`
`UNITED STATES PATENT AND TRADEMARK OFFICE
`
`________________
`
`BEFORE THE PATENT TRIAL AND APPEAL BOARD
`
`________________
`
`UNIFIED PATENTS INC.,
`
`Petitioner,
`
`v.
`
`UNIVERSAL SECURE REGISTRY LLC,
`
`Patent Owner
`
`________________
`
`Case IPR2018-00067
`
`U.S. Patent No. 8,577,813
`
`________________
`
`PATENT OWNER’S REPLY IN SUPPORT OF ITS MOTION TO AMEND
`PURSUANT TO 37 C.F.R. § 42.121
`
`
`
`
`
`TABLE OF CONTENTS
`
`Case No. IPR2018-00067
`U.S. Patent No. 8,577,813
`
`Page
`
`I.
`
`PATENT OWNER’S PROPOSED AMENDED CLAIMS ARE NOT
`OBVIOUS OVER MAES IN VIEW OF LABROU ....................................... 1
`
`A.
`
`B.
`
`Claims 27-31, 37-41, 50-52: “generate a seed using at least two
`of an electronic serial number, a discrete code associated with
`the electronic ID device, a PIN, a time value, and the biometric
`input to generate the encrypted authentication information, the
`seed being employed by the processor to generate the non-
`predictable value.” ................................................................................. 1
`
`1.
`
`2.
`
`Labrou fails to disclose or teach the claim amendments. ........... 2
`
`A person of ordinary skill in the art would not combine
`Maes with Labrou to achieve the claimed limitation. ................. 5
`
`Claims 42-44, 46-49: “wherein data stored in the electronic ID
`device is subject to a mathematical operation employing the
`secret information that acts to modify the data…the electronic
`ID device uses the secret information to reverse the
`mathematical operation and render the data legible.” (42[g]) .............. 9
`
`1.
`
`2.
`
`Petitioner fails to show that a person of ordinary skill in
`the art would be motivated to modify Maes in view of a
`PHOSITA’s knowledge and ordinary skill. ................................ 9
`
`Petitioner fails to show that a person of ordinary skill in
`the art would be motivated to modify Maes in view of
`Labrou. ...................................................................................... 11
`
`II.
`
`PATENT OWNER’S PROPOSED AMENDED CLAIMS ARE NOT
`OBVIOUS OVER MAES IN VIEW OF LABROU FURTHER IN
`VIEW OF GULLMAN .................................................................................. 12
`
`A. Gullman Fails to Disclose Claim Limitations 27[e] and 50[d] ........... 13
`
`B.
`
`A Person Of Ordinary Skill in the Art Would Not Be Motivated
`to Combine Maes/Labrou With Gullman Because It Would
`Render the Combination Inoperable ................................................... 15
`
`III.
`
`PATENT OWNER’S PROPOSED AMENDED CLAIMS ARE NOT
`OBVIOUS OVER MAES IN VIEW OF LABROU FURTHER IN
`VIEW OF JAKOBSSON ............................................................................... 17
`
`
`
`i
`
`
`
`Case No. IPR2018-00067
`U.S. Patent No. 8,577,813
`
`IV. PATENT OWNER’S PROPOSED AMENDED CLAIMS ARE NOT
`OBVIOUS OVER MAES IN VIEW OF LABROU FURTHER IN
`VIEW OF WEISS .......................................................................................... 21
`
`V.
