`U.S. Patent 8,577,813
`
`
`
`UNITED STATES PATENT AND TRADEMARK OFFICE
`
`____________
`
`
`BEFORE THE PATENT TRIAL AND APPEAL BOARD
`
` ____________
`
`
`UNIFIED PATENTS INC.
`Petitioner
`
`v.
`
`UNIVERSAL SECURE REGISTRY LLC
`Patent Owner
`
`____________
`
`
`IPR2018-00067
`U.S. 8,577,813
`
` ____________
`
`
`
`
`
`PETITIONER’S SUR-REPLY IN OPPOSITION TO PATENT OWNER’S
`CONTINGENT MOTION TO AMEND
`
`
`
`
`
`IPR2018-00067
`U.S. Patent No. 8,577,813
`
`TABLE OF CONTENTS
`
`
`
`I.
`II.
`
`INTRODUCTION .......................................................................................... 1
`ARGUMENT ................................................................................................. 2
`A.
`The Proposed Claims are Obvious over Maes in view of Labrou ....... 2
`1.
`Labrou teaches the Seed Limitation .......................................... 2
`2.
`Labrou ........................................................................................ 3
`3.
`combination of Maes and Labrou .............................................. 5
`B.
`further view of Gullman ....................................................................... 6
`1.
`Seed Limitation .......................................................................... 6
`Gullman is Enabled .................................................................... 7
`2.
`C.
`further view of Jakobsson .................................................................... 8
`1.
`Maes/Labrou with Jakobsson .................................................... 8
`D.
`further view of Weiss ........................................................................... 9
`E.
`further view of Weiss and further in view of Gullman or Jakobsson ... 9
`The Proposed Claims are Directed to Ineligible Subject Matter .......... 9
`F.
`III. CONCLUSION ............................................................................................ 10
`
`A PHOSITA would have been motivated to combine Maes with
`
`The Math Limitation is Obvious over either Maes alone or the
`
`The Proposed Claims are Obvious over Maes in view of Labrou in
`
`The Combination of Maes/Labrou with Gullman satisfies the
`
`The Proposed Claims are Obvious over Maes in view of Labrou in
`
`A PHOSITA would have been motivated to combine
`
`The Proposed Claims are Obvious over Maes in view of Labrou in
`
`The Proposed Claims are Obvious over Maes in view of Labrou in
`
`
`
` i
`
`
`
`INTRODUCTION
`
`The prior art combinations cited in Petitioner’s Opposition to PO’s Contingent
`
`IPR2018-00067
`U.S. Patent No. 8,577,813
`
`
`I.
`
`Motion to Amend show that the proposed claims are obvious. PO’s Reply
`
`oversimplifies the teachings of the prior art and fails to rebut Petitioner’s evidence.
`
`The proposed amendments add two concepts: (1) generating a seed using at least two
`
`of an electronic serial number, a discrete code associated with the electronic ID
`
`device, a PIN, a time value, and the biometric input to generate the encrypted
`
`authentication information, the seed being employed by the processor to generate a
`
`nonpredictable value (the “Seed Limitation,” Claims 27, 50); and (2) subjecting
`
`data in an electronic ID device to a mathematical operation employing the secret
`
`information to modify the data, wherein the device uses the secret information to
`
`reverse the mathematical operation and render the data legible (the “Math
`
`Limitation,” Claim 42). Regarding the Seed Limitation, the ’813 Patent explains
`
`that “multiple pieces of data can be … cryptographically combined through known
`
`encryption techniques” and lists the data recited in the Seed Limitation. See ’813
`
`Patent (Ex. 1001) at 46:5-10; see also id. at 46:46-55, 46:61-67. Labrou, Gullman,
`
`and Jakobsson each teach this limitation. Regarding the Math Limitation, the ’813
`
`Patent’s embodiment uses a simple XOR operation with a PIN. See id. at 45:18-47.
`
`But the named inventor of the ’813 Patent was already using such XOR operations
`
`in data security by 1994. The proposed amendments are therefore unpatentable.
`
`
`
`1
`
`
`
`IPR2018-00067
`U.S. Patent No. 8,577,813
`
`
`A.
