`By: Jason R. Mudd, Reg. No. 57,700
`Eric A. Buresh, Reg. No. 50,394
`jason.mudd@eriseip.com
`eric.buresh@eriseip.com
`ERISE IP, P.A.
`6201 College Blvd., Suite 300
`Overland Park, Kansas 66211
`Telephone: (913) 777-5600
`
`Roshan Mansinghani, Reg. No. 62,429
`roshan@unifiedpatents.com
`Unified Patents Inc.
`13355 Noel Road, Suite 1100
`Dallas, TX, 75240
`Telephone: (214) 945-0200
`
`
`
`
`
`IPR2018-00067
`U.S. Patent 8,577,813
`
`
`
`
`
`Jonathan Stroud, Reg. No. 72,518
`jonathan@unifiedpatents.com
`Unified Patents Inc.
`1875 Connecticut Ave. NW, Floor 10
`Washington, D.C. 20009
`Telephone: (202) 805-8931
`
`UNITED STATES PATENT AND TRADEMARK OFFICE
`____________
`
`BEFORE THE PATENT TRIAL AND APPEAL BOARD
` ____________
`
`UNIFIED PATENTS INC.
`Petitioner
`
`v.
`
`UNIVERSAL SECURE REGISTRY LLC
`Patent Owner
`____________
`
`IPR2018-00067
`Patent 8,577,813
` ____________
`
` PETITION FOR INTER PARTES REVIEW
`OF U.S. PATENT 8,577,813
`
`
`
`
`
`IPR2018-00067
`U.S. Patent 8,577,813
`
`
`
`Table of Contents
`
`I.
`
`Introduction ........................................................................................................ 1
`
`II. Summary of the ’813 Patent .............................................................................. 2
`
`A. Description of the alleged invention ............................................................... 2
`
`B. Summary of the prosecution history ............................................................... 3
`
`III. Requirements for Inter Partes Review under 37 C.F.R. § 42.104 .................. 4
`
`A. Grounds for standing under 37 C.F.R. § 42.104(a) ........................................ 4
`
`B. Identification of challenge under 37 C.F.R. § 42.104(b)
`
`and relief requested ......................................................................................... 4
`
`C. Level of skill of a person having ordinary skill in the art ............................... 5
`
`D. Claim construction under 37 C.F.R. § 42.104(b)(3) ....................................... 5
`
`IV. There is A Reasonable Likelihood that The Challenged Claims of the ’813
`
`Patent Are Unpatentable ................................................................................. 7
`
`A. Ground 1: Claims 1-3, 5, 7-17, and 19-26 are obvious over Maes in view of
`
`Pare in further view of Labrou ....................................................................... 7
`
`B. Ground 2: Claims 6 and 18 are obvious over Maes, Pare, Labrou,
`
`and Burger .................................................................................................... 45
`
`C. Ground 3: Claims 1-2, 5, 11, 13, 16-17, and 24 are obvious over Pizarro in
`
`view of Pare .................................................................................................. 47
`
`V. Conclusion ....................................................................................................... 65
`
`VI. Mandatory Notices Under 37 C.F.R. § 42.8(a)(1) ........................................ 67
`
`A. Real Party-In-Interest ................................................................................... 67
`
`B. Related Matters ............................................................................................. 67
`
`C. Lead and Back-Up Counsel .......................................................................... 67
`
`
`
`
`
`I.
`
`INTRODUCTION
`
`Petitioner Unified Patents Inc. (“Petitioner”) respectfully requests inter
`
`IPR2018-00067
`U.S. Patent 8,577,813
`
`partes review (“IPR”) of claims 1-3 and 5-26 (collectively, the “Challenged
`
`Claims”) of U.S. Patent 8,577,813 (“the ’813 Patent”) (EX1001).
