IPR2018-00067 Cole Declaration
`U.S. Patent 8,577,813
`
`
`
`
`
`
`
`UNITED STATES PATENT AND TRADEMARK OFFICE
`____________
`
`BEFORE THE PATENT TRIAL AND APPEAL BOARD
` ____________
`
`UNIFIED PATENTS INC.
`Petitioner
`
`v.
`
`UNIVERSAL SECURE REGISTRY, LLC
`Patent Owner
`____________
`
`IPR2018-00067
`Patent 8,577,813
` ____________
`
`
`
`DECLARATION OF DR. ERIC COLE
`
`
`
`IPR2018-00067
`Unified EX1009 Page 1
`
`
`U.S. Patent 8,577,813
`
`
`
`
`
`
`
`UNITED STATES PATENT AND TRADEMARK OFFICE
`____________
`
`BEFORE THE PATENT TRIAL AND APPEAL BOARD
` ____________
`
`UNIFIED PATENTS INC.
`Petitioner
`
`v.
`
`UNIVERSAL SECURE REGISTRY, LLC
`Patent Owner
`____________
`
`IPR2018-00067
`Patent 8,577,813
` ____________
`
`
`
`DECLARATION OF DR. ERIC COLE
`
`
`
`IPR2018-00067
`Unified EX1009 Page 1
`
`
`
`IPR2018-00067 Cole Declaration
`U.S. Patent 8,577,813
`
`I, Eric Cole, hereby declare the following:
`
`I.
`
`BACKGROUND AND QUALIFICATIONS
`1. My name is Eric Cole and I am over 21 years of age and otherwise
`
`competent to make this Declaration. I make this Declaration based on facts and
`
`matters within my own knowledge and on information provided to me by others,
`
`and, if called as a witness, I could and would competently testify to the matters set
`
`forth herein.
`
`2.
`
`I have been retained as a technical expert witness in this matter by
`
`Counsel for Petitioner Unified Patents, Inc. (“Unified”)
`
`to provide my
`
`independent opinions on certain issues requested by Counsel for Petitioner
`
`relating to the accompanying petition for Inter Partes Review of U.S. Patent
`
`8,577,813 (“the ’813 Patent”). My compensation in this matter is not based on the
`
`substance of my opinions or the outcome of this matter. I have no financial
`
`interest in Petitioner. I have been informed that Universal Secure Registry, LLC
`
`(“USR”) is the current assignee of the ’813 Patent according to U.S. Patent and
`
`Trademark Office records. I have no financial interest in USR, and I have no other
`
`interest in the outcome of this matter.
`
`3.
`
`I have summarized in this section my educational background, career
`
`history, and other qualifications relevant to this matter. A current version of my
`
`curriculum vitae has been included as Exhibit 1010.
`
`
`
`
`
`IPR2018-00067
`
`Unified EX1009 Page 2
`
`
`
`IPR2018-00067 Cole Declaration
`U.S. Patent 8,577,813
`I received my master’s degree in Computer Science from the New
`
`4.
`
`York Institute of Technology in 1993, followed by my doctorate in Network
`
`Security from Pace University in 2003.
`
`5.
`
`I began my career as a cyber security scientist more than twenty-five
`
`years ago as a technical director for the United States Central Intelligence Agency
`
`(CIA), where I worked on the design of several secure communication systems.
`
`Since then, I have held positions in the field of digital security, including in the
`
`design and development of secure systems for companies such as Grace
`
`International Consulting, Lockheed Martin, McAfee, Vista
`
`Information
`
`Technologies, and Teligent, Inc. I am a member of the European InfoSec Hall of
`
`Fame, a professional membership awarded by nomination and election by a panel
`
`of industry experts.
`
`6.
`
`I am a Fellow and instructor with the SANS Institute, a research and
`
`education organization consisting of information security professionals. SANS is
`
`the leading organization in computer security training. I have developed and
`
`taught numerous courses and performed research with the SANS Institute. For
`
`example, I established “Security 401: SANS Security Essentials” for teaching
`
`students critical components of network security and “Security 501: Enterprise
`
`Defender” for teaching topics relating to cyber security, networking security and
`
`operating system security. I also was tasked with implementing a cyber security
`
`
`
`
`
`IPR2018-00067
`
`Unified EX1009 Page 3
`
`
`
`IPR2018-00067 Cole Declaration
`U.S. Patent 8,577,813
`curriculum for a subsidiary of the SANS Institute, the SANS Technology Institute,
`
`an accredited graduate school focused exclusively on cyber security degree
`
`programs.
