PUBLIC VERSION
`
`UNITED STATES PATENT AND TRADEMARK OFFICE
`________________
`
`BEFORE THE PATENT TRIAL AND APPEAL BOARD
`________________
`
`UNIFIED PATENTS INC.
`Petitioner,
`
`v.
`
`UNIVERSAL SECURE REGISTRY LLC
`Patent Owner
`________________
`Case IPR2018-00067
`U.S. Patent No. 8,577,813
`________________
`
`PATENT OWNER’S RESPONSE
`PURSUANT TO 37 C.F.R. § 42.120
`
`

`

`I.
`II.
`
`Page
`INTRODUCTION ...........................................................................................1
`OVERVIEW OF THE ‘813 PATENT ............................................................4
`A.
`The ‘813 Patent Specification ...............................................................4
`B.
`The ‘813 Patent Claims .........................................................................6
`C.
`Prosecution History of the ‘813 Patent .................................................6
`III. OVERVIEW OF THE ASSERTED PRIOR ART..........................................6
`A. Maes (Exhibit 1003)..............................................................................6
`B.
`Pare (Exhibit 1004).............................................................................10
`C.
`Labrou (Exhibit 1005).........................................................................14
`D.
`Pizarro (Ex. 1007)...............................................................................16
`E.
`Burger (Exhibit 1006) .........................................................................16
`LEVEL OF ORDINARY SKILL IN THE ART...........................................16
`IV.
`CLAIM CONSTRUCTION ..........................................................................17
`V.
`STANDARD OF REVIEW...........................................................................17
`VI.
`VII. GROUND 1 – MAES AND PARE DO NOT RENDER THE
`CHALLENGED CLAIMS OBVIOUS .........................................................18
`A.
`A POSITA Would Not Combine Maes And Pare To Arrive At
`The Independent Claims Of The ‘813 Patent......................................18
`1.
`There Is No Motivation To Combine Because Pare
`Teaches Away From The Claimed Electronic ID Device ........20
`There Is No Motivation To Combine Maes And Pare
`Because The Combination Is Redundant..................................23
`Petitioner’s Modifications Change Maes’s Principles Of
`Operation And Render It Inoperable For Its Intended
`Purpose......................................................................................26
`Petitioner Fails To Articulate A Valid Reason For
`Combining Maes And Pare To Arrive At These Claims..........30
`Petitioner Has Failed To Show Claim 2 Is Invalid. ............................35
`
`2.
`
`3.
`
`4.
`
`B.
`
`PUBLIC VERSION
`
`TABLE OF CONTENTS
`
`i
`
`

`

`1.
`
`2.
`
`2.
`
`3.
`
`2.
`
`3.
`
`The Universal Card Number Does Not Satisfy Claim 2
`Because It Is Not Associated With The Electronic ID
`Device .......................................................................................35
`The Account Number Does Not Satisfy Claim 2 Because
`It Is Not Associated With The Electronic ID Device. ..............37
`VIII. GROUND 2—MAES AND LABROU DO NOT RENDER THE
`CHALLENGED CLAIMS OBVIOUS .........................................................38
`A.
`A POSITA Would Not Combine Maes And Labrou To Arrive
`At The Independent Claims Of The ‘813 Patent.................................39
`1.
`There Is No Motivation To Modify Labrou To Generate
`The Claimed Encrypted Authentication Information ...............40
`The Claims Are Not Obvious Because Petitioner Has Not
`Explained How Its Combination Would Work ........................45
`There Is No Motivation To Combine Maes And Labrou
`For The Same Reasons Already Discussed With Pare.............46
`Petitioner Has Failed To Show Claims 12 and 21 Are Obvious.........48
`1.
`Labrou Does Not Disclose Account Identifying
`Information................................................................................49
`There Is No Motivation To Combine Because The
`Combination Conflicts With Maes’ Purpose And
`Principles Of Operation ............................................................51
`Petitioner Fails To Show How Or Why A POSITA
`Would Combine Maes And Labrou To Arrive At Claims
`12 And 21..................................................................................53
`Petitioner Has Failed To Show Claim 19 Is Obvious .........................55
`1.
`Petitioner Fails To Show Labrou Teaches Claim 19................55
`2.
`Petitioner Fails To Provide Any Reason Why A POSITA
`Would Combine Maes and Labrou To Arrive At Claim
`19...............................................................................................56
`IX. GROUND 3 – MAES, PARE, AND LABROU DO NOT RENDER
`THE CHALLENGED CLAIMS OBVIOUS.................................................59
`GROUND 4 – MAES, PARE, AND BURGER DO NOT RENDER
`THE CHALLENGED CLAIMS OBVIOUS.................................................59
`
`X.
`
`PUBLIC VERSION
`
`ii
`
`B.
`
`C.
`
`