`
`The ’813 Patent relates to a device onto which a user may store information
`
`regarding multiple financial accounts. The device is in communication with a
`
`secure registry—a system that includes a secure database that stores information,
`
`such as biometric data, that can be used to verify the user’s identity to authorize a
`
`transaction. Named inventor Kenneth Weiss employed similar concepts in previous
`
`prior art published applications, such as U.S. Patent Application Publication
`
`2002/0178364 (“Weiss I”), also titled “Universal Secure Registry,” which
`
`describes limiting access to a database containing sensitive information using
`
`biometric verification. Weiss I (EX1008). Mr. Weiss has previously obtained
`
`patents for systems for personal identification that secure data using non-
`
`predictable codes, biocharacteristics, and/or secret information, such as a PIN, as
`
`far back as 1991. See U.S. Patent 4,998,279 (EX1019). The ’813 Patent merely
`
`takes these old concepts, such as biometric and PIN verification and encrypting
`
`information using non-predictable values, and applies them in the context of
`
`wireless technology.
`
`
`
` 1
`
`
`
`II.
`
`SUMMARY OF THE ’813 PATENT
`
`IPR2018-00067
`U.S. Patent 8,577,813
`
`A. Description of the alleged invention
`
`The ’813 Patent relates to systems and methods for authenticating the
`
`identity of individuals and transmitting information to and from a user device. See
`
`’813 Patent (EX1001) at 1:37-47. The claims relate to methods and apparatuses for
`
`authorizing a transaction between a wireless electronic device capable of storing
`
`information related to a plurality of financial accounts and a point-of-sale (“POS”)
`
`device using a secure registry.
`
`Mr. Weiss described his system as one in which a user could securely
`
`perform transactions wirelessly without being required to carry around numerous
`
`financial and identification cards. See ’813 Patent (EX1001) at 2:23-27, 3:26-28
`
`(reducing fraud); see also id. at 3:48-50 (wireless transactions); id. at 3:57-64 (not
`
`requiring multiple forms of
`
`identification). The claims recite wirelessly
`
`transmitting encrypted authentication information from an electronic device to a
`
`POS device and subsequently transmitting at least a portion of that information
`
`from the POS device to a secure registry for authorization of a transaction. See File
`
`History (EX1002) at 447, 453. The claims also recite a user device generating
`
`encrypted authentication information from a non-predictable value, information
`
`associated with at least a portion of a user’s biometric input and secret information.
`
`Id. at 454.
`
`
`
` 2
`
`
`
`B.
`
`Summary of the prosecution history
`
`Application 13/237,184, which resulted in the ’813 Patent, was filed on
`
`IPR2018-00067
`U.S. Patent 8,577,813
`
`
`
`September 20, 2011 as a member of a large chain of prior applications. ’813 Patent
`
`(EX1001). For purposes of this proceeding, Petitioner simply assumes that the
`
`priority date for the Challenged Claims is February 21, 2006, the earliest claimed
`
`priority date.
`
`
`
`During prosecution of the ’813 Patent, the examiner relied primarily on a
`
`published application of Mr. Weiss to reject the pending claims. See File History
`
`(EX1002) at 467-479, 508-518; see also Weiss I (EX1008). Like the ’813 Patent,
`
`Weiss I is titled “Universal Secure Registry” and relates to controlling access to
`
`secure systems, including by means of biometric verification and encrypting
`
`transaction information. See, e.g., Weiss I (EX1008) at Abstract, [0012].
`
`The ’813 Patent applicant raised two primary arguments for why his
`
`particular claimed variation of the universal secure registry system was not obvious
`
`over Weiss I. First, the applicant argued that Weiss I did not teach generating
`
`encrypted authentication information from a non-predictable value, where the
`
`information was associated with biometric input and secret information—the
`
`examiner disagreed. See File History (EX1002) at 493-94, 462-63, 454-55.
`
`Second, the applicant relied on amendments reciting transmitting the encrypted
`
`authentication information from an electronic ID device to a POS device, which in
`
`
`
` 3
`
`
`
`IPR2018-00067
`U.S. Patent 8,577,813
`turn transmits at least a portion of such information to a secure registry, to
`
`distinguish the claims. See id. at 447, 450, 453-454. In allowing the claims, the
`
`examiner merely repeated the entire language of the independent claims without
`
`further identifying the reasons for allowance. Id. at 431-435.
`
`III. REQUIREMENTS FOR INTER PARTES REVIEW UNDER 37 C.F.R.
