UNITED STATES PATENT AND TRADEMARK OFFICE
`
`_________________
`
`BEFORE THE PATENT TRIAL AND APPEAL BOARD
`
`_________________
`
`MICROSOFT CORPORATION AND MICROSOFT MOBILE INC.,
`
`Petitioners,
`
`v.
`
`KONINKLIJKE PHILIPS N.V.,
`
`Patent Owner.
`
`
`
`IPR2018-00279
`U.S. Patent No. 9,436,809
`Issued: September 6, 2016
`Application No.: 14/538,493
`Filed: Nov. 11, 2014
`
`Title: Secure Authenticated Distance Measurement
`_________________
`
`PETITION FOR
`INTER PARTES REVIEW OF U.S. PATENT NO. 9,436,809
`
`
`

`

`TABLE OF CONTENTS
`
`IPR2018-00279
`Patent 9,436,809
`
`Page(s)
`
`I.
`
`INTRODUCTION ........................................................................................... 1
`
`II. MANDATORY NOTICES UNDER 37 C.F.R. §42.8 .................................... 1
`
`A.
`
`Real Party-In-Interest ............................................................................ 1
`
`B.
`
`Related Matters ...................................................................................... 1
`
`C.
`
`Lead Counsel, Back-Up Counsel, And Service Information ................ 2
`
`III. FEES ................................................................................................................ 2
`
`IV. GROUNDS FOR STANDING PER 37 C.F.R. §42.104(a) ............................ 2
`
`V.
`
`IDENTIFICATION OF CHALLENGE .......................................................... 3
`
`A.
`
`Statement Of The Precise Relief Requested ......................................... 3
`
`B.
`
`C.
`
`Statutory Grounds.................................................................................. 3
`
`Summary Of The Applied Prior Art ...................................................... 4
`
`1. Willey .......................................................................................... 4
`
`2.
`
`3.
`
`Ishibashi ...................................................................................... 5
`
`Sims ............................................................................................. 5
`
`VI. THE ’809 PATENT ......................................................................................... 6
`
`A.
`
`Entity Authentication ............................................................................ 6
`
`B.
`
`The ’809 Patent’s Specification ............................................................ 7
`
`C.
`
`The Prosecution History ........................................................................ 8
`
`VII. CLAIM CONSTRUCTION .......................................................................... 10
`
`VIII. GROUNDS OF UNPATENTABILITY ........................................................ 11
`
`Page i
`
`

`

`A. Ground 1: Claims 1-4, 6, 9, 11, 14,
`34-37, 41, 43, 46, 49, 52-55, 58-60
`Are Obvious Over Willey In View Of Ishibashi ................................. 14
`
`IPR2018-00279
`Patent 9,436,809
`
`1.
`
`2.
`
`3.
`
`4.
`
`5.
`
`6.
`
`7.
`
`8.
`
`9.
`
`Claim 1 ...................................................................................... 17
`
`Claim 2 ...................................................................................... 31
`
`Claim 3 ...................................................................................... 32
`
`Claim 4 ...................................................................................... 32
`
`Claim 6 ...................................................................................... 34
`
`Claim 9 ...................................................................................... 35
`
`Claim 11 .................................................................................... 36
`
`Claim 14 .................................................................................... 37
`
`Claims 34, 35-37, 41, 43, And 46 ............................................. 39
`
`10. Claims 49, 52-54 ....................................................................... 42
`
`11. Claims 55, 58-60 ....................................................................... 46
`
`B. Ground 2: Claims 1-4, 6, 9, 11, 14,
`34-37, 41, 43, 46, 49, 52-55, 58-60
`Are Obvious Over Willey In View Of Sims ....................................... 49
`
`1.
`
`2.
`
`3.
`
`4.
`
`5.
`
`6.
`
`7.
`
`Claim 1 ...................................................................................... 51
`
`Claim 2 ...................................................................................... 57
`
`Claim 3 ...................................................................................... 57
`
`Claim 4 ...................................................................................... 57
`
`Claim 6 ...................................................................................... 58
`
`Claim 9 ...................................................................................... 59
`
`Claim 11 .................................................................................... 60
`
`Page ii
`
`

`

`IPR2018-00279
`Patent 9,436,809
`
`8.
`
`9.
`
`Claim 14 .................................................................................... 60
`
`Claims 34, 35-37, 41, 43, and 46 .............................................. 61
`
`10. Claims 49, 52-54 ....................................................................... 64
`
`11. Claims 55, 58-60 ....................................................................... 67
`
`IX. CONCLUSION .............................................................................................. 70
`
`
`
`
`
`Page iii
`
`