`

`PUBLIC VERSION
`
`B.
`
`XI. GROUND 5 – MAES, LABROU, AND BURGER DO NOT RENDER
`THE CHALLENGED CLAIMS OBVIOUS.................................................60
`A.
`Labrou Does Not Disclose The Type Of Seed Recited In Claim
`10 .........................................................................................................60
`The Board Correctly Found No Motivation To Combine
`Labrou To Arrive At Claim 10 ...........................................................63
`XII. GROUND 6 – MAES, PARE, BURGER AND LABROU DO NOT
`RENDER THE CHALLENGED CLAIMS OBVIOUS ...............................63
`XIII. GROUND 7 – PIZARRO AND PARE DO NOT RENDER THE
`CHALLENGED CLAIMS OBVIOUS .........................................................64
`A.
`A POSITA Would Not Combine Pizarro And Pare To Arrive
`At The Independent Claims.................................................................64
`XIV. THE BOARD SHOULD DISMISS THE PETITION FOR FAILURE
`TO IDENTIFY AN RPI. ...............................................................................68
`XV. CONCLUSION..............................................................................................71
`
`iii
`
`

`

`PUBLIC VERSION
`
`TABLE OF AUTHORITIES
`
`Cases
`
`Page(s)
`
`Abiomed, Inc. v. Maquet Cardiovascular, LLC,
`IPR2017-01204, -01205 (PTAB Oct. 23, 2017).................................................67
`Apple v. Uniloc Luxembourg S.A.,
`IPR2018-00420 (August 6, 2018).......................................................................44
`Arendi S.A.R.L. v. Apple Inc.,
`832 F.3d 1355 (Fed. Cir. 2016) ..........................................................................31
`Cutsforth Inc. v. MotivePower, Inc.,
`636 F. App’x 575 (Fed. Cir. 2016) .....................................................................31
`General Electric Company v. United Technologies Corp.,
`IPR2016-00531 (June 26, 2017).........................................................................27
`Google Inc. v. ART+COM Innovationpool GmbH,
`Case IPR2015-00788 (PTAB Sept. 2, 2015)......................................................57
`Harmonic v. Avid Technology,
`815 F.3d 1356 (Fed. Cir. 2016) ..........................................................................53
`Hewlett-Packard Co. v. U.S. Philips Corp. et al.,
`IPR2015-01505 (PTAB January 19, 2016) ........................................................57
`In re Magnum Oil Tools Int’l, Ltd.,
`829 F.3d 1364 (Fed. Cir. 2016) ..........................................................................31
`Kinetic Concepts, Inc. v. Smith & Nephew, Inc.,
`688 F.3d 1342 (Fed. Cir. 2012) ..........................................................................34
`KSR Int’l. Co. v. Teleflex, Inc.,
`550 U.S. 398 (2007)............................................................................................56
`LG Elecs., Inc. v. Advanced Micro Devices, Inc.,
`Case IPR2015-00329 (PTAB July 10, 2015) .....................................................56
`Microsoft Corp. v. Koninklijke Philips N.V.,
`IPR2018-00185 (May 22, 2018).........................................................................27
`
`iv
`
`

