Trials@uspto.gov
`571-272-7822
`
`PUBLIC VERSION
`
` Paper No. 54
` Entered: May 1, 2019
`
`UNITED STATES PATENT AND TRADEMARK OFFICE
`____________
`
`BEFORE THE PATENT TRIAL AND APPEAL BOARD
`____________
`
`UNIFIED PATENTS, INC.,
`Petitioner,
`
`v.
`
`UNIVERSAL SECURE REGISTRY LLC,
`Patent Owner.
`____________
`
`Case IPR2018-00067
`Patent 8,577,813 B2
`____________
`
`Before BART A. GERSTENBLITH, SCOTT C. MOORE, and
`JASON W. MELVIN, Administrative Patent Judges.
`
`MELVIN, Administrative Patent Judge.
`
`FINAL WRITTEN DECISION
`35 U.S.C. § 318(a) and 37 C.F.R. § 42.73
`
`CONFIDENTIAL – BOARD AND PARTIES ONLY
`
`
`571-272-7822
`
`PUBLIC VERSION
`
` Paper No. 54
` Entered: May 1, 2019
`
`UNITED STATES PATENT AND TRADEMARK OFFICE
`____________
`
`BEFORE THE PATENT TRIAL AND APPEAL BOARD
`____________
`
`UNIFIED PATENTS, INC.,
`Petitioner,
`
`v.
`
`UNIVERSAL SECURE REGISTRY LLC,
`Patent Owner.
`____________
`
`Case IPR2018-00067
`Patent 8,577,813 B2
`____________
`
`Before BART A. GERSTENBLITH, SCOTT C. MOORE, and
`JASON W. MELVIN, Administrative Patent Judges.
`
`MELVIN, Administrative Patent Judge.
`
`FINAL WRITTEN DECISION
`35 U.S.C. § 318(a) and 37 C.F.R. § 42.73
`
`CONFIDENTIAL – BOARD AND PARTIES ONLY
`
`
`
`CONFIDENTIAL – BOARD AND PARTIES ONLY
`IPR2018-00067
`Patent 8,577,813 B2
`
`PUBLIC VERSION
`
`I.
`
`INTRODUCTION
`
`Petitioner, Unified Patents Inc., requested inter partes review of
`
`claims 1–3 and 5–26 of U.S. Patent No. 8,577,813 B2 (Ex. 1001, “the
`
`’813 patent”). Paper 12 (“Pet.”).1 Patent Owner, Universal Secure Registry
`
`LLC, filed a Preliminary Response (Paper 7, “Prelim. Resp.”) and a
`
`Supplemental Preliminary Response (Paper 13, “Supp. Prelim. Resp.”). 2 We
`
`instituted review. Paper 14 (“Inst.” or “Institution Decision”). Patent Owner
`
`filed a Response (Paper 28 (“PO Resp.”)) and a Conditional Motion to
`
`Amend (Paper 26 (“MTA”)); Petitioner filed a Reply (Paper 39 (“Reply”))
`
`and an Opposition to Patent Owner’s Contingent Motion to Amend
`
`(Paper 34 (“MTA Opp.”)); Patent Owner filed a Surreply (Paper 42) and a
`
`Reply to Petitioner’s Opposition (Paper 43 (“MTA Reply”)); and Petitioner
`
`filed a Surreply to the Contingent Motion to Amend (Paper 44 (“MTA
`
`Surreply”)). We held a hearing on January 30, 2019, and a transcript is
`
`included in the record. Paper 51 (“Tr.”).
`
`This is a final written decision as to the patentability of the challenged
`
`claims. For the reasons discussed below, we determine that Petitioner has
`
`proven by a preponderance of the evidence that each of claims 1–3, 5–9, 11,
`
`13–18, 20, and 22–26 of the ’813 patent is unpatentable but has not proven
`
`that any of claims 10, 12, 19, and 21 is unpatentable. We deny Patent
`
`Owner’s Contingent Motion to Amend.
`
`1 We authorized Petitioner to file a Corrected Petition. See Paper 11.
`2 We authorized Patent Owner to file a Supplemental Preliminary Response
`addressing claims 7–10. Paper 11, 5–7.
`
`2
`
`
`
`CONFIDENTIAL – BOARD AND PARTIES ONLY
`IPR2018-00067
`Patent 8,577,813 B2
`
`PUBLIC VERSION
`
`A. RELATED MATTERS
`
`The parties identify the following judicial matter involving the
`
`’813 patent: Universal Secure Registry LLC v. Apple Inc. et al., Case
`
`No. 1:17-cv-00585 (D. Del.) (filed May 21, 2017). Pet. 67; Paper 5.
