IPR2018-00067
`U.S. Patent 8,577,813
`
`
`
`UNITED STATES PATENT AND TRADEMARK OFFICE
`
`____________
`
`
`BEFORE THE PATENT TRIAL AND APPEAL BOARD
`
` ____________
`
`
`UNIFIED PATENTS INC.
`Petitioner
`
`v.
`
`UNIVERSAL SECURE REGISTRY LLC
`Patent Owner
`
`____________
`
`
`IPR2018-00067
`U.S. 8,577,813
`
` ____________
`
`
`
`
`
`PETITIONER’S SUR-REPLY IN OPPOSITION TO PATENT OWNER’S
`CONTINGENT MOTION TO AMEND
`
`
`
`
`U.S. Patent 8,577,813
`
`
`
`UNITED STATES PATENT AND TRADEMARK OFFICE
`
`____________
`
`
`BEFORE THE PATENT TRIAL AND APPEAL BOARD
`
` ____________
`
`
`UNIFIED PATENTS INC.
`Petitioner
`
`v.
`
`UNIVERSAL SECURE REGISTRY LLC
`Patent Owner
`
`____________
`
`
`IPR2018-00067
`U.S. 8,577,813
`
` ____________
`
`
`
`
`
`PETITIONER’S SUR-REPLY IN OPPOSITION TO PATENT OWNER’S
`CONTINGENT MOTION TO AMEND
`
`
`
`
`
`IPR2018-00067
`U.S. Patent No. 8,577,813
`
`TABLE OF CONTENTS
`
`
`
`I.
`II.
`
`INTRODUCTION .......................................................................................... 1
`ARGUMENT ................................................................................................. 2
`A.
`The Proposed Claims are Obvious over Maes in view of Labrou ....... 2
`1.
`Labrou teaches the Seed Limitation .......................................... 2
`2.
`Labrou ........................................................................................ 3
`3.
`combination of Maes and Labrou .............................................. 5
`B.
`further view of Gullman ....................................................................... 6
`1.
`Seed Limitation .......................................................................... 6
`Gullman is Enabled .................................................................... 7
`2.
`C.
`further view of Jakobsson .................................................................... 8
`1.
`Maes/Labrou with Jakobsson .................................................... 8
`D.
`further view of Weiss ........................................................................... 9
`E.
`further view of Weiss and further in view of Gullman or Jakobsson ... 9
`The Proposed Claims are Directed to Ineligible Subject Matter .......... 9
`F.
`III. CONCLUSION ............................................................................................ 10
`
`A PHOSITA would have been motivated to combine Maes with
`
`The Math Limitation is Obvious over either Maes alone or the
`
`The Proposed Claims are Obvious over Maes in view of Labrou in
`
`The Combination of Maes/Labrou with Gullman satisfies the
`
`The Proposed Claims are Obvious over Maes in view of Labrou in
`
`A PHOSITA would have been motivated to combine
`
`The Proposed Claims are Obvious over Maes in view of Labrou in
`
`The Proposed Claims are Obvious over Maes in view of Labrou in
`
`
`
` i
`
`
`
`INTRODUCTION
`
`The prior art combinations cited in Petitioner’s Opposition to PO’s Contingent
`
`IPR2018-00067
`U.S. Patent No. 8,577,813
`
`
`I.
`
`Motion to Amend show that the proposed claims are obvious. PO’s Reply
`
`oversimplifies the teachings of the prior art and fails to rebut Petitioner’s evidence.
`
`The proposed amendments add two concepts: (1) generating a seed using at least two
`
`of an electronic serial number, a discrete code associated with the electronic ID
`
`device, a PIN, a time value, and the biometric input to generate the encrypted
`
`authentication information, the seed being employed by the processor to generate a
`
`nonpredictable value (the “Seed Limitation,” Claims 27, 50); and (2) subjecting
`
`data in an electronic ID device to a mathematical operation employing the secret
`
`information to modify the data, wherein the device uses the secret information to
`
`reverse the mathematical operation and render the data legible (the “Math
`
`Limitation,” Claim 42). Regarding the Seed Limitation, the ’813 Patent explains
`
`that “multiple pieces of data can be … cryptographically combined through known
`
`encryption techniques” and lists the data recited in the Seed Limitation. See ’813
`
`Patent (Ex. 1001) at 46:5-10; see also id. at 46:46-55, 46:61-67. Labrou, Gullman,
`
`and Jakobsson each teach this limitation. Regarding the Math Limitation, the ’813
`
`Patent’s embodiment uses a simple XOR operation with a PIN. See id. at 45:18-47.