`
`PATENT OWNER’S PROPOSED AMENDED CLAIM 45 IS NOT
`OBVIOUS OVER MAES IN VIEW OF LABROU FURTHER IN
`VIEW OF WEISS AND FURTHER IN VIEW OF GULLMAN OR
`JAKOBSSON ................................................................................................ 24
`
`VI. THE PROPOSED AMENDED CLAIMS ARE DIRECTED AT
`PATENT ELIGIBLE SUBJECT MATTER UNDER 35 U.S.C. § 101. ....... 25
`
`VII. CONCLUSION .............................................................................................. 25
`
`
`
`
`
`ii
`
`
`
`Case No. IPR2018-00067
`U.S. Patent No. 8,577,813
`
`TABLE OF AUTHORITIES
`
`Cases
`
`Page
`
`Aqua Prods., Inc. v. Matal,
`872 F.3d 1290 (Fed. Cir. 2017) ................................................................... passim
`KSR Int’l. Co. v. Teleflex, Inc.,
`550 U.S. 398 (2007) ...................................................................................... 10, 23
`In re NTP, Inc.,
`654 F.3d 1279 (Fed. Cir. 2011) ...........................................................................23
`Personal Web Techs., LLC v. Apple, Inc.,
`848 F.3d 987 (Fed. Cir. 2017)................................................................................ 5
`
`Statutory Authorities
`35 U.S.C. § 101 ........................................................................................................25
`35 U.S.C. § 103(a) ................................................................................... 1, 14, 17, 21
`
`Rules and Regulations
`37 C.F.R. § 42.6(e) ...................................................................................................27
`37 C.F.R. § 42.121 ...................................................................................................27
`
`
`
`
`
`
`iii
`
`
`
`Case No. IPR2018-00067
`U.S. Patent No. 8,577,813
`
`
`
`
`
`PATENT OWNER’S LIST OF EXHIBITS
`
`Ex. 2001
`
`Unified-USR Stipulated Protective Order
`
`Ex. 2002
`
`Redline Comparison to Default Protective Order
`
`Ex. 2003
`
`U.S Patent App. No. 13/237,184
`
`Ex. 2004
`
`Declaration of Dr. Markus Jakobsson in Support of
`Patent Owner Response
`
`Ex. 2005
`
`Curriculum Vitae of Dr. Markus Jakobsson
`
`Ex. 2006
`
`July 31, 2018 Deposition Transcript of Dr. Eric Cole
`
`Ex. 2007
`
`Petitioner’s Website Dated Jan. 1, 2014
`
`Ex. 2008
`
`Petitioner’s Website Dated Mar. 2, 2016
`
`Ex. 2009
`
`Petitioner’s Website Dated Jun. 11, 2013
`
`Ex. 2010
`
`Brief of Amici Curiae Unified Patents
`
`Ex. 2011
`
`Confidential Document
`
`Ex. 2012
`
`Confidential Document
`
`Ex. 2013
`
`Ex. 2014
`
`Declaration in Support of Unopposed Motion for
`Admission Pro Hac Vice of Harold A. Barza
`
`Declaration in Support of Unopposed Motion for
`Admission Pro Hac Vice of Jordan Kaericher
`
`Ex. 2015
`
`Dec. 14, 2018 Deposition Transcript of Dr. Eric Cole
`
`06943-00002/10558695.3
`
`iv
`
`
`
`Case No. IPR2018-00067
`U.S. Patent No. 8,577,813
`
`
`
`UNIVERSAL SECURE REGISTRY LLC (“Patent Owner”) submits this
`
`Reply in support of its Contingent Motion to Amend, Paper 26 (“Mot.”).
`
`I.
`
`PATENT OWNER’S PROPOSED AMENDED CLAIMS ARE NOT
`OBVIOUS OVER MAES IN VIEW OF LABROU
`
`Petitioner has failed to meet its burden of proving Patent Owner’s amended
`
`claims are unpatentable over Maes in view of Labrou. Aqua Prods., Inc. v. Matal,
`
`872 F.3d 1290 (Fed. Cir. 2017) (en banc).
`
`A. Claims 27-31, 37-41, 50-52: “generate a seed using at least two of
`an electronic serial number, a discrete code associated with the
`electronic ID device, a PIN, a time value, and the biometric input
`to generate the encrypted authentication information, the seed
`being employed by the processor to generate the non-predictable
`value.”
