Paper No. 42
`
`PATENT AND TRADEMARK OFFICE
`
`________________
`
`BEFORE THE PATENT TRIAL AND APPEAL BOARD
`
`________________
`
`UNIFIED PATENTS INC.,
`
`Petitioner,
`
`v.
`
`UNIVERSAL SECURE REGISTRY LLC,
`
`Patent Owner
`
`________________
`
`Case IPR2018-00067
`
`U.S. Patent No. 8,577,813
`
`________________
`
`PATENT OWNER’S SUR-REPLY
`
`
`
`
`
`
`
`PATENT AND TRADEMARK OFFICE
`
`________________
`
`BEFORE THE PATENT TRIAL AND APPEAL BOARD
`
`________________
`
`UNIFIED PATENTS INC.,
`
`Petitioner,
`
`v.
`
`UNIVERSAL SECURE REGISTRY LLC,
`
`Patent Owner
`
`________________
`
`Case IPR2018-00067
`
`U.S. Patent No. 8,577,813
`
`________________
`
`PATENT OWNER’S SUR-REPLY
`
`
`
`
`
`
`
`TABLE OF CONTENTS
`
`Case No. IPR2018-00067
`U.S. Patent No. 8,577,813
`
`Page
`
`PATENT OWNER’S LIST OF EXHIBITS ............................................................ III
`
`I.
`
`THERE IS NO MOTIVATION FOR A PERSON OF ORDINARY
`SKILL IN THE ART TO COMBINE MAES AND PARE ............................. 1
`
`A.
`
`B.
`
`C.
`
`Pare teaches away from token-based transaction systems like
`Maes. ..................................................................................................... 2
`
`Petitioner’s modifications change Maes’ principles of operation
`and render it inoperable for its intended purpose. ................................. 8
`
`Petitioner fails to provide sufficient reasoning as to why a
`person of ordinary skill in the art would be motivated to
`combine Maes and Pare. ..................................................................... 11
`
`II.
`
`THERE IS NO MOTIVATION FOR A PERSON OF ORDINARY
`SKILL IN THE ART TO COMBINE MAES AND LABROU ...................... 14
`
`A.
`
`B.
`
`C.
`
`D.
`
`Petitioner fails to provide sufficient reasons why a person of
`ordinary skill in the art would modify Labrou to generate a PIE
`value based on both a biometric and a PIN. ........................................ 14
`
`There is no motivation to combine Maes with Labrou for the
`same reasons discussed above regarding Pare. .................................. 18
`
`Petitioner fails to show that claims 10 and 19 are invalid. ................. 20
`
`Claims 12 and 21 are not obvious over Maes in view of Labrou. ...... 20
`
`III. THERE IS NO MOTIVATION FOR A PERSON OF ORDINARY
`SKILL IN THE ART TO COMBINE PIZARRO AND PARE ..................... 23
`
`IV. CONCLUSION .............................................................................................. 24
`
`
`
`
`
`i
`
`
`
`Case No. IPR2018-00067
`U.S. Patent No. 8,577,813
`
`TABLE OF AUTHORITIES
`
`Cases
`
`Page
`
`Intelligent Bio-Systems, Inc. v. Illumina Cambridge Ltd.,
`821 F.3d 1359 (Fed. Cir. 2016) .....................................................................12
`
`Kemco Sales, Inc. v. Control Papers Co.,
`208 F.3d 1352 (Fed. Cir. 2000) .....................................................................49
`
`Ex parte Levy,
`17 USPQ2d 1461 (Bd. Pat. App. & Inter. 1990) ...........................................21
`
`Statutory Authorities
`
`37 C.F.R. § 42.6(e) ...................................................................................................27
`
`37 C.F.R. § 42.23(b) ................................................................................................12
`
`37 C.F.R. § 42.24 .....................................................................................................26
`
`37 C.F.R. § 42.24(b) ................................................................................................26
`
`37 C.F.R. § 42.121 ...................................................................................................27
`
`
`
`
`
`ii
`
`
`
`Case No. IPR2018-00067
`U.S. Patent No. 8,577,813
`
`PATENT OWNER’S LIST OF EXHIBITS
`
`Ex. 2001
`
`Unified-USR Stipulated Protective Order
`
`Ex. 2002
`
`Redline Comparison to Default Protective Order
`
`Ex. 2003
`
`U.S Patent App. No. 13/237,184
`
`Ex. 2004
`
