`
`
`
`
`
` 18
`
`
`
`Case IPR2018-00067
`Patent 8,577,813 B2
`
`known in the art and Labrou says do it, that's all that's required. So their
`argument there on Labrou combining biometric and PIN is misplaced.
`Next, jumping to slide 45, the next issue they take with the
`Maes-Labrou combination is that they claim that we were not specific
`enough about what was being combined from Labrou and they say Labrou
`teaches both a user message and a merchant message. Are you combining
`the merchant message, too? No, we're not. That's irrelevant. The merchant
`message is irrelevant to our combination. As we set out in our Petition as
`shown here on slide 45, what we're talking about is the user's information
`that is encrypted and sent to the server.
`JUDGE MELVIN: Mr. Mudd, on the PIE in Labrou, why isn't
`Patent Owner right that the question here is whether you've shown the
`teaching in Labrou or another reference? I mean, you assert that it was
`known in the art, but there must be some burden on you to identify how it
`was known, right?
`MR. MUDD: So as we explained, Labrou teaches using both PIN
`and biometric for authentication and it teaches the PIE can be generated
`from either PIN or biometric, and Labrou teaches any type of PIE string can
`be used. And as our expert explained, it would have been obvious to use
`both of these because it was well-known in the art to use multifactored
`authentication. Deficiencies in PINs are rectified by biometric. Deficiencies
`in biometrics are rectified by PIN. So a person of skill in the art would have
`been motivated to use both.
`
`1
`2
`3
`4
`5
`6
`7
`8
`9
`10
`11
`12
`13
`14
`15
`16
`17
`18
`19
`20
`21
`22
`23
`
`
`
`
`
`
`
`
` 19
`
`
`
`Case IPR2018-00067
`Patent 8,577,813 B2
`
`
`With regard to Claim 2, Dependent Claim 2, Patent Owner -- what
`Claim 2 requires is a discrete code associated with the electronic ID device.
`As shown here on slide 47, Maes directly teaches an account number of the
`PDA device. We contend this teaches the discrete code associated with the
`device.
`
`Now, what Patent Owner argues is that, well, yes, but this is also
`an account number that's associated with the Universal Card. That's fine if
`it's also associated with the card. The claim just requires it to be associated
`with the electronic ID device. That satisfies Claim 2.
`Next, I'd like to turn to Dependent Claims 12 and 21, which relate
`to generating account identifying information for the respective one of the
`accounts wherein the account identifying information does not identify an
`account number as shown here in slide 49.
`Now, first Patent Owner argues the account number has to be
`selected or the account, rather, has to be selected first before this identifying
`information is generated, and they argue that the aliases that we point to in
`Labrou are already pre-existing in the device. So, first, the claim is not clear
`on whether or not this temporal limitation exists and whether the aliases can
`exist before a selection or not. But irregardless, in Labrou it teaches that
`there are no actual account numbers stored on the device as shown on slide
`51. Only aliases are stored on the device. And when the user selects one of
`those aliases, a message is generated that is communicated to the server
`identifying that selected account.
`
`1
`2
`3
`4
`5
`6
`7
`8
`9
`10
`11
`12
`13
`14
`15
`16
`17
`18
`19
`20
`21
`22
`23
`
`
`
`
`
`
`
`
` 20
`
`
`
`Case IPR2018-00067
`Patent 8,577,813 B2
`
`
`So as we explain, a person of skill in the art would understand that
`a message identifying that account of an alias that does not include an
`account number is generated after selection and communicated to the server.
`JUDGE MELVIN: So it's your position that an alias exists. And
`then when the message is generated containing the alias, that is generating
`account identifying information.
`MR. MUDD: Yes, that's correct. That's what a person of --
`JUDGE MELVIN: Even though the account identifying
`information already existed.
`MR. MUDD: The selection of the account and the generation of
`the message identifying that alias is generated after selection and then
`transmitted.
`JUDGE MELVIN: But the only information in the device is the
`
`alias.
`
`MR. MUDD: That's correct.
`JUDGE MELVIN: And the alias pre-existed the message.
`MR. MUDD: That's right.
`JUDGE MELVIN: So the message was generated incorporating
`the alias, but the claim says generating account identifying information.
`MR. MUDD: But their argument is that that has to be account
`identifying information identifying the selected account after selection.
`JUDGE MELVIN: Right.
`
`1
`2
`3
`4
`5
`6
`7
`8
`9
`10
`11
`12
`13
`14
`15
`16
`17
`18
`19
`20
`21
`22
`
`
`
`
`
`
`
`
` 21
`
`
`
`Case IPR2018-00067
`Patent 8,577,813 B2
`
`
`MR. MUDD: So the device has to store some indication of which
`alias was selected. That indication of which alias was selected is itself
`identifying an account and it's communicated to the server for that purpose.
`Next, I'll briefly touch on the combination of Pizarro and Pare. As
`shown here on slide 53, Pizarro also uses the exact same triangular
`architecture of a user device, in this case a cellular telephone,
`communicating with a merchant device and with a central server here as
`shown on slide 53.
`Now, Patent Owner largely rehashes the same arguments that
`multilayered authentication is redundant. We've already addressed that
`argument. They argue Pare teaches away. We've addressed that argument.
`And they don't dispute that it would have been obvious to combine Pare's
`PIN with Pizarro. So the same issues that have been raised with regard to
`Pizarro and Pare have already been addressed.