`§ 42.104
`
`A. Grounds for standing under 37 C.F.R. § 42.104(a)
`
`Petitioner certifies that the ’813 patent is available for IPR and that the
`
`Petitioner is not barred or estopped from requesting IPR challenging the claims of
`
`the ’813 Patent.
`
`B.
`
`Identification of challenge under 37 C.F.R. § 42.104(b) and relief
`requested
`
`In view of the prior art and evidence, at least claims 1-3 and 5-26 of the ’813
`
`Patent are unpatentable and should be cancelled. 37 C.F.R. § 42.104(b)(1). Based
`
`on the prior art references identified below, IPR of the Challenged Claims should
`
`be granted. 37 C.F.R. § 42.104(b)(2).
`
`Proposed Grounds of Unpatentability
`
`Ground 1: Claims 1-3, 5, 7-17, and 19-26 are obvious over U.S.
`Patent 6,016,476 to Maes et al. (“Maes”) in view of U.S. Patent
`5,870,723 to Pare et al. (“Pare”) in further view of U.S. Pub. US
`2004/0107170 Al to Labrou et al. (“Labrou”)
`
`Exhibit
`Nos.
`
`1003, 1004,
`1005
`
`
`
` 4
`
`
`
`Proposed Grounds of Unpatentability
`
`IPR2018-00067
`U.S. Patent 8,577,813
`Exhibit
`Nos.
`
`1003, 1004,
`1005, 1006
`
`1007, 1004,
`
`Ground 2: Claims 6 and 18 are obvious over Maes in view of Pare
`and Labrou, and in further view of WO 2001/024123 to Burger et
`al. (“Burger”)
`Ground 3: Claims 1-2, 5, 11, 13, 16-17, and 24 are obvious over
`U.S. Patent 7,865,448 to Pizarro (“Pizarro”) in view of Pare
`
`
`
`Section IV identifies where each element of the Challenged Claims is found
`
`in the prior art. 37 C.F.R. § 42.104(b)(4). The exhibit numbers of the evidence
`
`relied upon to support the challenges are provided above and the relevance of the
`
`evidence to the challenges raised are provided in Section IV. 37 C.F.R.
`
`§ 42.104(b)(5). Exhibits EX1001 – EX1019 are also attached.
`
`C.
`
`Level of skill of a person having ordinary skill in the art
`
`A person having ordinary skill in the art (“PHOSITA”) of the ’813 Patent by
`
`
`
`February 21, 2006, would have been a person having at least (1) the equivalent of a
`
`bachelor’s degree
`
`in computer science, electrical engineering, computer
`
`engineering, or a similar discipline, and two (2) years of experience working with
`
`technology related to secure transaction systems, though additional education
`
`could substitute for less experience and vice versa. Cole Decl. (EX1009) at ¶¶26-
`
`28.
`
`
`
`
`
`D. Claim construction under 37 C.F.R. § 42.104(b)(3)
`
`In this proceeding, claim terms of an unexpired patent should be given their
`
` 5
`
`
`
`IPR2018-00067
`U.S. Patent 8,577,813
`“broadest reasonable construction in light of the specification.” 37 C.F.R.
`
`§ 42.100(b). The following proposes constructions under this standard, and all
`
`claim terms not specifically discussed below should be given their broadest
`
`reasonable construction in light of the specification.
`
`i. “biometric input”
`
`
`
`The scope of “biometric input” includes, as the specification recites, user
`
`input representing “something the user is,” examples of which include a
`
`fingerprint, voice print, signature, iris, or facial scan. See ’813 Patent (EX1001) at
`
`45:63-46:2; see also id. at 46:16-19, 13:12-15, 12:25-31.
`
`ii. “secret information”
`
`
`
`The scope of “secret information” includes, as the specification recites,
`
`information “known by the user” such as a password, phrase, PIN, or identifying
`
`information. Id. at 12:25-35; see also id. at 46:22-27, claim 4.
