`
`Proposed Redacted Version of Final Written Decision
`
`
`IPR2018-00067
`Unified EX1045 Page 1
`
`
`
`Trials@uspto.gov
`571-272-7822
`
` Paper No. 54
` Entered: May 1, 2019
`
`UNITED STATES PATENT AND TRADEMARK OFFICE
`____________
`
`BEFORE THE PATENT TRIAL AND APPEAL BOARD
`____________
`
`UNIFIED PATENTS, INC.,
`Petitioner,
`
`v.
`
`UNIVERSAL SECURE REGISTRY LLC,
`Patent Owner.
`____________
`
`Case IPR2018-00067
`Patent 8,577,813 B2
`____________
`
`Before BART A. GERSTENBLITH, SCOTT C. MOORE, and
`JASON W. MELVIN, Administrative Patent Judges.
`
`MELVIN, Administrative Patent Judge.
`
`FINAL WRITTEN DECISION
`35 U.S.C. § 318(a) and 37 C.F.R. § 42.73
`
`CONFIDENTIAL – BOARD AND PARTIES ONLY
`
`IPR2018-00067
`Unified EX1045 Page 2
`
`
`
`CONFIDENTIAL – BOARD AND PARTIES ONLY
`IPR2018-00067
`Patent 8,577,813 B2
`
`I.
`
`INTRODUCTION
`
`Petitioner, Unified Patents Inc., requested inter partes review of
`
`claims 1–3 and 5–26 of U.S. Patent No. 8,577,813 B2 (Ex. 1001, “the
`
`’813 patent”). Paper 12 (“Pet.”).1 Patent Owner, Universal Secure Registry
`
`LLC, filed a Preliminary Response (Paper 7, “Prelim. Resp.”) and a
`
`Supplemental Preliminary Response (Paper 13, “Supp. Prelim. Resp.”). 2 We
`
`instituted review. Paper 14 (“Inst.” or “Institution Decision”). Patent Owner
`
`filed a Response (Paper 28 (“PO Resp.”)) and a Conditional Motion to
`
`Amend (Paper 26 (“MTA”)); Petitioner filed a Reply (Paper 39 (“Reply”))
`
`and an Opposition to Patent Owner’s Contingent Motion to Amend
`
`(Paper 34 (“MTA Opp.”)); Patent Owner filed a Surreply (Paper 42) and a
`
`Reply to Petitioner’s Opposition (Paper 43 (“MTA Reply”)); and Petitioner
`
`filed a Surreply to the Contingent Motion to Amend (Paper 44 (“MTA
`
`Surreply”)). We held a hearing on January 30, 2019, and a transcript is
`
`included in the record. Paper 51 (“Tr.”).
`
`This is a final written decision as to the patentability of the challenged
`
`claims. For the reasons discussed below, we determine that Petitioner has
`
`proven by a preponderance of the evidence that each of claims 1–3, 5–9, 11,
`
`13–18, 20, and 22–26 of the ’813 patent is unpatentable but has not proven
`
`that any of claims 10, 12, 19, and 21 is unpatentable. We deny Patent
`
`Owner’s Contingent Motion to Amend.
`
`1 We authorized Petitioner to file a Corrected Petition. See Paper 11.
`2 We authorized Patent Owner to file a Supplemental Preliminary Response
`addressing claims 7–10. Paper 11, 5–7.
`
`2
`
`IPR2018-00067
`Unified EX1045 Page 3
`
`
`
`CONFIDENTIAL – BOARD AND PARTIES ONLY
`IPR2018-00067
`Patent 8,577,813 B2
`
`A. RELATED MATTERS
`The parties identify the following judicial matter involving the
`
`’813 patent: Universal Secure Registry LLC v. Apple Inc. et al., Case
`
`No. 1:17-cv-00585 (D. Del.) (filed May 21, 2017). Pet. 67; Paper 5.
`
`B. THE ’813 PATENT
`
`The ’813 patent issued November 5, 2013, from an application filed
`
`September 20, 2011. Ex. 1001, [45], [22]. The ’813 patent includes a
`
`number of priority claims, including dates as early as February 21, 2006. Id.
`
`at [63], [60], 1:6–32.