`
`7.
`
`I am the founder of Secure Anchor Consulting, where I and my team
`
`provide cyber security and network consulting services and lead research and
`
`development initiatives to advance information systems security on behalf of
`
`financial institutions, Fortune 500 companies, international organizations, and the
`
`federal government.
`
`8.
`
`I have authored and co-authored several books on secure networks
`
`and communications, including Hackers Beware: The Ultimate Guide to Network
`
`Security, Network Security Bible (2d Ed), and Wiley Pathways Network Security
`
`Fundamentals Project Manual. I have also written several courses that have in-
`
`depth coverage of networking concepts, implementation and design. Throughout
`
`my career I have designed, built and implemented many networks for both
`
`Fortune 500 companies and the federal government.
`
`9.
`
`I have worked for the government as an employee and have held
`
`various contracting jobs with government agencies, which involved working with
`
`classified information. I have held various top-secret security clearances with
`
`Department of Defense (DOD), CIA, and Nuclear Regulatory Commission
`
`(NRC). I have worked for a wide range of government organizations including
`
`
`
`
`
`IPR2018-00067
`
`Unified EX1009 Page 4
`
`
`
`IPR2018-00067 Cole Declaration
`U.S. Patent 8,577,813
`FBI, National Security Agency, CIA, Department of Energy, DOD, the Treasury,
`
`Secret Service and the NRC.
`
`10. While serving as a Senior Officer for the Central Intelligence Agency
`
`as Program Manager / Technical Director for the Internet Program Team with
`
`Office of Technical Services, I implemented the Internet Program Team that
`
`designs, develops, tests, and deploys internet security products in 3 to 6 month
`
`intervals. In this role I received a letter of appreciation from the DCI (Director
`
`Central Intelligence) and six Exceptional Performance Awards.
`
`11. As a member of the Information Security Assessment Team with the
`
`Office of Security, I also evaluated and performed security assessment of network
`
`operating systems which include network infrastructures to identify potential
`
`vulnerabilities and solutions. I also designed a large scale auditing system with
`
`automated review capability and worked on several virus investigations for the
`
`Office of Security.
`
`12. Since 1999, I have been actively involved in working with financial
`
`institutions and credit card companies on designing, implementing and evaluating
`
`solutions for transactional security. This work has involved understanding and
`
`integrating both wireless solutions, authentication and encryption technologies.
`
`Throughout my career I have been actively involved in designing, securing and
`
`deploying wireless solutions for the transmission of sensitive information. This
`
`
`
`
`
`IPR2018-00067
`
`Unified EX1009 Page 5
`
`
`
`IPR2018-00067 Cole Declaration
`U.S. Patent 8,577,813
`work also included the testing, verifying, implementing and designing of
`
`encryption solutions (including key management) and various forms of
`
`authentication (including PIN/passwords and biometrics).
`
`13. As part of my work in connection with this proceeding, I have
`
`reviewed the following materials:
`
`• U.S. Patent 8,577,813 (Ex. 1001);
`• File History for U.S. Patent 8,577,813 (Ex. 1002);
`• U.S. Patent 6,016,476 to Maes et al. (“Maes”) (Ex. 1003)
`• U.S. Patent 5,870,723 to Pare et al. (“Pare”) (Ex. 1004);
`• U.S. Pub. US 2004/0107170 Al to Labrou et al. (“Labrou”) (Ex. 1005);
`• WO 2001/024123 to Burger et al. (“Burger”) (Ex. 1006);
`• U.S. Patent 7,865,448 to Pizarro (“Pizarro”) (Ex. 1007);
`• U.S. Patent Application Publication 2002/0178364 (Ex. 1008)
`• U.S. Patent 5,615,277 to Hoffman (1994) (EX 1011)
`• Jin et al., Biohashing: two factor authentication featuring fingerprint
`data and tokenized random number, Pattern Recognition 37 (11), pp.