`
`II. ARGUMENT
`
`The Proposed Claims are Obvious over Maes in view of Labrou
`
`1.
`
`Labrou teaches the Seed Limitation
`
`
`Labrou teaches inputting seed S (i.e., a discrete code associated with the
`
`
`
`
`device) and time stamp T (i.e., a time value) into a device-specific random-number-
`
`generating function R to generate a new seed, S’ (i.e., a seed), which is again input
`
`into R to generate random sequence number RSN (i.e., a non-predictable value). The
`
`RSN of the last iteration is used to generate encrypted authentication information to
`
`secure a transaction. Labrou (Ex. 1005) at [0536]-[0538]. Though the Device ID is
`
`at least indirectly used in generating S’ through assigning a unique S and R to each
`
`Device ID, the Seed Limitation is satisfied regardless by T and S (i.e. “at least two”
`
`of a “time value” and “discrete code,” inter alia).
`
`
`
`PO’s position that seed S is not a discrete code relies on an indefensible claim
`
`construction requiring a necessarily changeable discrete code. PO improperly reads
`
`in an unclaimed embodiment from the specification. The sentence PO cites uses the
`
`permissive “may,” and the preceding sentence states that the passage applies to “one
`
`embodiment,” demonstrating this is not a definition. ’813 Patent (Ex. 1001) at 47:5-
`
`6. PO concedes “each user device has its own original seed S” in Labrou (Paper 43
`
`at 4), confirming that S is a unique code “associated with the device,” just like the
`
`claimed discrete code. PO does not rebut that S’ is a seed generated at least by time
`
`value T and seed S, that seed S is unique and associated with each device, or that S’
`
`
`
`2
`
`
`
`IPR2018-00067
`U.S. Patent No. 8,577,813
`
`is used to generate a nonpredictable value for generating encrypted authentication
`
`information. Therefore, Labrou teaches the Seed Limitation.
`
`2.
`
`A PHOSITA would have been motivated to combine Maes with
`Labrou
`
`
`Petitioner has sufficiently explained how the proposed combination of Maes
`
`
`
`and Labrou would work. PO’s arguments that Petitioner’s statements are conclusory
`
`takes Petitioner’s arguments regarding the Seed Limitation out of context. Petitioner
`
`introduced the Maes/Labrou combination in its Petition and referenced this
`
`combination in its Opposition—such provides the context necessary regarding how
`
`the proposed combination works. The Board found that the Petitioner had shown a
`
`reasonable likelihood of success in this combination, wherein the authorization
`
`number of Maes was replaced with the encrypted authentication data of Labrou for
`
`wireless transactions. See Inst. Dec., Paper 14 at 12-15; see also Reply, Paper 38 at
`
`14-15, 7-11 (refuting similar arguments made in PO’s Response).
`
`
`
`Further, PO’s argument that Petitioner has taken Maes’s teaching of using
`
`“any known” encryption technique language out of context is misleading—Maes
`
`teaches the use of encryption in many contexts, but does not specific means to
`
`encrypt the data. Thus, a PHOSITA would have been motivated to look to other art
`
`for more specific means to do so especially because of Maes’s express teaching of
`
`using any known technique. See, e.g., Maes (Ex. 1003) at 5:14-17 (encrypting
`
`personal and financial
`
`information), 13:24-50 (encrypting user and card
`
`
`
`3
`
`
`
`IPR2018-00067
`U.S. Patent No. 8,577,813
`
`information), 15:15-20 (encrypting the amount of money transferred as part of the
`
`authorization number). Maes makes this statement with regard to “the present
`
`invention” to confirm that its invention is not limited to any particular encryption
`
`technique, and a PHOSITA would have recognized it applies to any of the encryption
`
`generally taught in Maes. See Maes (Ex. 1003) at 10:11-15; see also Cole MTA Decl.
`
`(Ex. 1022) at ¶¶12, 22-23. Because Maes discloses encryption generally, coupled
`
`with this statement, a PHOSITA would have been motivated to look to specific
`
`known techniques in similar financial contexts, such as those taught in Labrou. Id.