`
`B. THE ’813 PATENT
`
`The ’813 patent issued November 5, 2013, from an application filed
`
`September 20, 2011. Ex. 1001, [45], [22]. The ’813 patent includes a
`
`number of priority claims, including dates as early as February 21, 2006. Id.
`
`at [63], [60], 1:6–32.
`
`The ’813 patent is titled “Universal Secure Registry” and is directed
`
`to authenticating a user using biometric and secret information provided to a
`
`user device, encrypted, and sent to a secure registry for validation. Id. at
`
`Abstract. The Specification describes one aspect of the invention as an
`
`“information system that may be used as a universal identification system
`
`and/or used to selectively provide information about a person to authorized
`
`users.” Id. at 3:65–4:1. One method described for controlling access involves
`
`“acts of receiving authentication information from an entity at a secure
`
`computer network, communicating the authentication information to the
`
`secure registry system, and validating the authentication information at the
`
`secure registry system.” Id. at 4:43–48. The “universal secure registry”
`
`(“USR”) is described as a computer system with a database containing
`
`entries related to multiple people, with a variety of possible information
`
`about each person, including validation, access, and financial information.
`
`Id. at 9:35–12:18.
`
`3
`
`
`
`CONFIDENTIAL – BOARD AND PARTIES ONLY
`IPR2018-00067
`Patent 8,577,813 B2
`
`PUBLIC VERSION
`
`Validation information in the ’813 patent “is information about the
`
`user of the database to whom the data pertains and is to be used by the USR
`
`software 18 to validate that the person attempting to access the information
`
`is the person to whom the data pertains or is otherwise authorized to receive
`
`it.” Id. at 12:19–23. Such information must “reliably authenticate the identity
`
`of the individual” and may include “a secret known by the user (e.g., a pin, a
`
`phrase, a password, etc.), a token possessed by the user that is difficult to
`
`counterfeit (e.g., a secure discrete microchip), and/or a measurement such as
`
`a biometric (e.g., a voiceprint, a fingerprint, DNA, a retinal image, a
`
`photograph, etc.).” Id. at 12:23–31. The ’813 patent describes using such
`
`information in combination with other information “to generate a one-time
`
`nonpredictable code which is transmitted to the computer system” and used
`
`“to determine if the user is authorized access to the USR database.” Id.
`
`at 12:50–60; see also id. at 45:55–46:36. Communication between a user
`
`device and the secure registry may occur through a point-of-sale (“POS”)
`
`device in the ’813 patent. Id. at 43:4–44:31.
`
`C. CHALLENGED CLAIMS
`
`Petitioner challenges claims 1–3 and 5–26. Challenged claims 1, 16,
`
`and 24 are independent. Claim 1 (reproduced below) is illustrative of the
`
`claimed subject matter:
`
`1[P]. An electronic ID device configured to allow a user to
`select any one of a plurality of accounts associated with the
`user to employ in a financial transaction, comprising:
`
`[a] a biometric sensor configured to receive a biometric
`input provided by the user;
`
`[b] a user interface configured to receive a user input
`including secret information known to the user and
`
`4
`
`
`
`CONFIDENTIAL – BOARD AND PARTIES
`IPR2018-00067
`Patent 8,577,813 B2
`
`PUBLIC VERSION
`
`identifying information concerning an account selected
`by the user from the plurality of accounts;
`
`[c] a communication interface configured to communicate
`with a secure registry;
`
`[d] a processor coupled to the biometric sensor to receive
`information concerning the biometric input, the user
`interface and the communication interface,
`
`[i] the processor being programmed to activate the
`electronic ID device based on successful
`authentication by the electronic ID device of at least
`one of the biometric input and the secret information,
`
`[ii] the processor also being programmed such that once
`the electronic ID device is activated the processor is
`configured to generate a non-predictable value and to
`generate encrypted authentication information from
`the non-predictable value, information associated
`with at least a portion of the biometric input, and the
`secret information, and
`
`[iii] to communicate the encrypted authentication
`information via the communication interface to the
`secure registry; and
`
`[e][i] wherein the communication interface is configured to
`wirelessly transmit the encrypted authentication
`information to a point-of-sale (POS) device, and
`
`[ii] wherein the secure registry is configured to receive
`at least a portion of the encrypted authentication
`information from the POS device.
`
`Ex. 1001, 51:65–52:29.3
`
`3 We include square-bracketed annotations following Petitioner’s
`demarcations. See Pet. 9–26.
