IPR2018-00067
`U.S. Patent 8,577,813
`
`
`
`UNITED STATES PATENT AND TRADEMARK OFFICE
`
`____________
`
`
`BEFORE THE PATENT TRIAL AND APPEAL BOARD
`
` ____________
`
`
`UNIFIED PATENTS INC.
`Petitioner
`
`v.
`
`UNIVERSAL SECURE REGISTRY LLC
`Patent Owner
`
`____________
`
`
`IPR2018-00067
`Patent 8,577,813
`
` ____________
`
`
`
`
`
` PETITIONER’S RESPONSE IN OPPOSITION TO PATENT OWNER’S
`CONTINGENT MOTION TO AMEND
`
`
`
`
`U.S. Patent 8,577,813
`
`
`
`UNITED STATES PATENT AND TRADEMARK OFFICE
`
`____________
`
`
`BEFORE THE PATENT TRIAL AND APPEAL BOARD
`
` ____________
`
`
`UNIFIED PATENTS INC.
`Petitioner
`
`v.
`
`UNIVERSAL SECURE REGISTRY LLC
`Patent Owner
`
`____________
`
`
`IPR2018-00067
`Patent 8,577,813
`
` ____________
`
`
`
`
`
` PETITIONER’S RESPONSE IN OPPOSITION TO PATENT OWNER’S
`CONTINGENT MOTION TO AMEND
`
`
`
`
`
`IPR2018-00067
`U.S. Patent No. 8,577,813
`
`TABLE OF CONTENTS
`
`
`
`I.
`II.
`
`INTRODUCTION ....................................................................................... 1
`ARGUMENT ............................................................................................... 2
`A.
`Petition............................................................................................... 2
`1.
`Combination of Maes and Labrou ............................................ 2
`B.
`Not Previously Before the Board ....................................................... 9
`1.
`Combination of Maes, Labrou, and Gullman ......................... 10
`2.
`Combination of Maes, Labrou, and Jakobsson ....................... 13
`3.
`Maes, Labrou, and Weiss ....................................................... 16
`4.
`and Weiss, in further view of either Gullman or Jakobsson .... 18
`5.
`in further view of Burger ....................................................... 19
`6.
`view of Burger ....................................................................... 20
`The Proposed Claims are Unpatentable Under 35 U.S.C. § 101 ....... 20
`C.
`The Proposed Claims are Directed to an Abstract Idea ........... 21
`1.
`2.
`The Proposed Claims Lack an Inventive Concept .................. 23
`III. CONCLUSION.......................................................................................... 25
`
`The Proposed Amendments are Obvious over Prior Art Cited in the
`
`Proposed Claims 27-31, 37-44, and 46-52 are Obvious Over the
`
`The Proposed Amendments are Obvious over Additional Prior Art
`
`Claims 27-31, 37-41, and 50-52 are Obvious over the
`
`Claims 27-31, 37-41, and 50-52 are Obvious over the
`
`Claims 42-43 and 46-49 are Obvious over the Combination of
`
`Claim 45 is Obvious over the Combination of Maes, Labrou,
`
`Claims 32-36 are Obvious over i) Maes, Labrou, and Gullman,
`in further view of Burger and ii) Maes, Labrou, and Jakobsson,
`
`Claim 44 is Obvious over Maes, Labrou, and Weiss, in further
`
`
`
`
` i
`
`
`
`IPR2018-00067
`U.S. Patent No. 8,577,813
`
`
`INTRODUCTION
`
`The proposed claim amendments are obvious. They add two concepts:
`
`I.
`
`(1) taking seed information from sources of data known in the art for
`
`use in generating a non-predictable value, and
`
`(2) using known mathematical operations (i.e., encryption and
`
`decryption) employing a PIN for performing the known process of
`
`reversibly rendering data stored on a device unintelligible.
`
`As demonstrated below, each of these concepts was already well-known to a
`
`PHOSITA—hence, even if amended, the claims would remain obvious over prior
`
`art set forth in the Petition, as well as additional prior art introduced below.
`
`In addition, the proposal results in claiming ineligible subject matter under §
`
`101. The proposed claims recite performing abstract ideas related to account-
`
`verification using existing computer systems using well-known, generic encryption
`
`methods, as the Patent Office has found on substantially similar claims in related
`
`prosecution.
`
`Therefore, Petitioner respectfully requests that the Board deny PO’s
`
`contingent motion to amend.