`

`TABLE OF AUTHORITIES
`
`IPR2018-00279
`Patent 9,436,809
`
`Page(s)
`
`Statutes
`
`35 U.S.C. §102 .......................................................................................................4, 5
`
`35 U.S.C. §103 ........................................................................................................... 3
`
`35 U.S.C. §119 ........................................................................................................... 4
`
`Rules
`
`37 C.F.R. §42.10 ............................................................................................................................. 2
`
`37 C.F.R. §42.104 ........................................................................................................................... 2
`
`37 C.F.R. §42.15 ............................................................................................................................. 2
`
`
`
`
`
`
`
`Page iv
`
`

`

`IPR2018-00279
`Patent 9,436,809
`
`LIST OF EXHIBITS
`
`Description
`
`U.S. Patent No. 9,436,809 (“the ’809 Patent”)
`
`File History of U.S. Patent No. 8,543,819
`
`U.S. Patent No. 7,516,325 (“Willey”)
`
`U.S. Provisional Patent Application No. 60/281,556 (“Willey
`Provisional”)
`
`Application No. 10/117,186 (“Willey Application”)
`
`EP 1100035A (“Ishibashi”)
`
`No.
`
`1001
`
`1002
`
`1003
`
`1004
`
`1005
`
`1006
`
`1007
`
`U.S. Patent No. 6,550,011 (“Sims”)
`
`1008
`
`1009
`
`1010
`
`1011
`
`1012
`
`1013
`
`1014
`
`U.S. Patent Application No. 09/414,213 (“Sims Application”)
`
`Declaration of William R. Rosenblatt
`
`Claim Construction Order, Dist. Of Delaware, Case No. 1:15-cv-
`01170
`
`Excerpts from Webster’s New World Dictionary Of Computer
`Terms (2000)
`
`Excerpts from McGraw-Hill Dictionary (1994)
`
`Excerpts from Schneier, Bruce, Applied Cryptography, Second
`Edition, John Wiley and Sons, Inc. (1996)
`
`Excerpts from Kernighan, Brian W. and Dennis M. Ritchie, THE
`C PROGRAMMING LANGUAGE, Prentice-Hall, (1978)
`
`1015
`
`File History of U.S. Patent No. 9,436,809
`
`
`
`Page v
`
`

`

`IPR2018-00279
`Patent 9,436,809
`
`I.
`
`INTRODUCTION
`
`Microsoft Corporation and Microsoft Mobile Inc. (“Petitioners”) respectfully
`
`request inter partes review (“IPR”) of claims 1-4, 6, 9, 11, 14, 34-37, 41, 43, 46, 49,
`
`52-55, and 58-60 of U.S. Patent No. 9,436,809 (“’809 patent”) (Ex. 1001), allegedly
`
`assigned to Koninklijke Philips N.V. (“Patent Owner, ” or “Philips”). For the reasons
`
`set forth below, claims 1-4, 6, 9, 11, 14, 34-37, 41, 43, 46, 49, 52-55, and 58-60
`
`should be found unpatentable and cancelled.
`
`II. MANDATORY NOTICES UNDER 37 C.F.R. §42.8
`
`A. Real Party-In-Interest
`
`The real-parties-in-interest are Microsoft Corporation and Microsoft Mobile
`
`Inc.
`
`B. Related Matters
`
`Philips has asserted the ’809 patent in the following litigations, which are
`
`pending in the United States District Court for the District of Delaware:
`
`Case Caption
`
`Case Number
`
`Date filed
`
`Koninklijke Philips N.V. v. Acer Inc.
`
`1:15-cv-01170
`
`Dec. 18, 2015
`
`Koninklijke Philips N.V. et al v. ASUSTeK
`Computer Inc.
`
`Koninklijke Philips N.V. et al v. HTC
`Corporation
`
`1:15-cv-01125
`
`Dec. 7, 2015
`
`1:15-cv-01126
`
`Dec. 7, 2015
`
`On November 10, 2016, Microsoft Corporation intervened in the two cases
`
`identified above against Acer and ASUStek. On December 9, 2016, Philips filed
`
`Petition for Inter Partes Review of USP 9,436,809
`
`Page 1
`
`

