PUBLIC VERSION
`
`IPR2018-00067
`
`Patent 8,577,813
`
`UNITED STATES PATENT AND TRADEMARK OFFICE
`
`BEFORE THE PATENT TRIAL AND APPEAL BOARD
`
`UNIFIED PATENTS INC.
`
`Petitioner
`
`V.
`
`UNIVERSAL SECURE REGISTRY LLC
`
`Patent Owner
`
`IPR2018-00067
`
`Patent 8,577,813
`
`PETITIONER’S REPLY TO PATENT OWNER’S RESPONSE
`
`

`

`PUBLIC VERSION
`
`IPR2018-00067
`
`Patent No. 8,577,813
`
`TABLE OF CONTENTS
`
`INTRODUCTION .......................................................................................... 1
`
`CLAIMS 1-3, 5-9, 11-18, AND 20-26 ARE OBVIOUS ............................... l
`
`A. Maes in view ofPare renders claims 1, 2, 3, 5, 11, 13—17, 20, and
`22—26 obvious ...................................................................................... 1
`
`l.
`
`2.
`
`3.
`
`Pare does not teach away from the claimed electronic ID
`device ......................................................................................... 2
`
`The combination of Mass and Pare is not redundant ................ 5
`
`The preposed combination does not change Maes’s basic
`principle of operation ................................................................. 7
`
`4.
`
`A PHOSITA would have been motivated to combine Maes
`
`and Pare ..................................................................................... 9
`
`5.
`
`Maes teaches the discrete code associated with the electronic ID
`
`device of Claim 2 ..................................................................... 11
`
`B.
`
`Mates in view of Pare in further View of Labrou renders claims 12—15,
`
`17, 20—23, 25, and 26 obvious ............................................................ 11
`
`C.
`
`Mates in view of Labrou renders Claims 1, 2, 3, 5, 11—17, and 20—26
`
`obvious ............................................................................................... 12
`
`1.
`
`The combination of Maes and Labrou renders the independent
`claims obvious ......................................................................... 12
`
`2.
`
`Claims 12 and 21 are obvious over the combination of Maes
`
`and Labrou ............................................................................... 15
`
`D.
`
`E.
`
`Patent Owner does not dispute the combinations with Burger .......... 17
`
`Pizarro in View of Pare renders Claims 1, 2, 5, 11, 13, 16, 17, and 24
`
`obvious ............................................................................................... 17
`
`THE PETITION PROPERLY CERTIFIED UNIFIED AS THE SOLE
`
`REAL PARTY IN INTEREST .................................................................... 18
`
`A.
`
`B.
`
`Unified is the sole RPI under the Trial Practice Guide ...................... 19
`
`A]T did not change Unified’s status as the sole RPI, like the Board has
`recently found .................................................................................... 21
`
`CONCLUSION ............................................................................................ 25
`
`

`

`PUBLIC VERSION
`
`IPR2018-00067
`
`Patent No. 8,577,813
`
`INTRODUCTION
`
`The ’8 1 3 Patent is directed to authenticating a user using biometric and secret
`
`information provided to a user device and transmitting encrypted authentication
`
`information generated therefrom to a remote secure registry for validation. PO does
`
`not dispute that the limitations of the independent claims are taught by the proposed
`
`prior art combinations and, instead, only disputes the motivations to combine. PO
`
`resorts to mischaracterizing the prior art to suggest that the art teaches away or would
`
`have an altered basic principle of operation if combined. But when correctly
`
`interpreted, the art renders the claims obvious. And PO’s real-party—in-interest (RPI)
`
`argument mischaracterizes the holding of AIT and the relevant facts. Petitioner’s
`
`members are not RPIs, as the Board has found numerous times in the past, including
`
`in recent, post-AIT opinions.
`
`Therefore, for the reasons the Board instituted review, the Board should find
`
`that Claims 1-3, 5-9, 11-18, and 20-26 of the ”813 Patent are obvious.
`
`CLAIMS 1-3, 5-9, 11-18, AND 20-26 ARE OBVIOUS
`
`A. Macs in view of Pare renders claims 1, 2, 3, 5, 11, 13—17, 20, and 22—
`26 obvious
`
`Macs teaches a system that allows a user of a PDA device to engage in
`
`transactions without having to carry multiple credit cards (e.g., tokens). Id. at 12:5-29.
`
`For each transaction, a user must locally authenticate herself with the PDA using a
`
`