`
`
`
`
`
`
`
`
`
`1
`
`
`
`IPR2018-00067
`U.S. Patent No. 8,577,813
`
`
`A.
`
`II. ARGUMENT
`
`The Proposed Amendments are Obvious over Prior Art Cited in the
`Petition
`
`1.
`
`Proposed Claims 27-31, 37-44, and 46-52 are Obvious Over the
`Combination of Maes and Labrou
`
`
`
`The proposed claims are obvious over Maes and Labrou, a combination set
`
`forth in the Petition. PO has introduced one new limitation (largely borrowed from
`
`prior dependent claims) into each of the proposed independent claims:
`
`• Proposed Claims 27 and 50 (previously independent Claims 1 and 24) add
`
`language that is similar to the seed limitations in original dependent Claim 10;
`
`• Proposed Claim 42 (previously independent Claim 16) adds language similar
`
`to the mathematical operation language in original dependent Claim 9.
`
`i.
`
`Proposed Claims 27 and 50
`
`Claims 27 and 50 introduce a new limitation (contained in limitations 27[e]
`
`and 50[d]) that requires generating a seed using at least two of an electronic serial
`
`number, a discrete code associated with the electronic ID device, a PIN, a time value,
`
`and the biometric input, wherein the seed is used to generate the non-predictable
`
`value. As discussed in the Petition, the combination of Maes and Labrou renders
`
`obvious the original limitations of claims 27 and 50. See Petition (Paper 12) at 9-
`
`27, 38-40; see also Decision (Paper 14) at 12-13. And Labrou teaches and renders
`
`obvious the additional limitation proposed by PO.
`
`
`
`2
`
`
`
`IPR2018-00067
`U.S. Patent No. 8,577,813
`
`As set forth in the Petition, Labrou’s “random sequence number (RSN)”
`
`satisfies the claimed “non-predictable value” used in generating the encrypted
`
`authentication information (“EAI”). Paper 12 at 20-21. Further, Labrou teaches
`
`generating a seed, S’ (i.e., the claimed “seed”), which is employed to generate the
`
`RSN. Specifically, Labrou teaches a pseudorandom number generator function R is
`
`used in generating the RSN; in a process that uses the function R iteratively, both a
`
`time value (T0 or T0’) and an original seed, S, can be used to a generate a new seed,
`
`S’, to be used in generating the RSN (i.e., non-predictable value). Labrou (EX1005)
`
`at [0535]-[0536]; see also Cole MTA Decl. (EX1022), at ¶¶18-20. The original seed
`
`S is at least “a discrete code associated with the user’s device” because each device
`
`has its own S, which is determined from the UPTD’s device ID (DID):
`
`Each AP device has its own R and S, which are securely stored on the
`device and at the AVP [Agreement Verification Party]. On the AVP,
`given the DID of an AP device by which a RSN is generated, a program
`can deterministically locate the same pseudorandom number generator
`function R and the corresponding pseudorandom number generation
`seed S for that device from the User and Device Database ….
`Labrou (EX1005) at [0226]1; see also id. at [0517], Figure 43 (Secure Transaction
`
`Server storing “Random Seed” “[f]or each Device ID”). Further, the Device ID used
`
`
`1 Unless otherwise indicated, all emphasis has been added by Petitioner.
`
`
`
`3
`
`
`
`IPR2018-00067
`U.S. Patent No. 8,577,813
`
`to determine the seed S would be understood to be a form of an “electronic serial
`
`number.” Cole MTA Decl. (EX1022), at ¶19. Labrou, therefore, teaches
`
`“generat[ing] a seed” (Labrou’s new seed S’) “using at least two of an electronic
`
`serial number” (Labrou’s Device ID), “a discrete code associated with the electronic
`
`ID device” (Labrou’s original seed S which is determined from the Device ID), and
`
`“. . . a time value” (Labrou’s T0 or T0’). Id. at ¶¶18-20. Labrou, therefore, satisfies
`
`the new limitation added to Proposed Claims 27 and 50.