`
`5
`
`
`
`CONFIDENTIAL – BOARD AND PARTIES ONLY
`IPR2018-00067
`Patent 8,577,813 B2
`
`PUBLIC VERSION
`
`D. GROUNDS OF UNPATENTABILITY
`
`Petitioner asserts the following grounds of unpatentability, each based
`
`on 35 U.S.C. § 103(a):4
`
`References
`
`Maes5 and Pare6
`
`Maes and Labrou7
`
`Challenged Claim(s)
`
`1–3, 5, 11, 13–17, 20, and 22–26
`
`1–3, 5, 11–17, and 19–26
`
`Maes, Pare, and Labrou
`
`12–15, 17, 19–23, 25, and 26
`
`Maes, Pare, and Burger8
`
`6–9 and 18
`
`Maes, Labrou, and Burger
`
`6–10 and 18
`
`Maes, Pare, Burger, and Labrou 10
`
`Pizarro9 and Pare
`
`1, 2, 5, 11, 13, 16, 17, and 24
`
`See Pet. 4–5; Inst. 30–31. Petitioner also relies on the Declaration of Dr. Eric
`
`Cole (Ex. 1009) and Declaration of Dr. Eric Cole in Support of Petitioner’s
`
`Reply to Patent Owner’s Response (Ex. 1032), while Patent Owner relies on
`
`the Declaration of Markus Jakobsson in Support of Patent Owner’s
`
`Response (Ex. 2004).
`
`4 The America Invents Act includes revisions to, inter alia, 35 U.S.C. § 103
`effective on March 16, 2013. Because the ’813 patent issued from an
`application filed before March 16, 2013, the pre-AIA version of 35 U.S.C.
`§ 103 applies.
`5 U.S. Patent No. 6,016,476, issued January 18, 2000 (Ex. 1003).
`6 U.S. Patent No. 5,870,723, issued February 9, 1999 (Ex. 1004).
`7 U.S. Patent Publication No. US 2004/0107170 A1, published June 3, 2004
`(Ex. 1005).
`8 International Publication WO 01/24123 A1, published April 5, 2001
`(Ex. 1006).
`9 U.S. Patent No. 7,865,448 B2, filed October 19, 2004 (Ex. 1007).
`
`6
`
`
`
`CONFIDENTIAL – BOARD AND PARTIES
`IPR2018-00067
`PUBLIC VERSION
`Patent 8,577,813 B2
`
`II. DISCUSSION
`
`A. LEVEL OF ORDINARY SKILL IN THE ART
`
`Petitioner and Patent Owner propose very similar statements of the
`
`level of ordinary skill in the art. In Patent Owner’s phrasing, a skilled artisan
`
`would have had “a Bachelor of Science degree in electrical engineering,
`
`computer science or computer engineering, and three years of work or
`
`research experience in the fields of secure transactions and encryption; or a
`
`Master’s degree in electrical engineering, computer science or computer
`
`engineering, and two years of work or research experience in related fields.”
`
`PO Resp. 16–17 (citing Ex. 2004 ¶ 18). Petitioner’s statement includes only
`
`a bachelor’s degree and marginally less work experience. Pet. 5. Patent
`
`Owner states that its positions would be the same under either party’s
`
`proposal. PO Resp. 17. We agree with Patent Owner that the analysis and
`
`conclusions remain the same under either proposal. As a more-
`
`comprehensive definition, we adopt Patent Owner’s statement and note that
`
`it is consistent with the prior art of record.
`
`B. CLAIM CONSTRUCTION
`
`Petitioner proposes constructions for three terms: “biometric input,”
`
`“secret information,” and “secure registry.” Pet. 6–7. Patent Owner asserts
`
`that no construction is required for any term. PO Resp. 17.
`
`We agree with Patent Owner that the parties’ disputes do not turn on
`
`the construction of these terms and construing the claims would not benefit
`
`this proceeding. We therefore decline to expressly construe the claims. See
`
`Nidec Motor Corp. v. Zhongshan Broad Ocean Motor Co., 868 F.3d 1013,
`
`1017 (Fed. Cir. 2017) (affirming that the Board only need construe claims
`
`7
`
`
`
`CONFIDENTIAL – BOARD AND PARTIES ONLY
`IPR2018-00067
`Patent 8,577,813 B2
`
`PUBLIC VERSION
`
`terms “to the extent necessary to resolve the controversy”) (citing Vivid
`
`Techs., Inc. v. Am. Sci. & Eng’g, Inc., 200 F.3d 795, 803 (Fed. Cir. 1999)).
`
`C. UNPATENTABILITY
`
`Petitioner’s assertions against the independent claims establish
`
`multiple grounds relying on Maes as the primary reference and either Pare or
`
`Labrou as the secondary reference. See Inst. 9 n.9; Pet. 4. Extending the
`
`assertions to dependent claims, Petitioner additionally asserts teachings from
`
`Labrou, Pare, and Burger. See Inst. 16 n.10, 21; Pet. 4–5. Petitioner also
`
`asserts Pizarro as a primary reference, in combination with Pare. Pet. 5.