`
`iii. “secure registry”
`
`
`
`The ’813 Patent describes a “secure registry” as a system that maintains a
`
`“secure database that stores account information for a plurality of users” and that
`
`also validates authentication information. See id. at 44:39-46, 46:27-31. The ’813
`
`Patent describes that the database may be stored on one or more servers, that it
`
`may be “any kind of database,” that the system may include multiple computers
`
`connected over a network, and that the database may be distributed over multiple
`
`
`
` 6
`
`
`
`IPR2018-00067
`U.S. Patent 8,577,813
`databases. See id. at 9:63-67, 10:24-26, 10:58-11:3, 12:10-18. Therefore, the scope
`
`of “secure registry” includes “one or more systems maintaining one or more secure
`
`databases for storing account information for a plurality of users and that perform
`
`the function of validating authentication information of users.”
`
`IV. THERE IS A REASONABLE LIKELIHOOD THAT THE
`CHALLENGED CLAIMS OF THE ’813 PATENT ARE
`UNPATENTABLE
`
`A. Ground 1: Claims 1-3, 5, 7-17, and 19-26 are obvious over Maes in
`view of Pare in further view of Labrou
`
`1. Maes
`
`
`
`U.S. Patent 6,016,476 to Maes et al. (“Maes”) issued on January 18, 2000,
`
`and, therefore, is prior art to the ’813 Patent under 35 U.S.C. § 102(b). See Maes
`
`(EX1003). Maes was not cited during prosecution of the ’813 Patent. Maes is both
`
`within the same field of endeavor as and reasonably pertinent to the ’813 Patent.
`
`Like the ’813 Patent, Maes relates to a portable transaction device, such as a
`
`personal digital assistant (“PDA”) on which a user can store financial card
`
`information to initiate a transaction. See id. at 2:23-30; see also id. at Abstract,
`
`1:11-17. Also like the ’813 Patent, Maes’s system includes a central server that
`
`stores the financial information of a plurality of users and verifies a user’s identity,
`
`particularly for authorizing transactions. See id. at 6:56-7:4, 8:13-27. Further, Maes
`
`is reasonably pertinent because it discloses that its teachings may solve problems
`
`such as reducing fraud (id. at 2:1-3), wirelessly facilitating transactions (id. at
`
`
`
` 7
`
`
`
`IPR2018-00067
`U.S. Patent 8,577,813
`Abstract, 3:34-36, 12:5-7), and not requiring a person to carry around multiple
`
`cards (id. at 1:54-67, 4:1-3). Therefore, Maes is analogous to the claimed invention
`
`of the ’813 Patent. See Cole Decl. (EX1009) at ¶¶42-43, 44-46.
`
`
`
`2. Pare
`
`
`
`U.S. Patent 5,870,723 to Pare et al. (“Pare”) issued on February 9, 1999,
`
`and, therefore, is prior art to the ’813 Patent under 35 U.S.C. § 102(b). See Pare
`
`(EX1004). Pare was cited in a Notice of References Cited, but its teachings were
`
`never substantively discussed during prosecution. See File History (EX1002) at
`
`437. Pare is both within the field of endeavor as and reasonably pertinent to the
`
`’813 Patent. Like
`
`the ’813 Patent, Pare describes
`
`tokenless
`
`transaction
`
`authentication methods and systems using a biometric input apparatus (“BIA”). See
`
`id. at Abstract, 4:15-58. Pare is reasonably pertinent at least because its system
`
`allows buyers to access multiple financial accounts on one device (id. at 7:11-16),
`
`performs transactions wirelessly (id. at 11:33-52) and is aimed at preventing fraud
`
`(id. at 7:23-35, 7:46-56). Therefore, Pare is analogous to the claimed invention of
`
`the ’813 Patent. See Cole Decl. (EX1009) at ¶¶49-50.