`
`
`
`A PHOSITA would have been motivated to combine Labrou’s teachings
`
`regarding generating a seed that is used to generate the non-predictable value with
`
`the system of Maes. Cole MTA Decl. (EX1022), at ¶¶22. Pseudorandom number
`
`generator functions, as taught by Labrou, were commonly used for encryption by
`
`2006. See id. at ¶¶7-8, 22. Such functions necessarily required a seed input to
`
`generate a non-predictable value because computers are finite machines that require
`
`a starting value from which to compute. Id. Further, it was well known to include a
`
`dynamic value, such as the time value taught in Labrou, as part of the input for
`
`generating a seed (instead of just a fixed value, such as a PIN, password, or device
`
`secret) to create entropy for the non-predictable value, thus enhancing its non-
`
`predictability and the security of the encryption based thereon. Id. Thus, combining
`
`Labrou’s teachings for generating a seed and generating a non-predictable value
`
`therefrom would have used well-known methods to provide the same well-known
`
`
`
`4
`
`
`
`IPR2018-00067
`U.S. Patent No. 8,577,813
`
`benefits in enhancing encryption. Id. A PHOSITA would have been motivated to
`
`use Labrou’s specific teachings regarding enhancing the entropy of a non-
`
`predictable value used in encryption to further enhance transaction security, which
`
`was a desired goal of both Maes and Labrou. Cole MTA Decl. (EX1022), at ¶22.
`
`
`
`A PHOSITA would have had a reasonable expectation of success
`
`incorporating Labrou’s teachings into Maes. Both systems teach using wireless
`
`devices in secure transactions, and Maes teaches that its device may “employ any
`
`known encryption technique or algorithm” and transmit encrypted data. Maes
`
`(EX1003) at 10:7-15, 13:34-38. Labrou provides specific means of encrypting data
`
`using a wireless device, such as a PDA. Labrou (EX1005) at [0156]. Incorporating
`
`Labrou’s specific encryption teachings into Maes would have involved applying
`
`known encryption techniques to similar prior art and yielded the predictable,
`
`desirable result of enhancing transaction security by improving the encryption used.
`
`See Cole MTA Decl. (EX1022) at ¶22; see also KSR v. Teleflex, 550 U.S. 398, 401
`
`(2007) (“[I]f a technique has been used to improve one device, and a [PHOSITA]
`
`would recognize that it would improve similar devices in the same way, using the
`
`technique is obvious …”). Therefore, Proposed Claims 27 and 50 are obvious over
`
`the combination of Maes and Labrou.
`
`ii.
`
`Proposed Claim 42
`
`
`
`
`
`Proposed Claim 42 replaces Claim 16, which, as discussed in the Petition, was
`
`5
`
`
`
`IPR2018-00067
`U.S. Patent No. 8,577,813
`
`obvious over the combination of Maes and Labrou. Paper 12 at 33-35. Claim 42
`
`additionally requires that “data stored in the electronic ID device is subject to a
`
`mathematical operation employing the secret information that acts to modify the data
`
`such that it is unintelligible until the electronic ID device is activated, and the
`
`electronic ID device uses the secret information to reverse the mathematical
`
`operation and render the data legible.” This amended language is similar to original
`
`dependent Claim 9 (for which PO did not make specific validity arguments in its
`
`POPR or Response), except it adds that the mathematical operation uses the secret
`
`information (e.g., PIN). The ’813 Patent provides an XOR operation that uses a
`
`user’s PIN as one embodiment of the claimed mathematical operation. ’813 Patent
`
`(EX1001) at 45:18-47. Essentially, Proposed Claim 42 requires that the device
`
`encrypts “data” (i.e., any data) stored on the device until a PIN is provided, and the
`
`PIN is then used to decrypt such data.
`
`
`
`Maes teaches that “[t]he CPU 12 [of the PDA device] further includes an
`
`encrypter/decrypter module 24 for encrypting the personal and financial information
`
`before being stored in memory 14 and for decrypting such information when
`
`accessed by the user.” Maes (EX1003) at 5:14-17, 7:51-56. And local verification,
`
`using, for example, a combination of a biometric input and PIN input, must be
`
`performed before encrypted data is retrieved from memory and decrypted for use in
`
`a transaction (i.e., before the unintelligible data is rendered legible using a
`
`
`
`6
`
`
`
`IPR2018-00067
`U.S. Patent No. 8,577,813
`
`mathematical operation). See id. at 3:59-64, 11:27-32; see also Figs. 1 & 5. Maes
`
`expressly teaches use of “any known encryption technique or algorithm” such as
`
`those described in the well-known text by Bruce Schneier, Applied Cryptography.
`
`Id. at 10:11-14. It would have been obvious to a PHOSITA, based on Maes alone in
`
`view of a PHOSITA’s knowledge and ordinary skill, to perform Maes’ encryption
`
`using a basic XOR (“exclusive-OR”) operation with a secret string, such as a
`
`keyword or password, as one of the simplest, most computationally inexpensive
`
`means to reversibly render data on a device unintelligible. Cole MTA Decl.