`
`1. Maes and Pare
`
`Petitioner asserts Maes is prior art under 35 U.S.C. § 102(b) based on
`
`its January 18, 2000, issue date. Pet. 7. Maes discloses a system for
`
`processing transactions using a “transaction processing device (‘personal
`
`digital assistant’ or ‘PDA’) in which a user can store his or her credit card,
`
`ATM card and/or debit card (i.e., financial) information, as well as personal
`
`information, and then access and write selected information to a smartcard
`
`(‘Universal Card’), which is then used to initiate a POS, ATM, or consumer
`
`transaction.” Ex. 1003, 2:23–31. User verification on the device “may be
`
`performed by using either biometric data, PIN or password, or a combination
`
`thereof.” Id. at 3:59–61.
`
`Maes’s device may communicate with a “central server” to obtain a
`
`“temporary digital certificate” in order to access a user’s information. Id.
`
`at 2:36–42, 3:38–52. The central server stores personal information, secret
`
`information, and biometric data for a user, and verifies a user’s identity to
`
`issue a digital certificate. Id. at 7:20–35. A PDA’s connection to the central
`
`8
`
`
`
`CONFIDENTIAL – BOARD AND PARTIES ONLY
`IPR2018-00067
`Patent 8,577,813 B2
`
`PUBLIC VERSION
`
`server may occur directly through a variety of channels, or may connect via
`
`“a special ATM (or other such kiosks).” Id. at 7:60–8:5. Maes discloses a
`
`user providing verification data to a server to obtain a temporary digital
`
`certificate. Ex. 1003, 7:57–10:15. Maes then discloses a number of possible
`
`operations to conduct transactions using that digital certificate. Generally,
`
`the user’s identity is verified on the device, and, if the device has an
`
`unexpired digital certificate, the user’s payment information is decrypted for
`
`use in a transaction. Id. at 10:29–11:40. Maes discloses that payment
`
`information may be transmitted through a Universal Card (smartcard), or
`
`directly through a wireless interface. Id. at 12:5–29.
`
`In instances without electronic data transfer, Maes discloses
`
`generating an authorization number upon local verification. Id. at 12:40–49.
`
`The authorization number may be conveyed with card information to a
`
`merchant, who uses the authorization number to confirm with the central
`
`server that the user is properly verified. Id. at 12:30–13:5.
`
`Maes additionally states that “the present invention can be configured
`
`to afford an additional level of security for user verification” by verifying
`
`the consumer’s identity even beyond an unexpired digital certificate and
`
`local verification. Id. at 13:19–38. In that embodiment for additional
`
`security, a file with identifying information is sent from the consumer’s
`
`device to a POS terminal, which forwards the file to a financial institution.
`
`Id.
`
`Petitioner asserts Pare is prior art under 35 U.S.C. § 102(b) based on
`
`its February 9, 1999, issue date. Pet. 8. Pare discloses a “method and system
`
`for tokenless authorization of commercial transactions between a buyer and
`
`9
`
`
`
`CONFIDENTIAL – BOARD AND PARTIES ONLY
`IPR2018-00067
`Patent 8,577,813 B2
`
`PUBLIC VERSION
`
`a seller using a computer system.” Ex. 1004, Abstract. Pare’s system verifies
`
`buyers by requiring entry of biometric samples and a PIN, sending the
`
`information to a remote computer system (the “Data Processing Center
`
`(DPC)”) in an encrypted state, then comparing the information with such
`
`information previously registered by the buyer. Id. at 4:14–49, 6:12–16,
`
`8:35–36.
`
`Pare describes using a “Biometric Input Apparatus (BIA)” to “gather,
`
`encode, and encrypt biometric input for use in commercial transaction.” Id.
`
`at 10:41–46. For encryption, Pare teaches using a derived unique key per
`
`transaction (DUKPT) to select an encryption key from a “Future Key Table”
`
`that is an “unpredictable” key. Id. at 17:27–55, 18:50–63. The key is used to
`
`encrypt the “Biometric-PIN Block,” which contains biometric information
`
`and a PIN, for transmission to the DPC. Id. at 17:29–31.
`
`a. Claim 1
`
`Petitioner maps claim 1’s limitations to the references, applying Maes
`
`as the primary reference that teaches most claim limitations. See Pet. 9–27.
`
`While Petitioner asserts further that other references also teach certain
`
`limitations, other than as addressed below, we construe the ground as relying
`
`on Maes alone.