`
`
`
`3. Labrou
`
`U.S. Pub. US 2004/0107170 to Labrou et al. (“Labrou”) published on June
`
`3, 2004, and, therefore, is prior art to the ’813 Patent under 35 U.S.C. 102(b). See
`
`Labrou (EX1005). Labrou was not cited during prosecution of the ’813 Patent, and
`
`
`
` 8
`
`
`
`IPR2018-00067
`U.S. Patent 8,577,813
`while another patent publication in its family was cited in an IDS, that publication
`
`was not substantively discussed by the examiner. Labrou is both within the same
`
`field of endeavor as and reasonably pertinent to the ’813 Patent. Like the ’813
`
`Patent, Labrou relates to a secure transaction system (“STS”) involving a universal
`
`pervasive transaction device (“UPTD”), such as a mobile device, and a merchant
`
`(i.e., POS) device. See id. at Abstract, [0055]. Labrou is reasonably pertinent
`
`because its invention permits wireless transactions (id. at [0056]), and it is aimed at
`
`preventing fraud while allowing a convenient way to allow a user to access all of
`
`their cards in one place (id. at [0059]). Therefore, Labrou is analogous to the
`
`claimed invention of the ’813 Patent. See Cole Decl. (EX1009) at ¶52.
`
`
`
`As shown below, the combination of Maes, Pare, and Labrou render claims
`
`1-3, 5, 7-17, and 19-26 obvious. A PHOSITA would have found it obvious to
`
`consider the disclosures of each of these publications together, as each relates to
`
`improving the security of financial transactions that employ electronic devices. See
`
`Cole Decl. (EX1009) at ¶43.
`
`i.
`
`Claim 1
`
`1[P]. An electronic ID device configured to allow a user to select any one of a
`plurality of accounts associated with the user to employ in a financial
`transaction, comprising:
`
`
`
`To the extent the preamble is limiting, Maes teaches an electronic ID device,
`
`such as a “PDA,” alone or in combination with a Universal Card, to allow a user to
`
`
`
` 9
`
`
`
`IPR2018-00067
`U.S. Patent 8,577,813
`store various financial cards (plurality of accounts) for use in a transaction. See
`
`Maes (EX1003) at Abstract; see also id. at 4:1-5 (“The present invention
`
`advantageously eliminates the burden of having to carry a multitude of financial
`
`cards and/or credit cards …. The financial information for each card may be stored
`
`in the PDA and written to the Universal Card when needed.”), 12:5-29 (teaching
`
`that the PDA may be used wirelessly without the Universal card); see also id. at
`
`Figs. 3, 5, 6.
`
`
`
`Pare and Labrou also teach this preamble. For example, Pare teaches a
`
`biometric input apparatus (“BIA”) that includes a processor, pin pad, display and
`
`
`
`
`
` 10
`
`
`
`IPR2018-00067
`U.S. Patent 8,577,813
`encryption software and is capable of storing information related to a plurality of
`
`accounts. See Pare (EX1004) at Abstract (“[A] buyer can conduct commercial
`
`transactions without having to use any tokens … The invention allows buyers to
`
`quickly select one of a group of different financial accounts from which to transfer
`
`funds.”); see also id. at 7:11-22, 7:66-8:2, 22:49-53, 26:64-67. And Labrou teaches
`
`a mobile device from which a user can select one of multiple credit cards to use in
`
`a transaction. See Labrou (EX1005) at Abstract, [0055], [0113], [0293] (“[W]hen
`
`the user reaches the point of having to approve payment … she is presented with
`
`the listing of available financial accounts (credit card, bank accounts, etc.) that she
`
`can use for this particular payment.”).
`
`1[a]. a biometric sensor configured to receive a biometric input provided by the
`user;
`
`
`
`Maes teaches this limitation:
`
`A biometric sensor 40 of any conventional type may also be provided
`for collecting biometric data … such as a finger, thumb or palm print,
`a handwriting sample, a retinal vascular pattern, or a combination
`thereof, to provide biometric verification as an alternative to, or in
`addition to, voice biometric verification.
`Maes (EX1003) at 5:54-63; see also id. at 3:53-61, 10:49-54, 10:66-11:5, Fig. 1.
`
`Also, both Pare and Labrou teach that an electronic device may include a
`
`biometric sensor to receive a biometric input. See Pare (EX1004) at 11:37-40
`
`(“Standard [BIA] model has computing module biometric scanner, display means,
`
`
`
` 11
`
`
`
`IPR2018-00067
`U.S. Patent 8,577,813
`communications port, data entry means encased in tamper-resistant case, and
`
`electronic detection means”);1 see also id. at Abstract, 9:59-10:1; see also Labrou
`
`(EX1005) at [0142-0150] (“The UPTD 102 includes … a biometric device 102
`
`[sic] such as a fingerprint sensor …), [0524].