`

`PUBLIC VERSION
`
`Personal Web Techs., LLC v. Apple, Inc.,
`848 F.3d 987 (Fed. Cir. 2017) ..................................................................... 44, 53
`Polaris Industries, Inc. v. Arctic Cat, Inc.,
`882 F.3d 1056 (Fed. Cir. 2018) ..........................................................................21
`Samsung Elecs. Co., Ltd. v. Infobridge Pte. Ltd.,
`IPR2017-00100 (PTAB Apr. 23, 2018)..............................................................18
`Stryker Corp. v. Karl Storz Endoscopy America, Inc.,
`IPR2015- 00764 (September 2, 2015) ................................................................24
`Trivascular, Inc. v. Samuels,
`812 F.3d 1056 (Fed. Cir. 2016) ..........................................................................18
`TRW Automotive U.S. LLC v. Magna Electronics, Inc.,
`IPR2015-00972 (September 16, 2015) ...............................................................23
`Applications in Internet Time, LLC v. RPX Corporation,
`897 F.3d 1336 (Fed. Cir. July 9, 2018)…………………………………. ...69
`
`Statutory Authorities
`35 U.S.C. § 316(e)......................................................................................................1
`Rules and Regulations
`37 C.F.R. § 42.64(b)(2) ...........................................................................................58
`37 C.F.R. § 42.100(b) ..............................................................................................17
`
`v
`
`

`

`PUBLIC VERSION
`
`TABLE OF EXHIBITS
`
`Exhibit #
`2001
`
`Description
`Stipulated Protective Order
`
`2002
`
`2003
`
`2004
`
`2005
`
`2006
`
`2007
`
`2008
`
`2009
`
`2010
`
`2011
`
`2012
`
`Redline Comparison To Default Protective Order
`
`U.S. Application No. 13/237,184
`
`Declaration of Markus Jakobsson in Support of Patent
`Owner’s Response
`
`Curriculum Vitae of Markus Jakobsson
`
`Transcript of the Deposition of Dr. Eric Cole
`
`Petitioner’s website, dated 1-1-2014
`
`Petitioner’s website, dated 3-2-2016
`
`Petitioner’s website, dated 6-11-2013
`
`Brief of Amici Curiae Unified Patents
`
`Membership Agreement
`
`Subscription Fees
`
`vi
`
`

`

`PUBLIC VERSION
`
`Unified Patents (“Petitioner” or “Unified”) filed its Corrected Petition (Paper
`
`12, “Petition”) on March 16, 2018, alleging claims 1-3 and 5-26 of U.S. Patent No.
`
`8,577,813 (“the ‘813 patent”) are obvious. The Board instituted review (Paper 14,
`
`“Decision”), but found that Petitioner had not shown a reasonable likelihood it
`
`would prevail on claims 10 and 19. Decision at 19-20, 23-24. Universal Secure
`
`Registry (“PO”) submits this Response.
`
`I.
`
`INTRODUCTION
`Petitioner has not met its “burden of proving a proposition of unpatentability
`
`by a preponderance of the evidence.” 35 U.S.C. § 316(e). Unable to muster any
`
`anticipation ground against the ‘813 patent, Petitioner advances hindsight
`
`combinations that selectively cull components from prior art in an attempt to fit the
`
`parameters of the patented invention. But these hindsight combinations fail to
`
`demonstrate that any of the challenged claims are unpatentable.
`
`Petitioner has not shown the independent claims are invalid. These claims
`
`include limitations requiring an electronic ID device that transmits encrypted
`
`authentication information generated by using specific types of information.
`
`Petitioner takes three shots at invalidating these claims: Ground 1 (Maes in view of
`
`Pare), Ground 2 (Maes in view of Labrou), and Ground 7 (Pizzaro in view of
`
`Pare). Each ground fails.
`
`1
`
`

`

`PUBLIC VERSION
`
`In Ground 1, Petitioner admits that its primary reference, Maes, does not
`
`teach the claimed encrypted authentication information. Petitioner attempts to
`
`combine Maes with Pare, but the combination it proposes is exactly what Pare
`
`teaches a POSITA should not do. Further, a POSITA would also not be motivated
`
`to make Petitioner’s combination because it would introduce redundant features
`
`that render the system less secure, and eliminate key objectives and features of
`
`Maes.
`
`Recognizing the weakness in its Pare combination, in Ground 2 Petitioner
`
`takes another shot at the encrypted authentication limitations of the independent
`
`claims by combining Maes with Labrou. But, this combination is even weaker
`
`than its Pare combination. Not only is there no motivation to combine, but Labrou
`
`does not disclose the claimed encrypted authentication information. The Board
`
`should reject Petitioner’s invitation to find obviousness based upon a reference that
`
`doesn’t disclose the missing limitations.
`
`Although Petitioner swaps out Maes for Pizzaro in Ground 7, its
`
`combination of Pizzaro and Pare is not materially different than the Maes and
`
`Pare combination in Ground 1. Thus, Ground 7 fails for the same reasons as in
`
`Ground 1. In fact, Pizzaro is more deficient than Maes because Pizzaro’s
`
`electronic ID device does not receive secret information, which is one of the inputs
`
`needed to generate the claimed encrypted authentication information.
`
`2
`
`