`2245-2255 (2004) (Ex. 1012)
`• U.S. Patent 8,751,801 to Harris et al. (2005) (Ex. 1013)
`• U.S. Publication No. 2003/0219121 to van Someren (2002) (Ex. 1014)
`• Bruce Schneier, Applied Cryptography, 2d Ed (1996) (Ex. 1015)
`• American Bankers Association, Financial Institution Key Management
`(Wholesale), ANSI X9.17 (1995) (Ex. 1016)
`• WO Publication No. 2001/06699 to Duane et al. (2001) (Ex. 1017)
`• U.S. Patent 6,950,939 to Tobin (2001) (Ex. 1018)
`
`II. LEGAL FRAMEWORK
`
`A. Obviousness
`
`14.
`
`I am a technical expert and do not offer any legal opinions. However,
`
`counsel has informed me as to certain legal principles regarding patentability and
`
`
`
`
`
`IPR2018-00067
`
`Unified EX1009 Page 6
`
`
`
`IPR2018-00067 Cole Declaration
`U.S. Patent 8,577,813
`related matters under United States patent law, which I have applied in performing
`
`my analysis and arriving at my technical opinions in this matter.
`
`15.
`
`I have been informed that a person cannot obtain a patent on an
`
`invention if the differences between the invention and the prior art are such that
`
`the subject matter as a whole would have been obvious at the time the invention
`
`was made to a person having ordinary skill in the art. I have been informed that a
`
`conclusion of obviousness may be founded upon more than a single item of prior
`
`art. I have been further informed that obviousness is determined by evaluating the
`
`following factors: (1) the scope and content of the prior art, (2) the differences
`
`between the prior art and the claim at issue, (3) the level of ordinary skill in the
`
`pertinent art, and (4) secondary considerations of non-obviousness. In addition,
`
`the obviousness inquiry should not be done in hindsight. Instead, the obviousness
`
`inquiry should be done through the eyes of a PHOSITA at the time of the alleged
`
`invention.
`
`16.
`
`In considering whether certain prior art renders a particular patent
`
`claim obvious, counsel has informed me that I can consider the scope and content
`
`of the prior art, including the fact that one of skill in the art would regularly look
`
`to the disclosures in patents, trade publications, journal articles, conference
`
`papers, industry standards, product literature and documentation, texts describing
`
`competitive technologies, requests for comment published by standard setting
`
`
`
`
`
`IPR2018-00067
`
`Unified EX1009 Page 7
`
`
`
`IPR2018-00067 Cole Declaration
`U.S. Patent 8,577,813
`organizations, and materials from industry conferences, as examples. I have been
`
`informed that for a prior art reference to be proper for use in an obviousness
`
`analysis, the reference must be “analogous art” to the claimed invention. I have
`
`been informed that a reference is analogous art to the claimed invention if: (1) the
`
`reference is from the same field of endeavor as the claimed invention (even if it
`
`addresses a different problem); or (2) the reference is reasonably pertinent to the
`
`problem faced by the inventor (even if it is not in the same field of endeavor as the
`
`claimed invention). In order for a reference to be “reasonably pertinent” to the
`
`problem, it must logically have commended itself to an inventor's attention in
`
`considering his problem. In determining whether a reference is reasonably
`
`pertinent, one should consider the problem faced by the inventor, as reflected
`
`either explicitly or implicitly, in the specification. I believe that all of the
`
`references I considered in forming my opinions in this IPR are well within the
`
`range of references a PHOSITA would have consulted to address the type of
`
`problems described in the Challenged Claims.
`
`17.