`Declaration of Dr. Markus Jakobsson in Support of
`Patent Owner Response
`
`Ex. 2005
`
`Curriculum Vitae of Dr. Markus Jakobsson
`
`Ex. 2006
`
`July 31, 2018 Deposition Transcript of Dr. Eric Cole
`
`Ex. 2007
`
`Petitioner’s Website Dated Jan. 1, 2014
`
`Ex. 2008
`
`Petitioner’s Website Dated Mar. 2, 2016
`
`Ex. 2009
`
`Petitioner’s Website Dated Jun. 11, 2013
`
`Ex. 2010
`
`Brief of Amici Curiae Unified Patents
`
`Ex. 2011
`
`Confidential Document
`
`Ex. 2012
`
`Confidential Document
`
`Ex. 2013
`
`Ex. 2014
`
`Declaration in Support of Unopposed Motion for
`Admission Pro Hac Vice of Harold A. Barza
`
`Declaration in Support of Unopposed Motion for
`Admission Pro Hac Vice of Jordan Kaericher
`
`Ex. 2015
`
`Dec. 14, 2018 Deposition Transcript of Dr. Eric Cole
`
`
`
`
`
`
`
`06943-00002/10598788.4
`
`iii
`
`
`
`Case No. IPR2018-00067
`U.S. Patent No. 8,577,813
`
`
`
`Petitioner’s Reply fails to remedy several deficiencies in its Petition that are
`
`each fatal to one or more of its Grounds. First, a person of ordinary skill in the art
`
`at the time of the invention (POSITA) would not be motivated to combine the token-
`
`based system of Maes or Pizarro with teachings of a tokenless transaction system,
`
`such as Pare. Second, the modifications suggested by Petitioner to Maes based on
`
`features of Pare and Labrou change Maes’ principles of operation and render it
`
`inoperable for its intended purpose. Third, Petitioner fails to provide a clear,
`
`evidence-supported account of why a POSITA would be motivated to combine Maes
`
`with Pare or Maes with Labrou. Fourth, a POSITA would not be motivated to
`
`modify Labrou’s personal identification entry (PIE) value so that it was generated
`
`based on both a biometric and a personal identification number (PIN). Petitioner
`
`also fails to show that dependent claims 10, 12, 19, and 21 are invalid.
`
`I.
`
`THERE IS NO MOTIVATION FOR A PERSON OF ORDINARY
`SKILL IN THE ART TO COMBINE MAES AND PARE
`
`Petitioner fails to establish that a POSITA would be motivated to combine
`
`Maes and Pare to obtain an electronic ID device that, once activated, is configured
`
`to “generate a non-predictable value and to generate encrypted authentication
`
`information from the nonpredictable value, information associated with at least
`
`a portion of the biometric input, and the secret information.” (Limitations
`
`1[d][ii], 16[e], and 24[b].)
`
`
`
`1
`
`
`
`Case No. IPR2018-00067
`U.S. Patent No. 8,577,813
`
`
`
`A.
`
`Pare teaches away from token-based transaction systems like
`Maes.
`
`Pare, entitled “Tokenless Biometric Transaction Authorization Method And
`
`System,”1 criticizes prior art transaction systems that employ “portable man-made
`
`memory tokens” that centralize and store a buyer’s financial account information
`
`and need to be physically carried around by the buyer to conduct financial
`
`transactions. See, e.g., Pare, 3:15-36 (“The net result of ‘smartening’ the token is
`
`centralization of function…Given the number of functions that the smartcard will be
`
`performing, the loss or damage of this monster card will be excruciatingly
`
`inconvenient for the cardholder…[such a system] will result in heavier and
`
`heavier penalties on the consumer for destruction or loss of the card.”), 7:22-35.
`
`Indeed, the whole point of Pare’s invention is to eliminate the need for a buyer to
`
`carry any token at all. Pare, 6:55-7:3 (“[The present invention] eliminates the need
`
`to carry and present any tokens in order to access one’s accounts.”); see also id.,
`
`7:56-60, 9:14-17. To accomplish this tokenless system, Pare moves the hardware
`
`and software used to authenticate the buyer—found previously at the buyer’s
`
`token—over to a secure “biometric input apparatus (BIA)” associated with the
`
`merchant’s point of sale terminal. See Pare, 9:40-10:7, 10:41-11:30 (“All actions of
`
`
`1 Unless otherwise indicated, all emphasis has been added by Patent Owner.