`
`But the named inventor of the ’813 Patent was already using such XOR operations
`
`in data security by 1994. The proposed amendments are therefore unpatentable.
`
`
`
`1
`
`
`
`IPR2018-00067
`U.S. Patent No. 8,577,813
`
`
`A.
`
`II. ARGUMENT
`
`The Proposed Claims are Obvious over Maes in view of Labrou
`
`1.
`
`Labrou teaches the Seed Limitation
`
`
`Labrou teaches inputting seed S (i.e., a discrete code associated with the
`
`
`
`
`device) and time stamp T (i.e., a time value) into a device-specific random-number-
`
`generating function R to generate a new seed, S’ (i.e., a seed), which is again input
`
`into R to generate random sequence number RSN (i.e., a non-predictable value). The
`
`RSN of the last iteration is used to generate encrypted authentication information to
`
`secure a transaction. Labrou (Ex. 1005) at [0536]-[0538]. Though the Device ID is
`
`at least indirectly used in generating S’ through assigning a unique S and R to each
`
`Device ID, the Seed Limitation is satisfied regardless by T and S (i.e. “at least two”
`
`of a “time value” and “discrete code,” inter alia).
`
`
`
`PO’s position that seed S is not a discrete code relies on an indefensible claim
`
`construction requiring a necessarily changeable discrete code. PO improperly reads
`
`in an unclaimed embodiment from the specification. The sentence PO cites uses the
`
`permissive “may,” and the preceding sentence states that the passage applies to “one
`
`embodiment,” demonstrating this is not a definition. ’813 Patent (Ex. 1001) at 47:5-
`
`6. PO concedes “each user device has its own original seed S” in Labrou (Paper 43
`
`at 4), confirming that S is a unique code “associated with the device,” just like the
`
`claimed discrete code. PO does not rebut that S’ is a seed generated at least by time
`
`value T and seed S, that seed S is unique and associated with each device, or that S’
`
`
`
`2
`
`
`
`IPR2018-00067
`U.S. Patent No. 8,577,813
`
`is used to generate a nonpredictable value for generating encrypted authentication
`
`information. Therefore, Labrou teaches the Seed Limitation.
`
`2.
`
`A PHOSITA would have been motivated to combine Maes with
`Labrou
`
`
`Petitioner has sufficiently explained how the proposed combination of Maes
`
`
`
`and Labrou would work. PO’s arguments that Petitioner’s statements are conclusory
`
`takes Petitioner’s arguments regarding the Seed Limitation out of context. Petitioner
`
`introduced the Maes/Labrou combination in its Petition and referenced this
`
`combination in its Opposition—such provides the context necessary regarding how
`
`the proposed combination works. The Board found that the Petitioner had shown a
`
`reasonable likelihood of success in this combination, wherein the authorization
`
`number of Maes was replaced with the encrypted authentication data of Labrou for
`
`wireless transactions. See Inst. Dec., Paper 14 at 12-15; see also Reply, Paper 38 at
`
`14-15, 7-11 (refuting similar arguments made in PO’s Response).
`
`
`
`Further, PO’s argument that Petitioner has taken Maes’s teaching of using
`
`“any known” encryption technique language out of context is misleading—Maes
`
`teaches the use of encryption in many contexts, but does not specific means to
`
`encrypt the data. Thus, a PHOSITA would have been motivated to look to other art
`
`for more specific means to do so especially because of Maes’s express teaching of
`
`using any known technique. See, e.g., Maes (Ex. 1003) at 5:14-17 (encrypting
`
`personal and financial
`
`information), 13:24-50 (encrypting user and card
`
`
`
`3
`
`
`
`IPR2018-00067
`U.S. Patent No. 8,577,813
`
`information), 15:15-20 (encrypting the amount of money transferred as part of the
`
`authorization number). Maes makes this statement with regard to “the present
`
`invention” to confirm that its invention is not limited to any particular encryption
`
`technique, and a PHOSITA would have recognized it applies to any of the encryption
`
`generally taught in Maes. See Maes (Ex. 1003) at 10:11-15; see also Cole MTA Decl.
`
`(Ex. 1022) at ¶¶12, 22-23. Because Maes discloses encryption generally, coupled
`
`with this statement, a PHOSITA would have been motivated to look to specific
`
`known techniques in similar financial contexts, such as those taught in Labrou. Id.