`
`(1)
`
`[Preamble] An electronic ID device configured to allow a user to
`select any one of a plurality of accounts associated with the user to
`employ in a financial transaction
`
`Petitioner asserts Maes teaches an electronic ID device allowing a
`
`user to store and select various financial cards that comprise a plurality of
`
`accounts associated with the user for use in a transaction. Pet. 9–10 (citing
`
`Ex. 1003, Abstract, 4:1–5, 12:5–29, Figs. 3, 5, 6). Patent Owner does not
`
`10
`
`
`
`CONFIDENTIAL – BOARD AND PARTIES ONLY
`IPR2018-00067
`Patent 8,577,813 B2
`
`PUBLIC VERSION
`
`contest Petitioner’s assertions in this regard.10 We need not determine
`
`whether the preamble is limiting because we conclude Petitioner has shown
`
`Maes teaches the preamble for the reasons provided by Petitioner.
`
`(2)
`
`[a] a biometric sensor configured to receive
`
`a biometric input provided by the user
`
`Petitioner asserts Maes teaches the claimed biometric sensor. Pet. 11
`
`(citing Ex. 1003, 5:54–63, 3:53–61, 10:49–54, 10:66–11:5, Fig. 1). Patent
`
`Owner does not contest Petitioner’s assertions in this regard. We conclude
`
`Petitioner has shown Maes teaches the claimed biometric sensor for the
`
`reasons provided by Petitioner.
`(3)
`[b] a user interface configured to receive a user input including
`secret information known to the user and identifying information
`concerning an account selected by the user from the plurality of
`accounts
`
`Petitioner asserts Maes teaches the claimed user interface by
`
`disclosing that the central server verifies the user “either biometrically or
`
`through PIN or password or a combination thereof” before generating a
`
`temporary digital certificate to download onto the user’s device. Pet. 12–13
`
`(citing Ex. 1003, 2:59–3:6, 3:45–61, 5:63–67, 8:40–42, 10:18–21, 10:29–44,
`
`10:49–54, 11:5–8, 14:40–46). Patent Owner does not contest Petitioner’s
`
`assertions in this regard. We conclude Petitioner has shown Maes teaches
`
`the claimed user interface for the reasons provided by Petitioner.
`
`10 The Scheduling Order instructed: “The patent owner is cautioned that any
`arguments for patentability not raised in the response will be deemed
`waived.” Paper 16, 7.
`
`11
`
`
`
`CONFIDENTIAL – BOARD AND PARTIES
`IPR2018-00067
`Patent 8,577,813 B2
`
`PUBLIC VERSION
`
`(4)
`
`[c] a communication interface configured to
`communicate with a secure registry
`
`Petitioner asserts Maes teaches its PDA includes a communication
`
`interface configured to communicate with central server 60, which is a
`
`secure registry because it “stor[es] information associated with users,
`
`including personal and financial information, a PIN or password, biometric
`
`data, and a unique account number, and it performs user verification for
`
`transactions.” Pet. 13–15 (quoting Ex. 1003, 7:20–41; citing Ex. 1003, 6:60–
`
`7:7, 2:59–3:1, 3:42–52, 6:61–7:4, 7:57–8:12, 12:10–57, 13:24–38, Figs. 1,
`
`3). Patent Owner does not contest Petitioner’s assertions in this regard. We
`
`conclude Petitioner has shown Maes teaches the claimed communication
`
`interface for the reasons provided by Petitioner.
`
`(5)
`
`[d] a processor coupled to the biometric sensor to receive
`information concerning the biometric input, the
`user interface and the communication interface
`
`Petitioner asserts Maes teaches that the user device includes a CPU (a
`
`processor) to handle inputs from and issue commands to the various
`
`components. Pet. 15–16 (citing Ex. 1003, 5:1–14, Fig. 1). Patent Owner does
`
`not contest Petitioner’s assertions in this regard. We conclude Petitioner has
`
`shown Maes teaches the claimed processor for the reasons provided by
`
`Petitioner.
`
`(6)
`
`[d][i] the processor being programmed to activate the electronic ID
`device based on successful authentication by the electronic ID device
`of at least one of the biometric input and the secret information
`
`Petitioner asserts Maes teaches that the user device prohibits access to
`
`stored accounts until the user performs local verification using biometric
`
`input or a PIN/password. Pet. 17–18 (citing Ex. 1003, 3:45–52, 5:63–67,
`
`12
`
`
`
`CONFIDENTIAL – BOARD AND PARTIES ONLY
`IPR2018-00067
`Patent 8,577,813 B2
`
`PUBLIC VERSION
`
`10:49–61, 11:9–18, 12:5–29). Patent Owner does not contest Petitioner’s
`
`assertions in this regard. We conclude Petitioner has shown Maes teaches
`
`the claimed processor programmed to activate the device for the reasons
`
`provided by Petitioner.