`
`The ’813 patent is titled “Universal Secure Registry” and is directed
`
`to authenticating a user using biometric and secret information provided to a
`
`user device, encrypted, and sent to a secure registry for validation. Id. at
`
`Abstract. The Specification describes one aspect of the invention as an
`
`“information system that may be used as a universal identification system
`
`and/or used to selectively provide information about a person to authorized
`
`users.” Id. at 3:65–4:1. One method described for controlling access involves
`
`“acts of receiving authentication information from an entity at a secure
`
`computer network, communicating the authentication information to the
`
`secure registry system, and validating the authentication information at the
`
`secure registry system.” Id. at 4:43–48. The “universal secure registry”
`
`(“USR”) is described as a computer system with a database containing
`
`entries related to multiple people, with a variety of possible information
`
`about each person, including validation, access, and financial information.
`
`Id. at 9:35–12:18.
`
`3
`
`IPR2018-00067
`Unified EX1045 Page 4
`
`
`
`CONFIDENTIAL – BOARD AND PARTIES ONLY
`IPR2018-00067
`Patent 8,577,813 B2
`
`Validation information in the ’813 patent “is information about the
`
`user of the database to whom the data pertains and is to be used by the USR
`
`software 18 to validate that the person attempting to access the information
`
`is the person to whom the data pertains or is otherwise authorized to receive
`
`it.” Id. at 12:19–23. Such information must “reliably authenticate the identity
`
`of the individual” and may include “a secret known by the user (e.g., a pin, a
`
`phrase, a password, etc.), a token possessed by the user that is difficult to
`
`counterfeit (e.g., a secure discrete microchip), and/or a measurement such as
`
`a biometric (e.g., a voiceprint, a fingerprint, DNA, a retinal image, a
`
`photograph, etc.).” Id. at 12:23–31. The ’813 patent describes using such
`
`information in combination with other information “to generate a one-time
`
`nonpredictable code which is transmitted to the computer system” and used
`
`“to determine if the user is authorized access to the USR database.” Id.
`
`at 12:50–60; see also id. at 45:55–46:36. Communication between a user
`
`device and the secure registry may occur through a point-of-sale (“POS”)
`
`device in the ’813 patent. Id. at 43:4–44:31.
`
`C. CHALLENGED CLAIMS
`
`Petitioner challenges claims 1–3 and 5–26. Challenged claims 1, 16,
`
`and 24 are independent. Claim 1 (reproduced below) is illustrative of the
`
`claimed subject matter:
`
`1[P]. An electronic ID device configured to allow a user to
`select any one of a plurality of accounts associated with the
`user to employ in a financial transaction, comprising:
`
`[a] a biometric sensor configured to receive a biometric
`input provided by the user;
`
`[b] a user interface configured to receive a user input
`including secret information known to the user and
`
`4
`
`IPR2018-00067
`Unified EX1045 Page 5
`
`
`
`CONFIDENTIAL – BOARD AND PARTIES
`IPR2018-00067
`Patent 8,577,813 B2
`
`identifying information concerning an account selected
`by the user from the plurality of accounts;
`
`[c] a communication interface configured to communicate
`with a secure registry;
`
`[d] a processor coupled to the biometric sensor to receive
`information concerning the biometric input, the user
`interface and the communication interface,
`
`[i] the processor being programmed to activate the
`electronic ID device based on successful
`authentication by the electronic ID device of at least
`one of the biometric input and the secret information,
`
`[ii] the processor also being programmed such that once
`the electronic ID device is activated the processor is
`configured to generate a non-predictable value and to
`generate encrypted authentication information from
`the non-predictable value, information associated
`with at least a portion of the biometric input, and the
`secret information, and
`
`[iii] to communicate the encrypted authentication
`information via the communication interface to the
`secure registry; and
`
`[e][i] wherein the communication interface is configured to
`wirelessly transmit the encrypted authentication
`information to a point-of-sale (POS) device, and
`
`[ii] wherein the secure registry is configured to receive
`at least a portion of the encrypted authentication
`information from the POS device.
`
`Ex. 1001, 51:65–52:29.3
`
`3 We include square-bracketed annotations following Petitioner’s
`demarcations. See Pet. 9–26.