`
`
`
`PO’s arguments that Labrou teaches never transmitting “stored parameters”
`
`misunderstands Labrou’s meaning for “stored parameters” in Paragraph [0487]. See
`
`PO MTA Reply at 6. Labrou is specifically referring to “device secrets” used for the
`
`encryption, such as the key derivation algorithm, encryption key, and secret value,
`
`all of which understandably are not transmitted and known only by a user device and
`
`verifier. See Labrou (Ex. 1005) at [0487]; see also id. at [0497]. But the implication
`
`that Labrou “never” teaches transferring any kind of identifying information is false;
`
`for example, Labrou teaches including the Device ID in the transaction message and
`
`an indication of the account being used, among others. Id. at [0249], [0253], Figs.
`
`31, 34, 36, 38. Further, Petitioner has already shown regarding Claims 12 and 21
`
`that it would have been obvious to modify Maes to transmit account aliases instead
`
`of account numbers, as taught in Labrou. See Inst. Dec., Paper 14 at 16. Thus, no
`
`actual account numbers need to be transmitted for the combination to work.
`
`
`
`4
`
`
`
`IPR2018-00067
`U.S. Patent No. 8,577,813
`
`The Math Limitation is Obvious over either Maes alone or the
`combination of Maes and Labrou
`
`3.
`
`
`
`First, the Math Limitation is obvious over Maes. Maes’s PDA device includes
`
`an encrypter/decrypter module for encrypting a user’s stored personal and financial
`
`information and decrypting it when accessed by the user. Maes (Ex. 1003) at 5:14-
`
`17. Maes teaches that a user must provide user verification, including via a
`
`PIN/password, to access financial and personal information stored on the device. Id
`
`at 5:60-67. Since XOR operations using PINs/passwords were simple and
`
`computationally inexpensive, and since Maes cites a well-known cryptography book
`
`that itself explains XOR operations, using such in Maes would have been obvious to
`
`a PHOSITA. See Petitioner Op., Paper 34 at 6-7 (citing Cole MTA Decl. (Ex. 1022)
`
`at ¶¶9-10, 12 (citing Schneier, Ex. 1015)); see also Maes (Ex. 1003) at 10:11-14. PO
`
`even acknowledges the motivations cited in the Opposition to employ XOR
`
`operations in Maes before accusing Petitioner of not providing any—such would
`
`have been “computationally inexpensive” and a simple means to encrypt device data.
`
`See PO’s MTA Reply, Paper 43 at 10. Petitioner does not need to show that Maes
`
`uses “computationally taxing” encryption—especially since Maes leaves its specific
`
`encryption open—the question, instead, is whether the modification would have
`
`been “desirable.” See In re Fulton, 391 F.3d 1195, 1200 (Fed. Cir. 2004) (“[T]he
`
`question is whether there is something in the prior art as a whole to suggest the
`
`desirability, and thus the obviousness, of making the combination…”) (internal
`
`
`
`5
`
`
`
`IPR2018-00067
`U.S. Patent No. 8,577,813
`
`quotations omitted). Petitioner has shown why a PHOSITA with ordinary
`
`knowledge would find the Math Limitation desirable and obvious in Maes.
`
`
`
`Second, the Math Limitation is, alternatively, obvious over the combination
`
`of Maes and Labrou. PO alters Petitioner’s combination by adding Labrou’s
`
`subsequent step of hashing XOR’ed data. But Petitioner never proposed hashing
`
`XOR’ed data stored in the memory of Maes, as the Math Limitation is met by a mere
`
`PIN-based XOR. See Petitioner Op., Paper 34 at 7-8; see also Cole MTA Decl. (Ex.
`
`1022) at ¶23. Maes teaches encrypting data stored on a device and using secret
`
`information (e.g., a PIN) to access the data. Labrou confirms the well-known nature
`
`of PIN-based XOR operations. And using such XOR operations would have allowed
`
`encryption in a familiar, computationally inexpensive way.
`
`B.
`
`The Proposed Claims are Obvious over Maes in view of Labrou in
`further view of Gullman
`
`1.