`
`(7)
`
`[d][ii] the processor also being programmed such that once the
`electronic ID device is activated the processor is configured to
`generate a non-predictable value and to generate encrypted
`authentication information from the non-predictable value,
`information associated with at least a portion of
` the biometric input, and the secret information
`
`Petitioner asserts a combination of teachings from Maes and Pare
`
`regarding the processor being “programmed such that once the electronic ID
`
`device is activated the processor is configured to generate a non-predictable
`
`value and to generate encrypted authentication information from the non-
`
`predictable value, information associated with at least a portion of the
`
`biometric input, and the secret information.” First, Petitioner looks to Maes’s
`
`disclosure of generating an authorization number derived from a digital
`
`certificate obtained from a central server and using the authorization number
`
`to authenticate the user with the server. Pet. 18 (citing Ex. 1003, 12:40–
`
`13:5). Petitioner admits that Maes does not teach generating a
`
`nonpredictable value or using such a value to generate authentication
`
`information. Id. For those aspects, Petitioner relies on Pare, which teaches
`
`“the concept of generating non-predictable values for generating encrypted
`
`authentication information associated with biometric input and secret
`
`information.” Id. In particular, Petitioner looks to Pare’s disclosure of a
`
`“commercial transaction message” that includes biometric and secret
`
`13
`
`
`
`CONFIDENTIAL – BOARD AND PARTIES ONLY
`IPR2018-00067
`Patent 8,577,813 B2
`
`PUBLIC VERSION
`
`information, encrypted using a randomly generated key. Id. at 19–20 (citing
`
`Ex. 1004, 17:27–46, Abstract, 4:34–42, 18:51–61, 19:43–20:15, Fig. 7).
`
`Petitioner asserts that a person of ordinary skill had reason “to
`
`substitute the encrypted authentication information taught in Pare . . . for the
`
`authorization number of Maes” because Maes already teaches encrypting
`
`certain information and discloses that its invention “may employ any known
`
`encryption technique or algorithm,” and because “encrypting sensitive
`
`information had long been an established practice in financial security
`
`systems to address fraud.” Id. at 21–23 (citing Ex. 1003, 10:10–15, 12:66–
`
`13:5, 13:24–38, 13:51–60, Fig. 5; Ex. 1009 ¶¶ 54, 36–38).
`
`Patent Owner argues that Petitioner’s assertions are deficient for
`
`several reasons.
`
`(a) Whether Pare teaches away from the combination
`
`According to Patent Owner, Pare criticizes token-based systems, in
`
`which “portable man made memory devices” or “smart cards” store PIN or
`
`biometric information, therefore subjecting that information to potential
`
`tampering or loss. PO Resp. 20–21 (citing Ex. 1004, 1:12–3:60, 2:21–53,
`
`5:5–8, 6:55–7:3, 7:46–60). Moreover, Patent Owner urges, Pare teaches
`
`away from adding security to protect from such risks because doing so
`
`“leads to centralization of function” that “looks good during design, but
`
`actual use results in increased vulnerability for consumers,” “heavier and
`
`heavier penalties on the consumer for destruction or loss” of the token, and
`
`additional costs. Id. at 21 (quoting Ex. 1004, 3:23–36). Patent Owner argues
`
`that Pare’s “‘objective’ and ‘essence of [the] invention’ is to conduct
`
`transactions ‘without . . . tokens.’” Id. (quoting Ex. 1004, 9:12–28; citing
`
`Ex. 1004, Abstract, 6:55–7:3, 7:57–60).
`
`14
`
`
`
`CONFIDENTIAL – BOARD AND PARTIES ONLY
`IPR2018-00067
`PUBLIC VERSION
`Patent 8,577,813 B2
`
`Petitioner considers Pare’s disclosures, at most, to express a
`
`preference for not storing information locally. Reply 4. According to
`
`Petitioner, “the encryption techniques of Pare would enhance the security of
`
`Maes.” Id. Petitioner submits that Maes addresses Pare’s concern with
`
`tokens because of the multiple layers of encryption and authentication
`
`imposed to protect the data. Tr. 10:13–18.
`
`“[I]n general, a reference will teach away if it suggests that the line of
`
`development flowing from the reference’s disclosure is unlikely to be
`
`productive of the result sought by the applicant.” In re Gurley, 27 F.3d 551,
`
`553 (Fed. Cir. 1994). What the prior art teaches, whether a person of
`
`ordinary skill in the art would have been motivated to combine references,
`
`and whether a reference teaches away from the claimed invention are
`
`questions of fact. Apple Inc. v. Samsung Elecs. Co., 839 F.3d 1034, 1051
`
`(Fed. Cir. 2016) (en banc).
`
`We find that Pare does not teach away from using its disclosures in a
`
`system such as Maes’s because Pare does not discredit token-based systems.
`
`Pare’s discussion of token-based systems recognizes benefits that arise from
`
`such approaches and also presents reasons that Pare’s approach is superior.