`
`
`
`PO’s arguments that Labrou teaches never transmitting “stored parameters”
`
`misunderstands Labrou’s meaning for “stored parameters” in Paragraph [0487]. See
`
`PO MTA Reply at 6. Labrou is specifically referring to “device secrets” used for the
`
`encryption, such as the key derivation algorithm, encryption key, and secret value,
`
`all of which understandably are not transmitted and known only by a user device and
`
`verifier. See Labrou (Ex. 1005) at [0487]; see also id. at [0497]. But the implication
`
`that Labrou “never” teaches transferring any kind of identifying information is false;
`
`for example, Labrou teaches including the Device ID in the transaction message and
`
`an indication of the account being used, among others. Id. at [0249], [0253], Figs.
`
`31, 34, 36, 38. Further, Petitioner has already shown regarding Claims 12 and 21
`
`that it would have been obvious to modify Maes to transmit account aliases instead
`
`of account numbers, as taught in Labrou. See Inst. Dec., Paper 14 at 16. Thus, no
`
`actual account numbers need to be transmitted for the combination to work.
`
`
`
`4
`
`
`
`IPR2018-00067
`U.S. Patent No. 8,577,813
`
`The Math Limitation is Obvious over either Maes alone or the
`combination of Maes and Labrou
`
`3.
`
`
`
`First, the Math Limitation is obvious over Maes. Maes’s PDA device includes
`
`an encrypter/decrypter module for encrypting a user’s stored personal and financial
`
`information and decrypting it when accessed by the user. Maes (Ex. 1003) at 5:14-
`
`17. Maes teaches that a user must provide user verification, including via a
`
`PIN/password, to access financial and personal information stored on the device. Id
`
`at 5:60-67. Since XOR operations using PINs/passwords were simple and
`
`computationally inexpensive, and since Maes cites a well-known cryptography book
`
`that itself explains XOR operations, using such in Maes would have been obvious to
`
`a PHOSITA. See Petitioner Op., Paper 34 at 6-7 (citing Cole MTA Decl. (Ex. 1022)
`
`at ¶¶9-10, 12 (citing Schneier, Ex. 1015)); see also Maes (Ex. 1003) at 10:11-14. PO
`
`even acknowledges the motivations cited in the Opposition to employ XOR
`
`operations in Maes before accusing Petitioner of not providing any—such would
`
`have been “computationally inexpensive” and a simple means to encrypt device data.
`
`See PO’s MTA Reply, Paper 43 at 10. Petitioner does not need to show that Maes
`
`uses “computationally taxing” encryption—especially since Maes leaves its specific
`
`encryption open—the question, instead, is whether the modification would have
`
`been “desirable.” See In re Fulton, 391 F.3d 1195, 1200 (Fed. Cir. 2004) (“[T]he
`
`question is whether there is something in the prior art as a whole to suggest the
`
`desirability, and thus the obviousness, of making the combination…”) (internal
`
`
`
`5
`
`
`
`IPR2018-00067
`U.S. Patent No. 8,577,813
`
`quotations omitted). Petitioner has shown why a PHOSITA with ordinary
`
`knowledge would find the Math Limitation desirable and obvious in Maes.
`
`
`
`Second, the Math Limitation is, alternatively, obvious over the combination
`
`of Maes and Labrou. PO alters Petitioner’s combination by adding Labrou’s
`
`subsequent step of hashing XOR’ed data. But Petitioner never proposed hashing
`
`XOR’ed data stored in the memory of Maes, as the Math Limitation is met by a mere
`
`PIN-based XOR. See Petitioner Op., Paper 34 at 7-8; see also Cole MTA Decl. (Ex.
`
`1022) at ¶23. Maes teaches encrypting data stored on a device and using secret
`
`information (e.g., a PIN) to access the data. Labrou confirms the well-known nature
`
`of PIN-based XOR operations. And using such XOR operations would have allowed
`
`encryption in a familiar, computationally inexpensive way.
`
`B.
`
`The Proposed Claims are Obvious over Maes in view of Labrou in
`further view of Gullman
`
`1.
`
`The Combination of Maes/Labrou with Gullman satisfies the
`Seed Limitation
`
`PO’s argument that a PHOSITA would understand Gullman’s “seed” to be
`
`
`
`
`
`
`generated from only biometric input is based on unsupported attorney argument
`
`contrary to Gullman’s express disclosure. Gullman recites that “biometric information
`
`is used as part of the ‘seed’ for generating the token.” See Gullman (Ex. 1023) at 2:22-
`
`23. Thus, by its own terms, Gullman teaches that the biometric forms “part of the seed”
`
`along with the other recited data, as explained by Petitioner’s expert. Cole MTA Decl.