`
`I have been informed that, in order to establish that a claimed
`
`invention was obvious based on a combination of prior art elements, a clear
`
`articulation of the reason(s) why a claimed invention would have been obvious
`
`must be provided. Specifically, I am informed that, under the U.S. Supreme
`
`Court’s KSR decision, a combination of multiple items of prior art renders a patent
`
`
`
`
`
`IPR2018-00067
`
`Unified EX1009 Page 8
`
`
`
`IPR2018-00067 Cole Declaration
`U.S. Patent 8,577,813
`claim obvious when there was an apparent reason for one of ordinary skill in the
`
`art, at the time of the invention, to combine the prior art, which can include, but is
`
`not limited to, any of the following rationales: (A) combining prior art methods
`
`according to known methods to yield predictable results; (B) substituting one
`
`known element for another to obtain predictable results; (C) using a known
`
`technique to improve a similar device in the same way; (D) applying a known
`
`technique to a known device ready for improvement to yield predictable results;
`
`(E) trying a finite number of identified, predictable potential solutions, with a
`
`reasonable expectation of success; (F) identifying that known work in one field of
`
`endeavor may prompt variations of it for use in either the same field or a different
`
`one based on design incentives or other market forces if the variations are
`
`predictable to one of ordinary skill in the art; or (G) identifying an explicit
`
`teaching, suggestion, or motivation in the prior art that would have led one of
`
`ordinary skill to modify the prior art reference or to combine the prior art
`
`references to arrive at the claimed invention.
`
`18.
`
`I am informed that the existence of an explicit teaching, suggestion, or
`
`motivation to combine known elements of the prior art is a sufficient, but not a
`
`necessary, condition to a finding of obviousness. This so-called “teaching-
`
`suggestion-motivation” test is not the exclusive test and is not to be applied rigidly
`
`in an obviousness analysis. In determining whether the subject matter of a patent
`
`
`
`
`
`IPR2018-00067
`
`Unified EX1009 Page 9
`
`
`
`IPR2018-00067 Cole Declaration
`U.S. Patent 8,577,813
`claim is obvious, neither the particular motivation nor the avowed purpose of the
`
`patentee controls. Instead, the important consideration is the objective reach of the
`
`claim. In other words, if the claim extends to what is obvious, then the claim is
`
`invalid. I am further informed that the obviousness analysis often necessitates
`
`consideration of the interrelated teachings of multiple patents, the effects of
`
`demands known to the technological community or present in the marketplace,
`
`and the background knowledge possessed by a person having ordinary skill in the
`
`art. All of these issues may be considered to determine whether there was an
`
`apparent reason to combine the known elements in the fashion claimed by the
`
`patent.
`
`19.
`
`I also am informed that in conducting an obviousness analysis, a
`
`precise teaching directed to the specific subject matter of the challenged claim
`
`need not be sought out because it is appropriate to take account of the inferences
`
`and creative steps that a PHOSITA would employ. The prior art considered can be
`
`directed to any need or problem known in the field of endeavor at the time of
`
`invention and can provide a reason for combining the elements of the prior art in
`
`the manner claimed. In other words, the prior art need not be directed towards
`
`solving the same specific problem as the problem addressed by the patent. Further,
`
`the individual prior art references themselves need not all be directed towards
`
`solving the same problem. I am informed that, under the KSR obviousness
`
`
`
`
`
`IPR2018-00067
`
`Unified EX1009 Page 10
`
`
`
`IPR2018-00067 Cole Declaration
`U.S. Patent 8,577,813
`standard, common sense is important and should be considered. Common sense
`
`teaches that familiar items may have obvious uses beyond their primary purposes.
`
`20.
`
`I also am informed that the fact that a particular combination of prior
`
`art elements was “obvious to try” may indicate that the combination was obvious
`
`even if no one attempted the combination. If the combination was obvious to try
`
`(regardless of whether it was actually tried) or leads to anticipated success, then it
`
`is likely the result of ordinary skill and common sense rather than innovation. I am
`
`further informed that in many fields it may be that there is little discussion of
`
`obvious techniques or combinations, and it often may be the case that market
`
`demand, rather than scientific literature or knowledge, will drive the design of an
`
`invention. I am informed that an invention that is a combination of prior art must
`
`do more than yield predictable results to be non-obvious.
`
`21.
`
`I am informed that for a patent claim to be obvious, the claim must be
`
`obvious to a PHOSITA at the time of the alleged invention. I am informed that the
`
`factors to consider in determining the level of ordinary skill in the art include (1)
`
`the educational level and experience of people working in the field at the time the
`
`invention was made, (2) the types of problems faced in the art and the solutions
`
`found to those problems, and (3) the sophistication of the technology in the field.