`
`5
`
`IPR2018-00067
`Unified EX1045 Page 6
`
`
`
`CONFIDENTIAL – BOARD AND PARTIES ONLY
`IPR2018-00067
`Patent 8,577,813 B2
`
`D. GROUNDS OF UNPATENTABILITY
`
`Petitioner asserts the following grounds of unpatentability, each based
`
`on 35 U.S.C. § 103(a):4
`
`References
`
`Maes5 and Pare6
`
`Maes and Labrou7
`
`Challenged Claim(s)
`
`1–3, 5, 11, 13–17, 20, and 22–26
`
`1–3, 5, 11–17, and 19–26
`
`Maes, Pare, and Labrou
`
`12–15, 17, 19–23, 25, and 26
`
`Maes, Pare, and Burger8
`
`6–9 and 18
`
`Maes, Labrou, and Burger
`
`6–10 and 18
`
`Maes, Pare, Burger, and Labrou 10
`
`Pizarro9 and Pare
`
`1, 2, 5, 11, 13, 16, 17, and 24
`
`See Pet. 4–5; Inst. 30–31. Petitioner also relies on the Declaration of Dr. Eric
`
`Cole (Ex. 1009) and Declaration of Dr. Eric Cole in Support of Petitioner’s
`
`Reply to Patent Owner’s Response (Ex. 1032), while Patent Owner relies on
`
`the Declaration of Markus Jakobsson in Support of Patent Owner’s
`
`Response (Ex. 2004).
`
`4 The America Invents Act includes revisions to, inter alia, 35 U.S.C. § 103
`effective on March 16, 2013. Because the ’813 patent issued from an
`application filed before March 16, 2013, the pre-AIA version of 35 U.S.C.
`§ 103 applies.
`5 U.S. Patent No. 6,016,476, issued January 18, 2000 (Ex. 1003).
`6 U.S. Patent No. 5,870,723, issued February 9, 1999 (Ex. 1004).
`7 U.S. Patent Publication No. US 2004/0107170 A1, published June 3, 2004
`(Ex. 1005).
`8 International Publication WO 01/24123 A1, published April 5, 2001
`(Ex. 1006).
`9 U.S. Patent No. 7,865,448 B2, filed October 19, 2004 (Ex. 1007).
`
`6
`
`IPR2018-00067
`Unified EX1045 Page 7
`
`
`
`CONFIDENTIAL – BOARD AND PARTIES
`IPR2018-00067
`Patent 8,577,813 B2
`
`II. DISCUSSION
`
`A. LEVEL OF ORDINARY SKILL IN THE ART
`
`Petitioner and Patent Owner propose very similar statements of the
`
`level of ordinary skill in the art. In Patent Owner’s phrasing, a skilled artisan
`
`would have had “a Bachelor of Science degree in electrical engineering,
`
`computer science or computer engineering, and three years of work or
`
`research experience in the fields of secure transactions and encryption; or a
`
`Master’s degree in electrical engineering, computer science or computer
`
`engineering, and two years of work or research experience in related fields.”
`
`PO Resp. 16–17 (citing Ex. 2004 ¶ 18). Petitioner’s statement includes only
`
`a bachelor’s degree and marginally less work experience. Pet. 5. Patent
`
`Owner states that its positions would be the same under either party’s
`
`proposal. PO Resp. 17. We agree with Patent Owner that the analysis and
`
`conclusions remain the same under either proposal. As a more-
`
`comprehensive definition, we adopt Patent Owner’s statement and note that
`
`it is consistent with the prior art of record.
`
`B. CLAIM CONSTRUCTION
`
`Petitioner proposes constructions for three terms: “biometric input,”
`
`“secret information,” and “secure registry.” Pet. 6–7. Patent Owner asserts
`
`that no construction is required for any term. PO Resp. 17.
`
`We agree with Patent Owner that the parties’ disputes do not turn on
`
`the construction of these terms and construing the claims would not benefit
`
`this proceeding. We therefore decline to expressly construe the claims. See
`
`Nidec Motor Corp. v. Zhongshan Broad Ocean Motor Co., 868 F.3d 1013,
`
`1017 (Fed. Cir. 2017) (affirming that the Board only need construe claims
`
`7
`
`IPR2018-00067
`Unified EX1045 Page 8
`
`
`
`CONFIDENTIAL – BOARD AND PARTIES ONLY
`IPR2018-00067
`Patent 8,577,813 B2
`
`terms “to the extent necessary to resolve the controversy”) (citing Vivid
`
`Techs., Inc. v. Am. Sci. & Eng’g, Inc., 200 F.3d 795, 803 (Fed. Cir. 1999)).
`
`C. UNPATENTABILITY
`
`Petitioner’s assertions against the independent claims establish
`
`multiple grounds relying on Maes as the primary reference and either Pare or
`
`Labrou as the secondary reference. See Inst. 9 n.9; Pet. 4. Extending the
`
`assertions to dependent claims, Petitioner additionally asserts teachings from
`
`Labrou, Pare, and Burger. See Inst. 16 n.10, 21; Pet. 4–5. Petitioner also
`
`asserts Pizarro as a primary reference, in combination with Pare. Pet. 5.