`

`PUBLIC VERSION
`
`IPR2018-00067
`
`Patent No. 8,577,813
`
`biometric and/or PIN. See Maes (EX1003) at 5:54-67. The user provides an
`
`authorization number to a POS device, which the POS device sends to a central server
`
`for confirmation of the user’s identity by verifying the authorization number against a
`
`previously issued digital certificate. Id. at 6:47-55, 12255-1325.
`
`Pare relates to a system for providing remote authentication of a user by having
`
`the user input a biometric and PIN, inter alia, into a biometric input apparatus (“BIA”)
`
`that encrypts the user’s input with other information and sends it via a POS device to a
`
`remote server that contains a mapping of the user’s verification information. Pare
`
`(EX1004) at 4:25-42, 6: 12-17, Figs. 4-9. The server then decrypts the data and verifies
`
`whether the transaction is proper. Id. at 9:45-57, Fig. 8.
`
`The proposed combination of Pare and Maes substitutes the authorization
`
`number and other information provided by Maes to a POS device and instead uses the
`
`encrypted transaction message taught in Pare in the context of wireless transactions.
`
`Paper 12 (“Petition”) at 21-23. In this way, a user’s sensitive data is protected from
`
`attack, and security is enhanced. Id.
`
`1.
`
`Pare does not teach awayflom the claimed electronic ID device
`
`PO argues that Pare teaches away from the claimed electronic ID device
`
`because Pare teaches against the use of “tokens” in financial transactions and PO
`
`alleges that “electronic ID devices (like the PDA of Maes)” are such “tokens.” POR
`
`at 20—23. This argument fails because it relies on the misconception that Pare
`
`

`

`PUBLIC VERSION
`
`IPR2018-00067
`
`Patent No. 8,577,813
`
`characterizes all “portable man made memory devices” as “tokens.” But Pare refers
`
`to credit/debit cards, “smart cards” and magnetic strip or other “swipe cards” as
`
`tokens; not once does Pare identify electronic devices, such as cell phones or PDAs,
`
`as tokens. See Pare (EX1004) at Abstract (“[A] buyer can conduct commercial
`
`transactions without having to use any tokens such as portable man-made memory
`
`devices such as smart cards or swipe cards”);l see also id. at 1:10—223, 7:17—21,
`
`Claims 1(g), 31(h), 32(g), 33(g), 34(g), and 66(g).
`
`If all “portable man-made memory devices” were “tokens” in Pare’s usage,
`
`then so too would be the biometric input apparatus (“BIA”) of Pare, which would
`
`lead to the nonsensical conclusion that Pare teaches away from itself. Pare’s BIA is
`
`a portable, man-made memory device because it contains memory for storing certain
`
`data for performing a financial transaction, allows a user to access their financial
`
`accounts, and can be integrated within a cellular telephone.rSee id. at 9:65—10zl
`
`(“The biometric input device is further equipped with
`
`erasable and non-erasable
`
`memory modules”); 4:21-24; 11:22-28 (BIA may be integrated within telephone);
`
`14—19—32 (same); 30:48-50 (BIA integrated with cellular telephone); 10:1 -7 (cellular
`
`1 Unless otherwise indicated, all emphases have been added by Petitioner.
`
`

`

`PUBLIC VERSION
`
`IPR2018-00067
`
`Patent No. 8,577,813
`
`telephone network); 6:4-8 (system may display account name during authorization
`
`in case the owner forgets); 41 :34-55 (accessing list of accounts).
`
`Further, even if Pare cited a preference for not
`
`locally storing certain
`
`information in a way that could be potentially accessible to thieves or that would
`
`inconvenience a user if lost, it does not teach away from electronic ID devices.
`
`Indeed, Pare makes clear that the technology to secure such devices existed in its
`
`time. See id. at 14:33-37 (stating that a BIA integrated with a phone may be insecure,
`
`but “higher-security versions with more complete enclosures are possible and
`
`encouraged”); 20:4-15 (teaching that use of biometric and PIN, along with
`
`encryption, restricts potential criminal access); see also Meirsonne v. Google, Inc,
`
`849 F.3d 1379 (Fed. Cir. 2017) (quoting Galderma Labs, LP. v. Tolmar, Inc, 737
`
`F.3d 731, 738 (Fed. Cir. 2013) (“A reference that ‘merely expresses a general
`
`preference for an alternative invention but does not criticize, discredit, or otherwise
`
`discourage investigation into’ the claimed invention does not teach away”). A
`
`PHOSITA would not find Pare to teach away from Maes 19 PDA because it would
`
`not conclude that the PDA is a “token” as taught by Pare, and a PHOSITA would
`
`recognize that the encryption techniques of Pare would enhance the security of
`
`Maes. Cole Reply Decl. (EX1032) at 111113-14. And like Pare, the express purpose
`
`of Maes is to eliminate the necessity of carrying around many cards, or tokens, and
`
`to require more consistent user authentication. See Maes (EX1003) at 1:59-2:20.
`
`