`
`The Combination of Maes/Labrou with Gullman satisfies the
`Seed Limitation
`
`PO’s argument that a PHOSITA would understand Gullman’s “seed” to be
`
`
`
`
`
`
`generated from only biometric input is based on unsupported attorney argument
`
`contrary to Gullman’s express disclosure. Gullman recites that “biometric information
`
`is used as part of the ‘seed’ for generating the token.” See Gullman (Ex. 1023) at 2:22-
`
`23. Thus, by its own terms, Gullman teaches that the biometric forms “part of the seed”
`
`along with the other recited data, as explained by Petitioner’s expert. Cole MTA Decl.
`
`(Ex. 1022) at ¶¶26-28. PO proffers no contrary expert testimony. But even if PO were
`
`
`
`6
`
`
`
`IPR2018-00067
`U.S. Patent No. 8,577,813
`
`correct that the biometric information alone were a “seed,” PO ignores that Gullman’s
`
`sources of seed data also are being combined with Labrou’s RSN process, which is
`
`iterative and uses the seed data to generate subsequent seeds. See Petitioner Op., Paper
`
`34 at 12-13; see also Cole MTA Decl. (Ex. 1022) at ¶27-28. Thus, regardless of the
`
`particular stage at which seed data is input, it is still combined into a subsequent seed
`
`and, thus, used as part of the seed ultimately used to generate the final RSN.
`
`Gullman is Enabled
`
`2.
`
`PO also suggests Gullman does not enable its own invention. But Gullman
`
`
`
`does explain how the correlation factor is decrypted at the host system. For example,
`
`Gullman teaches that the host system knows both a time-varying code (by being
`
`synchronized) and challenge code (by having it stored in memory) that are used to
`
`decode the correlation factor and fixed code upon receiving the security token. See
`
`Gullman (Ex. 1023) at 4:23-31. Dr. Cole testified that from the perspective of a
`
`PHOSITA, the host would have such information to decrypt the token to obtain the
`
`correlation factor. Cole Tr. (Ex. 2015) at 70:5-18. Nothing in Gullman suggests that
`
`the correlation factor is necessary to decode the token—the correlation factor is part
`
`of what is being decoded. See Gullman (Ex. 1023) at 5:27-30 (“The capability to
`
`decrypt the token at the host system allows the token input by the user to be broken
`
`down into its biometric, time-varying and fixed code components.”). If the fixed
`
`code is determined to identify a valid user and the correlation factor is above the
`
`threshold level (e.g., 90 out of 100), the user is verified. Id. at 6:39-42.
`
`
`
`7
`
`
`
`C.
`
`IPR2018-00067
`U.S. Patent No. 8,577,813
`
`The Proposed Claims are Obvious over Maes in view of Labrou in
`further view of Jakobsson
`
`1.
`
`to combine
`
`A PHOSITA would have been motivated
`Maes/Labrou with Jakobsson
`
`
`PO’s arguments are based on two incorrect premises regarding Jakobsson: (i)
`
`
`
`that the combination function is necessarily a hash function, and (ii) that Jakobsson’s
`
`authentication code may not be an intermediate value. Hashing is only one example of
`
`multiple provided by Jakobsson for generating the authentication code; Jakobsson also
`
`suggests using other one-way functions or a block cipher as the combination function.
`
`See Jakobsson (Ex. 1024) at [0071]. Therefore, PO’s arguments that the proposed
`
`combination results in redundant hash operations is incorrect.
`
`Second, PO suggests that a PHOSITA would not use Jakobsson’s authentication
`
`code in encryption because the authentication code is “a final-stage output value.” But
`
`Jakobsson teaches re-inserting authentication codes into additional combination
`
`functions. See id.; see also id. at [0073] (combining authentication code 291 with a PIN
`
`to generate authentication code 292) and [0077]. Therefore, Jakobsson teaches that an
`
`authentication code may be an intermediate value.
`
`
`
`PO argues that Petitioner’s “more is better” motivation is unsupported. Id. at 21.
`
`This is not true. In addition to his opinions that the proposed combinations would
`
`enhance security, Dr. Cole provided specific, unrebutted examples of how multi-factor
`
`and multi-layered authentication enhanced security. See Cole MTA Decl. (Ex. 1022) at
`
`¶¶4-6; Cole Reply Decl. (Ex. 1032) at ¶¶4-9; see also id. at ¶34. And the prior art
`
`
`
`8
`
`
`
`IPR2018-00067
`U.S. Patent No. 8,577,813
`
`encourages using “more” in their cryptography. Both Labrou and Jakobsson encourage
`
`using iterative processes and encryption using multiple sources of data. See Labrou (Ex.