`
`
`
`2
`
`
`
`Case No. IPR2018-00067
`U.S. Patent No. 8,577,813
`
`
`
`the BIA are directed by an outside controlling entity called a terminal…BIA models
`
`are either partially or fully integrated with the terminal.”), FIG. 3 (illustrating the
`
`Biometric Input Device 12 in direct communication with merchant’s terminal 2).
`
`Since buyer identification and authentication is performed at Pare’s merchant’s
`
`point-of-sale terminal having a biometric input apparatus (e.g., BIA), the buyer is
`
`free to conduct financial transactions without having to carry a token. See Pare,
`
`6:55-7:3, 7:46-56. Thus, a common feature to the “tokens” Pare aims to eliminate
`
`are that they are carried around by the user and store sensitive information.
`
`In contrast to Pare’s tokenless scheme, Maes’ token-based system relies on a
`
`portable digital assistant (PDA) that stores the buyer’s financial account information
`
`and biometric data. See, e.g., Maes, 4:65-5:35, 11:27-40, 11:58-12:1, FIG. 1. This
`
`PDA—which centralizes and stores highly sensitive buyer information and must be
`
`carried around by the user and presented to merchants to conduct transactions—is at
`
`risk of loss, theft, and destruction, and is exactly the kind of token Pare desires to
`
`eliminate. See Pare, 7:23-56. For this reason, a POSITA would not turn to Pare to
`
`modify the token-based transaction system of Maes.
`
`Petitioner contends that the above argument “fails because it relies on the
`
`misconception that Pare characterizes all ‘portable man made memory devices’ as
`
`‘tokens.’” Petitioner’s Reply, 2-3. According to Petitioner, the “tokens” Pare wishes
`
`
`
`3
`
`
`
`Case No. IPR2018-00067
`U.S. Patent No. 8,577,813
`
`
`
`to eliminate are strictly limited to credit/debit cards, “smart cards,” and magnetic
`
`strip swipe cards, and not other types of devices like PDAs. See id., 3. Petitioner
`
`comes to this misplaced conclusion because Pare’s BIA is allegedly itself a type of
`
`“portable man-made memory device” since it can be implemented at a telephone
`
`point of sale terminal. See id., 3-4 (citing Pare, 4:21-24, 9:65-10:7, 11:22-28, 30:48-
`
`50). To be clear, Pare’s BIA is not a token since it is not carried around by a user
`
`and presented to merchants to facilitate transactions and is instead integrated with
`
`the merchant’s point-of-sale terminal. See Pare, 10:46-49, 11:22-28. Moreover,
`
`Petitioner’s unduly narrow characterization of Pare’s token as being limited to credit
`
`cards and smart cards is without merit and fails for a number of reasons.
`
`First, Patent Owner never characterizes Pare’s token as including all portable
`
`man-made memory devices. See Patent Owner’s Response, 20-22. Instead, the
`
`tokens Pare desires to eliminate are physical objects that store a user’s sensitive
`
`financial and/or personal information and must be carried around by the user and
`
`presented to a merchant at the time of purchase, thereby safeguarding against loss,
`
`theft, or destruction of such physical objects that would be “excruciatingly
`
`inconvenient.” See Pare, 1:12-3:60, 5:5-8, 6:55-7:3, 7:46-60 (“[O]bject of the
`
`invention [is to] eliminate[] the need for a user to possess and present a physical
`
`object, such as a token, in order to authorize a transaction.”). These physical
`
`
`
`4
`
`
`
`Case No. IPR2018-00067
`U.S. Patent No. 8,577,813
`
`
`
`objects may be in the form of smart cards, credit cards, and also other electronic
`
`devices carried around by a user that centralize and store a buyer’s sensitive
`
`information, such as Maes’ PDA device. Limiting the tokens Pare desires to
`
`eliminate to just credit cards and smart cards is baseless and ignores many explicit
`
`teachings found in Pare that explain the perils of carrying a wide variety of objects
`
`that store a buyer’s sensitive financial and biometric information.