`
`(EX1022) at ¶¶9-10, 12 (citing, inter alia, Schneier EX1015).
`
`
`
`Further, Labrou expressly teaches that its PIE (which Labrou teaches may
`
`include a PIN) may be used in an XOR operation for performing encryption to
`
`reversibly render the RSN unintelligible. Labrou (EX1005) at [0537]-[0538]
`
`(describing performing an XOR operation on the PIE and RSN). Simple XOR
`
`encryption operations that use a string (such as a PIN) as a key to encrypt and decrypt
`
`have long been a well-known encryption technique that provided a benefit of being
`
`computationally inexpensive. Cole MTA Decl. (EX1022) at ¶¶10, 23. Given that
`
`Maes already teaches use of a PIN prior to decrypting data and that its system may
`
`“employ any known encryption technique or algorithm,” a PHOSITA would have
`
`been motivated to use Labrou’s teaching of an XOR function that employs a PIE
`
`(which Labrou teaches may be a PIN), in the encryption and decryption performed
`
`
`
`7
`
`
`
`IPR2018-00067
`U.S. Patent No. 8,577,813
`
`by Maes. Id. This would have been the use of a well-known encryption technique
`
`to provide a well-known benefit of providing a computationally inexpensive way to
`
`enhance the encryption and decryption described in Maes. Id. Because application
`
`of this well-known technique would use a PIN value already used by Maes and Maes
`
`already teaches encrypting and decrypting data stored on the device, it would have
`
`required minor modifications to software and would have yielded predictable results
`
`with a reasonable expectation of success. Id. Proposed Claim 42, therefore, is
`
`obvious over the combination of Maes and Labrou.
`
`iii. Proposed Claims 28-41, 43, 46-49, and 51-52
`
`Claims 28-41, 43-49, and 51-52 depend from Claims 27, 42 or 50 and are not
`
`substantively different from their original counterparts, which recite limitations that
`
`Petitioner has shown are obvious over Maes and Labrou. See Paper 12 at 27-40. In
`
`its Response, PO has argued that certain dependent claims are not met by the prior
`
`art relied upon in the Petition. See Paper 27 at 35-38 (claim 2 – now claim 28), 48-
`
`51 (claims 12 and 21 – now claims 38 and 47). Petitioner will address PO’s
`
`arguments with respect to these dependent claim limitations in its forthcoming Reply
`
`to PO’s Response.
`
`2.
`
`
`
`
`
`
`Proposed Claims 32-36 and 44 are Obvious Over the
`Combination of Maes, Labrou, and Burger
`
`
`Claim 32 depends from Claim 27, which is obvious over Maes and Labrou,
`
`8
`
`
`
`IPR2018-00067
`U.S. Patent No. 8,577,813
`
`as set forth above. See supra Sec. A.1.i. Claim 32 corresponds to original Claim 6,
`
`and recites a limitation which is taught by Burger, as set forth in the Petition. Paper
`
`12, at 41-42. Paper 12 at 41-42, 46-47. Claims 33-36 (corresponding to original
`
`Claims 7-10) depend from Claim 32 and recite limitations that are taught by Maes
`
`or Labrou, as also set forth in the Petition. Id. at 42-46. For the reasons discussed in
`
`the Petition, it would have been obvious to incorporate Burger’s teachings related to
`
`Proposed Claim 32 to modify the system of Maes. Therefore, Claims 32-36 are
`
`obvious over Maes, Labrou, and Burger.
`
`
`
`Similarly, Claim 44 depends from Claim 42, which is obvious over Maes and,
`
`Labrou, as set forth above. See supra Sec. A.1.ii. Claim 44 corresponds to original
`
`Claim 18 and recites a limitation which is taught by Burger, as set forth in the
`
`Petition. Paper 12, at 46-47. For the reasons discussed in the Petition, it would have
`
`been obvious to incorporate such teachings of Burger into the system of Maes. Id.
`
`Therefore, Claim 44 is obvious over Maes, Labrou, and Burger.
`
`B.
`
`The Proposed Amendments are Obvious over Additional Prior Art
`Not Previously Before the Board
`
`In addition to the prior art cited in the Petition, this Response to the Motion to
`
`
`
`Amend introduces three new references: U.S. Pat. 5,280,527 to Gullman et al.
`
`(“Gullman”) (EX1023), U.S. Pat. App. Pub. 2004/0172535 to Jakobsson et al.