`
`1[b]. a user interface configured to receive a user input including secret
`information known to the user and identifying information concerning an
`account selected by the user from the plurality of accounts;
`
`
`
`Maes teaches a user interface, including a display and microphone,
`
`configured to receive a user input including secret information, such as a PIN or
`
`password, and the selection of an account.
`
`Once communication is established, the central server verifies the user
`either biometrically or through PIN or password or a combination
`thereof, and then generates a temporary digital certificate which is
`downloaded into the PDA. A temporary, unexpired digital certificate
`is necessary to access selected information stored in the PDA and
`write such information to the Universal Card.
` Maes (EX1003) at 3:45-52; see also id. at 8:40-42 (“[T]he user may enter his or
`
`her assigned PIN through the user interface display 34”), at 5:63-67, 10:18-21,
`
`10:49-54, 11:5-8, 14:40-46. Maes teaches the user interface receives user input of
`
`information identifying a credit card selected from among a plurality of credit
`
`
`1 All emphases appearing in quotations have been added by Petitioner unless indicated
`
`otherwise.
`
`
`
` 12
`
`
`
`IPR2018-00067
`U.S. Patent 8,577,813
`cards stored on the PDA: “The selection process is preferably performed by voice
`
`activated commands (e.g., by stating into the microphone 18 ‘I want to use my
`
`American Express Card’). … Alternatively, the desired card may be selected
`
`through the user interface/display 34.” Id. at 10:29-44; see also id. at Abstract,
`
`2:59-3:6, 3:53-61.
`
`
`
`Moreover, Pare and Labrou teach user input accepting a PIN and
`
`information identifying an account selected by a user. See Pare (EX1004) at 4:34-
`
`40 (“The buyer can then accept the proposed transaction … by adding his buyer's
`
`personal authentication information … The authentication information includes …
`
`a PIN. In addition, the buyer must submit his account index code, which specifies
`
`which of the buyer's financial accounts to debit.”); see also id. at 12:11-15; see
`
`also Labrou (EX1005) at [00158] (“[T]he user is requested, by the purchasing
`
`application for her PIN and then she is presented with the listing of available
`
`financial accounts (credit card, bank accounts, etc.) that she can use for this
`
`particular payment.”).
`
`1[c]. a communication interface configured to communicate with a secure
`registry;
`
`
`
`Maes teaches that the electronic PDA includes a communication interface
`
`(including various communication ports shown in Figure 1, reproduced below)
`
`
`
` 13
`
`
`
`IPR2018-00067
`U.S. Patent 8,577,813
`configured to communicate with a secure registry,2 i.e., central server 60. Central
`
`server 60 includes a secure database storing information associated with users,
`
`including personal and financial information, a PIN or password, biometric data,
`
`and a unique account number, and it performs user verification for transactions.
`
`Maes (EX1003) at 7:20-41; see also id. at 6:60-7:7. The PDA has multiple means
`
`of communicating with the central server. First, it may communicate directly with
`
`the central server via communication link L1. See id. at 2:59-3:1 (the PDA includes
`
`“communication means, operatively coupled to the central processing unit, for
`
`establishing a communication link with a central server at a remote location to
`
`obtain the temporary digital certificate.”); see also id. at 3:42-52, 6:61-7:4, 7:57-
`
`8:12.
`
`
`
`Further, like the ’813 Patent, Maes teaches that the PDA may communicate
`
`indirectly with the central server using a POS device as a conduit:
`
`[T]he consumer transaction may be performed by transmitting the
`selected card information directly from the PDA device to the ATM
`or POS transaction terminal through an established communication
`link L2 … The merchant can verify that local verification of the user
`has been properly obtained by establishing a communication link L3
`(FIG. 3) with the central server 60.
`
`
`2 “Secure registry” was construed above in Section III.D.
`
`
`
` 14
`
`
`
`IPR2018-00067
`U.S. Patent 8,577,813
`Id. at 12:10-57; see also id. at 13:24-38, Fig. 3; compare with ’813 Patent
`
`(EX1001) at 46:31-36 (“… [I]n another embodiment, the POS provides a conduit
`
`or communication path from the user device 352 to the secure registry 356.”).