`
`Second, Pare explicitly calls out the “biometric security apparatus” of
`
`Gullman as being one example of a token found in the prior art “that disclose[s]
`
`commercial transaction systems [that] teach away from biometric recognition
`
`without the use of tokens.” Pare, 2:38-43, 2:64-66. Referring to FIG. 2 of Gullman
`
`below, Gullman’s token 14 (e.g., biometric security apparatus) is far from a simple
`
`magnetic swipe or smart card, and is instead a sophisticated electronic device having
`
`its own power source 15, display 20, biometric sensor 18, processor 22, memory 24,
`
`display drivers 30, and ON/OFF switch 16—features that undeniably are consistent
`
`with a PDA or mobile phone.2
`
`
`2 While denying that Gullman’s biometric security token 12 could be a telephone
`
`(Ex. 2015 (Cole Tr.), 52:6-52:24), Petitioner’s expert testified at his deposition that
`
`
`
`5
`
`
`
`
`
`Case No. IPR2018-00067
`U.S. Patent No. 8,577,813
`
`
`
`Third, every section Petitioner references in Pare as allegedly teaching that
`
`Pare’s BIA is a “portable man-made memory device” fails to disclose a BIA that is
`
`carried around by a user and presented to a merchant to conduct a transaction—a
`
`feature that is common to all tokens Pare wishes to eliminate. See Petitioner’s
`
`Reply, 3-4 (citing Pare, 4:21-24, 9:65-10:7, 11:22-28, 30:48-50). For example, Pare
`
`at 9:65-10:7 does not describe the BIA as being carried around by the user and
`
`instead merely discusses how the BIA communicates with the point-of-sale terminal
`
`through a serial port, which in turn communicates with the Data Processing Center
`
`(DPC) server via a variety of network types, including cable TV, telephone, and
`
`
`a token could take the form of many different credit-card sized electronic devices
`
`that include a display, power source, ON/OFF switch, processor, memory, and
`
`biometric sensors. See id., 51:7-8.
`
`
`
`6
`
`
`
`Case No. IPR2018-00067
`U.S. Patent No. 8,577,813
`
`
`
`cellular. As another example, Pare at 30:30-31:43 describes a “phone point of sale
`
`terminal (PPT)” having a BIA that again is not carried around by the user and is
`
`instead associated with the merchant. Petitioner’s expert also testified on this point.
`
`See Ex. 2015 (Cole Tr.), 59:18-22 (“Q…Would each one of those sellers have their
`
`own PPT?... A… Yes. In the embodiment of Pare, it looks like each seller would
`
`have [a] PPT.”). Similarly, the other portions of Pare cited to by Petitioner (Pare,
`
`4:21-24, 6:4-8, 11:22-28, 14:19-32, 41:34-55) also fail to describe an electronic
`
`device having a BIA that stores user financial information and is carried around by
`
`the user to present to merchants when desiring to conduct financial transactions. See
`
`Pare, 4:21-24 (describing that financial accounts are associated with account index
`
`codes assigned by the buyer during registration), 6:4-8 (system displays account
`
`name during authorization), 11:22-28 (describing that BIA is fully or partially
`
`integrated with the point-of-sale terminal, which may be a telephone), 14:19-32
`
`(BIA is integrated with telephone based point-of-sale terminal), 41:34-55 (accessing
`
`list of accounts).
`
`Moreover, as stated in Patent Owner’s Response (POR, 22), Pare also teaches
`
`that its commercial transaction message (alleged by Petitioner as being the claimed
`
`“encrypted authentication information”) should be implemented on hardware and
`
`software (e.g., BIA) that is “strictly limited” in its functionality, and that is
`
`
`
`7
`
`
`
`Case No. IPR2018-00067
`U.S. Patent No. 8,577,813
`
`
`
`“integrated” with the sales terminal. See Pare, 11:1-28. By contrast, the PDA taught
`
`in Maes is a general-purpose device that is not integrated with a sales terminal and
`
`includes substantial functionality not related to financial transactions (e.g.,
`
`calendaring and email). A POSITA would understand that limiting such a PDA’s
`
`interfaces to only financial functions would be neither practical nor desirable.
`
`Petitioner fails to address this obvious conflict between Maes and Pare. See
`
`Petitioner’s Reply, 2-11.
`
`B.
`
`Petitioner’s modifications change Maes’ principles of operation
`and render it inoperable for its intended purpose.
`
`The Petition specifically and exclusively identified the “authorization
`
`number” described in Maes at 12:30-13:5 as being the authentication information
`
`that could allegedly be replaced with the “commercial transaction message” of Pare.
`
`See Petition (Paper 12), 18-20 (citing to Maes, 12:40-13:5 and Pare, Abstract, 4:34-
`
`42, 17:27-46, 18:51-61, 19:43-20:15, FIG. 7). Similarly, the Petition argued that
`
`“[i]t would have been obvious to a PHOSITA to substitute the encrypted
`
`authentication information taught in Pare…for the authorization number of
`
`Maes.” Petition, 21; Decision (Paper 14), 11-12.