`
`(Ex. 1022) at ¶¶26-28. PO proffers no contrary expert testimony. But even if PO were
`
`
`
`6
`
`
`
`IPR2018-00067
`U.S. Patent No. 8,577,813
`
`correct that the biometric information alone were a “seed,” PO ignores that Gullman’s
`
`sources of seed data also are being combined with Labrou’s RSN process, which is
`
`iterative and uses the seed data to generate subsequent seeds. See Petitioner Op., Paper
`
`34 at 12-13; see also Cole MTA Decl. (Ex. 1022) at ¶27-28. Thus, regardless of the
`
`particular stage at which seed data is input, it is still combined into a subsequent seed
`
`and, thus, used as part of the seed ultimately used to generate the final RSN.
`
`Gullman is Enabled
`
`2.
`
`PO also suggests Gullman does not enable its own invention. But Gullman
`
`
`
`does explain how the correlation factor is decrypted at the host system. For example,
`
`Gullman teaches that the host system knows both a time-varying code (by being
`
`synchronized) and challenge code (by having it stored in memory) that are used to
`
`decode the correlation factor and fixed code upon receiving the security token. See
`
`Gullman (Ex. 1023) at 4:23-31. Dr. Cole testified that from the perspective of a
`
`PHOSITA, the host would have such information to decrypt the token to obtain the
`
`correlation factor. Cole Tr. (Ex. 2015) at 70:5-18. Nothing in Gullman suggests that
`
`the correlation factor is necessary to decode the token—the correlation factor is part
`
`of what is being decoded. See Gullman (Ex. 1023) at 5:27-30 (“The capability to
`
`decrypt the token at the host system allows the token input by the user to be broken
`
`down into its biometric, time-varying and fixed code components.”). If the fixed
`
`code is determined to identify a valid user and the correlation factor is above the
`
`threshold level (e.g., 90 out of 100), the user is verified. Id. at 6:39-42.
`
`
`
`7
`
`
`
`C.
`
`IPR2018-00067
`U.S. Patent No. 8,577,813
`
`The Proposed Claims are Obvious over Maes in view of Labrou in
`further view of Jakobsson
`
`1.
`
`to combine
`
`A PHOSITA would have been motivated
`Maes/Labrou with Jakobsson
`
`
`PO’s arguments are based on two incorrect premises regarding Jakobsson: (i)
`
`
`
`that the combination function is necessarily a hash function, and (ii) that Jakobsson’s
`
`authentication code may not be an intermediate value. Hashing is only one example of
`
`multiple provided by Jakobsson for generating the authentication code; Jakobsson also
`
`suggests using other one-way functions or a block cipher as the combination function.
`
`See Jakobsson (Ex. 1024) at [0071]. Therefore, PO’s arguments that the proposed
`
`combination results in redundant hash operations is incorrect.
`
`Second, PO suggests that a PHOSITA would not use Jakobsson’s authentication
`
`code in encryption because the authentication code is “a final-stage output value.” But
`
`Jakobsson teaches re-inserting authentication codes into additional combination
`
`functions. See id.; see also id. at [0073] (combining authentication code 291 with a PIN
`
`to generate authentication code 292) and [0077]. Therefore, Jakobsson teaches that an
`
`authentication code may be an intermediate value.
`
`
`
`PO argues that Petitioner’s “more is better” motivation is unsupported. Id. at 21.
`
`This is not true. In addition to his opinions that the proposed combinations would
`
`enhance security, Dr. Cole provided specific, unrebutted examples of how multi-factor
`
`and multi-layered authentication enhanced security. See Cole MTA Decl. (Ex. 1022) at
`
`¶¶4-6; Cole Reply Decl. (Ex. 1032) at ¶¶4-9; see also id. at ¶34. And the prior art
`
`
`
`8
`
`
`
`IPR2018-00067
`U.S. Patent No. 8,577,813
`
`encourages using “more” in their cryptography. Both Labrou and Jakobsson encourage
`
`using iterative processes and encryption using multiple sources of data. See Labrou (Ex.
`
`1005) at [0536]; see Jakobsson (Ex. 1023) at ¶¶[0073], [0077]. Here, more is better
`
`because it would enhance the security of Maes, as modified by Labrou. Thus, the
`
`proposed claims are obvious over the combination of Maes, Labrou, and Jakobsson.
`
`D.