`
`22.
`
`I am informed that it is improper to combine references where the
`
`references teach away from their combination. I am informed that a reference may
`
`
`
`
`
`IPR2018-00067
`
`Unified EX1009 Page 11
`
`
`
`IPR2018-00067 Cole Declaration
`U.S. Patent 8,577,813
`be said to teach away when a PHOSITA, upon reading the reference, would be
`
`discouraged from following the path set out in the reference, or would be led in a
`
`direction divergent from the path that was taken by the patent applicant. In
`
`general, a reference will teach away if it suggests that the line of development
`
`flowing from the reference’s disclosure is unlikely to be productive of the result
`
`sought by the patentee. I am informed that a reference teaches away, for example,
`
`if (1) the combination would produce a seemingly inoperative device, or (2) the
`
`references leave the impression that the product would not have the property
`
`sought by the patentee. I also am informed, however, that a reference does not
`
`teach away if it merely expresses a general preference for an alternative invention
`
`but does not criticize, discredit, or otherwise discourage investigation into the
`
`invention claimed.
`
`23.
`
`I am informed that even if a prima facie case of obviousness is
`
`established, the final determination of obviousness must also consider “secondary
`
`considerations” if presented. In most instances, the patentee raises these secondary
`
`considerations of non-obviousness. In that context, the patentee argues an
`
`invention would not have been obvious in view of these considerations, which
`
`include: (a) commercial success of a product due to the merits of the claimed
`
`invention; (b) a long-felt, but unsatisfied need for the invention; (c) failure of
`
`others to find the solution provided by the claimed invention; (d) deliberate
`
`
`
`
`
`IPR2018-00067
`
`Unified EX1009 Page 12
`
`
`
`IPR2018-00067 Cole Declaration
`U.S. Patent 8,577,813
`copying of the invention by others; (e) unexpected results achieved by the
`
`invention; (f) praise of the invention by others skilled in the art; (g) lack of
`
`independent simultaneous invention within a comparatively short space of time;
`
`(h) teaching away from the invention in the prior art.
`
`24.
`
` I am further informed that secondary-considerations evidence is only
`
`relevant if the offering party establishes a connection, or nexus, between the
`
`evidence and the claimed invention. The nexus cannot be based on prior art
`
`features. The establishment of a nexus is a question of fact. While I understand
`
`that the Patent Owner here has not offered any secondary considerations at this
`
`time, I will supplement my opinions in the event that the Patent Owner raises
`
`secondary considerations during the course of this proceeding.
`
`
`
`B. Claim Construction
`
`25.
`
`I have been informed by counsel and understand that the first step in
`
`an unpatentability analysis involves construing the claims, as necessary, to
`
`determine their scope. Second, the construed claim language is then compared to
`
`the disclosures of the prior art. In proceedings before the United States Patent and
`
`Trademark Office, I have been informed that the claims of an unexpired patent are
`
`to be given their broadest reasonable interpretation in light of the specification
`
`from the perspective of a person of ordinary skill in the art at the time of the
`
`invention. And I have been informed that the ’813 Patent is unexpired. For
`
`
`
`
`
`IPR2018-00067
`
`Unified EX1009 Page 13
`
`
`
`IPR2018-00067 Cole Declaration
`U.S. Patent 8,577,813
`purposes of this proceeding, I have applied the claim constructions set forth in the
`
`claim construction section of the IPR Petition that this declaration accompanies
`
`when analyzing the prior art and the claims. See Petition at Section III.D. For
`
`those terms that have not expressly been construed, I have applied the meaning of
`
`the claim terms of the ’813 Patent that is generally consistent with the terms’
`
`ordinary and customary meaning, as a person of ordinary skill in the art would
`
`have understood them at the time of the invention.
`
`III. OPINION
`A. Level of Skill of a Person Having Ordinary Skill in the Art
`
`26.