`
`However, as discussed in Patent Owner’s Response (POR, 26-28), by
`
`replacing the authorization number described at 12:30-13:5 of Maes with the
`
`commercial transaction message of Pare, Petitioner eliminates a key feature of this
`
`
`
`8
`
`
`
`Case No. IPR2018-00067
`U.S. Patent No. 8,577,813
`
`
`
`embodiment described by Maes: the ability to “provide[] biometric security for
`
`transactions that do not involve electronic data transfer.” Maes, 12:30-34. In
`
`response, Petitioner argues that “Maes specifically teaches that transaction and
`
`authentication information can be transmitted wirelessly.” Petitioner’s Reply, 7
`
`(citing to Petition, 23-24, Maes, 3:34-36, 12:5-29, 13:34-38). However, a close
`
`review of the Petition at 23-24 reveals that Petitioner admits that the “authorization
`
`number” described in Maes at 12:30-13:5 is not transmitted wirelessly and is instead
`
`verbally communicated by the buyer to the merchant over the phone. See Petition,
`
`23-24.
`
`Instead, Petitioner argues that wireless transmission of the authorization
`
`number described in Maes at 12:30-13:5 from the PDA to the POS would be
`
`allegedly obvious to a POSITA because Maes later describes in another, unrelated
`
`embodiment an “encrypted information file” that is wirelessly transmitted. See
`
`Petition, 23-24. Patent Owner respectfully disagrees. The embodiment described in
`
`Maes at 13:34-38 is wholly unrelated to the “authorization number” described in
`
`Maes at 12:30-13:5, and a POSITA would not be motivated to transmit the latter
`
`authorization number wirelessly from the PDA to a POS because the whole point of
`
`the authorization number described in Maes at 12:30-13:5 is to facilitate financial
`
`transactions “that do not involve electronic data transfer such as…transactions that
`
`
`
`9
`
`
`
`Case No. IPR2018-00067
`U.S. Patent No. 8,577,813
`
`
`
`are performed remotely over the telephone.” See Maes, 12:30-34.
`
`Petitioner also contends that Maes discloses wireless transmission of the
`
`authorization number described in Maes at 12:30-13:5 because at 14:58-67 Maes
`
`describes the use of another authorization number when transferring money between
`
`two different PDA devices. See Petitioner’s Reply, 7 (citing Maes 14:58-67).
`
`However, the authorization number described at 14:58-67 has nothing to do with the
`
`authorization number cited to in the Petition (see Petition 18-22) and described at
`
`12:30-13:5 of Maes. Compare Maes, 12:30-13:5 with 14:58-67. Similarly, a
`
`POSITA would not be motivated to transmit the authorization number described in
`
`Maes at 12:30-13:5 wirelessly because the purpose of the authorization number there
`
`is to facilitate financial transactions “that do not involve electronic data transfer.”
`
`Maes, 12:30-34.
`
`Moreover, as explained in Patent Owner’s Response (POR 28-29), modifying
`
`Maes’ system with Pare would require substantial changes to every element in
`
`Maes, including the central server, POS terminals, and PDA, which would frustrate
`
`a fundamental purpose of Maes to be backwards compatible with existing
`
`transaction systems. In response, Petitioner argues that “[w]hile Maes does teach
`
`backwards compatibility with current infrastructure…, it also teaches the PDA may
`
`be used without a card,” and that “Maes also contemplates other upgrades, such as
`
`
`
`10
`
`
`
`Case No. IPR2018-00067
`U.S. Patent No. 8,577,813
`
`
`
`‘advanced’ POS terminals that write receipts to cards.” First, whether Maes’ system
`
`is implemented with our without its Universal Card 26, modifying Maes’ systems
`
`with Pare’s commercial transaction message and implementing Pare’s related
`
`protocol would still require every element of Maes to be modified to accommodate
`
`Pare’s commercial transaction message and protocol, which would significantly
`
`frustrate Maes’ stated goal of backwards compatibility. Second, a minor upgrade to
`
`POS terminals of Maes to write receipts back to the user’s Universal Card 26 is a
`
`simple software change that does not involve the same logistical nightmare of
`
`overhauling the entire transaction chain (PDA, POS, and central server) to
`
`accommodate a new commercial transaction message at the heart of every
`
`transaction authorization request. Consequently, any minor improvements to POS
`
`terminals as suggested by Maes does not serve to provide a blanket license to
`
`overhaul Maes’ entire system, casting aside Maes’ stated goal of maintaining
`
`backwards compatibility with existing systems.