`
`Petitioner contends that proposed independent claims 27 and 50 are invalid
`
`under 35 U.S.C. § 103(a) as being obvious over Maes in view of Labrou. Op. (Paper
`
`34) at 2-5. Specifically, Petitioner argues that Labrou’s updated seed value S' is the
`
`claimed seed employed by the user device to generate the Random Sequence
`
`Number (RSN). Op. at 3. Petitioner further alleges that: Labrou’s original seed value
`
`S found on the user device is the claimed “discrete code associated with the
`
`electronic ID device;” the values T0 or T0' correspond to the claimed “time value;”
`
`and the original seed value S is “determined from the UPTD’s device ID,” which
`
`“would be understood to be a form of an ‘electronic serial number.’” Op. at 3-4
`
`
`
`1
`
`
`
`Case No. IPR2018-00067
`U.S. Patent No. 8,577,813
`
`
`
`(citing Ex. 1005, Labrou at [0527]1, [0535]-[0536]). Thus, Petitioner concludes
`
`“Labrou… teaches ‘generat[ing] a seed’ (Labrou’s new seed S') ‘using at least two
`
`of an electronic serial number’ (Labrou’s Device ID), ‘a discrete code associated
`
`with the electronic ID device’ (Labrou’s original seed S which is determined from
`
`the Device ID), and ‘. . . a time value’ (Labrou’s T0 or T0').” Op. at 4. Labrou fails
`
`to teach the aforementioned claim limitation and Petitioner fails to show that a
`
`POSITA would be motivated to combine Maes and Labrou.
`
`1.
`
`Labrou fails to disclose or teach the claim amendments.
`
`First, Petitioner’s contention that “the Device ID [is] used to determine the
`
`seed S” (Op. at 3-4) is incorrect. A close review of Labrou reveals that the original
`
`seed S and pseudorandom number generator function R are stored at both the user
`
`device and the verification party so that each entity can generate its own
`
`corresponding Random Sequence Number (RSN) to be used as part of the
`
`encryption/decryption process. Ex. 1005, Labrou at [0527]. When the verification
`
`party wants to generate the RSN (e.g., during verification) it uses the device ID of
`
`the user to locate the function R and original seed S stored in its User and Device
`
`
`1 Petitioner incorrectly cites to paragraph [0226] of Labrou but the text quoted by
`
`Petitioner (“Each AP device has its own R and S…”) is found at paragraph [0527].
`
`
`
`2
`
`
`
`Case No. IPR2018-00067
`U.S. Patent No. 8,577,813
`
`
`
`Database so that it can obtain the correct seed S and function R that was used by the
`
`user device in generating the encrypted authentication information (EAI). See id.
`
`Notably, Labrou does not disclose that the user device derives the original seed S
`
`from the device ID.2 Thus, Petitioner’s conclusion that “Labrou, therefore, teaches
`
`‘generat[ing] a seed’ (Labrou’s new seed S') ‘using…an electronic serial number’
`
`(Labrou’s Device ID)” is inapposite.
`
`Second, Petitioner’s contention that Labrou’s original seed S corresponds to
`
`the claimed “discrete code” conflicts with the proper construction of that term.
`
`Consistent with the ’813 patent’s specification, the claimed phrase “discrete code
`
`associated with the electronic ID device” means “a value associated with the device
`
`that is subject to change.” This construction finds support in the specification, which
`
`states:
`
`Further, the discrete code may be maintained by the user device
`
`352 such that any indication that the security of the device is
`
`compromised results in the discrete code being set to a default value
`
`
`2 Petitioner’s expert also testified that paragraph [0527] of Labrou (e.g., paragraph
`
`that describes the original seed S) does not disclose that the original seed S is
`
`obtained or derived from the Device Identifier (DID), which Petitioner identifies as
`
`being an electronic serial number. Ex. 2015 (Cole Tr.), 13:7-16.
`
`
`
`3
`
`
`
`Case No. IPR2018-00067
`U.S. Patent No. 8,577,813
`
`
`
`(for example, zero) which effectively prevents valid authentication
`
`information from being generated by the user device 352. As just one
`
`example, the preceding security measure can be taken when the device
`
`receive an indication that it is being used under duress.
`
`Ex. 1001 at 47:8-15. Thus, the specification makes clear that the “discrete code”
`
`maintained at the user device is not a fixed value but instead is subject to change
`
`when, for example, security of the device is compromised.
`
` However, Petitioner equates Labrou’s original seed S—a fixed value not
`
`subject to change—as being the claimed discrete code. Op. at 3-4. Labrou explains
`
`that each user device has its own original seed S that is “securely stored on the
`
`device.” Ex. 1005, Labrou at [0527]. Labrou further describes that the original seed
`
`S may be used to create a new, updated seed S'. Id. at [0536]. Notwithstanding new
`
`seeds (S') that may be generated in subsequent iterations, Labrou does not disclose
`
`that the original seed S may change and is instead a fixed value. See id. at [0527],
`
`[0536]-[0537]. As such, Petitioner’s conclusion that “Labrou, therefore, teaches
`
`‘generat[ing] a seed’ (Labrou’s new seed S') ‘using… a discrete code associated with
`
`the electronic ID device’” fails because Labrou’s original seed S is not a discrete
`
`code as that phrase is properly construed.