`

`PUBLIC VERSION
`
`IPR2018-00067
`
`Patent No. 8,577,813
`
`2.
`
`The combination ofMaes and Pare is not redundant
`
`PO argues that it would have been redundant and, thus, not obvious, to
`
`perform both local and remote authentication. POR at 23-25. But a PHOSITA would
`
`have recognized that performing both local and remote authentication provides
`
`benefits, including enhanced security. See Cole Reply Dec]. (EX1032) at WIS-20.
`
`For example, a remote device may not be designed to trust a local device or an added
`
`layer of security may be desired. See id. at 11117-9. Thus,
`
`local and remote
`
`authentication is not a type of redundancy that would have rendered the proposed
`
`combination non-obvious. Id. at 111115-20.
`
`Further, both the ’813 Patent itself and Mae's contemplate performing both
`
`local and remote authentication. The ”813 Patent states “the authentication of the
`
`biometric occurs at the user device 352, at the POS device 354, at the USR 356 Lat
`
`a combination of the preceding.” ’813 Patent (EXIOOI) at 47:35-38. PO’s argument,
`
`therefore, contradicts the ’813 Patent itself.2
`
`Macs also teaches both local and remote verification of a biometric and a
`
`2 Confronted with this disclosure, Dr. Jakobsson attempted to re-write this plain language,
`
`contending it meant to say “different aspects of the biometrics [] are verified in different
`
`locations.” Jakobsson Tr. (EX1033) at 61 :15—62: 17.
`
`

`

`PUBLIC VERSION
`
`IPR2018-00067
`
`Patent No. 8,577,813
`
`PIN—remote verification of both is used every time a user seeks to download a
`
`digital certificate, and local verification of both is used every time the user activates
`
`the device before it will access and decrypt the digital certificate and other stored
`
`encrypted data for a transaction. See Mae's (EX1003) at 8:50-65, 10:18-21 (relating
`
`to remote verification); see also id. at 3:59—61, 5:54-67 (relating to local
`
`verification). PO’s expert concedes Maes ’s teachings (EX1033 at 76: 14-77224), but
`
`attempts to distinguish them by arguing that verification steps occur in different
`
`“sessions.” See Jakobsson Tr. (EX1033) at 81:23—82:21. But Maes teaches that the
`
`user can choose any lifespan of the digital certificate, thus allowing for a digital
`
`certificate that would persist for only one transaction session. Hence, a user can
`
`effectively require both local and remote verification for each transaction according
`
`to Maes’s teachings. See Cole Reply Decl.
`
`(EX1032) at 1118; Jakobsson Tr.
`
`(EX1033) at 7827-15. Indeed, if the user went to perform a transaction and the device
`
`informed her that the digital certificate had expired, the user would have to promptly
`
`re-authenticate with the server to obtain a new certificate before proceeding with the
`
`transaction. Cole Reply Deal. (EX1032) at1[18. And, in any event, Maes also teaches
`
`that the server uses the authorization number, which is a function of the digital
`
`certificate, to remotely confirm during the transaction that the user was properly
`
`verified. Id. at 1119; Mae's (EX1003) at l2:66-13:5; see also id. at 6:50-53.
`
`Performing both local and remote authentication in this combination would,
`
`