`
`I was asked to provide my opinion as to the level of skill of a person
`
`having ordinary skill in the art (“PHOSITA”) of the ’813 Patent at the time of the
`
`claimed invention, which counsel has informed me to assume is February 21,
`
`2006. In determining the characteristics of a hypothetical person of ordinary skill
`
`in the art of the ’813 Patent at the time of the claimed invention, I was told to
`
`consider several factors, including the type of problems encountered in the art, the
`
`solutions to those problems, the rapidity with which innovations are made in the
`
`field, the sophistication of the technology, and the education level of active
`
`workers in the field. I also placed myself back in the time frame of the claimed
`
`invention, and considered the colleagues with whom I had worked at that time.
`
`27.
`
`In my opinion, a person having ordinary skill in the art of the ’813
`
`
`
`
`
`IPR2018-00067
`
`Unified EX1009 Page 14
`
`
`
`IPR2018-00067 Cole Declaration
`U.S. Patent 8,577,813
`Patent at the time of its filing would have been a person having the equivalent of a
`
`bachelor’s degree
`
`in computer science, electrical engineering, computer
`
`engineering, or a similar discipline, and at least two years of experience working
`
`with technology related secure transaction systems, or an equivalent amount of
`
`similar work experience or education, with additional education substituting for
`
`experience and additional experience substituting for education. Such a person of
`
`ordinary skill in the art would have been capable of understanding the ’813 patent
`
`and the prior art references discussed herein.
`
`28. Based on my education, training, and professional experience in the
`
`field of the claimed invention, I am familiar with the level and abilities of a person
`
`of ordinary skill in the art at the time of the claimed invention. Additionally, I met
`
`at least these minimum qualifications to be a person having ordinary skill in the
`
`art as of the time of the claimed invention of the ’813 Patent
`
`B.
`29.
`
`Background of the Technology
`
`I was asked to briefly summarize the background of the prior art from
`
`the standpoint of a PHOSITA prior to February 21, 2006, which counsel has told
`
`me to assume is the date of the alleged invention of the ’813 Patent.
`
`30. The ’813 Patent states that it is generally related to “systems,
`
`methods, and apparatus[es] for authenticating identity or verifying the identity of
`
`individuals and other entities seeking access to certain privileges and for
`
`
`
`
`
`IPR2018-00067
`
`Unified EX1009 Page 15
`
`
`
`IPR2018-00067 Cole Declaration
`U.S. Patent 8,577,813
`selectively granting privileges and providing other services in response to such
`
`identifications/ verifications.” Id. at 1:37-42. In addition, the ’813 Patent relates to
`
`transmitting
`
`information
`
`to/from a user device, particularly “contactless
`
`information transmission.” Id. at 1:42-46.
`
`31. The ’813 Patent describes that methods for transitioning from a
`
`magnetic form of communication to a wireless form of communication for user
`
`authentication were desired in the art. Id. at 3:34-36. As the ’813 Patent
`
`acknowledges, the field of secure systems had been shifting from transmissions
`
`via a magnetic card reader to wirelessly transmitting transactional information.
`
`See Ex. 1001, ’813 Patent at 3:3-12 (“[U]ser devices that may transmit
`
`information optically or via radio frequency (“RF”) signal transmission to a
`
`compatible system interface are now available”); 3:28-34 (“RF devices that
`
`transmit information wirelessly are expected to become much more prevalent
`
`…”). Indeed, each of the references cited in the Petition teach using some form of
`
`wireless communication to perform a transaction.
`
`32. Also, as acknowledged by the ’813 Patent, the field of security
`
`devices had, by the time of the ’813 Patent, seen improvements in the
`
`sophistication of authentication schemes by including advanced verification
`
`functionality, such as biometric sensors. See id. at 2:59-3:2. However, the concept
`
`of using biometrics for authenticating users of transaction devices, was well
`
`
`
`
`
`IPR2018-00067
`
`Unified EX1009 Page 16
`
`
`
`IPR2018-00067 Cole Declaration
`U.S. Patent 8,577,813
`
`known over a decade prior to the ’813 Patent.1
`
`Authenticating an Individual’s Identity
`33.