`
`C.
`
`Petitioner fails to provide sufficient reasoning as to why a person
`of ordinary skill in the art would be motivated to combine Maes
`and Pare.
`
`As described in Patent Owner’s Response (POR, 30-32), Petitioner’s bare
`
`allegations that the systems teach the use of encryption, biometric and PIN, fail to
`
`show why a POSITA would arrange the distinct teachings in these references such
`
`
`
`11
`
`
`
`Case No. IPR2018-00067
`U.S. Patent No. 8,577,813
`
`
`
`that the biometric and PIN information are used to form the claimed encrypted
`
`authentication information. Petitioner disputes this, arguing that Maes teaches
`
`transmitting encrypted data. Petitioner’s Reply, 10 (citing Maes, 13:34-38, 13:51-
`
`60.
`
`However, to the extent Petitioner is arguing that the encrypted data
`
`transmitted in Maes at 13:34-38, 13:51-60 (e.g., “encrypted information file”) could
`
`be replaced or otherwise modified by Pare, such an argument is new and does not
`
`appear in the original Petition, and should therefore be disregarded.3 37 C.F.R.
`
`§ 42.23(b) (“A reply may only respond to arguments raised in the corresponding
`
`opposition, patent owner preliminary response, or patent owner response.”); See
`
`Intelligent Bio-Systems, Inc. v. Illumina Cambridge Ltd., 821 F.3d 1359, 1369 (Fed.
`
`
`3 Petitioner’s citation to Maes at 13:24-38, 13:51-60 on page 22 of its Petition was
`
`merely to provide an “example” of why it would have been allegedly obvious to a
`
`PHOSITA to substitute the encrypted authentication information taught in Pare for
`
`the authorization number of Maes described at 12:30-13:5. See Petition, 22; see
`
`also id., 23-24. Notably, the Petition did not advance the argument that the
`
`encrypted file information described at 13:24-38 would be replaced by consumer
`
`transaction message of Pare.
`
`
`
`12
`
`
`
`Case No. IPR2018-00067
`U.S. Patent No. 8,577,813
`
`
`
`Cir. 2016) (“Once the Board identifies new issues presented for the first time in
`
`reply, neither this court nor the Board must parse the reply brief to determine which,
`
`if any, parts of that brief are responsive and which are improper.”).
`
`Moreover, Petitioner contends that “PO’s argument that Maes never suggests
`
`encrypting’ the authorization number itself is misplaced” since the “authorization
`
`number of Maes is ‘a function of the unexpired digital certificate’ obtained from the
`
`central server” and because “the authorization number…already represents obscured
`
`data.” Petitioner’s Reply, 10. A close review of Maes at 12:30-13:5 reveals that
`
`once the user of the PDA device has been locally authenticated, the PDA device
`
`displays the authorization number and the user verbally communicates the
`
`authorization number displayed to the merchant. Maes does not disclose that the
`
`authorization number is “encrypted” because doing so would make little sense in the
`
`context of an embodiment directed at facilitating transactions “that do not involve
`
`electronic data transfer” and instead rely on verbal communication. Also, just
`
`because the authorization number is a “function of the unexpired digital certificate”
`
`does not mean that the authorization number is encrypted or represents “obscured
`
`data.” Instead, Maes only states that the authorization number is displayed after the
`
`digital certificate is verified at the PDA device, and the merchant contacts the server
`
`to verify the authorization number it received. See Maes, 12:43-49, 12:55-13:5.
`
`
`
`13
`
`
`
`Case No. IPR2018-00067
`U.S. Patent No. 8,577,813
`
`
`
`II. THERE IS NO MOTIVATION FOR A PERSON OF ORDINARY
`SKILL IN THE ART TO COMBINE MAES AND LABROU
`
`Petitioner fails to establish that a POSITA would be motivated to combine
`
`Maes and Labrou to obtain the claim features found in limitations 1[d][ii], 16[e], and
`
`24[b].
`
`A.
`
`Petitioner fails to provide sufficient reasons why a person of
`ordinary skill in the art would modify Labrou to generate a PIE
`value based on both a biometric and a PIN.