`
`Figure 1 of Maes demonstrates that the “communication interface may include an
`
`RF port, IR port, telephone line interface, and/or other communication ports:
`
`
`
`Id. at Fig. 1 (annotated); see also id. at Fig. 3, 6:1-27, 7:57-8:12.
`
`1[d]. a processor coupled to the biometric sensor to receive information
`concerning the biometric input, the user interface and the communication
`interface;
`
`
`
`Maes teaches that the “heart of the device” is a central processing unit
`
`(CPU), which handles inputs from and issues commands to the various
`
`
`
` 15
`
`
`
`IPR2018-00067
`U.S. Patent 8,577,813
`components of the device. Id. at 5:1-4. As shown in Figure 1, the processor is
`
`coupled to a biometric sensor 40 and processes input from the sensor with
`
`biometric processor module 22. See id. at Fig. 1; see also id. at 5:4-14. Also as
`
`shown in Figure 1, the processor is coupled to a user interface, and a
`
`communication interface consisting of an RF port, IR port, telephone line interface,
`
`and/or serial port:
`
`Id. at Figure 1; see also id. at 3:17-22, 4:51-55, 5:4-24, 11:11-13, 2:59-3:1.
`
`1[d][i]. the processor being programmed to activate the electronic ID device
`based on successful authentication by the electronic ID device of at least one of
`the biometric input and the secret information,
`
`
`
`
`
`
` 16
`
`
`
`IPR2018-00067
`U.S. Patent 8,577,813
`The ’813 Patent instructs that a device must be successfully authenticated
`
`
`
`before it is “activated for a transaction.” See, e.g. ’813 Patent (EX1001) at 45:18-
`
`20 (“[T]he user device 352 is activated for a transaction when the user
`
`satisfactorily completes an authentication process with the device.”); see also id. at
`
`50:40-43 (“[T]he authentication of the secret information and the biometric input
`
`activate the device for the financial transaction.”). Likewise, Maes teaches that a
`
`user will not be able to access and use her accounts for the purposes of
`
`commencing a financial transaction with her device (i.e., to activate the device for
`
`a transaction) until her biometric or PIN/password, or a combination thereof are
`
`verified:
`
`Next, the local mode of operation of the PDA is performed to initiate
`a consumer transaction. Preferably, in the local mode, the user selects
`one of the pre-enrolled credit cards that are stored on the PDA by
`stating a verbal command into the microphone of the PDA, whereby
`the CPU processes
`the verbal command and performs user
`verification. Alternatively, user verification (i.e, local verification)
`may be performed by using either biometric data, PIN or password, or
`thereof. Upon
`local verification,
`the selected
`a combination
`information is retrieved from memory and written to the Universal
`Card which is then available to commence a transaction.
`
`
`
` 17
`
`
`
`IPR2018-00067
`U.S. Patent 8,577,813
`Id. at 3:45-52; see also id. at 5:63-67, 10:49-61, 11:9-18; see also id. at 12:5-29
`
`(describing that the electronic device, such as a PDA, can itself “take[]the place of
`
`the Universal Card.”).
`
`
`
`1[d][ii]. the processor also being programmed such that once the electronic ID
`device is activated the processor is configured to generate a non-predictable
`value and to generate encrypted authentication information from the non-
`predictable value, information associated with at least a portion of the biometric
`input, and the secret information, and
`
`
`
`Maes does not teach generating a non-predictable value or using the non-
`
`predictable value to generate encrypted authentication information associated with
`
`the biometric input and secret information. However, Maes teaches that upon user
`
`verification for a transaction (i.e., once the device is activated), the PDA generates
`
`an authorization number. See Maes (EX1003) at 12:40-54; see also id. at 12:64-65.
`
`The authorization number is used to authenticate the user—because it is derived
`
`from an unexpired digital certificate obtained from the central server, the server
`
`can determine whether a buyer is properly verified upon receipt of a valid
`
`authorization number. Id. at 12:55-13:5. Further, Pare teaches, and Labrou renders
`
`obvious, the concept of generating non-predictable values for generating encrypted
`
`authentication information associated with biometric input and secret information.