`
`(EX1024), and U.S. Pat. 5,479,512 to Weiss (“Weiss”) (EX1025). All three of these
`
`
`
`9
`
`
`
`IPR2018-00067
`U.S. Patent No. 8,577,813
`
`references were published over a year before the earliest possible priority date of the
`
`’813 Patent and, therefore, are prior art under at least 35 U.S.C. § 102(b).
`
`
`
`Further, all three references are analogous art to the ’813 Patent. See Cole
`
`MTA Decl. (EX1022) at ¶¶25, 30, 36. All three references are in the field of endeavor
`
`of the ’813 Patent because they relate to systems and methods for authenticating
`
`identity or verifying the identity of individuals seeking access to services. See ’813
`
`Patent (EX1001) at 1:37-42; compare with Gullman (EX1023) at 1:5-13, 2:29-36;
`
`Jakobsson (EX1024) at [0002], [0039]; Weiss (EX1025) at 2:65-3:7 (system relates
`
`to encryption system and method for authorizing a user). Each of the references is
`
`also reasonably pertinent to at least one problem with which the inventor of the ’813
`
`Patent was concerned. For example, Gullman and Jakobsson each teach providing
`
`improved security measures to prevent theft of user information or money by using
`
`biometrics. See, e.g., Gullman (EX1023) at 1:14-27; Jakobsson (EX1024) at [0008];
`
`see also ’813 Patent (EX1001) at 1:64-67. Similarly, Weiss relates to using
`
`encryption to solve problems related to the unauthorized access of either transmitted
`
`or stored data. See Weiss (EX1025) at 1:58-2:6; see also ’813 Patent at 45:18-54.
`
`1.
`
`Claims 27-31, 37-41, and 50-52 are Obvious over the
`Combination of Maes, Labrou, and Gullman
`
`
`
`
`
`As discussed above, the combination of Maes and Labrou renders Proposed
`
`Claims 27 and 50, and related dependent claims, obvious. However, in addition, the
`
`
`
`10
`
`
`
`IPR2018-00067
`U.S. Patent No. 8,577,813
`
`combination of Maes, Labrou, and Gullman also renders obvious the added “seed”
`
`limitations of independent Claims 27 and 50. Specifically, Gullman teaches methods
`
`for using a biometric measurement as part of the “seed” for generating a non-
`
`predictable security token (i.e., “non-predictable value”). See Gullman (EX1023) at
`
`2:20-26; see also id. at 1:32-34 (describing security token as a “non-predictable
`
`code.”). In addition to the biometric input (i.e., “biometric input” / “information
`
`associated with at least a portion of the biometric input”), other parts of this seed
`
`include a fixed code (i.e., “PIN” or “electronic serial number”) and a time-varying
`
`code, such as the time of day (i.e., “time value”), which are combined in a
`
`“verification algorithm” to generate the token:
`
`Upon entry of the cardholder's biometric information, the processor
`executes the verification algorithm. The verification algorithm uses the
`template data, the biometric input, a fixed code (i.e., PIN, embedded
`serial number, account number) and time-varying self-generated
`information to derive a token output.
`
`Id. at 2:53-59; see also id. at 4:3-8 (explaining that the relevant data is “combined”
`
`to generate the token).
`
`A PHOSITA would have been motivated to incorporate Gullman’s teachings
`
`regarding the combination of different values to create a seed for a non-predictable
`
`value into the system of Maes, as modified by Labrou. All three references relate to
`
`devices for providing verification of an identity of a user, and Gullman teaches a
`
`
`
`11
`
`
`
`IPR2018-00067
`U.S. Patent No. 8,577,813
`
`known technique for generating a seed using multiple known sources (e.g., time,
`
`serial number, biometric, and/or PIN) that was known in the art by 2006, and a
`
`PHOSITA would have been motivated to incorporate such teachings into similar
`
`prior art systems, such as Maes or Labrou, to achieve the known benefit of enhancing
`
`the strength of the non-predictable security token (and thus enhancing security) from
`
`combining multiple different values, including time and other values unavailable to
`
`outsiders, such as a PIN, an electronic serial number, and/or biometric information)
`
`as the seed. Cole MTA Decl. (EX1022) at ¶27.