`
`Consequently, even assuming Labrou’s T0 or T0' values constitute the claimed
`
`“time value,” Petitioner at best shows that Labrou’s updated seed value S' is based
`
`
`
`4
`
`
`
`Case No. IPR2018-00067
`U.S. Patent No. 8,577,813
`
`
`
`only on a time value and not “at least two of an electronic serial number, a discrete
`
`code associated with the electronic ID device, a PIN, a time value, and the biometric
`
`input to generate the encrypted authentication information.”
`
`2.
`
`A person of ordinary skill in the art would not combine Maes
`with Labrou to achieve the claimed limitation.
`
`A Petitioner cannot carry its burden to show obviousness where there is not a
`
`“clear, evidence-supported account” of “how the combination” would work.
`
`Personal Web Techs., LLC v. Apple, Inc., 848 F.3d 987, 994 (Fed. Cir. 2017).
`
`Petitioner here fails to clearly identify what specific aspect of Maes would be
`
`modified by a person of ordinary skill in the art with the purported teachings of
`
`Labrou. For instance, Petitioner’s motivation to combine analysis largely focuses on
`
`Labrou in isolation and how its description of seed generation based on time and use
`
`of seeds in random number generation were “well known.” See Op. 4-5. However,
`
`Petitioner fails to tie in where in Maes such allegedly well known concepts
`
`concerning seed generation would be implemented and what specific encryption
`
`scheme in Maes would be modified by Labrou. See id. Indeed, Petitioner’s only
`
`reference to modifying Maes appears to be generalized, conclusory statements. See,
`
`e.g., id. at 4 (“A PHOSITA would have been motivated to combine Labrou’s
`
`teachings regarding generating a seed that is used to generate the non-predictable
`
`value with the system of Maes.”), at 5 (“A PHOSITA would have had a reasonable
`
`
`
`5
`
`
`
`Case No. IPR2018-00067
`U.S. Patent No. 8,577,813
`
`
`
`expectation of success incorporating Labrou’s teachings into Maes...”). For this
`
`reason alone, Petitioner’s contention that proposed amended claims 27 and 50 are
`
`obvious over Maes in view of Labrou must fail.
`
`In trying to draw similarities between Maes and Labrou, Petitioner states
`
`“Maes teaches that its device may… transmit encrypted data.” Op. at 5 (citing Ex.
`
`1003, Maes at 13:34-38). To the extent that Petitioner argues that the embodiment
`
`described in column 13 of Maes, which describes how the user device may send
`
`encrypted card and user information to a financial institution for verification (see id.
`
`at 13:19-60), would be modified by Labrou, Patent Owner submits that this
`
`embodiment of Maes undermines any purported motivation to combine.
`
`Labrou expressly states that the user device’s “stored parameters,” which
`
`include information unique to the device and are known only to the device and the
`
`verification party, “are never transmitted in a message.” Ex. 1005, Labrou at [0487]
`
`(“[T]he stored parameters… are never transmitted in a message.”) (emphasis
`
`added). In direct contradiction, Maes requires that “an encrypted file containing
`
`unique identifying information pertaining to the consumer” be transmitted over a
`
`generic communication link (L4) to the financial institution. Ex. 1003, Maes at
`
`13:30-32. Transmitting “unique identifying information,” such as an account
`
`number, runs counter to Labrou’s core teaching that such information must “never”
`
`
`
`6
`
`
`
`Case No. IPR2018-00067
`U.S. Patent No. 8,577,813
`
`
`
`be transmitted. Consequently, a person of ordinary skill in the art would not be
`
`motivated to modify the encryption scheme described in Maes with Labrou’s seed-
`
`based RSN.
`
`In support of its motivation to combine argument, Petitioner also states, “A
`
`PHOSITA would have had a reasonable expectation of success incorporating
`
`Labrou’s teachings into Maes” because “…Maes teaches that its device may
`
`‘employ any known encryption technique or algorithm’ and transmit encrypted
`
`data.” Op. at 5 (citing Ex. 1003, Maes at 10:7-15, 13:34-38).