`

`PUBLIC VERSION
`
`Petitioner also cannot meet its burden to show obviousness because the
`
`Petition fails to articulate how or why a POSITA would combine the prior art
`
`references in the manner it proposes. The Federal Circuit repeatedly holds that to
`
`satisfy its burden of proving obviousness, a Petitioner cannot rely on conclusory
`
`statements. Rather, it must articulate a specific reasoning for combining references
`
`and a “clear, evidence-supported account” of “how the combination” would work.
`
`Petitioner’s failure to satisfy this evidentiary standard is fatal to its challenge.
`
`Although Petitioner’s failure to show the independent claims are invalid is
`
`sufficient reason to deny this IPR challenge, additional reasons exist for finding
`
`Petitioner has not met its burden to show dependent claims 2, 10, 12, 19, or 21 are
`
`invalid.
`
`Claims 10 and 19 require the electronic ID device generate a specific type
`
`of seed that is then used to generate the encrypted authentication information. In
`
`each of the grounds challenging claims 10 and 19, Petitioner relies solely upon the
`
`Labrou. But, Labrou does not teach the claimed limitation. Moreover, the Board
`
`correctly found in its Institution Decision that the Petitioner did not demonstrate a
`
`likelihood of prevailing for these claims because “Petitioner has not adequately
`
`shown that a person of ordinary skill would have combined the” prior art in the
`
`manner Petitioner proposes. Decision at 19-20, 23-24. Because a higher
`
`3
`
`

`

`PUBLIC VERSION
`
`obviousness standard applies post-institution, the Board’s conclusion applies with
`
`even greater force now.
`
`Claims 12 and 21 include an additional limitation in which, after one of the
`
`plurality of accounts is selected, the electronic ID device generates “account
`
`identifying information” for the selected account that “does not identify an account
`
`number” of the selected account. Again, Petitioner relies solely on Labrou, which
`
`does not teach the limitation and which a POSITA would not be motivated to
`
`combine with Maes.
`
`Also, Petitioner’s challenge to claim 2 in Ground 1 fails because Petitioner
`
`has not shown the prior art discloses the claimed “discrete code associated with the
`
`electronic ID device.”
`
`Finally, the Petition should be dismissed because Petitioner has not named
`
`all real parties in interest.
`
`II. OVERVIEW OF THE ‘813 PATENT
`A.
`The ‘813 Patent Specification
`The ‘813 patent provides improved systems, devices and methods that allow
`
`users to securely authenticate their identity when using a “point-of-sale” (“POS”)
`
`device. Ex. 1001, Fig. 31, 43:4-51:55. When used in conjunction with the
`
`Universal Secure Registry (“USR”) of the preferred embodiment, the claimed
`
`Electronic ID Device can both securely identify the user, and separately
`
`4
`
`

`

`PUBLIC VERSION
`
`authenticate and approve the user’s financial transaction requests made through a
`
`POS device. Id., 43:4-15, Fig. 31. The USR (USR 10 in Fig. 1, USR 356 in Fig.
`
`31) includes a secure database that stores account (e.g., credit card) information for
`
`a plurality of users. Id., 44:39-53.
`
`The ‘813 specification identifies a number of disadvantages of prior art
`
`approaches to providing secure access. For example, a prior art authorization
`
`system may control access to computer networks using password protected
`
`accounts, but such a system is susceptible to tampering and difficult to maintain.
`
`Id., 1:64-2:15. Or, hand-held computer devices may be used to verify identity, but
`
`security could be compromised if a device ends up in the wrong hands. Id., 2:16-
`
`43.
`
`To prevent unauthorized use of the Electronic ID Device, a user must first
`
`authenticate themselves to the device to activate it for a financial transaction. The
`
`‘813 patent describes multiple ways to do this, including using a biometric input
`
`(e.g., fingerprint) and/or secret information (e.g., a PIN). Id., 45:55-46:45, 50:1-
`
`22, 51:7-26. Once activated, the Electronic ID Device allows a user to select an
`
`account for a financial transaction, and also generates encrypted authentication
`
`information that is sent via the POS device to the USR for authentication and
`
`approval of the requested financial transaction.
`
`Id., 46:22-36. This encrypted
`
`authentication information is not the user’s credit card information (which could be
`
`5
`
`