`

`PUBLIC VERSION
`
`IPR2018-00067
`
`Patent No. 8,577,813
`
`therefore, not introduce redundancy that renders this combination non-obvious.
`
`3.
`
`The proposed combination does not change Maes’s basic
`principle ofoperation
`
`PO suggests that the basic principle of operation of Maes involves providing
`
`biometric security for transactions “that do not involve electronic data transfer” and
`
`that display or verbal communication of the authorization number is, therefore,
`
`necessary for this principle. POR at 27-28. This is incorrect. The basic principle of
`
`Maes is to provide a portable electronic device that eliminates the need to physically
`
`carry insecure financial cards and provides for biometric and PIN verification to
`
`engage in secure transactions with merchants through using a remote central server
`
`in authorizing transactions. Cole Reply Decl. (EX1032) at 1121 (citing Maes at 1:59-
`
`2:20, 2:23-30,
`
`3:32-3 7). Mae's
`
`specifically teaches
`
`that
`
`transaction and
`
`authentication information can be transmitted wirelessly. See Petition at 23 ~24; see
`
`also Maes (EX1003) at Abstract, 12:5-29, 13:34-38, 3:34-36. And it is not true that
`
`the authorization number
`
`in Maes is only ever verbally communicated or
`
`displayed—in one embodiment involving money transfers, Maes teaches that an
`
`authorization number may be transmitted wirelessly. See Maes (EX1003) at 14:58-
`
`67. That the authorization number may also be displayed or verbally communicated
`
`does not render such a feature a basic principle of operation or detract from the fact
`
`that it would have been obvious to wirelessly transmit an encrypted transaction
`
`

`

`PUBLIC VERSION
`
`IPR2018-00067
`
`Patent No. 8,577,813
`
`message, as taught in Pare and supported in Maes. Cole Reply Decl. (EX1032) at
`
`1123. The key to the authorization number is that it “is a function of the unexpired
`
`digital certificate,” allowing the central server to confirm for the merchant that the
`
`user was properly verified with the server. Id.; see also Maes (EX1003) at 13:1-5.
`
`Thus, the potential to be used in transactions not involving electronic data transfer
`
`is not Maes ’3 basic principle of operation.
`
`Second, PO argues that it is a basic principle of Mae: that its system be
`
`capable of being “immediately employed” with no infrastructure changes—and that
`
`combining Pare would require such changes, such as adding a “seller registration
`
`step.” POR, 28-30. But Maes does not prohibit changes to infrastructure. While
`
`Maes does teach backwards compatibility with current infrastructure through the use
`
`of a Universal Card, it also teaches the PDA may be used without the card. Id. at
`
`12:5-29. Maes also contemplates other upgrades, such as “advanced” POS terminals
`
`that write receipts to cards or PDA or “special” POS terminals with biometric
`
`sensors. Id. at 11:42—51, 12:16-18, 14:17—21. Indeed, PO’s expert agreed Maes
`
`would be compatible with “enhancements that can be rolled out gradually and which
`
`would enable additional features.” See Jakobsson Tr. (EX1033) at 92:21-94:2. A
`
`PHOSITA, therefore, would not understand the basic principle of Operation of Maes
`
`to preclude infrastructure updates. Cole Reply Decl. (EX1032) at flfl21-22, 24.
`
`

`

`PUBLIC VERSION
`
`IPR201 8-00067
`
`Patent No. 8,577,813
`
`PO’S “seller registration step” argument also fails. First, Pare does not require
`
`a seller identification code in all of its embodiments. See Pare (EX1004) at 45:1-5
`
`(“Ea packet contains a seller identification code, the MACM also checks the seller
`
`identification code ...”). But even if that were true, having sellers register would not
`
`have required substantial
`
`infrastructure enhancements—these would have been
`
`minor software modifications with predictable results, as Pare discloses the seller
`
`identification code may be something as simple as a seller’s phone number. See id.
`
`at 56:9 (“[T]he seller identification code, be it phone number ...”); see also Cole
`
`Reply Decl. (EX1032) at 1125. Even standard POS systems required sellers to register
`
`with financial institutions—there is no reason that similar registration would not be
`
`compatible and readily implemented in the Macs—Pare combination. See Cole Reply
`
`Decl. (EX1032) at 1[25.
`
`4.
`
`A PHOSITA would have been motivated to combine Macs and
`
`Pare
`
`A PHOSITA would have been motivated to combine Pare’s specific
`
`encrypted authentication information with the transactional system in Maes to
`
`enhance security in Maes. See id. at 1126; see also Petition at 21-22, 24-25, 35.
`
`Enhanced security was a primary goal of financial transactional systems, as revealed
`
`by the art of record; therefore, contrary to PO’s arguments, there certainly were
`
`design/market forces motivating the combination for reasons other than that one
`
`