`
`1005) at [0536]; see Jakobsson (Ex. 1023) at ¶¶[0073], [0077]. Here, more is better
`
`because it would enhance the security of Maes, as modified by Labrou. Thus, the
`
`proposed claims are obvious over the combination of Maes, Labrou, and Jakobsson.
`
`D.
`
`The Proposed Claims are Obvious over Maes in view of Labrou in
`further view of Weiss
`
`PO’s arguments against the combination of Maes and Weiss again rely on the
`
`
`
`same incorrect standard of law. Section II.A.3, supra. Specifically, PO suggests that to
`
`make a combination, a Petitioner must identify a deficiency in a base reference (i.e., in
`
`Maes) to motivate the combination. See PO MTA Reply at 22-24. But the law only
`
`requires that the proposed modification would have been desirable from the prior art as
`
`a whole. See In re Fulton, 391 F.3d at 1200. Given the simplicity of the XOR
`
`operation, its computational efficiency, and its existing application to securing
`
`device data, the proposed combination of Maes/Labrou and Weiss would have been
`
`desirable, and the claims obvious. Petitioner’s Op., Paper 34 at 16-18.
`
`E.
`
`The Proposed Claims are Obvious over Maes in view of Labrou in
`further view of Weiss and further in view of Gullman or Jakobsson
`
`PO’s arguments regarding Claim 45 merely incorporate its prior arguments
`
`
`
`already rebutted above and, therefore, fail for the same reasons discussed above.
`
`F.
`
`The Proposed Claims are Directed to Ineligible Subject Matter
`
`PO did not rebut Petitioner’s arguments regarding § 101 eligibility; instead,
`
`9
`
`
`
`
`
`
`
`IPR2018-00067
`U.S. Patent No. 8,577,813
`
`PO incorporates by reference a separate CBM opinion. This panel is not bound by
`
`that opinion, which did not have the benefit of the facts and arguments presented
`
`here, such as prior art confirming that the claims of the ’813 Patent employ
`
`conventional computer components and functions as tools. The proposed claims are
`
`abstract, and none of the limitations present an inventive concept. Therefore, the
`
`proposed claims are patent-ineligible.
`
`III. CONCLUSION
`
`For the reasons discussed in the Petition, Opposition to PO’s Motion to
`
`Amend, and this Sur-reply, the proposed amended claims are unpatentable and PO’s
`
`Motion to Amend should be denied.
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`Respectfully submitted,
`
`
`
`
`BY: /s/ Jason R. Mudd
`Jason R. Mudd, Reg. No. 57,700
`Eric A. Buresh, Reg. No. 50,394
`Roshan Mansinghani, Reg. No. 62,429
`Jonathan Stroud, Reg. No. 72,518
`
`ATTORNEYS FOR PETITIONER
`
`
`
`10
`
`
`
`CERTIFICATE OF SERVICE ON PATENT OWNER
`UNDER 37 C.F.R. § 42.105
`
`IPR2018-00067
`U.S. Patent No. 8,577,813
`
`
`
`Pursuant to 37 C.F.R. § 42.6(e), the undersigned certifies that on December 31, 2018,
`Petitioner’s Sur-reply in Opposition to Patent Owner’s Contingent Motion to Amend
`was served via electronic service on the following counsel of record for Patent
`Owner:
`
`
`• jimglass@quinnemanuel.com
`• nimahefazi@quinnemanuel.com
`• tigranguledjian@quinnemanuel.com
`• halbarza@quinnemanuel.com
`• jordankaericher@quinnemanuel.com
`• qe-usr-ipr@quinnemanuel.com
`
`
`
`Dated: December 31, 2018
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`BY: /s/ Jason R. Mudd
`Jason R. Mudd, Reg. No. 57,700
`
`ATTORNEY FOR PETITIONER
`
`
`
`11
`
`