`

`PUBLIC VERSION
`
`intercepted and misused). Instead, the Electronic ID Device first generates a non-
`
`predictable value (e.g., a random number) using, for example, a seed (Id., 33:64-
`
`34:61, 46:46-67), and then generates single-use authentication information using
`
`the non-predictable value, information associated with the biometric data, and the
`
`secret information.
`
`Id., 46:14-36, 50:56-65. This encrypted authentication
`
`information is transmitted to the secure registry, where it is used to determine
`
`transaction approval. Id., 11:36-45, 12:19-44, 12:64-13:8, 48:60-49:24, 50:23-32,
`
`51:7-26.
`
`The ‘813 Patent Claims
`B.
`The ‘813 patent includes 26 claims. Claims 1, 16, and 24 are independent.
`
`All of the claims relate to communicating authentication information from an
`
`electronic ID device.
`
`Prosecution History of the ‘813 Patent
`C.
`The ‘813 patent issued on November 5, 2013. The patent was subject to a
`
`thorough examination, and was allowed over the prior art.
`
`III. OVERVIEW OF THE ASSERTED PRIOR ART
`A. Maes (Exhibit 1003)
`The “object of [Maes’] present invention” is to provide a PDA that is
`
`“compatible with the current infrastructure (i.e., immediately employed without
`
`having to change the existing infrastructure)” and in which the user can store all
`
`6
`
`

`

`PUBLIC VERSION
`
`their financial card information. Id., 2:23-49, 7:61-7:19. When the user needs to
`
`conduct a transaction, the PDA writes selected card information to a smartcard
`
`(“Universal Card”) that is swiped across a sales terminal. Id., 4:1-11, 2:23-30.
`
`A user of Maes enrolls for the service. Id., 6:56-67. Prior to conducting a
`
`transaction, the user connects the PDA to the central server of the service provider
`
`in a “client/server” mode to download a temporary digital certificate. Id., 3:39-52.
`
`After downloading the certificate, the PDA initiates financial transactions without
`
`connecting to a server, in what is called “local mode.” Id., 3:52-67, Figs. 5-6.
`
`Where the Maes PDA is being used with a sales terminal that supports
`
`electronic data transfer, the local mode operates as shown below:
`
`7
`
`

`

`PUBLIC VERSION
`
`Id., 3:53-467, 12:5-29, Fig. 5. The user selects a card stored in the PDA. Id., 12:5-
`
`29. The PDA determines that the user is authorized to initiate the transaction by
`
`performing local verification (i.e., verification on the PDA) of the user’s biometric
`
`and/or PIN, and also confirming the digital certificate is valid. Id., 3:53-467, Fig.
`
`8
`
`

`

`PUBLIC VERSION
`
`5. If the verification is valid, the PDA determines the user is authorized to conduct
`
`the transaction, and the card information is transmitted to a financial institution.
`
`Id., 312:5-29, Fig. 5.
`
`Maes discloses an alternative local mode of operation that is designed to
`
`“provide[] biometric security for transactions that do not involve electronic data
`
`transfer” (e.g., transactions “performed remotely over the telephone”) using an
`
`“authorization number.” Id., 12:30-39, 6:50-55, 2:42-48. In these situations, after
`
`the PDA locally verifies that the user using the biometric and other information, it
`
`displays the authorization number on the PDA screen. Id., 12:30-13:5. The user
`
`then “verbally communicate[s]” the card information and authorization number “to
`
`the merchant in order to process the transaction.” Id., 12:30-13:5. The operation
`
`of this alternative local mode is shown below:
`
`9
`
`