`
`Further, incorporating this seed for use in the RSN generator of Labrou, for
`
`example, would have required only minor modifications in software and yielded
`
`predictable results regarding the type of information used for generating a seed,
`
`because Maes already teaches use of a biometric and PIN, as well as encryption, and
`
`Labrou already contemplates using both time and other data to generate a seed for
`
`generating a non-predictable value to be used in encrypting data. Id. Therefore, the
`
`incorporation of Gullman’s teachings regarding how to generate a non-predictable
`
`value from available sources of information into similar prior art systems would have
`
`had a reasonable expectation of success. Id. And this seed would not have made the
`
`PIE used in the EAI of Labrou redundant. For example, if the seed for the RSN
`
`consisted of the biometric, a serial number, and a time value, then the PIE used
`
`would be derived from the PIN, and no redundant information would inserted into
`
`
`
`12
`
`
`
`IPR2018-00067
`U.S. Patent No. 8,577,813
`
`the hash function used to generate EAI in Labrou. Cole MTA Decl. (EX1022) at ¶28.
`
`Therefore, Claims 27-31, 37-41, and 50-52 are obvious over the combination of
`
`Maes, Labrou, and Gullman.
`
`2.
`
`Claims 27-31, 37-41, and 50-52 are Obvious over the
`Combination of Maes, Labrou, and Jakobsson
`
`
`Jakobsson relates to a remote user verification system that uses one or more
`
`
`
`cryptographic combination functions to generate a non-predictable value that
`
`Jakobsson terms an “authentication code.” See Jakobsson at Abstract, [0013]; see also
`
`id. at [0049]; [0043], [0059]-[0060]. The combination function(s) use various inputs to
`
`generate the authentication code; for example, Jakobsson describes combining inputs
`
`from (1) a “dynamic value (e.g. a time value)” that changes over time (i.e., time value),
`
`(2) a device secret (e.g., a discrete code associated with the device), (3) an event state
`
`of a device, and (4) user data, such as a PIN and/or biometric data. See Jakobsson
`
`(EX1022) at Fig. 2; see also id. at [0013], [0017], [0043], [0049], [0060] (generally
`
`describing the invention); [0072], [0074] (the user data P may consist of a PIN,
`
`biometric information, or both); [0065] (the device secret K is a numerical value
`
`“uniquely associated with the device”); see also id. at [0066] (explaining that the
`
`time value is “uniquely associated with a particular predetermined time interval”),
`
`[0067]-[0069] (providing examples for T, such as the number of seconds since 12:00
`
`p.m. on Dec. 15, 1999).
`
`
`
`13
`
`
`
`IPR2018-00067
`U.S. Patent No. 8,577,813
`
`In one embodiment, a first combination function combines a time value T and
`
`
`
`a device secret K to generate an initial authentication code (i.e., a “seed”), and then
`
`this initial authentication code is further combined with user data P and an event
`
`state E, to generate a second authentication code (i.e., a non-predictable value). See
`
`Jakobsson at [0073]; see also id. at [0074]. Jakobsson teaches that such iterations of
`
`such combination functions could be based on any arrangement of the data used:
`
`[T]he combination function 230 combines a secret (K), a dynamic value
`(T), event state (E), user data (P), verifier identifier (V), and a generation
`value (N) to generate an authentication code 293. The combination
`function can combine these values (K, T, E, P. V. N) in various ways and
`in any order. Before being combined by the combination function 230,
`these values can be processed by one or more other functions.
`
`Id. at [0077]. Based on this teaching, a PHOSITA would recognize that, in addition to
`
`the examples provided in Paragraph [0073], other possible orders could exist. See Cole
`
`MTA Decl. (EX1022) at ¶¶31-33. For example, a PHOSITA would recognize from
`
`Jakobsson’s teachings that the system may first combine the user data, including both
`
`a biometric P, device secret K, and time value T as part of a first combination function
`
`to generate a non-predictable authentication code, and then using this authentication
`
`code as a seed in a second combination function that combines it with, for example, an
`
`event state E to generate a non-predictable authentication code. See id.
`
`
`
`14
`
`
`
`IPR2018-00067
`U.S. Patent No. 8,577,813
`
`A PHOSITA would have been motivated to combine Jakobsson’s teachings
`
`
`
`related to combining various kinds of inputs into a combination function to generate a
`
`first non-predictable authentication code (i.e., as a seed) and inputting this first code
`
`into a second combination function to generate a second authentication code as a non-
`
`predictable value with the system of Maes, as modified by Labrou. Cole MTA Decl.