`
`See Ex. 1004, 3:2–36. In particular, Pare states that, by adding security, “the
`
`resulting system will definitely be more secure.” Id. Further, Pare’s
`
`discussion of token-based systems largely focuses on the idea that “the
`
`comparison and verification process is not isolated from the hardware and
`
`software directly used by the buyer attempting access.” Id. at 2:22–27. That
`
`aspect is not applicable to Maes, which uses remote verification through the
`
`digital certificate, as described by Petitioner’s application of Maes to the
`
`15
`
`
`
`CONFIDENTIAL – BOARD AND PARTIES ONLY
`IPR2018-00067
`Patent 8,577,813 B2
`
`PUBLIC VERSION
`
`other limitations of claim 1. Thus, we agree with Petitioner that Maes’s
`
`system provides features that address Pare’s concerns. Tr. 10:13–18; see
`
`Reply 4 (citing Ex. 1032 ¶¶ 13–14).
`
`Moreover, Petitioner asserts a combination that relies on Pare’s
`
`teachings “of generating non-predictable values for generating encrypted
`
`authentication information associated with biometric input and secret
`
`information.” Pet. 18. This aspect of Pare is independent of the overall
`
`approach used by Maes. We do not read Pare’s criticism of token-based
`
`systems as indicating that such systems cannot benefit from Pare’s
`
`encryption techniques. See KSR Int’l Co. v Teleflex Inc., 550 U.S. 398, 420
`
`(2007) (“[F]amiliar items may have obvious uses beyond their primary
`
`purposes, and in many cases a person of ordinary skill will be able to fit the
`
`teachings of multiple patents together like pieces of a puzzle.”). Thus, while
`
`Patent Owner argues that Pare teaches a system integrated with a sales
`
`terminal rather than a customer device (PO Resp. 22), we do not read Pare’s
`
`teachings as limited to the particular context in which its system operates.
`
`(b) Whether combining Pare with Maes would be
`redundant and less secure
`
`Patent Owner argues next that using Pare’s methods with Maes would
`
`be redundant and less secure. PO Resp. 23. Maes teaches local verification
`
`using biometric and PIN entry before proceeding with a transaction.
`
`Ex. 1003, 1:10–17, 2:32–42, 3:53–67, 5:60–63, 12:40–47. In contrast, Pare
`
`teaches validating biometric and PIN information remotely, at the server.
`
`Ex. 1004, Figs. 5, 12; see also id. at 2:21–53, 7:46–60. Patent Owner argues
`
`that submitting the same information for remote verification “would
`
`16
`
`
`
`CONFIDENTIAL – BOARD AND PARTIES ONLY
`IPR2018-00067
`Patent 8,577,813 B2
`
`PUBLIC VERSION
`
`needlessly expose the PIN and biometric information to fraud.”
`
`PO Resp. 25–26 (citing Ex. 2004 ¶ 61).
`
`Petitioner argues in response that skilled artisans would have
`
`configured a system to perform multiple verifications because it would
`
`enhance security. Reply 5 (citing Ex. 1032 ¶¶ 15–20). Petitioner points out
`
`that Maes discloses remote verification when downloading a digital
`
`certificate, along with local verification before decrypting the certificate, and
`
`that Maes may be configured to require verification of the certificate for
`
`each transaction. Reply 5–6 (citing Ex. 1003, 8:50–65, 10:18–21, 3:59–61,
`
`5:54–67; Ex. 1032 ¶ 18). Petitioner points out additionally that Maes teaches
`
`the remote server confirming a transaction using an “authorization number,
`
`which is a function of the digital certificate.” Id. at 6 (citing Ex. 1003,
`
`12:66–13:4, 6:50–53; Ex. 1032 ¶ 19).
`
`We find that, although Petitioner’s asserted combination would
`
`implement redundant authentication, skilled artisans had reason to make the
`
`combination. Indeed, it is because of the redundant authentication that the
`
`proposed combination would have enhanced security. Reply 9. Further,
`
`Maes’s teachings regarding local and remote verification of digital
`
`certificates are consistent with the combination incorporating Pare’s
`
`methods for remote verification. See Ex. 1003, 3:36–42, 3:39–49, 3:59–61.
`
`Although Patent Owner’s declarant takes the position that Maes’s remote
`
`and local verification occur at different time points, Maes discloses a user
`
`may choose the lifetime for a certificate, including requiring a new
`
`certificate for each transaction. Ex. 1033, 81:23–82:21; Ex. 1032 ¶ 18. Using
`
`17
`
`
`
`CONFIDENTIAL – BOARD AND PARTIES ONLY
`IPR2018-00067
`Patent 8,577,813 B2
`
`PUBLIC VERSION
`
`Pare’s teachings to modify Maes’s remote verification process would have
`
`improved security as asserted by Petitioner.