`
`Therefore, the combinations of Maes and Pare and Maes and Labrou render this
`
`limitation obvious.
`
`
`
` 18
`
`
`
`IPR2018-00067
`U.S. Patent 8,577,813
`Pare teaches that when a device is activated for performing a transaction, the
`
`
`
`PIN and a biometric sample are captured and encrypted together in a “commercial
`
`transaction message” by the device using a derived unique key per transaction
`
`(DUKPT) key management system that uses a DES key3:
`
` The BIA uses the DUKPT key management system to select the
`biometric-PIN block encryption 112-bit DES key from the Future Key
`Table. This key is then used to encrypt the Biometric-PIN Block using
`cipher block chaining (CBC). In addition, a response DES key is also
`generated randomly, and is used by the DPC to encrypt the portions of
`the response that need to be encrypted.
`Splitting the response key from the biometric-PIN block key is very
`important, since each encryption key must be used only within the
`context of its own responsibilities. That way, if someone were to
`break the key encoding the private code, it would not result in the
`disclosure of
`the biometric-PIN. All personal authentication
`information (the biometric and PIN) is stored within the biometric-
`PIN block. The Biometric-PIN block consists of the following fields:
` 300-byte authorization biometric
` 4-12 digit PIN
` 112-bit response key
` [optional 112-bit message key].
`
`
`3 The ’813 Patent similarly uses a one-time DES key for its encryption. EX1001 at 30:56-
`
`31:1, 31:32-47.
`
`
`
` 19
`
`
`
`IPR2018-00067
`U.S. Patent 8,577,813
`Pare (EX1004) at 17:27-46; see also id. at Abstract, 4:34-42, 19:43-20:15, Fig. 7.
`
`Pare teaches that it is important that the DES key used for encrypting the biometric
`
`and secret information be an “unpredictable key[],” i.e., a non-predictable value,
`
`that is selected using a “random number generator.” See id. at 18:51-61. Pare
`
`therefore teaches generating encrypted authentication information from a non-
`
`predictable value, information associated with at least a portion of a biometric
`
`input, and secret information.
`
`
`
`Labrou also renders this limitation obvious. Labrou teaches that a user’s
`
`transaction information is encrypted by the user’s device using a “Private
`
`Identification Entry (PIE),” which can be a “PIN,” (i.e., secret information), and a
`
`“random sequence number” (i.e., a non-predictable value): “A hash function H
`
`1254 is then applied to the output of two-argument function F that when applied to
`
`the locally generated RSN 1246 and the PIE 1248 input by the AP user outputs a
`
`single argument (typically a string), in order to create the encryption key K 1250
`
`….” Labrou (EX1005) at [0537]; see also id. at [0535-0536], [0527], [0253],
`
`[0259].
`
`The PIE is an alphanumeric string. In order to speed up the user entry
`to make it easier for the user to remember it, the PIE can be a number
`such as 4-digit or 5-digit PIN. … It is assumed that the PIE can be
`input by the user on an AP device in a secure fashion or it may be
`deterministically generated using a biometric device such as a
`
`
`
` 20
`
`
`
`IPR2018-00067
`U.S. Patent 8,577,813
`fingerprint sensor. For example, a computation applied on the
`fingerprint data received from the fingerprint sensor can be used to
`generate a PIE that is initially communicated to the AVP by the user.
`Whenever the user attempts a transaction, the user applies her finger
`to the fingerprint sensor, thus generating the PIE. The PIE … is used
`as an intermediate parameter required for the generation of the
`encryption key for a transaction and it should not be retained by the
`device for a period longer than the transaction execution time.
`
`Labrou (EX1005) at [0524]. It would have been obvious to a PHOSITA that the
`
`PIE taught in Labrou could consist of both a PIN and biometrically derived data,
`
`instead of just one or the other, because Labrou already teaches that both sets of
`
`information may be used together to authenticate a user. See id. at [0421] (“[T]he
`
`user selects and confirms the transaction by selecting the purchase button and
`
`entering (to the device 102) her PIN (and/or biometric if available)”), [0158]; see
`
`also Cole Decl. (EX1009) at ¶53.