`
`As discussed in Patent Owner’s Response (POR, 39-40), Petitioner concedes
`
`that Labrou does not disclose that its PIE value is generated based on both secret
`
`information (e.g., PIN) and biometric information. See Petition, 20-21. As such,
`
`Petitioner advances a two-level obviousness theory where a POSITA would first be
`
`motivated to modify Labrou so that its PIE is generated based on both biometric
`
`information and a PIN value, and then the POSITA would be motivated to substitute
`
`the resulting encrypted authentication information of Labrou for the authorization
`
`number of Maes. See id. However, Petitioner fails to identify any actual reasons
`
`why a POSITA would be motivated to generate its PIE value based on both biometric
`
`information and a PIN value, nor has Petitioner identified any deficiency in Labrou’s
`
`existing PIE that would motivate a POSITA to modify it to use both a PIN and
`
`biometric. See Petition, 20-21.
`
`In response, Petitioner contends that a POSITA would be motivated to modify
`
`
`
`14
`
`
`
`Case No. IPR2018-00067
`U.S. Patent No. 8,577,813
`
`
`
`Labrou to use both a biometric and the PIN to generate the PIE described in
`
`paragraphs [0524], [0536], [0537] because in other sections Labrou discusses that a
`
`biometric and a PIN are used to authenticate the user of the client device. See
`
`Petitioner’s Reply, 12 (citing Labrou, [0158], [0416]-[0418], [0421], [0456]).
`
`However, the PIE value shown in FIG. 58 and described in paragraphs [0524] and
`
`[0536]-[0537] that Petitioner proposes to modify is not used for local authentication,
`
`but is instead used to generate an encryption key for encrypting a message that is
`
`sent to a server for remote transaction authorization. See Labrou, [0536]-[0579].
`
`Therefore, even if Labrou describes that a user of the client device 102 may be
`
`locally authenticated by the client device 102 using both a PIN and biometric (see,
`
`e.g., [0158], [0421]), that does not mean that a POSITA would automatically be
`
`motivated to modify Labrou’s PIE, which is used for remote transaction verification,
`
`to also use a biometric and a PIN. Indeed, if Labrou believed that a PIE value used
`
`for remote transaction verification could or should be generated using both a
`
`biometric and a PIN it would have expressly used the same “and/or” language it had
`
`previously done for local authentication.
`
`Petitioner also contends that Patent Owner “mischaracterizes the state of the
`
`art” when Patent Owner argued that “Labrou’s encryption would fail if biometric
`
`input was used in generating the PIE because the same PIE could not be reproducibly
`
`
`
`15
`
`
`
`Case No. IPR2018-00067
`U.S. Patent No. 8,577,813
`
`
`
`generated from different, varied measurements of the same biometric input.”
`
`Petitioner’s Reply, 13. Petitioner then argues that “[b]ecause it was known how to
`
`generate a repeatable cryptographic string from varying biometric inputs, PO’s
`
`argument that it would not have been possible to reproducibly generate the PIE from
`
`biometric input is incorrect.” Id., 14. In support of this conclusion, Petitioner cites
`
`to deposition testimony of Patent Owner’s expert, Dr. Jakobsson, as purportedly
`
`“confirm[ing] that generating a repeatable string from a biometric was possible and
`
`known before 2006.” Id., 13 (emphasis in original).4
`
`
`4 Petitioner mischaracterizes Patent Owner’s expert’s testimony. Dr. Jakobsson did
`
`not admit that a repeatable cryptographic key could be generated when a varying
`
`biometric value is used as an input to just any key generation function, such as
`
`Labrou’s key generation function K = Hash(XOR(PIE, RSN)). See Labrou, [0537]-
`
`[0538]. Instead, Dr. Jakobsson was speaking specifically about key generation using
`
`varied biometric input values in the narrow, complex implementation described in
`
`U.S. Patent no. 6,901,145 (Ex. 1030), which requires obtaining and storing multiple
`
`biometric input sample parameters ( 1, 2, 3,…, m) in advance to generate a set of
`
`expected indices (ψ1, ψ2, ψ3,…,ψm) in a “training session” that are then mapped to a
`
`
`
`16
`
`
`
`Case No. IPR2018-00067
`U.S. Patent No. 8,577,813
`
`
`
`Petitioner improperly shifts the pertinent question at hand—whether a
`
`POSITA reading Labrou (e.g., paragraph [0524]) would understand how (and be
`
`motivated) to modify Labrou so that its PIE value is generated using both a biometric
`
`and a PIN—to the immaterial question of whether it was “possible to generate a
`
`repeatable string from a biometric.” Id., 13. But the question is not whether it was
`
`somehow possible to generate a repeatable string from a biometric. The question is
`
`whether Labrou itself teaches a POSITA how to generate a PIE using a biometric
`
`and a PIN. And the answer to that question remains unchanged: no. A close review
`
`of Labrou’s extremely limited discussion of a biometric-based PIE reveals that
`
`Labrou appears to advocate that the biometric sensor’s raw output data directly
`
`
`table of “cryptographic shares,” which are then in turn used in a complicated
`
`“polynomial secret sharing scheme” to try and generate the right key. See Ex. 1030,
`
`4:14-9:25. As such, to imply that the state of the art at the time of the invention was
`
`that key generation using varying biometric inputs to a general key generation
`
`function, such as the one described in paragraphs [0537]-[0538] of Labrou, grossly
`
`distorts the true state of the art: a POSITA would not know how to generate the same
`
`encryption key K in Labrou using the function described in Labrou ([0537]-[0538])
`
`if the PIE value varied each time because it was based on a varying biometric value.