`
`1. Maes and Pare
`
`Petitioner asserts Maes is prior art under 35 U.S.C. § 102(b) based on
`
`its January 18, 2000, issue date. Pet. 7. Maes discloses a system for
`
`processing transactions using a “transaction processing device (‘personal
`
`digital assistant’ or ‘PDA’) in which a user can store his or her credit card,
`
`ATM card and/or debit card (i.e., financial) information, as well as personal
`
`information, and then access and write selected information to a smartcard
`
`(‘Universal Card’), which is then used to initiate a POS, ATM, or consumer
`
`transaction.” Ex. 1003, 2:23–31. User verification on the device “may be
`
`performed by using either biometric data, PIN or password, or a combination
`
`thereof.” Id. at 3:59–61.
`
`Maes’s device may communicate with a “central server” to obtain a
`
`“temporary digital certificate” in order to access a user’s information. Id.
`
`at 2:36–42, 3:38–52. The central server stores personal information, secret
`
`information, and biometric data for a user, and verifies a user’s identity to
`
`issue a digital certificate. Id. at 7:20–35. A PDA’s connection to the central
`
`8
`
`IPR2018-00067
`Unified EX1045 Page 9
`
`
`
`CONFIDENTIAL – BOARD AND PARTIES ONLY
`IPR2018-00067
`Patent 8,577,813 B2
`
`server may occur directly through a variety of channels, or may connect via
`
`“a special ATM (or other such kiosks).” Id. at 7:60–8:5. Maes discloses a
`
`user providing verification data to a server to obtain a temporary digital
`
`certificate. Ex. 1003, 7:57–10:15. Maes then discloses a number of possible
`
`operations to conduct transactions using that digital certificate. Generally,
`
`the user’s identity is verified on the device, and, if the device has an
`
`unexpired digital certificate, the user’s payment information is decrypted for
`
`use in a transaction. Id. at 10:29–11:40. Maes discloses that payment
`
`information may be transmitted through a Universal Card (smartcard), or
`
`directly through a wireless interface. Id. at 12:5–29.
`
`In instances without electronic data transfer, Maes discloses
`
`generating an authorization number upon local verification. Id. at 12:40–49.
`
`The authorization number may be conveyed with card information to a
`
`merchant, who uses the authorization number to confirm with the central
`
`server that the user is properly verified. Id. at 12:30–13:5.
`
`Maes additionally states that “the present invention can be configured
`
`to afford an additional level of security for user verification” by verifying
`
`the consumer’s identity even beyond an unexpired digital certificate and
`
`local verification. Id. at 13:19–38. In that embodiment for additional
`
`security, a file with identifying information is sent from the consumer’s
`
`device to a POS terminal, which forwards the file to a financial institution.
`
`Id.
`
`Petitioner asserts Pare is prior art under 35 U.S.C. § 102(b) based on
`
`its February 9, 1999, issue date. Pet. 8. Pare discloses a “method and system
`
`for tokenless authorization of commercial transactions between a buyer and
`
`9
`
`IPR2018-00067
`Unified EX1045 Page 10
`
`
`
`CONFIDENTIAL – BOARD AND PARTIES ONLY
`IPR2018-00067
`Patent 8,577,813 B2
`
`a seller using a computer system.” Ex. 1004, Abstract. Pare’s system verifies
`
`buyers by requiring entry of biometric samples and a PIN, sending the
`
`information to a remote computer system (the “Data Processing Center
`
`(DPC)”) in an encrypted state, then comparing the information with such
`
`information previously registered by the buyer. Id. at 4:14–49, 6:12–16,
`
`8:35–36.
`
`Pare describes using a “Biometric Input Apparatus (BIA)” to “gather,
`
`encode, and encrypt biometric input for use in commercial transaction.” Id.
`
`at 10:41–46. For encryption, Pare teaches using a derived unique key per
`
`transaction (DUKPT) to select an encryption key from a “Future Key Table”
`
`that is an “unpredictable” key. Id. at 17:27–55, 18:50–63. The key is used to
`
`encrypt the “Biometric-PIN Block,” which contains biometric information
`
`and a PIN, for transmission to the DPC. Id. at 17:29–31.
`
`a. Claim 1
`
`Petitioner maps claim 1’s limitations to the references, applying Maes
`
`as the primary reference that teaches most claim limitations. See Pet. 9–27.