`
`Much has been made by Petitioner about Maes’ statement “the present
`
`invention may employ any known encryption technique or algorithm for the
`
`encryption/decryption process.” See Petition at 22 (arguing that this statement
`
`supports replacing Maes’ authentication information with Pare and Labrou’s
`
`encrypted authentication information); see id. at 44 (relying on this statement for
`
`support that the limitations of claim 9 would be obvious); see also Op. at 5, 7, 17.
`
`However, taking a closer look at the context of this statement reveals that the
`
`statement has limited applicability and is inconsistent with the overreaching
`
`interpretation repeatedly proffered by Petitioner. For instance, Maes recites:
`
`This information is received and processed by the central server
`
`60 and a digital certificate is then created and encoded with the user
`
`
`
`7
`
`
`
`Case No. IPR2018-00067
`U.S. Patent No. 8,577,813
`
`
`
`requested limitations (step 114). This digital certificate is then
`
`encrypted by the central server 60 and downloaded into the digital
`
`certificate processing module 20 of the CPU 12 via the established
`
`communication link Ll (step 116). It is to be understood that the
`
`present invention may employ any known encryption technique or
`
`algorithm for the encryption/decryption process, such as those
`
`disclosed in “Applied Cryptography,” by Bruce Schenier, second
`
`edition, Wiley, 1996.
`
`Ex. 1003, Maes at 10:5-15 (emphasis added). This recitation shows that the
`
`statement cited to by Petitioner corresponds to using known encryption techniques
`
`or algorithms for the encryption/decryption of the digital certificate encrypted by
`
`the central server 60 and received at the user device. Id. at 10:5-18 (“Col. 10
`
`Embodiment”). In particular, Maes does not indicate in any way that this statement
`
`applies to the unrelated embodiment identified by Petitioner in Maes at column 13
`
`directed at sending encrypted card and user information to a financial institution to
`
`allow the financial institution to verify the identity of the consumer (“Col. 13
`
`Embodiment”). See Ex. 1003, Maes at 13:19-60. Thus, Petitioner’s attempt to extend
`
`Maes’ statement that encryption/decryption of the received digital certificate (Col.
`
`10 Embodiment) can be performed according to known encryption methods over to
`
`Maes’ Col. 13 Embodiment concerning transmission of encrypted authentication
`
`information is unsupported and improper. As such, Petitioner’s conclusion that
`
`
`
`8
`
`
`
`Case No. IPR2018-00067
`U.S. Patent No. 8,577,813
`
`
`
`“Incorporating Labrou’s specific encryption teachings into Maes would have
`
`involved applying known encryption techniques to similar prior art” lacks
`
`reasonable support.
`
`B. Claims 42-44, 46-49: “wherein data stored in the electronic ID
`device is subject to a mathematical operation employing the secret
`information that acts to modify the data…the electronic ID device
`uses the secret information to reverse the mathematical operation
`and render the data legible.” (42[g])
`
`1.
`
`Petitioner fails to show that a person of ordinary skill in the art
`would be motivated to modify Maes in view of a PHOSITA’s
`knowledge and ordinary skill.
`
`Petitioner first argues that it would have been obvious to a person of ordinary
`
`skill in the art “based on Maes alone in view of a PHOSITA’s knowledge and
`
`ordinary skill” to modify Maes’ encryption/decryption scheme using an XOR
`
`operation with a password because doing so would be a “computationally
`
`inexpensive means to reversibly render data on a device unintelligible.” Op. at 7.
`
`Specifically, Petitioner alleges that the encryption/decryption operations performed
`
`on personal and financial information by Maes’ encrypter/decrypter module 24 (see
`
`Ex. 1003, Maes at 5:14-17) could be modified to specifically encrypt such data using
`
`an XOR operation with a secret string because Maes already describes local
`
`verification based on PINs and states “any known encryption technique or
`
`algorithm” may be used in one of its encryption/decryption schemes involving
`
`
`
`9
`
`
`
`Case No. IPR2018-00067
`U.S. Patent No. 8,577,813
`
`
`
`digital certificates. See Op. at 6-7.
`
`However, it is insufficient to argue that a teaching was simply known.