`

`PUBLIC VERSION
`
`Pare (Exhibit 1004)
`B.
`Pare states there is a need for a financial transaction system that eliminates
`
`“tokens”—a term Pare uses to refer to “portable man-made memory devices” or
`
`“smart cards” used to conduct financial transactions (e.g., a PDA ,cell phone, or
`
`Universal Card). Pare, 1:12-3:60, 5:5-8, 6:55-7:3. Pare criticizes systems that use
`
`physical tokens to conduct financial transactions. Pare , 1:12-3:60. Pare explains
`
`10
`
`

`

`PUBLIC VERSION
`
`that having the token perform biometric verification is problematic because it
`
`requires the biometric be stored on the token, subjecting it to tampering and fraud
`
`by a malicious user. Id., 2:21-53. Pare also states that using a token as a central
`
`repository for the buyer’s financial information is a bad idea because it creates a
`
`“monster” token that can “financially incapacitate” the buyer if lost or stolen. Id.,
`
`3:23-33.
`
`Accordingly, the “objective” and “essence of [Pare’s] invention” is to
`
`conduct transactions “without the use of any tokens.” Pare, 9:12-28, 6:55-7:3,
`
`7:57-60. With Reference to Figure 3 below, Pare teaches a point of sales terminal
`
`2 that includes an integrated “Biometric Input Device 12” (“BIA”) with
`
`“fingerprint sensor 13” and “PIN pad 14.” Id., 9:40-10:8, 11:23-29. The “sales
`
`terminal 2” also communicates with a “Data Processing Center (DPC)” 1 using
`
`“modem 18.” Id. A buyer using Pare’s system does not employ any token, and
`
`instead conducts transaction using the sales terminal.
`
`11
`
`

`

`PUBLIC VERSION
`
`The terminal and DPC employ a specialized protocol to conduct financial
`
`transactions. In the protocol, the biometric and PIN are not locally verified. Id.,
`
`7:45-51. These values are instead encrypted and included in a “commercial
`
`transaction message”—along with other information needed to decrypt and process
`
`the message—that is then sent to the DPC:
`
`12
`
`

`

`PUBLIC VERSION
`
`Pare at Abstract; Fig. 5, Fig. 11 (illustrating transaction process). The DPC then
`
`uses the biometric and PIN information to verify the buyer’s identity and
`
`determine
`
`if
`
`the
`
`transaction
`
`should be authorized.
`
`
`
`Id., Fig. 11
`
`(“Decryption/Validation Process at a DPC,” “Biometric ID Process”), Fig. 12
`
`(illustrating biometric and PIN verification).
`
`13
`
`

`

`PUBLIC VERSION
`
`Labrou (Exhibit 1005)
`C.
`In Labrou, the merchant and consumer register with a secure transaction
`
`server and obtain a “Private Identification Entry.” Ex. 1005, ¶ 524. The “PIE” is
`
`“entered by the user whenever the user attempts a transaction.” Id.,¶ 524.
`
`Labrou illustrates the PIE as a PIN. Id., ¶ 253, 256, 259; Figs. 29-32. While
`
`amongst its more than 600 paragraphs and 60 figures Labrou includes a paragraph
`
`that mentions the PIE can be a biometric input instead of a PIN, Labrou fails to
`
`explain how using a biometric as a PIE would work and not render the device
`
`inoperable. Id., ¶ 524; Ex. 2004, ¶¶ 87-89.
`
`To conduct a transaction, the consumer and merchant generate messages
`
`containing their view of the transaction terms. Id., ¶¶ 180, 229, 236, Fig. 29. For
`
`example, this is shown in Figure 29:
`
`14
`
`

`

`PUBLIC VERSION
`
`Id., ¶ 244, Fig. 29. With reference to the “consumer message,” the consumer
`
`device uses the PIE (“PINc”) and a random number (“RSNc”) to generate an
`encryption key (“KEYc”). Id., ¶¶ 246-247, 250-253. The transaction terms
`(Transaction), user’s ID (“UIDc”) and merchant device ID (“DIDm”) are then
`encrypted using the key. Id., ¶¶ 252-253. The encrypted information is sent with a
`
`time stamp and consumer device ID (“DIDc”) to the server. The merchant
`performs a similar process, using its PIEM and RSNM. Id., ¶¶ 255-257. The server
`receives the messages, decrypts the data, and compares it to authorize the
`
`transaction.
`
`15
`
`