`
`
`
`17
`
`
`
`Case No. IPR2018-00067
`U.S. Patent No. 8,577,813
`
`
`
`generates the PIE value. See Labrou, [0524] (“Whenever the user attempts a
`
`transaction, the user applies her finger to the fingerprint sensor, thus generating the
`
`PIE.”). Since the PIE value is then used to generate the encryption key K, the
`
`agreement verification server also needs to know the PIE value used in order to
`
`generate the same key K to allow for proper decryption of the message encrypted by
`
`key K. See Labrou, [0537]-[0541], [0552]-[0557]. However, as explained by Dr.
`
`Jakobsson, generating the PIE using the biometric sensor’s ever-changing output
`
`data means that the encryption key K would also change. Ex. 2004, ¶¶ 87-89. But
`
`since the verification server would not know the changing biometric sensor output
`
`value in advance, it would not be able to generate the correct encryption key K. See
`
`id. Labrou’s limited teaching does not address how to solve this problem, and a
`
`POSITA would not know how or what specific changes to make to Labrou to fix
`
`this issue. See id.
`
`Petitioner’s Reply also fails to address the argument set forth in Patent
`
`Owner’s Response discussing a POSITA’s lack of motivation to combine given that
`
`a PIN must be stored in memory but Labrou teaches that a PIE “is not kept in
`
`permanent storage on the user device.” See POR, 43-44; Ex. 2004, ¶ 91.
`
`B.
`
`There is no motivation to combine Maes with Labrou for the same
`reasons discussed above regarding Pare.
`
`As discussed in Patent Owner’s Response, replacing the authorization number
`
`
`
`18
`
`
`
`Case No. IPR2018-00067
`U.S. Patent No. 8,577,813
`
`
`
`described at 12:30-13:5 of Maes with Labrou’s encrypted authentication information
`
`would be contrary to Maes’ stated objective for that embodiment: to provide
`
`biometric security for non-electronic transactions. See POR, 46-47. Moreover,
`
`Maes’ system desires to “provide a PDA device with digital certificate security
`
`which is compatible with the current infrastructure.” Maes, 2:43-49. But, the system
`
`of Labrou requires changing existing infrastructure and software in a “non-
`
`negligible” w
Accessing this document will incur an additional charge of $.
After purchase, you can access this document again without charge.
Accept $ Charge
Still Working On It
This document is taking longer than usual to download. This can happen if we need to contact the court directly to obtain the document and their servers are running slowly.
Give it another minute or two to complete, and then try the refresh button.
A few More Minutes ... Still Working
It can take up to 5 minutes for us to download a document if the court servers are running slowly.
Thank you for your continued patience.
This document could not be displayed.
We could not find this document within its docket. Please go back to the docket page and check the link. If that does not work, go back to the docket and refresh it to pull the newest information.
Your account does not support viewing this document.
You need a Paid Account to view this document. Click here to change your account type.
Your account does not support viewing this document.
Set your membership
status to view this document.
With a Docket Alarm membership, you'll
get a whole lot more, including:
- Up-to-date information for this case.
- Email alerts whenever there is an update.
- Full text search for other cases.
- Get email alerts whenever a new case matches your search.
One Moment Please
The filing “” is large (MB) and is being downloaded.
Please refresh this page in a few minutes to see if the filing has been downloaded. The filing will also be emailed to you when the download completes.
Your document is on its way!
If you do not receive the document in five minutes, contact support at support@docketalarm.com.
Sealed Document
We are unable to display this document, it may be under a court ordered seal.
If you have proper credentials to access the file, you may proceed directly to the court's system using your government issued username and password.
Access Government Site