`

`PUBLIC VERSION
`
`IPR2018-00067
`
`Patent No. 8,577,813
`
`“could” do so. Further, Macs specifically teaches transmitting encrypted data. See
`
`Maes (EX1003) at 13:34-38; see also id. at 13 :51-60. A PHOSITA would have been
`
`motivated by these disclosures, as well as Maes’s teaching that it “may employ any
`
`known encryption technique or algorithm,” to consider the specific techniques for
`
`encrypting authentication and transaction data taught in Pare. Mates (EX1003) at
`
`10:10-15; Petition at 22; see also Cole Reply Decl. (EX1032) at111l27-28. PO ignores
`
`this motivation in its Response. The similarity of the systems and their purposes,
`
`including their use of both PIN and biometric data, and Maes ’3 general use of any
`
`known encryption, provide motivation for the proposed combination. See Ruiz v.
`
`AB. Chance C0,, 357 F.3d 1270, 1276 (Fed. Cir. 2004) (“[T]his court has
`
`consistently stated that a court or examiner may find a motivation to combine prior
`
`art references in the nature of the problem to be solved”); see also MPEP §
`
`2143(I)(A)-(D).
`
`PO’s argument that Maes never suggests “encrypting” the authorization
`
`number itself is misplaced. POR at 32. The authorization number of Mae's is “a
`
`function of the unexpired digital certificate” obtained from the central server so as
`
`to allow the server to confirm for the merchant that “the user was properly verified.”
`
`Maes (EX1003) at 1311-5. Therefore, the authorization number does not itself get
`
`“encrypted” because it already represents obscured data. Cole Reply Decl. (EX1032)
`
`at 1128. Further, Maes teaches that authorization numbers can contain encrypted
`
`

`

`PUBLIC VERSION
`
`IPR2018-00067
`
`Patent No. 8,577,813
`
`transaction amounts to reduce risk of fraud. See also id. at 15:15-20; 13:39-50.
`
`5.
`
`Maes teaches the discrete code associated with the electronic ID
`
`device of Claim 2
`
`PO argues that Maes ’s account number is not unique to the device because it
`
`can also be associated with the universal card. POR, 35-37. Claim 2 recites “a
`
`discrete code associated with the electronic ID device,” not a discrete code “unique
`
`to only” the electronic ID device. Maes states that the account number is “unique”
`
`(Maes at 7:25-27) and that it is “an account number of the PDA device.” Id. at 7:45-
`
`49. Thus, even if the account number were for both the universal card and the PDA,
`
`the account number is nonetheless unique and “associated wit ” the PDA, and,
`
`therefore, “a discrete code associated with the electronic ID device.”
`
`B. Maes in view of Pare in further view of Labrou renders claims 12-15,
`
`17, 20-23, 25, and 26 obvious
`
`Dependent claims 12—15, 17, 20—23, 25, and 26 are obvious over Maes, Pare,
`
`and Labrou, as PO does not dispute Labrou teaches these dependent limitations,
`
`except for claims 12 and 21. PO’s arguments regarding claims 12 and 21 are
`
`addressed in Section C.2, infia.
`
`

`

`PUBLIC VERSION
`
`IPR2018-00067
`
`Patent No. 8,577,813
`
`C. Maes in view of Labron renders Claims 1, 2, 3, 5, 11—17, and 20—26
`obvious
`
`I.
`
`The combination of Maes and Labrou renders the independent
`claims obvious
`
`PO’s arguments against the combination of Maes and Labroa are based on
`
`two initial mistaken premises. First, Labrou does not
`
`limit the PIE (“Private
`
`Identification Entry,” an alphanumeric string) to only a PIN, but emphasizes it can
`
`be “any other PIE,” including a PIE that is generated from a biometric input. See
`
`Labrou (EX1005) at [0245], [524]. And Labroa repeatedly teaches the use of
`
`biometrics in combination with a PIN for verifying a user. See, e. g., id. at [0421]
`
`(“[T]he user selects and confirms the transaction by selecting the purchase button
`
`and entering (to the device 102) her PIN (and/or biometric if available).”); see also
`
`id. at [0158], [0416]-[0418], [0456]. As discussed in the Petition, a PHOSITA would
`
`have been motivated from these teachings to create a PIE from both a PIN and
`
`biometric because use of both a PIN and biometric for the PIE would have provided
`
`desirable multi-factor authentication. See Petition at 21; see also Cole Reply Decl.
`
`(EX1032) at 1]]4—6, 29. Using both a PIN and biometric for the PIE is further
`
`bolstered by Maes ’s teachings of using both a PIN and biometric to verify a user.
`
`See Cole Reply Decl. (EX1032) at [29; see also Maes (EX1003) at 3:46-48 (“[T]he
`
`central server verifies the user either biometrically or through PIN or password Qfl
`
`