`
`The Proposed Claims are Obvious over Maes in view of Labrou in
`further view of Weiss
`
`PO’s arguments against the combination of Maes and Weiss again rely on the
`
`
`
`same incorrect standard of law. Section II.A.3, supra. Specifically, PO suggests that to
`
`make a combination, a Petitioner must identify a deficiency in a base reference (i.e., in
`
`Maes) to motivate the combination. See PO MTA Reply at 22-24. But the law only
`
`requires that the proposed modification would have been desirable from the prior art as
`
`a whole. See In re Fulton, 391 F.3d at 1200. Given the simplicity of the XOR
`
`operation, its computational efficiency, and its existing application to securing
`
`device data, the proposed combination of Maes/Labrou and Weiss would have been
`
`desirable, and the claims obvious. Petitioner’s Op., Paper 34 at 16-18.
`
`E.
`
`The Proposed Claims are Obvious over Maes in view of Labrou in
`further view of Weiss and further in view of Gullman or Jakobsson
`
`PO’s arguments regarding Claim 45 merely incorporate its prior arguments
`
`
`
`already rebutted above and, therefore, fail for the same reasons discussed above.
`
`F.
`
`The Proposed Claims are Directed to Ineligible Subject Matter
`
`PO did not rebut Petitioner’s arguments regarding § 101 eligibility; instead,
`
`9
`
`
`
`
`
`
`
`IPR2018-00067
`U.S. Patent No. 8,577,813
`
`PO incorporates by reference a separate CBM opinion. This panel is not bound by
`
`that opinion, which did not have the benefit of the facts and arguments presented
`
`here, such as prior art confirming that the claims of the ’813 Patent employ
`
`conventional computer components and functions as tools. The proposed claims are
`
`abstract, and none of the limitations present an inventive concept. Therefore, the
`
`proposed claims are patent-ineligible.
`
`III. CONCLUSION
`
`For the reasons discussed in the Petition, Opposition to PO’s Motion to
`
`Amend, and this Sur-reply, the proposed amended claims are unpatentable and PO’s
`
`Motion to Amend should be denied.
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`Respectfully submitted,
`
`
`
`
`BY: /s/ Jason R. Mudd
`Jason R. Mudd, Reg. No. 57,700
`Eric A. Buresh, Reg. No. 50,394
`Roshan Mansinghani, Reg. No. 62,429
`Jonathan Stroud, Reg. No. 72,518
`
`ATTORNEYS FOR PETITIONER
`
`
`
`10
`
`
`
`CERTIFICATE OF SERVICE ON PATENT OWNER
`UNDER 37 C.F.R. § 42.105
`
`IPR2018-00067
`U.S. Patent No. 8,577,813
`
`
`
`Pursuant to 37 C.F.R. § 42.6(e), the undersigned certifies that on December 31, 2018,
`Petitioner’s Sur-reply in Opposition to Patent Owner’s Contingent Motion to Amend
`was served via electronic service on the following counsel of record for Patent
`Owner:
`
`
`• jimglass@quinnemanuel.com
`• nimahefazi@quinnemanuel.com
`• tigranguledjian@quinnemanuel.com
`• halbarza@quinnemanuel.com
`• jordankaericher@quinnemanuel.com
`• qe-usr-ipr@quinnemanuel.com
`
`
`
`Dated: December 31, 2018
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`BY: /s/ Jason R. Mudd
`Jason R. Mudd, Reg. No. 57,700
`
`ATTORNEY FOR PETITIONER
`
`
`
`11
`
`
Accessing this document will incur an additional charge of $.
After purchase, you can access this document again without charge.
Accept $ Charge
Still Working On It
This document is taking longer than usual to download. This can happen if we need to contact the court directly to obtain the document and their servers are running slowly.
Give it another minute or two to complete, and then try the refresh button.
A few More Minutes ... Still Working
It can take up to 5 minutes for us to download a document if the court servers are running slowly.
Thank you for your continued patience.
This document could not be displayed.
We could not find this document within its docket. Please go back to the docket page and check the link. If that does not work, go back to the docket and refresh it to pull the newest information.
Your account does not support viewing this document.
You need a Paid Account to view this document. Click here to change your account type.
Your account does not support viewing this document.
Set your membership
status to view this document.
With a Docket Alarm membership, you'll
get a whole lot more, including:
- Up-to-date information for this case.
- Email alerts whenever there is an update.
- Full text search for other cases.
- Get email alerts whenever a new case matches your search.
One Moment Please
The filing “” is large (MB) and is being downloaded.
Please refresh this page in a few minutes to see if the filing has been downloaded. The filing will also be emailed to you when the download completes.
Your document is on its way!
If you do not receive the document in five minutes, contact support at support@docketalarm.com.
Sealed Document
We are unable to display this document, it may be under a court ordered seal.
If you have proper credentials to access the file, you may proceed directly to the court's system using your government issued username and password.
Access Government Site