`

`IPR2018-00279
`Patent 9,436,809
`
`counterclaims of infringement against Microsoft in those two cases, including claims
`
`for infringement of the ’809 patent. Philips named Microsoft Mobile Inc. (a
`
`subsidiary of Microsoft) as a counterclaim-defendant.
`
`C. Lead Counsel, Back-Up Counsel, And Service Information
`
`Todd M. Siegel (Lead), todd.siegel@klarquist.com, Reg. No. 73,232, Garth
`
`A. Winn (Back-up), garth.winn@klarquist.com, Reg. No. 33,220, KLARQUIST
`
`SPARKMAN, LLP, 121 SW Salmon Street, Suite 1600, Portland, Oregon, 97204,
`
`Tel: 503-595-5300, Fax: 503-595-5301. Petitioners consent to service via email at
`
`the above email addresses.
`
`Pursuant to 37 C.F.R. §42.10(b), Power of Attorney executed by Petitioners
`
`for appointing the above counsel is concurrently filed.
`
`III. FEES
`
`An electronic payment in the amount of $26,800 for the fee specified by 37
`
`C.F.R. §42.15(a) is being paid at the time of filing this petition, charged to deposit
`
`account no. 02-4550. Any adjustments in the fee may be debited/credited to the
`
`deposit account.
`
`IV. GROUNDS FOR STANDING PER 37 C.F.R. §42.104(A)
`
`Petitioners certify that the ’809 patent is available for IPR and that Petitioners
`
`are not barred or estopped from requesting an IPR challenging the patent claims on
`
`the grounds identified in this petition. Specifically, the present petition is being filed
`
`Petition for Inter Partes Review of USP 9,436,809
`
`Page 2
`
`

`

`IPR2018-00279
`Patent 9,436,809
`
`within one year of service of a complaint in which the ’809 patent was identified as
`
`being infringed by Petitioners.
`
`V.
`
`IDENTIFICATION OF CHALLENGE
`
`A.
`
`Statement Of The Precise Relief Requested
`
`Petitioners request IPR of claims 1-4, 6, 9, 11, 14, 34, 35, 36, 37, 41, 43, 46,
`
`49, 52-55, and 58-60 (each a “Challenged Claim,” collectively the “Challenged
`
`Claims”) of the ’809 patent under 35 U.S.C. §103 (pre-AIA)1. This petition presents
`
`evidence of unpatentability and establishes a reasonable likelihood that Petitioners
`
`will prevail in establishing that each Challenged Claim is unpatentable.
`
`B.
`
`Statutory Grounds
`
`This petition presents two statutory grounds for unpatentability of the
`
`Challenged Claims:
`
`Ground #1: Claims 1-4, 6, 9, 11, 14, 34-37, 41, 43, 46, 49, 52-55, and 58-60
`
`are unpatentable under 35 U.S.C. §103(a) over U.S. Patent No. 7,516,325 (“Willey”)
`
`in view of European Patent Application 1 100 035 A1 (“Ishibashi”).
`
`Ground #2: Claims 1-4, 6, 9, 11, 14, 34-37, 41, 43, 46, 49, 52-55, and 58-60
`
`are unpatentable under 35 U.S.C. §103(a) over U.S. Patent No. 7,516,325 (“Willey”)
`
`in view of U.S. Patent No. 6,550,011 (“Sims”).
`
`
`1 All citations to 35 U.S.C. herein are to the pre-AIA version.
`
`Petition for Inter Partes Review of USP 9,436,809
`
`Page 3
`
`

`

`For each ground, in Section VIII below, the petition demonstrates at least a
`
`reasonable likelihood that each Challenged Claim is unpatentable.
`
`IPR2018-00279
`Patent 9,436,809
`
`C.
`
`Summary Of The Applied Prior Art
`
`1. Willey
`
`Willey, entitled “Device Authentication In A PKI,” issued from U.S. Patent
`
`Application No. 10/117,186 (“’186 application), which was filed on April 8, 2002.
`
`(Ex. 1005.) Under 35 U.S.C. §119(e), Willey is entitled to an effective filing date of
`
`April 6, 2001, the date Willey’s Provisional Application No. 60/281,556 (“’556
`
`application) was filed. (Ex. 1004.) Indeed, the ’556 application provides written
`
`description support for Willey’s issued claims. (Ex. 1009, ¶56.) Willey, therefore,
`
`qualifies as prior art to the ’809 patent under 35 U.S.C. §102(e) as it is entitled to an
`
`effective filing date more than two years before the earliest possible effective filing
`
`date of the Challenged Claims.
`
`Willey is generally directed to using a public key cryptographic scheme for
`
`the mutual authentication of devices. (Id., ¶57.) Willey’s disclosure incorporates
`
`proximity control into its authentication scheme to verify that two devices are within
`
`a predetermined distance of each other. (Id., ¶58; see also Ex. 1003 at 2:1-47, 13:4-
`
`28.)
`
`Petition for Inter Partes Review of USP 9,436,809
`
`Page 4
`
`