`
`While Petitioner asserts further that other references also teach certain
`
`limitations, other than as addressed below, we construe the ground as relying
`
`on Maes alone.
`
`(1)
`
`[Preamble] An electronic ID device configured to allow a user to
`select any one of a plurality of accounts associated with the user to
`employ in a financial transaction
`
`Petitioner asserts Maes teaches an electronic ID device allowing a
`
`user to store and select various financial cards that comprise a plurality of
`
`accounts associated with the user for use in a transaction. Pet. 9–10 (citing
`
`Ex. 1003, Abstract, 4:1–5, 12:5–29, Figs. 3, 5, 6). Patent Owner does not
`
`10
`
`IPR2018-00067
`Unified EX1045 Page 11
`
`
`
`CONFIDENTIAL – BOARD AND PARTIES ONLY
`IPR2018-00067
`Patent 8,577,813 B2
`
`contest Petitioner’s assertions in this regard.10 We need not determine
`
`whether the preamble is limiting because we conclude Petitioner has shown
`
`Maes teaches the preamble for the reasons provided by Petitioner.
`(2) [a] a biometric sensor configured to receive
`a biometric input provided by the user
`
`Petitioner asserts Maes teaches the claimed biometric sensor. Pet. 11
`
`(citing Ex. 1003, 5:54–63, 3:53–61, 10:49–54, 10:66–11:5, Fig. 1). Patent
`
`Owner does not contest Petitioner’s assertions in this regard. We conclude
`
`Petitioner has shown Maes teaches the claimed biometric sensor for the
`
`reasons provided by Petitioner.
`(3)
`[b] a user interface configured to receive a user input including
`secret information known to the user and identifying information
`concerning an account selected by the user from the plurality of
`accounts
`
`Petitioner asserts Maes teaches the claimed user interface by
`
`disclosing that the central server verifies the user “either biometrically or
`
`through PIN or password or a combination thereof” before generating a
`
`temporary digital certificate to download onto the user’s device. Pet. 12–13
`
`(citing Ex. 1003, 2:59–3:6, 3:45–61, 5:63–67, 8:40–42, 10:18–21, 10:29–44,
`
`10:49–54, 11:5–8, 14:40–46). Patent Owner does not contest Petitioner’s
`
`assertions in this regard. We conclude Petitioner has shown Maes teaches
`
`the claimed user interface for the reasons provided by Petitioner.
`
`10 The Scheduling Order instructed: “The patent owner is cautioned that any
`arguments for patentability not raised in the response will be deemed
`waived.” Paper 16, 7.
`
`11
`
`IPR2018-00067
`Unified EX1045 Page 12
`
`
`
`CONFIDENTIAL – BOARD AND PARTIES
`IPR2018-00067
`Patent 8,577,813 B2
`
`(4)
`
`[c] a communication interface configured to
`communicate with a secure registry
`
`Petitioner asserts Maes teaches its PDA includes a communication
`
`interface configured to communicate with central server 60, which is a
`
`secure registry because it “stor[es] information associated with users,
`
`including personal and financial information, a PIN or password, biometric
`
`data, and a unique account number, and it performs user verification for
`
`transactions.” Pet. 13–15 (quoting Ex. 1003, 7:20–41; citing Ex. 1003, 6:60–
`
`7:7, 2:59–3:1, 3:42–52, 6:61–7:4, 7:57–8:12, 12:10–57, 13:24–38, Figs. 1,
`
`3). Patent Owner does not contest Petitioner’s assertions in this regard. We
`
`conclude Petitioner has shown Maes teaches the claimed communication
`
`interface for the reasons provided by Petitioner.
`
`(5)
`
`[d] a processor coupled to the biometric sensor to receive
`information concerning the biometric input, the
`user interface and the communication interface
`
`Petitioner asserts Maes teaches that the user device includes a CPU (a
`
`processor) to handle inputs from and issue commands to the various
`
`components. Pet. 15–16 (citing Ex. 1003, 5:1–14, Fig. 1). Patent Owner does
`
`not contest Petitioner’s assertions in this regard. We conclude Petitioner has
`
`shown Maes teaches the claimed processor for the reasons provided by
`
`Petitioner.