`
`Petitioner must also demonstrate that a person of ordinary skill had reason to use
`
`that teaching. KSR Int’l. Co. v. Teleflex, Inc., 550 U.S. 398, 418 (2007) (“[A] patent
`
`composed of several elements is not proved obvious merely by demonstrating that
`
`each of its elements was, independently, known in the prior art.”).
`
`Here, even assuming a person of ordinary skill knew that data could be
`
`encrypted by XOR-ing the data with a password and that doing so was
`
`“computationally inexpensive,” Petitioner fails to articulate a specific reason why a
`
`person of ordinary skill had reason to modify Maes’ existing encryption/decryption
`
`structures and processes with a different encryption/decryption process that was
`
`allegedly computationally inexpensive. For instance, Maes describes how “selected
`
`card information is [] decrypted by the encryption/decryption module 24 using an
`
`encryption key unique to the PDA device 10.” Ex. 1003, Maes at 11:29-32
`
`(emphasis added). Petitioner does not provide any evidence or facts that establish
`
`that Maes’ existing encryption/decryption process using this device-specific
`
`encryption key was computationally taxing and that a POSITA reading Maes would
`
`be motivated to address such issues by looking for computationally inexpensive
`
`encryption/decryption alternatives. Instead, Petitioner merely provides a skeletal
`
`
`
`10
`
`
`
`Case No. IPR2018-00067
`U.S. Patent No. 8,577,813
`
`
`
`assertion that XOR-based encryption operations are computationally inexpensive
`
`and that alone would motivate a POSITA to make significant changes to Maes’
`
`existing encryption/decryption process.3 Such conclusory statements merit denial of
`
`Petitioner’s argument that claim 42 is invalid based on Maes.
`
`2.
`
`Petitioner fails to show that a person of ordinary skill in the art
`would be motivated to modify Maes in view of Labrou.
`
`Petitioner next argues that the aforementioned claim limitation would be
`
`obvious over Maes in view of Labrou because “a PHOSITA would have been
`
`motivated to use Labrou’s teaching of an XOR function that employs a PIE (which
`
`Labrou teaches may be a PIN), in the encryption and decryption performed by
`
`Maes.” Op. at 7-8 (citing Labrou at [0537]-[0538]). However, a close review of
`
`Labrou shows that the portion of Labrou cited by Petitioner undermines any reason
`
`why a POSITA would make the combination alleged by Petitioner.
`
`Labrou describes how its encryption key 2150 (see FIG. 58 of Labrou) is
`
`
`3 Petitioner’s expert also testified that portions of Maes that describe the
`
`“encrypter/decrypter module 24” and its “encryption key” fail to disclose that the
`
`encryption/decryption scheme used by Maes is computationally taxing. See Ex. 2015
`
`(Cole Tr.), 22:3-24:3.
`
`
`
`11
`
`
`
`Case No. IPR2018-00067
`U.S. Patent No. 8,577,813
`
`
`
`generated by a two-step operation. See Ex. 1005, Labrou at [0537], FIG. 58. First,
`
`the RSN value 1246 and the PIE value 1248 are XOR-ed with one another. See id.
`
`at [0537]-[0538]. Next, the result of the XOR function is input into a hash function
`
`that generates the key as its output. See id. Such an output is “difficult to invert.” Id.
`
`Thus, the key 2150 Labrou generates relies on a combination of an XOR function
`
`followed by a one-way hash function whose output cannot be (practicably) reversed.
`
`Notably, re-applying the PIE to the key generated by Labrou’s process would not
`
`reversibly reveal the RSN. Consequently, Petitioner’s statement that “Labrou
`
`expressly teaches that its PIE… may be used in an XOR operation for performing
`
`encryption to reversibly render the RSN unintelligible” (Op. at 7) is plainly wrong.4
`
`Labrou’s hash function renders the RSN irreversibly unintelligible.
`
`II.
`
`PATENT OWNER’S PROPOSED AMENDED CLAIMS ARE NOT
`OBVIOUS OVER MAES IN VIEW OF LABROU FURTHER IN VIEW
`OF GULLMAN
`
`Petitioner has failed to meet its burden of proving Patent Owner’s amended
`
`
`4 Petitioner’s expert also contradicted Petitioner’s contention by admitting that the
`
`hash operation used by Labrou would make it practicably impossible to reversibly
`
`reveal the RSN even if the other input value, PIE, was applied to the hash output
`
`encryption key K. Ex. 2015 (Cole Tr.), 16:18-17:9.