`

`PUBLIC VERSION
`
`IPR2018-00067
`
`Patent No. 8,577,813
`
`combination thereof”). Therefore, Labrou renders obvious generating the PIE from
`
`both a PIN and biometric.
`
`PO’s second argument mischaracterizes the state of the art and is defeated by
`
`its expert’s concession. PO argues that Labrou’s encryption would fail if biometric
`
`input was used in generating the PIE because the same PIE could not be reproducibly
`
`generated from different, varied measurements ofthe same biometric input. See POR
`
`at 40—44. When cross-examined, PO’S expert initially insisted that generating a
`
`repeatable cryptographic string from biometrics was an “open problem” in
`
`cryptography. See Ex. 1033, Jakobsson Tr. at 102:21-103z9; see also id. at 101:6-
`
`10; 103:3-101:25, 108224-109211, 110213-19. But when confronted with his own
`
`prior art on this issue, Dr. Jakobsson confirmed that generating a repeatable string
`
`from a biometric input m possible and known before 2006, contradicting his earlier
`
`Opinion:
`
`Q. [A] cryptographic key is not necessarily a string in your opinion?
`
`A. No, it is a string.
`
`Q. So it was possible to generate a repeatable string from a biometric
`
`input, right?
`
`A. Yes, but it would not work in Labrou.
`
`Q. But a PIE is a string, right?
`
`A. Yes, a PIE is a string.
`
`

`

`PUBLIC VERSION
`
`IPR2018—00067
`
`Patent No. 8,577,813
`
`Jakobsson Tr. (EX1033) at 114:14-115:19; see also id. at 110:20-1 13:1 (describing
`
`the disclosure of US. Patent No. 6,901,145 (EX1030)); see also EX1030 at 5:1-3
`
`(“One of the advantages of the present invention is its ability to generate a repeatable
`
`cryptographic key in view of varying [biometric] measurements”). A PHOSITA
`
`would have known how to generate repeatable cryptographic strings, such as the PIE
`
`in Labrou, from varying biometric measurements of the same person. See Cole Decl.
`
`(EX1032) at 111110—12, 30; see also Labrou (EX1005) at [0524], [0537-0538] (the
`
`PIE is a string). Dr. Jakobsson provides no support for his testimony above that these
`
`methods “would not work” for the PIE in Labrou, and confirmed that the encryption
`
`function described in Labrou Mwork if the PIE were the same. See Jakobsson
`
`Tr. (EX1033) at 116:3-9. Because it was known how to generate a repeatable
`
`cryptographic string from varying biometric inputs, PO’s argument that it would not
`
`have been possible to reproducibly generate the PIE from biometric input is
`
`incorrect.
`
`Next, PO over-extends the holding of Personal Web Techs., LLC v. Apple,
`
`Inc, in suggesting that extensive explanation of exactly how the Maes-Labrou
`
`combination would operate is required. POR, 45. But that case confirmed “a brief
`
`explanation” may suffice. 848 F.3d at 994. As explained in the Petition, and upon
`
`which the Board instituted review, Labrou’s encryption of a “user’s transaction
`
`information” (including by using the RSN and a PIE generated from a PIN and
`
`

`

`PUBLIC VERSION
`
`IPR2018-00067
`
`Patent No. 8,577,813
`
`biometric to generate a key) would be substituted for Maes’s authorization number.
`
`Petition, 20-21, 24—25, 34, see also Institution Decision at 12. The combination need
`
`not address whether every aspect of Labrou is to be bodily incorporated, but rather
`
`“whether a skilled artisan would have been motivated to combine the teachings of
`
`the prior art references to achieve the claimed invention.” Allied Erecting &
`
`Dismantling Co. v. Genesis Attachments, LLC, 825 F.3d 1373, 1381 (Fed. Cir. 2016)
`
`(internal quotations omitted).
`
`Finally, PO’s arguments that there is no motivation to combine Maes and
`
`Labrou for the same reasons discussed for Pare (POR, 46—48) fail for the same
`
`reasons discussed above. See supra, Secs. II.A.3-4.
`
`2.
`
`Claims 12 and 21 are obvious over the combination ofMacs and
`Labrou3
`
`PO argues that the account aliases in Labrou do not satisfy the “account
`
`identifying information” in claims 12 and 21 because they exist prior to being
`
`selected for a transaction. POR at 49. PO’s argument relies on an implicit
`
`construction that the claimed “account identifying information” (and thus Labrou’s
`
`aliases) must be generated only after user selection. The claim language includes no
`
`3 Alternatively, these claims are obvious over Maes and Pare, in further view ofLabrou.
`
`See Institution Decision at 16, n.10.
`
`