`
`(6)
`
`[d][i] the processor being programmed to activate the electronic ID
`device based on successful authentication by the electronic ID device
`of at least one of the biometric input and the secret information
`
`Petitioner asserts Maes teaches that the user device prohibits access to
`
`stored accounts until the user performs local verification using biometric
`
`input or a PIN/password. Pet. 17–18 (citing Ex. 1003, 3:45–52, 5:63–67,
`
`12
`
`IPR2018-00067
`Unified EX1045 Page 13
`
`
`
`CONFIDENTIAL – BOARD AND PARTIES ONLY
`IPR2018-00067
`Patent 8,577,813 B2
`
`10:49–61, 11:9–18, 12:5–29). Patent Owner does not contest Petitioner’s
`
`assertions in this regard. We conclude Petitioner has shown Maes teaches
`
`the claimed processor programmed to activate the device for the reasons
`
`provided by Petitioner.
`
`(7)
`
`[d][ii] the processor also being programmed such that once the
`electronic ID device is activated the processor is configured to
`generate a non-predictable value and to generate encrypted
`authentication information from the non-predictable value,
`information associated with at least a portion of
` the biometric input, and the secret information
`
`Petitioner asserts a combination of teachings from Maes and Pare
`
`regarding the processor being “programmed such that once the electronic ID
`
`device is activated the processor is configured to generate a non-predictable
`
`value and to generate encrypted authentication information from the non-
`
`predictable value, information associated with at least a portion of the
`
`biometric input, and the secret information.” First, Petitioner looks to Maes’s
`
`disclosure of generating an authorization number derived from a digital
`
`certificate obtained from a central server and using the authorization number
`
`to authenticate the user with the server. Pet. 18 (citing Ex. 1003, 12:40–
`
`13:5). Petitioner admits that Maes does not teach generating a
`
`nonpredictable value or using such a value to generate authentication
`
`information. Id. For those aspects, Petitioner relies on Pare, which teaches
`
`“the concept of generating non-predictable values for generating encrypted
`
`authentication information associated with biometric input and secret
`
`information.” Id. In particular, Petitioner looks to Pare’s disclosure of a
`
`“commercial transaction message” that includes biometric and secret
`
`13
`
`IPR2018-00067
`Unified EX1045 Page 14
`
`
`
`CONFIDENTIAL – BOARD AND PARTIES ONLY
`IPR2018-00067
`Patent 8,577,813 B2
`
`information, encrypted using a randomly generated key. Id. at 19–20 (citing
`
`Ex. 1004, 17:27–46, Abstract, 4:34–42, 18:51–61, 19:43–20:15, Fig. 7).
`
`Petitioner asserts that a person of ordinary skill had reason “to
`
`substitute the encrypted authentication information taught in Pare . . . for the
`
`authorization number of Maes” because Maes already teaches encrypting
`
`certain information and discloses that its invention “may employ any known
`
`encryption technique or algorithm,” and because “encrypting sensitive
`
`information had long been an established practice in financial security
`
`systems to address fraud.” Id. at 21–23 (citing Ex. 1003, 10:10–15, 12:66–
`
`13:5, 13:24–38, 13:51–60, Fig. 5; Ex. 1009 ¶¶ 54, 36–38).
`
`Patent Owner argues that Petitioner’s assertions are deficient for
`
`several reasons.
`
`(a) Whether Pare teaches away from the combination
`
`According to Patent Owner, Pare criticizes token-based systems, in
`
`which “portable man made memory devices” or “smart cards” store PIN or
`
`biometric information, therefore subjecting that information to potential
`
`tampering or loss. PO Resp. 20–21 (citing Ex. 1004, 1:12–3:60, 2:21–53,
`
`5:5–8, 6:55–7:3, 7:46–60). Moreover, Patent Owner urges, Pare teaches
`
`away from adding security to protect from such risks because doing so
`
`“leads to centralization of function” that “looks good during design, but
`
`actual use results in increased vulnerability for consumers,” “heavier and
`
`heavier penalties on the consumer for destruction or loss” of the token, and
`
`additional costs. Id. at 21 (quoting Ex. 1004, 3:23–36). Patent Owner argues
`
`that Pare’s “‘objective’ and ‘essence of [the] invention’ is to conduct
`
`transactions ‘without . . . tokens.’” Id. (quoting Ex. 1004, 9:12–28; citing
`
`Ex. 1004, Abstract, 6:55–7:3, 7:57–60).