`
`
`
`12
`
`
`
`Case No. IPR2018-00067
`U.S. Patent No. 8,577,813
`
`
`
`claims are unpatentable over Maes in view of Labrou and further in view of
`
`Gullman. Aqua Prods., Inc., 872 F.3d 1290.
`
`Petitioner contends that proposed independent claims 27 and 50 (including
`
`dependent claims 28-31, 37-41, and 51-52) are invalid under 35 U.S.C. § 103(a) as
`
`being obvious over Maes in view of Labrou and further in view of Gullman. Op. at
`
`10-13. Specifically, Petitioner argues that Gullman discloses amended claim
`
`limitations 27[e], 50[d]5 because Gullman allegedly “teaches methods for using a
`
`biometric measurement as part of the ‘seed’ for generating a non-predictable security
`
`token (i.e., ‘non-predictable value’),” and that “[i]n addition to the biometric input…
`
`other parts of this seed include a fixed code (i.e., ‘PIN’ or ‘electronic serial
`
`number’) and a time-varying code… (i.e., “time value”), which are combined in a
`
`‘verification algorithm’ to generate the token.” Op. at 11 (emphasis added). Patent
`
`Owner submits that Gullman fails to disclose the aforementioned claim limitation,
`
`and a POSITA would not be motivated to combine Maes/Labrou with Gullman
`
`because it would render the combination inoperable.
`
`A. Gullman Fails to Disclose Claim Limitations 27[e] and 50[d]
`
`Gullman describes a token-based access authorization system that includes an
`
`
`5 Patent Owner adopts Petitioners’ notation for these claim limitations. Op. at 2.
`
`
`
`13
`
`
`
`Case No. IPR2018-00067
`U.S. Patent No. 8,577,813
`
`
`
`apparatus which accepts a biometric measurement to generate a token. Ex. 1023,
`
`Gullman at Abstract, 1:6-11. The apparatus communicates the token to a host system
`
`that verifies the token to determine whether to grant system access to the user of the
`
`apparatus. See id. at 1:11-13, 6:39-44. Gullman recites the word “seed” twice in its
`
`specification, both times stating that biometric information received from the user is
`
`used to generate the “seed.” See, e.g., id. at 1:8-11 (“More particularly this invention
`
`relates to an apparatus for accepting a biometric measurement which is then used as
`
`a seed for deriving a security token.”). Gullman also describes that the token is
`
`generated using other pieces of information other than this biometric-based seed.
`
`“The verification algorithm uses the template data, the biometric input, a fixed code
`
`(i.e., PIN, embedded serial number, account number) and time varying self-
`
`generated information to derive a token output.” Id. at 2:55-59. Consequently, a
`
`POSITA would understand that Gullman’s process equates to:
`
`Token = VA[seed(biometric information), FC, TVI];
`
`where VA = verification algorithm, FC = fixed code (e.g., PIN, embedded serial
`
`number, account number), and TVI = time varying self-generated information.
`
`Thus, at best, Gullman describes a system where a token (alleged non-
`
`predictable value) is generated based on a seed, where the seed is derived using the
`
`biometric information. The other pieces of information, including the fixed-code and
`
`
`
`14
`
`
`
`Case No. IPR2018-00067
`U.S. Patent No. 8,577,813
`
`
`
`time varying information, are used as inputs to the verification algorithm alongside
`
`the seed to generate the token. See, e.g., id. at 4:3-8 (Biometric correlation value is
`
`combined with a fixed code and a time-varying code to generate the security token).
`
`Importantly, Gullman does not disclose that these pieces of information (i.e., fixed
`
`code and time varying information) are used to generate the seed itself.
`
`By contrast, claim limitations 27[e] and 50[d] specify that the seed is
`
`generated using at least two of an electronic serial number, a discrete code, a PIN, a
`
`time value, and a biometric input. For at least this reason, Petitioner fails to establish
`
`that Gullman teaches the aforementioned claim limitation and thus its obviousness
`
`combination must fall.