`

`PUBLIC VERSION
`
`Pizarro (Ex. 1007)
`D.
`In Pizarro, a user loads financial accounts into a cell phone that wirelessly
`
`completes a transaction with a point-of-sale device. Ex. 1007 at Abstract, 9:14-24.
`
`Before a transaction is initiated, a user sends its physical address to a financial
`
`institution. Id. at 7:54-67.
`
`To initiate a transaction, the customer selects an account from those stored
`
`on the user device. The account information is transmitted to the financial
`
`institution, which verifies the proximity of the user device to the physical address
`
`on file. Id., 2:64-3:8; 9:25-39. In one embodiment, the user device locally verifies
`
`the buyer’s identity using a biometric. Id., 9:25-39, Fig. 4A. In another
`
`embodiment, the biometric information is not verified locally on the user device
`
`and is instead sent to the financial institution for verification. Id., Fig. 4B.
`
`Burger (Exhibit 1006)
`E.
`Burger teaches a device where the user can manipulate a touch screen to
`
`locate account information. Ex. 1006, 14:25-31. To access account information, a
`
`user’s fingerprint is verified locally. Id., 30:20-29.
`
`IV. LEVEL OF ORDINARY SKILL IN THE ART
`A person having ordinary skill in the art (“POSITA”) at the time of the
`
`invention would have a Bachelor of Science degree in electrical engineering,
`
`computer science or computer engineering, and three years of work or research
`
`16
`
`

`

`PUBLIC VERSION
`
`experience in the fields of secure transactions and encryption; or a Master’s degree
`
`in electrical engineering, computer science or computer engineering, and two years
`
`of work or research experience in related fields. Ex. 2004, ¶ 18. PO’s position is
`
`essentially the same as that of the Petitioner, except that Petitioner only requires
`
`two years of work or research experience (as compared to three). See Pet., 5; Ex.
`
`2004, ¶ 19. The positions set forth in this PO response would be the same under
`
`either parties’ proposal. Id.
`
`V.
`
`CLAIM CONSTRUCTION
`Petitioner identifies three terms that purportedly require construction. Pet.,
`
`5-7. PO contends construction of these terms is not necessary to resolve the
`
`matters raised here.1
`
`VI.
`
`STANDARD OF REVIEW
`“[T]here is a significant difference between a petitioner’s burden to
`
`establish a ‘reasonable likelihood of success’ at institution, and actually proving
`
`invalidity by a preponderance of the evidence at trial.” Trivascular, Inc. v.
`
`Samuels, 812 F.3d 1056, 1068 (Fed. Cir. 2016). Because, at the institution phase,
`
`the “Board is considering the matter preliminarily [and] without the benefit of a
`
`
`1 PO does not concede that Petitioner’s constructions should be adopted in the
`
`litigation.
`
`17
`
`

`

`PUBLIC VERSION
`
`full record,” “the Board is not bound by any findings made in its Institution
`
`Decision.” Trivascular, 812 F.3d at 1068. Findings made during Trial are
`
`rendered “under a qualitatively different standard” than is used when considering
`
`institution. Id.; see also Samsung Elecs. Co., Ltd. v. Infobridge Pte. Ltd., IPR2017-
`
`00100, Paper No. 30, 15 (PTAB Apr. 23, 2018) (“we now must evaluate the
`
`evidence of record against a different, and higher, standard.”).
`
`VII. GROUND 1 – MAES AND PARE DO NOT RENDER THE
`CHALLENGED CLAIMS OBVIOUS
`Ground 1 is the combination of Maes in view of Pare for claims 1-3, 5, 11,
`
`13-17, 20, and 22-26. Decision, 30. Ground 1 does not render any claim obvious.
`
`A.
`
`A POSITA Would Not Combine Maes And Pare To Arrive At The
`Independent Claims Of The ‘813 Patent
`Each of the three independent claims of the ‘813 patent requires an
`
`electronic ID device configured to transmit to a secure registry encrypted
`
`authentication information that is generated from three types of information: (1) a
`
`non-predictable value, (2) information associated with at least a portion of the
`
`biometric input, and (3) the secret information. For example, Claim 1 recites:
`
`[1d][ii] the processor [of an electronic ID device] also being
`programmed such that once the electronic ID device is activated the
`processor is configured to generate a non-predictable value and to
`generate encrypted authentication
`information
`from
`the non-
`predictable value, information associated with at least a portion of the
`biometric input, and the secret information, and
`
`18
`
`