`

`PUBLIC VERSION
`
`IPR201 8—00067
`
`Patent No. 8,577,813
`
`such limitation. Even if it did, a PHOSITA would have understood that the user’s
`
`selection of a particular account alias would cause information to be generated by
`
`the device specifying the alias that was selected so that the device could inform the
`
`server the correct account to use for the transaction. Cole Reply Decl. (EX1032) at
`
`1]3 l. Labrou teaches that the device stores only aliases, not actual account numbers;
`
`therefore, the representation of the selected account in the device is the selected alias,
`
`not the account number. Labrou (EX1005) at '[H] [0421], [0293], [0474]. When
`
`received at the server, the selected alias is used to determine the correspond account
`
`in a one-to-one mapping; otherwise the server would not know which account to
`
`charge. See Jakobsson Tr. (EX1033) at 122:19-23 (agreeing); see also Cole Reply
`
`Decl. (EX1032) at 1B2; Labrou at [0266], Fig. 34. Therefore, the selection of the
`
`account alias constitutes account identifying information that is generated after the
`
`alias is selected and that identifies an account. Cole Reply Decl. (EX1032) at 1[31.
`
`Labrou therefore teaches the limitations of claims 12 and 21.
`
`Further, PO’s arguments that Labrou’s teachings would conflict with Maes’s
`
`principle of operation are incorrect and irrelevant for many of the reasons discussed
`
`with respect to the combination of Mates and Pare discussed above. Maes is
`
`compatible with upgrades in technology/infrastructure; therefore, allowing a PDA
`
`to transmit selected account aliases instead of account numbers would not have
`
`rendered Maes inoperable. See supra Sec. II.A.3; Cole Reply Decl. (EX1032) at 1B3.
`
`

`

`PUBLIC VERSION
`
`IPR2018-00067
`
`Patent No. 8,577,813
`
`Claims 12 and 21 are therefore obvious over Maes and Labrou, as well as over Maes,
`
`Pare, and Labrou.
`
`D.
`
`Patent Owner does not dispute the combinations with Burger
`
`PO does not dispute that Burger teaches the limitations of Claims 6 and 18, or
`
`that a PHOSITA would be motivated to combine Burger. For the reasons discussed
`
`above and in the Petition, Claims 6—9 and 18 are obvious over the combination ofMaes,
`
`Pare, and Burger, and over the combination ofMaes, Labrou, and Burger.
`
`E.
`
`Pizarro in view of Pare renders Claims 1, 2, 5, 11, 13, 16, 17, and 24
`obvious
`
`Claims 1, 2, 5, 11, 13, 1617 and 24 are obvious over the combination of Pizarro
`
`and Pare. PO makes three general arguments against this combination. First, PO argues
`
`that Petitioner “admit[ted] that the electronic ID device ofPizarro, a cellular telephone,
`
`does not receive secret information.” POR at 65. But Petitioner merely noted that
`
`Pizarro did not expressly discuss verification using secret information; not that its
`
`device “does not” or is incapable of doing so. Petition at 51-52. And PO does not
`
`dispute that it would be obvious to combine Pare for this limitation based on Pizarro’s
`
`recognition that the use of PINS was conventional and Pizarro’s teaching that a
`
`customer may establish a private (i.e., secret) key as part of securing a transaction
`
`record. Id.
`
`