`
`B. A Person Of Ordinary Skill in the Art Would Not Be Motivated to
`Combine Maes/Labrou With Gullman Because It Would Render
`the Combination Inoperable
`
`Gullman describes that as part of the verification process, the security
`
`apparatus generates a “correlation factor” after comparing the received biometric
`
`input to stored templates. Ex. 1023, Gullman at 3:44-46. The correlation factor is a
`
`number that may range from 0 to 100. Id. at 6:17-20. Gullman explains that the
`
`correlation factor is then used alongside the fixed code and a time-varying code to
`
`derive the security token. Id. at 6:30-34. The apparatus sends the derived security
`
`token to the host “which decrypts or decodes the token to derive the fixed code and
`
`
`
`15
`
`
`
`Case No. IPR2018-00067
`U.S. Patent No. 8,577,813
`
`
`
`correlation factor.” Id. at 6:35-39 (emphasis added). Thus, Gullman insinuates that
`
`the host does not know the fixed code or the correlation factor in advance and instead
`
`somehow—without any explanation—derives these values based on the token,
`
`which Petitioner urges is “non-predictable.”
`
`However, a POSITA would not understand how Gullman’s host can
`
`determine these unknown values (e.g., correlation factor and fixed code) based on
`
`merely the token without having such values locally stored at the host system itself.
`
`Indeed, Gullman acknowledges the importance of having identical local copies of
`
`the inputs used in the verification algorithm at the host system to properly carry out
`
`the verification process. See id. at 4:23-26 (“To properly decode the token, the
`
`security apparatus 14 is synchronized with the host system 10 so that the time
`
`varying code is identical at both the security mechanism 14 and the host system
`
`10.”) (emphasis added); See Ex. 2015 (Cole Tr.), 61:17-62:18. As such, Gullman’s
`
`process of using a correlation factor ranging from 0-100, which would be
`
`unknown and unpredictable to the host system, to generate a security token
`
`
`
`16
`
`
`
`Case No. IPR2018-00067
`U.S. Patent No. 8,577,813
`
`
`
`would simply not work.6 Accordingly, “incorporat[ing] Gullman’s teachings
`
`regarding the combination of different values to create a seed for a non-predictable
`
`value into the system of Maes, as modified by Labrou,” would render the
`
`combination inoperable. Consequently, a POSITA would not be motivated to
`
`incorporate a non-functional teaching into Maes and Labrou.
`
`III. PATENT OWNER’S PROPOSED AMENDED CLAIMS ARE NOT
`OBVIOUS OVER MAES IN VIEW OF LABROU FURTHER IN VIEW
`OF JAKOBSSON
`
`Petitioner has failed to meet its burden of proving Patent Owner’s amended
`
`claims are unpatentable over Maes in view of Labrou and further in view of
`
`Jakobsson. Aqua Prods., Inc., 872 F.3d 1290.
`
`Petitioner contends that proposed independent claims 27 and 50 (including
`
`dependent claims 28-31, 37-41, and 51-52) are invalid under 35 U.S.C. § 103(a) as
`
`
`6 Indeed, after admitting that Gullman’s host system would also need the correlation
`
`factor to properly decode the token received from the user (Ex. 2015 (Cole Tr.),
`
`64:18-65:5), Petitioner’s expert could not reasonably explain how the host system
`
`would obtain or otherwise know in advance what specific correlation factor (ranging
`
`from 0-100) was used by the client device to generate the token in order to properly
`
`decode the token. See id., 65:6-70:18.
`
`
`
`17
`
`
`
`Case No. IPR2018-00067
`U.S. Patent No. 8,577,813
`
`
`
`being obvious over Maes in view of Labrou and further in view of Jakobsson. Op.
`
`at 13-16. Specifically, Petitioner argues that Jakobsson discloses amended claim
`
`limitations 27[e], 50[d] because in Jakobsson “a first combination function
`
`combines a time value T and a device secret K to generate an initial authentication
`
`code (i.e., a ‘seed’), and then this initial authentication code is further combined with
`
`user data P and an event state E, to generate a second authentication code (i.e., a non-
`
`predictable value).” Op. at 14. Petitioner further argues that in light of paragraph
`
`[0077] of Jakobsson, a POSITA would:
`
`recognize that… other possible orders could exist… including
`
`both a biometric P, device secret K, and time value T as part of a fir