`
`14
`
`IPR2018-00067
`Unified EX1045 Page 15
`
`
`
`CONFIDENTIAL – BOARD AND PARTIES ONLY
`IPR2018-00067
`Patent 8,577,813 B2
`
`Petitioner considers Pare’s disclosures, at most, to express a
`
`preference for not storing information locally. Reply 4. According to
`
`Petitioner, “the encryption techniques of Pare would enhance the security of
`
`Maes.” Id. Petitioner submits that Maes addresses Pare’s concern with
`
`tokens because of the multiple layers of encryption and authentication
`
`imposed to protect the data. Tr. 10:13–18.
`
`“[I]n general, a reference will teach away if it suggests that the line of
`
`development flowing from the reference’s disclosure is unlikely to be
`
`productive of the result sought by the applicant.” In re Gurley, 27 F.3d 551,
`
`553 (Fed. Cir. 1994). What the prior art teaches, whether a person of
`
`ordinary skill in the art would have been motivated to combine references,
`
`and whether a reference teaches away from the claimed invention are
`
`questions of fact. Apple Inc. v. Samsung Elecs. Co., 839 F.3d 1034, 1051
`
`(Fed. Cir. 2016) (en banc).
`
`We find that Pare does not teach away from using its disclosures in a
`
`system such as Maes’s because Pare does not discredit token-based systems.
`
`Pare’s discussion of token-based systems recognizes benefits that arise from
`
`such approaches and also presents reasons that Pare’s approach is superior.
`
`See Ex. 1004, 3:2–36. In particular, Pare states that, by adding security, “the
`
`resulting system will definitely be more secure.” Id. Further, Pare’s
`
`discussion of token-based systems largely focuses on the idea that “the
`
`comparison and verification process is not isolated from the hardware and
`
`software directly used by the buyer attempting access.” Id. at 2:22–27. That
`
`aspect is not applicable to Maes, which uses remote verification through the
`
`digital certificate, as described by Petitioner’s application of Maes to the
`
`15
`
`IPR2018-00067
`Unified EX1045 Page 16
`
`
`
`CONFIDENTIAL – BOARD AND PARTIES ONLY
`IPR2018-00067
`Patent 8,577,813 B2
`
`other limitations of claim 1. Thus, we agree with Petitioner that Maes’s
`
`system provides features that address Pare’s concerns. Tr. 10:13–18; see
`
`Reply 4 (citing Ex. 1032 ¶¶ 13–14).
`
`Moreover, Petitioner asserts a combination that relies on Pare’s
`
`teachings “of generating non-predictable values for generating encrypted
`
`authentication information associated with biometric input and secret
`
`information.” Pet. 18. This aspect of Pare is independent of the overall
`
`approach used by Maes. We do not read Pare’s criticism of token-based
`
`systems as indicating that such systems cannot benefit from Pare’s
`
`encryption techniques. See KSR Int’l Co. v Teleflex Inc., 550 U.S. 398, 420
`
`(2007) (“[F]amiliar items may have obvious uses beyond their primary
`
`purposes, and in many cases a person of ordinary skill will be able to fit the
`
`teachings of multiple patents together like pieces of a puzzle.”). Thus, while
`
`Patent Owner argues that Pare teaches a system integrated with a sales
`
`terminal rather than a customer device (PO Resp. 22), we do not read Pare’s
`
`teachings as limited to the particular context in which its system operates.
`
`(b) Whether combining Pare with Maes would be
`redundant and less secure
`
`Patent Owner argues next that using Pare’s methods with Maes would
`
`be redundant and less secure. PO Resp. 23. Maes teaches local verification
`
`using biometric and PIN entry before proceeding with a transaction.
`
`Ex. 1003, 1:10–17, 2:32–42, 3:53–67, 5:60–63, 12:40–47. In contrast, Pare
`
`teaches validating biometric and PIN information remotely, at the server.
`
`Ex. 1004, Figs. 5, 12; see also id. at 2:21–53, 7:46–60. Patent Owner argues
`
`that submitting the same information for remote verification “would
`
`16
`
`IPR2018-00067
`Unified EX1045 Page 17
`
`
`
`CONFIDENTIAL – BOARD AND PARTIES ONLY
`IPR2018-00067
`Patent 8,577,813 B2
`
`needlessly expose the PIN and biometric information to fraud.”
`
`PO Resp. 25–26 (citing Ex. 2004 ¶ 61).