`
`(c) Whether combining Pare with Maes would eliminate important
`features of Maes and change Maes’s principles of operatio n
`
`Patent Owner argues that replacing Maes’s authorization number with
`
`Pare’s transaction message would eliminate Maes’s ability to “provide[]
`
`biometric security for transactions that do not involve electronic data
`
`transfer” because the combined system would no longer display an
`
`authorization number on the screen. PO Resp. 27 (modification in original)
`
`(quoting Ex. 1003, 12:30–54). According to Patent Owner, that ability is a
`
`key feature of Maes that enables it to work with existing infrastructure. Id. at
`
`28–29.
`
`Petitioner responds that the ability to be used in transactions without
`
`electronic data transfer is not a basic principle of Maes, as shown by Maes’s
`
`embodiment with electronic transmission for the authorization number.
`
`Reply 7–8 (citing Ex. 1003, 14:58–67). Instead, Petitioner asserts, Maes’s
`
`basic principle is centrally verified transactions that eliminate the need to
`
`carry insecure cards. Id. at 7 (citing Ex. 1032 ¶ 21; Ex. 1003, 1:59–2:20,
`
`2:23–30, 3:32–37). According to Petitioner, because Maes’s authorization
`
`number is derived from a server-issued certificate, it “allow[s] the central
`
`server to confirm for the merchant that the user was properly verified with
`
`the server.” Reply 8 (quoting Ex. 1032 ¶ 23).
`
`We find that the asserted combination would not change Maes’s
`
`principle of operation. Significantly, Patent Owner relies on one aspect of an
`
`embodiment to assert that the combination would impermissibly change
`
`Maes by removing the ability to convey an authorization number orally.
`
`18
`
`
`
`CONFIDENTIAL – BOARD AND PARTIES ONLY
`IPR2018-00067
`Patent 8,577,813 B2
`
`PUBLIC VERSION
`
`PO Resp. 27–28. But at least certain of Maes’s embodiments do involve
`
`electronic data transfer. Ex. 1003, 12:9–13 (“[T]he consumer transaction
`
`may be performed by transmitting the selected card information directly
`
`from the PDA device to the ATM or POS transaction terminal through an
`
`established communication link.”); see also id. at 3:34–36 (“The PDA is also
`
`capable of transmitting or receiving information through wireless
`
`communications such as radio frequency (RF) and infrared (IR)
`
`communication.”), 13:34–38 (“The selected card information, as well as the
`
`encrypted information file, would be transmitted to the POS terminal (via
`
`the Universal Card, RF or IR) . . . .”). We agree with Petitioner that Maes’s
`
`principle of operation is to provide transaction security through: (1) client-
`
`server interaction to authenticate a device with a server; and (2) local
`
`interaction to verify a user with the device. See Ex. 1003, 1:23–42.
`
`Although Petitioner’s proposed modification would eliminate Maes’s
`
`applicability to transactions without electronic data transfer, losing that
`
`feature does not preclude a conclusion of obviousness. See Allied Erecting &
`
`Dismantling Co. v. Genesis Attachments, LLC, 825 F.3d 1373, 1381 (Fed.
`
`Cir. 2016) (“Although modification of the movable blades may impede the
`
`quick change functionality disclosed by Caterpillar, ‘[a] given course of
`
`action often has simultaneous advantages and disadvantages, and thi
Accessing this document will incur an additional charge of $.
After purchase, you can access this document again without charge.
Accept $ Charge
Still Working On It
This document is taking longer than usual to download. This can happen if we need to contact the court directly to obtain the document and their servers are running slowly.
Give it another minute or two to complete, and then try the refresh button.
A few More Minutes ... Still Working
It can take up to 5 minutes for us to download a document if the court servers are running slowly.
Thank you for your continued patience.
This document could not be displayed.
We could not find this document within its docket. Please go back to the docket page and check the link. If that does not work, go back to the docket and refresh it to pull the newest information.
Your account does not support viewing this document.
You need a Paid Account to view this document. Click here to change your account type.
Your account does not support viewing this document.
Set your membership
status to view this document.
With a Docket Alarm membership, you'll
get a whole lot more, including:
- Up-to-date information for this case.
- Email alerts whenever there is an update.
- Full text search for other cases.
- Get email alerts whenever a new case matches your search.
One Moment Please
The filing “” is large (MB) and is being downloaded.
Please refresh this page in a few minutes to see if the filing has been downloaded. The filing will also be emailed to you when the download completes.
Your document is on its way!
If you do not receive the document in five minutes, contact support at support@docketalarm.com.
Sealed Document
We are unable to display this document, it may be under a court ordered seal.
If you have proper credentials to access the file, you may proceed directly to the court's system using your government issued username and password.
Access Government Site