`

`PUBLIC VERSION
`
`[1d][iii] to communicate the encrypted authentication information via
`the communication interface to the secure registry; and
`
`Ex. 1001, 52:9-23; see also id., 53:32-48 (Claim 16), id., 54:27-38 (Claim 24).
`
`Petitioner concedes that Maes does not disclose these limitations. Pet., 18
`
`(“Maes does not teach generating a non-predictable value or using the non-
`
`predictable value to generate encrypted authentication information…”), 23.
`
`However, Petitioner argues the limitation is obvious in view of Pare.
`
`Specifically, Petitioner argues Maes teaches that for purposes of “provid[ing]
`
`biometric security for transactions that do not involve electronic data transfer,” the
`
`PDA can display an “authorization number” on the screen after verifying the user’s
`
`PIN and biometric. Maes, 12:30-54. The user verbally communicates the number
`
`to the merchant so it can be checked with a central server. Id. Petitioner asserts
`
`that a POSITA would be motivated to replace Maes’ authorization number with
`
`Pare’s “commercial
`
`transaction message,”
`
`and
`
`that
`
`transmitting Pare’s
`
`commercial transaction message would satisfy the missing claim limitations. Pet.,
`
`18-23; Ex. 1009, ¶ 54; see also Decision, 11-13.
`
`Petitioner’s combination should be rejected for several reasons. First, Pare
`
`teaches away from Petitioner’s combination. Second, Petitioner’s combination is
`
`redundant and less secure. Third, the combination eliminates important features
`
`19
`
`

`

`PUBLIC VERSION
`
`of Maes and changes its principles of operation. Fourth, Petitioner has failed to
`
`articulate how or why a POSITA would combine the two references.
`
`1.
`
`There Is No Motivation To Combine Because Pare Teaches
`Away From The Claimed Electronic ID Device
`“A reference may be said to teach away when a person of ordinary skill,
`
`upon reading the reference, would be discouraged from following the path set out
`
`in the reference, or would be led in a direction divergent from the path that was
`
`taken by the applicant.” Polaris Industries, Inc. v. Arctic Cat, Inc., 882 F.3d 1056,
`
`1069 (Fed. Cir. 2018). If the disclosure “criticize[s], discredit[s], or otherwise
`
`discourage[s]” the solution claimed, then the disclosure teaches away such that a
`
`POSITA would not be motivated to combine the references. Id. “Even if a
`
`reference is not found to teach away, its statements regarding preferences are
`
`relevant to a finding regarding whether a skilled artisan would be motivated to
`
`combine that reference with another reference.” Id. Here, Pare teaches away from
`
`using a physical token such as an electronic ID device (that is, the PDA of Maes)
`
`that generates the claimed encrypted authentication information. Ex. 2004, ¶¶ 52-
`
`56.
`
`Pare, entitled “Tokenless Biometric Transaction Authorization Method And
`
`System,” criticizes prior art systems that employ “tokens”—a term Pare uses to
`
`refer to “portable man made memory devices” or “smart cards” that are used to
`
`20
`
`

`

`PUBLIC VERSION
`
`conduct financial transactions (such as the PDA and Universal Card of Maes).
`
`Pare, 1:12-3:60, 5:5-8, 6:55-7:3. Pare teaches that PIN and biometric information
`
`should not be stored or authenticated on a token because doing so renders the
`
`biometric “reproducible” and subject to tampering should the token fall into the
`
`wrong hands. Id., 2:21-53, 7:46-60. Pare further teaches away from adding
`
`security to an electronic ID device because trying to “smarten” tokens simply
`
`“leads to centralization of function” that “looks good during design, but actual use
`
`results in increased vulnerability for consumers,” “heavier and heavier penalties on
`
`the consumer for