`
`In general, there are, and were at the time of the ’813 Patent, three
`
`known ways to authenticate the identity of an individual: (1) by information the
`
`individual knows (e.g., a password or PIN), (2) by information the individual has
`
`(e.g., a token, smart card), and (3) by information representing who the individual
`
`is (e.g., biometrics, such as a fingerprint or voice sample).2
`
`34. Systems employing two or more methods or levels of authentication
`
`(i.e., multi-factor authentication) represent a security improvement over a system
`
`that only employs one method because each method could reconcile the
`
`deficiencies of the others.3 For example, passwords or PINs could be overheard,
`
`tokens or smart cards could be lost or stolen, and biometric information is
`
`irreplaceable and poses serious privacy risks if compromised by an attacker.4
`
`Logically, multi-factor authentication was known to be more secure because it
`
`1 See, e.g., Ex. 1011, U.S. Patent 5,615,277 to Hoffman (1994) at 3:1-35 (describing
`systems and methods in the art for using biometric samples, such as voice or fingerprint
`systems, to a tokenless security system applicable to “transaction of financial and other
`services”).
`2 See, e.g., Ex. 1012, Jin et al., Biohashing: two factor authentication featuring
`fingerprint data and tokenized random number, Pattern Recognition 37 (11), pp. 2245-
`2255 (2004), at Abstract, 2246; see also, e.g., Ex. 1013, U.S. Patent 8,751,801 to Harris
`et al. (2005) at 1:28-64 (describing the three methods of user authentication in e-
`commerce, opining that “wider adoption of two-factor authentication is desirable.”).
`3 See Footnote 2.
`4 See Ex. 1012, Jin, at 2245-46, 54.
`
`
`
`
`
`IPR2018-00067
`
`Unified EX1009 Page 17
`
`
`
`IPR2018-00067 Cole Declaration
`U.S. Patent 8,577,813
`requires a would-be attacker/thief to successfully overcome multiple types of
`
`authentication.
`
`35. Often, for biometric systems, a number derived from the biometric
`
`input, and not a record copying the biometric input itself, is stored within an
`
`authentication device as a function of a tokenized random number. 5 Such a
`
`method of generating authentication information (i.e., in encrypted form) is one
`
`way to reinforce the security of the biometric input because, without the random
`
`or pseudo-random token, an attacker cannot access the secure data.
`
`Encrypting Data
`36. The claims of the ’813 Patent require that a user device generates
`
`“encrypted authentication information” using a non-predictable value. The
`
`concept of a using a “non-predictable value,” such as a random number or pseudo-
`
`random number, to encrypt data, including financial data, was known decades
`
`prior to the earliest priority date of the ’813 Patent.6 For example, one of the
`
`references cited in the Petition, Pare, refers to ANSI X9.17, which is a standard
`
`5 See id., generally and at 2249, 53; see also Ex. 1014, U.S. Publication No.
`2003/0219121 to van Someren (2002), generally and at Abstract (teaching a method and
`apparatus that combines a random number with biometric information to generate a
`cryptographic key and secure information on a device).
`6 See Ex. 1015, Bruce Schneier, Applied Cryptography, 2d Ed (1996) at 372, 374
`(explaining the background of the Data Encryption Standard); see also Ex. 1016,
`American Bankers Association, Financial Institution Key Management (Wholesale),
`ANSI X9.17 (1995) at 25 (“Keys and initialization vectors (IVs) shall be generated so
`that keys and IVs are random or pseudorandom”).
`
`
`
`
`
`IPR2018-00067
`
`Unified EX1009 Page 18
`
`
`
`IPR2018-00067 Cole Declaration
`U.S. Patent 8,577,813
`specifically related to encryption key management for financial institutions. The
`
`ANSI standard explains that a random number may be a function of a secret 64-bit
`
`seed and a date/time vector.7
`
`37. The process of encrypting data generally calls for the execution of a
`
`mathematical operation, such as a cryptographic algorithm, a hash function, or
`
`other mathematical algorithm for generating and applying a cryptographic key.8
`
`The mathematical theories regarding specifically how data be encrypted is
`
`complicated, but the mere fact that mathematical operations may be used in
`
`encrypting data has been well known for decades.