`
`(EX1022) at ¶34. A PHOSITA would have recognized that the non-predictable
`
`authentication code would be used for the RSN of Labrou, or at least be used to
`
`supplement the inputs into the function R, to enhance security, as only the user device
`
`and verifying entity would be aware of the secret inputs and the functions used to
`
`combine them. Id. Subsequently, the non-predictable value may be used in accordance
`
`with the methods taught in Labrou—generating encrypting authentication information
`
`with a PIE (from, for example, a PIN), to secure a transaction message and enable the
`
`secure transaction server (STS) to verify a user. All three references relate to methods
`
`and systems for securely and remotely verifying the identity of a user, and such
`
`incorporation would have merely required the incorporation of known encryption
`
`techniques into an existing prior art system with similar purposes and structures. See id.
`
`Because the combination of Maes and Labrou already uses a seed to generate a non-
`
`predictable value, and because that combination also already includes the sources of
`
`seed data to be used, the incorporation of Jakobsson’s specific teachings regarding
`
`combining those various data sources to generate a seed to be used to generate a non-
`
`
`
`15
`
`
`
`IPR2018-00067
`U.S. Patent No. 8,577,813
`
`predictable authentication code would have yielded predictable results with a
`
`reasonable expectation of success. Id. And a PHOSITA would have appreciated that
`
`this combination would desirably further enhance security by combining those multiple
`
`data sources to enhance the strength of the non-predictable value. See id. Therefore,
`
`Claims 27-31, 37-41, and 50-52 are obvious over Maes, Labrou, and Jakobsson.
`
`3.
`
`Claims 42-43 and 46-49 are Obvious over the Combination of
`Maes, Labrou, and Weiss
`
`
`As discussed above, the combination of Maes and Labrou renders Proposed
`
`
`
`Claims 42 and related dependent claims obvious. However, in addition, the new
`
`combination of Maes, Labrou, and Weiss also satisfies the added limitation in
`
`Proposed Claim 42 (i.e., using a mathematical operation that uses secret information
`
`to reversibly render data unintelligible) and renders these claims obvious. As
`
`discussed, the ’813 Patent describes using a simple XOR operation with a PIN to
`
`secure data on a device. This is not the first time the inventor of the ’813 Patent
`
`described using such methods to encrypt data stored on a device. Weiss, prior art by
`
`the same inventor, teaches methods for “concryption” (compression and encryption)
`
`to securely store or transmit large amounts of data. See Weiss (EX1025) at Abstract.
`
`Weiss teaches using an XOR operation (i.e., “mathematical operation”) with a
`
`password (i.e., “secret information”) to encrypt (i.e., “render unintelligible”) data
`
`stored on a device:
`
`
`
`16
`
`
`
`IPR2018-00067
`U.S. Patent No. 8,577,813
`
`
`[T]he encryption step includes dividing the results of a selected
`compression step into a plurality of blocks or segments, selecting an
`encryption key for each segment and performing an encryption
`operation for each segment utilizing the corresponding encryption key.
`… For preferred embodiments, the encryption operation is performed
`by exclusive ORing the encryption key with the results … [T]he
`encryption key may be formed by exclusive ORing a password for a
`system user with a code derived from a token ….
`Id. at 3:10-35; see also id. at 6:27-52, Claim 12; see also id. at 3:4-7 (the encryption
`
`key is static for stored data). Weiss teaches that to decrypt the data, the system simply
`
`reverses the encryption process. See id. at 4:15-18.
`
`
`
`A PHOSITA would have been motivated to incorporate Weiss’s teachings
`
`related to using exclusive-OR operations employing a password (i.e., “secret
`
`information”) to encrypt data stored on an identification device into the system of
`
`Maes, as modified by Labrou, as this was a well-known technique for limiting access
`
`to data stored on a device in a computationally inexpensive way (i.e., by using the
`
`well-known XOR operation). See Cole MTA Decl. (EX1022) at ¶¶10, 38-39. Like
`
`Weiss, some embodiments of Maes requires the entry of a password or PIN to
`
`retrieve data, and Maes teaches that “any known encryption/decryption process”
`
`may be used to provide Maes’ encryption. See Maes (EX1003) at 10:11-18.
`
`Incorporating Weiss’s teachings into the PDA device of Maes would have required
`
`only minor modifications to the software of the PDA of Maes and would have
`
`
`
`17
`
`
`
`IPR2018-00067
`U.S. Patent No. 8,577,813
`
`yielded predictable results related to protecting data stored in a device via a
`
`password, because (1) Maes already teaches use of a password or PIN, (2) Maes
`
`already teaches storing data in encrypted form on its device, and (3) Weiss’s XOR
`
`operation was a well-known and computationally inexpensive technique for securing
`
`data on a device. See Cole MTA Decl. (EX1022) at ¶39. Therefore, a PHOSITA
`
`would have had a reasonable expectation of success in securing the data stored on
`
`the device of Maes in accordance with the techniques taught in Weiss. Id.