`

`PUBLIC VERSION
`
`IPR2018—00067
`
`Patent No. 8,577,813
`
`Second, PO’s argument
`
`that Pare teaches away from the use of cellular
`
`telephones (such as Pizarro’s) based on Pare’s criticism of tokens (POR at 65) fails for
`
`the same reasons discussed above. Not once does Pare identify a cell phone as a token,
`
`and Pare expressly teaches that its biometric input apparatus may be fiilly integrated
`
`with a cellular telephone. See supra Sec. II.A.1.
`
`Finally, for the same reasons discussed above in Section II.A.2, it would not be
`
`redundant to employ both local and remote verification in this combination, and a
`
`PHOSITA would have appreciated the benefits of a remote system not merely trusting
`
`local verification, as well as adding an additional layer of security. See Cole Reply Deal.
`
`(EX1032) at 11117-9, 35. Nothing in Pizarro suggests this would be redundant. Id.
`
`III. THE PETITION PROPERLY CERTIFIED UNIFIED AS THE SOLE
`
`REAL PARTY IN INTEREST
`
`USR contends that Unified failed to properly name all real parties in interest
`
`(RPIs). POR, 68. USR largely ignores the proper legal test and relevant factors and
`
`instead misapplies the recent Applications in Internet Time 12. RPX (“AH”) case,
`
`which has critical facts not present here. 897 F.3d 1336, 1351 (Fed. Cir. July 9,
`
`2018). Applying AIT and the relevant factors correctly, Unified is the sole RPI in
`
`

`

`PUBLIC VERSION
`
`IPR2018—00067
`
`Patent No. 8,577,813
`
`this proceeding, as the Board has found each time this issue has been raised.4 Indeed,
`
`in a recent decision applying AIT, the Board found that Unified’s members were not
`
`RPIs. See Realtime Adaptive, IPR2018-00883, Ex. 1019 (Public Version of Paper 29
`
`(Oct. 1 1, 2018)) (“Realtime”) at 10-19.
`
`A.
`
`Unified is the sole RPI under the Trial Practice Guide
`
`The Petition correctly certifies Unified Patents Inc. as the sole RPI under 35
`
`U.S.C. § 312(a)(2). Petition at 67. The Trial Practice Guide (77 Fed. Reg. 48,756
`
`(Aug. 14, 2012) (“TPG”)), citing Taylor v. Sturgell, states that the RPI inquiry is a
`
`“highly fact-dependent question . .. assessed on a case-by-case basis” with no “bright
`
`line test.” TPG, at 48759 (citing Taylor v. Sturgell, 553 US. 880, 893-895 (2008));
`
`see also Sirius XM, IPR2018-00690, Paper 16, at 3 (Sept. 6, 2018). Multiple factors
`
`are relevant, including: Whether a non-party is funding, directing, or controlling the
`
`4 In more than 1 10 IPR petitions, Unified has certified itself as the sole RPI, and every time
`
`that identification has been challenged, the Board has held Unified’s members are not RPIs.
`
`See, e.g., Dragon 1P, IPR2014—01252, Paper 37 (2015); iMTXStrategic, IPR2015-0106l,
`
`Paper 9 (2015); TranSVideo, lPR2015-01519, Paper 8 (2016); Nonend, IPR2016-00174,
`
`Paper 10 (2016); Am. Vehicular, IPR2016-00364, Paper 13 (2016); Digital Stream 1P,
`
`IPR2016—01749, Paper 22
`
`(2018); Uniloc,
`
`IPR2017-02148, Paper
`
`9
`
`(2018)
`
`(nonexhaustive).
`
`

`

`PUBLIC VERSION
`
`IPR2018-00067
`
`Patent No. 8,577,813
`
`IPR; whether the non-party had the ability to exercise control; the non—party’s
`
`relationship with the petitioner and with the petition, including any involvement in
`
`the filing; and the nature of the entity filing the petition. TPG at 48759-60. The
`
`Federal Circuit endorsed the TPG’s RPI factors. A]T, 897 F.3d at 1351; see also id.
`
`at 1344, n.2.
`
`Here, Unified solely directed, controlled, and fiinded this challenge. Jake]
`
`Dec]. (EX1036), 115. Unified had no pre-filing communications with- any
`
`-Unified member regarding this IPR, the ’813 Patent, any litigation involving
`
`it, or USR. 1d.,113;Jake1 Tr. (EX1037), 123:12—13. Neither- any other
`
`member had any involvement in the preparation of or decision to file this petition,
`
`and neither- any other member provided funds designated to be used to
`
`file this petition.
`
`Jake] Dec]., 15. Membership fees paid by members are not
`
`designated to be used to file challenges, much less any particular challenge. Id., W7,
`
`12. Rather, Unified works to deter NPE activit