`
`38. The data that becomes encrypted is often an important consideration
`
`for a developer of a secure system, but one general, common sense rule is that
`
`information that a user would not want others knowing (e.g., financial account
`
`information, a secret PIN, biometric characteristics, personal information, etc.)
`
`should be encrypted. Further, it was known such data can be encrypted both for
`
`the purposes of being stored in an encrypted form and also for purposes of being
`
`transmitted in encrypted form. The practice of encrypting authentication
`
`information, such as PINs and biometric information, in the context of wireless
`
`transactions was known and recognized, including by the time it was known that
`
`
`7 Ex. 1016, ANSI X9.17 at 151.
`8 Ex. 1015, Schneier at 22, 56 (describing one-way has functions), 89.
`
`
`
`
`
`IPR2018-00067
`
`Unified EX1009 Page 19
`
`
`
`IPR2018-00067 Cole Declaration
`U.S. Patent 8,577,813
`wireless transactions would become more and more common.9
`
`The Universal Secure Registry
`39.
`
`I have been informed by Counsel that the term “secure registry” used
`
`in the claims of the ’813 Patent should be construed to include “one or more
`
`systems maintaining one or more secure databases for storing account information
`
`for a plurality of users and that perform the function of validating authentication
`
`information of users.” See Petition at Sec. III.D. The concept of a secure registry,
`
`including a universal secure registry, was known years prior to the ’813 Patent.10
`
`For example, a major part of the business model of financial institutions and credit
`
`card companies has long been to maintain databases storing account information
`
`for users and validated authentication information to be used for authenticating
`
`users for completing transactions. The named inventor of the ’813 Patent, Mr.
`
`Weiss, had already disclosed the concept for a secure registry years prior to
`
`2006.11
`
`40. The specific sequence of how information may be communicated to a
`
`secure registry may be done in many different ways, each of which would have
`
`yielded predictable results from the standpoint of a PHOSITA by 2006. For
`
`9 See, e.g., Ex. 1017, WO Publication No. 2001/06699 to Duane et al. (2001) at 15:31-
`16:7 (“The encrypted sensitive information stored in a personal security device may
`include … a personal identification number (“PIN”) … biometric information …”).
`10 Ex. 1008, U.S. Patent Application Publication 2002/0178364 to Weiss.
`11 See id.
`
`
`
`
`
`IPR2018-00067
`
`Unified EX1009 Page 20
`
`
`
`IPR2018-00067 Cole Declaration
`U.S. Patent 8,577,813
`example, it was known that a wireless device could communicate directly with a
`
`registry to authorize a transaction on its own, or it could communicate via a point-
`
`of-sale device, as traditional credit cards have and do. 12 Whether the device
`
`communicates directly or indirectly with a registry would depend on various
`
`design considerations and objectives of the PHOSITA, including whether the
`
`device possessed
`
`appropria
Accessing this document will incur an additional charge of $.
After purchase, you can access this document again without charge.
Accept $ Charge
Still Working On It
This document is taking longer than usual to download. This can happen if we need to contact the court directly to obtain the document and their servers are running slowly.
Give it another minute or two to complete, and then try the refresh button.
A few More Minutes ... Still Working
It can take up to 5 minutes for us to download a document if the court servers are running slowly.
Thank you for your continued patience.
This document could not be displayed.
We could not find this document within its docket. Please go back to the docket page and check the link. If that does not work, go back to the docket and refresh it to pull the newest information.
Your account does not support viewing this document.
You need a Paid Account to view this document. Click here to change your account type.
Your account does not support viewing this document.
Set your membership
status to view this document.
With a Docket Alarm membership, you'll
get a whole lot more, including:
- Up-to-date information for this case.
- Email alerts whenever there is an update.
- Full text search for other cases.
- Get email alerts whenever a new case matches your search.
One Moment Please
The filing “” is large (MB) and is being downloaded.
Please refresh this page in a few minutes to see if the filing has been downloaded. The filing will also be emailed to you when the download completes.
Your document is on its way!
If you do not receive the document in five minutes, contact support at support@docketalarm.com.
Sealed Document
We are unable to display this document, it may be under a court ordered seal.
If you have proper credentials to access the file, you may proceed directly to the court's system using your government issued username and password.
Access Government Site