`
`4.
`
`Claim 45 is Obvious over the Combination of Maes, Labrou,
`and Weiss, in further view of either Gullman or Jakobsson
`
`
`Claim 45 depends from Claim 42 and recites that the authentication
`
`
`
`information is generated from a seed by employing at least two of the biometric data,
`
`the secret information, and an electronic serial number of the electronic ID device.
`
`Claim 42 is obvious over Maes, Labrou, and Weiss (see supra Sec. B.3). Claim 45
`
`is obvious over the combination of Maes, Labrou, and Weiss in further view of
`
`Gullman, as Gullman teaches that a seed may be generated from, e.g., a biometric
`
`and an electronic serial number of the device. See Gullman (EX1023) at 2:53-59;
`
`see also id. at 4:4-8; Cole MTA Decl. (EX1022) at ¶40. Further, Claim 45 is also
`
`obvious over the combination of Maes, Labrou, and Weiss in further view of
`
`Jakobsson, which a PHOSITA would recognize teaches combining a device secret
`
`K and fingerprint data, inter alia, for generating a non-predictable authentication
`
`
`
`18
`
`
`
`IPR2018-00067
`U.S. Patent No. 8,577,813
`
`code to be used in generating EAI. See Jakobsson (EX1024) at [0073]; see also id.
`
`at [0074], [0077], and [0013]; see also Cole MTA Decl. (EX1022) at ¶¶32-34. A
`
`“device secret” is a unique value manufactured into a device and, therefore, is an
`
`example of a serial number. See Jakobsson (EX1024) at [0065]. For the same reasons
`
`discussed regarding Claims Proposed Claims 27 and 50 in Sections B.1 and B.2,
`
`supra, a PHOSITA would have been motived to incorporate these teachings of
`
`Gullman or Jakobsson, respectively, into the system of Maes, as modified by
`
`Labrou, as further modified by Weiss, and would have had a reasonable expectation
`
`of success in making such combinations. Cole MTA Decl. (EX1022) at ¶40-41.
`
`5.
`
`Claims 32-36 are Obvious over i) Maes, Labrou, and Gullman,
`in further view of Burger and ii) Maes, Labrou, and Jakobsson,
`in further view of Burger
`
`
`
`
`
`Claim 32 depends from Claim 27, which is obvious over i) Maes, Labrou, and
`
`Gullman (see supra Sec. B.1) and ii) Maes, Labrou, and Jakobsson (see supra Sec.
`
`B.2). Claim 32 corresponds to original Claim 6 (which PO did not specifically
`
`defend in its Response), and recites a limitation taught by Burger, as set forth in the
`
`Petition. Paper 12, at 41-42. Claims 33-36 depend from Claim 32 and, as discussed
`
`above (s
Accessing this document will incur an additional charge of $.
After purchase, you can access this document again without charge.
Accept $ Charge
Still Working On It
This document is taking longer than usual to download. This can happen if we need to contact the court directly to obtain the document and their servers are running slowly.
Give it another minute or two to complete, and then try the refresh button.
A few More Minutes ... Still Working
It can take up to 5 minutes for us to download a document if the court servers are running slowly.
Thank you for your continued patience.
This document could not be displayed.
We could not find this document within its docket. Please go back to the docket page and check the link. If that does not work, go back to the docket and refresh it to pull the newest information.
Your account does not support viewing this document.
You need a Paid Account to view this document. Click here to change your account type.
Your account does not support viewing this document.
Set your membership
status to view this document.
With a Docket Alarm membership, you'll
get a whole lot more, including:
- Up-to-date information for this case.
- Email alerts whenever there is an update.
- Full text search for other cases.
- Get email alerts whenever a new case matches your search.
One Moment Please
The filing “” is large (MB) and is being downloaded.
Please refresh this page in a few minutes to see if the filing has been downloaded. The filing will also be emailed to you when the download completes.
Your document is on its way!
If you do not receive the document in five minutes, contact support at support@docketalarm.com.
Sealed Document
We are unable to display this document, it may be under a court ordered seal.
If you have proper credentials to access the file, you may proceed directly to the court's system using your government issued username and password.
Access Government Site