`
`Petitioner argues in response that skilled artisans would have
`
`configured a system to perform multiple verifications because it would
`
`enhance security. Reply 5 (citing Ex. 1032 ¶¶ 15–20). Petitioner points out
`
`that Maes discloses remote verification when downloading a digital
`
`certificate, along with local verification before decrypting the certificate, and
`
`that Maes may be configured to require verification of the certificate for
`
`each transaction. Reply 5–6 (citing Ex. 1003, 8:50–65, 10:18–21, 3:59–61,
`
`5:54–67; Ex. 1032 ¶ 18). Petitioner points out additionally that Maes teaches
`
`the remote server confirming a transaction using an “authorization number,
`
`which is a function of the digital certificate.” Id. at 6 (citing Ex. 1003,
`
`12:66–13:4, 6:50–53; Ex. 1032 ¶ 19).
`
`We find that, although Petitioner’s asserted combination would
`
`implement redundant authentication, skilled artisans had reason to make the
`
`combination. Indeed, it is because of the redundant authentication that the
`
`proposed combination would have enhanced security. Reply 9. Further,
`
`Maes’s teachings regarding local and remote verification of digital
`
`certificates are consistent with the combination incorporating Pare’s
`
`methods for remote verification. See Ex. 1003, 3:36–42, 3:39–49, 3:59–61.
`
`Although Patent Owner’s declarant takes the position that Maes’s remote
`
`and local verification occur at different time points, Maes discloses a user
`
`may choose the lifetime for a certificate, including requiring a new
`
`certificate for each transaction. Ex. 1033, 81:23–82:21; Ex. 1032 ¶ 18. Using
`
`17
`
`IPR2018-00067
`Unified EX1045 Page 18
`
`
`
`CONFIDENTIAL – BOARD AND PARTIES ONLY
`IPR2018-00067
`Patent 8,577,813 B2
`
`Pare’s teachings to modify Maes’s remote verification process would have
`
`improved security as asserted by Petitioner.
`
`(c) Whether combining Pare with Maes would eliminate important
`features of Maes and change Maes’s principles of operatio n
`
`Patent Owner argues that replacing Maes’s authorization number with
`
`Pare’s transaction message would eliminate Maes’s ability to “provide[]
`
`biometric security for transactions that do not involve electronic data
`
`transfer” because the combined system would no longer display an
`
`authorization number on the screen. PO Resp. 27 (modification in original)
`
`(quoting Ex. 1003, 12:30–54). According to Patent Owner, that ability is a
`
`key feature of Maes that enables it to work with existing infrastructure. Id. at
`
`28–29.
`
`Petitioner responds that the ability to be used in transactions without
`
`electronic data transfer is not a basic principle of Maes, as shown by Maes’s
`
`embodiment with electronic transmission for the authorization number.
`
`Reply 7–8 (citing Ex. 1003, 14:58–67). Instead, Petitioner asserts, Maes’s
`
`basic principle is centrally verified transactions that eliminate the need to
`
`carry insecure cards. Id. at 7 (citing Ex. 1032 ¶ 21; Ex. 1003, 1:59–2:20,
`
`2:23–30, 3:32–37). According to Petitioner, because Maes’s authorization
`
`number is derived from a server-issued certificate, it “allow[s] the central
`
`server to confirm for the merchant that the user was properly verified with
`
`the server.” Reply 8 (quoting Ex. 1032 ¶ 23).
`
`We find that the asserted combination would not change Maes’s
`
`principle of operation. Significantly, Patent Owner relies on one aspect of an
`
`embodiment to assert that the combination would impermissibly change
`
`Maes by removing the ability to convey an authorization number orally.
`
`18
`
`IPR2018-00067
`Unified EX1045 Page 19
`
`
`
`CONFIDENTIAL – BOARD AND PARTIES ONLY
`IPR2018-00067
`Patent 8,577,813 B2
`
`PO Resp. 27–28. But at least certain of Maes’s embodiments do involve
`
`electronic data transfer. Ex. 1003, 12:9–13 (“[T]he consumer transaction
`
`may be performed by transmitting the selected card information directly
`
`from the PDA device to the ATM or POS transaction terminal through an
`
`established communication link.”); see also id. at 3:34–36 (“The PDA is also
`
`capable of transmitting or receiving information through wireless
`
`communications such as radio frequency (RF) and infrared (IR)
`
`communication.”), 13:34–38 (“The selected card information, as well as the
`
`encrypted information file, would be transmitted to the POS terminal (via
`
`the Universal Card, RF or IR) . . . .”). We agree with Petitioner that Maes’s
`
`principle of operation is to provide transaction security through: (1) client-
`
`server interaction to authenticate a device with a server; and (2) local
`
`interaction to verify a user with the device. See Ex. 1003, 1:23–42.
`
`Although Petit