`

`IPR2018-00279
`Patent 9,436,809
`
`2.
`
`Ishibashi
`
`This petition also relies on EP 1100035A, entitled “Information Processing
`
`Device And Method, And Providing Medium” (“Ishibashi”). Ishibashi was
`
`published on May 16, 2001—more than one year before the earliest possible
`
`effective filing date for the ’809 patent. (Ex. 1006.) Thus, Ishibashi qualifies as prior
`
`art under 35 U.S.C. §102(b).
`
`Ishibashi discloses a mutual authentication scheme used between various pairs
`
`of devices in a multi-tiered secure digital media distribution scheme. Ishibashi
`
`discloses, among other things, certificates as claimed by the ’809 patent. Ishibashi
`
`also discloses a server that checks a home device’s certificate before sending the first
`
`signal, just like the Challenged Claims.
`
`3.
`
`Sims
`
`This petition also relies on U.S. Patent No. 6,550,011, entitled “Media Content
`
`Protection Utilizing Public Key Cryptography” (“Sims”). Sims issued from U.S.
`
`Patent Application No. 09/414,213, which was filed on October 7, 1999, and which
`
`provides written description support for Sims’ issued claims. (See Ex. 1008, Ex.
`
`1009, ¶81.) Sims, therefore, qualifies as prior art to the ’809 patent under 35 U.S.C.
`
`§102(e) as it is entitled to an effective filing date more than three years before the
`
`earliest possible effective filing date of the ’809 patent.
`
`Petition for Inter Partes Review of USP 9,436,809
`
`Page 5
`
`

`

`IPR2018-00279
`Patent 9,436,809
`
`Sims generally discloses “[a] system and method for providing protection of
`
`content which may be transmitted over unsecure channels, including storage and
`
`transmission in bulk media, transmission over a network such as the Internet,
`
`transmission between components of an open system, and broadcast transmitted, to
`
`compliant storage devices and/or compliant use devices.” (Id. at Abstract.)
`
`VI. THE ’809 PATENT
`
`The ’809 patent, entitled “Secure Authenticated Distance Measurement”
`
`issued on September 6, 2016 from U.S. Patent Application No. 14/538,493 (“’493
`
`application”), filed on November 11, 2014. The ’493 application is a continuation of
`
`Application No. 10/521,858, filed as Application No. PCT/IB03/02932 on June 27,
`
`2003. The ’809 patent purports to claim priority to a foreign application allegedly
`
`filed July 26, 2002.
`
`A. Entity Authentication
`
`The ’809 patent is directed broadly at a concept known as entity
`
`authentication, which means proving that an entity—such as a consumer electronics
`
`device—is what it claims to be, so that, for example, the device can receive and
`
`decrypt protected content for an end user. (Ex. 1009, ¶43.) The entity trying to be
`
`authenticated is known as the prover; the entity that authenticates the prover is
`
`known as the verifier. (Id.)
`
`Petition for Inter Partes Review of USP 9,436,809
`
`Page 6
`
`

`

`IPR2018-00279
`Patent 9,436,809
`
`More specifically, the ’809 patent is aimed at methods for authenticating
`
`communication devices within a particular distance of each other so as to permit the
`
`secure transfer of multimedia content between the devices. (Ex. 1001 at Abstract.)
`
`The ’809 patent purports to accomplish this task by combining three security-related
`
`techniques associated with entity authentication—each of which was well known in
`
`the prior art long before the ’858 application was filed: (1) challenge-response
`
`protocol, (2) digital certificate, and (3) proximity control. These techniques can be
`
`summarized as follows:
`
` challenge-response protocol: a messaging protocol that uses
`
`cryptographic elements, such as keys, to authenticate a prover;
`
` digital certificate: encrypted data provided by a trusted third
`
`party, called a Certificate Authority, which vouches for the
`
`authenticity of a prover; and
`
` proximity control: a prover can only be authenticated if it is
`
`within a certain physical distance of a verifier.
`
`(See Ex. 1009, ¶¶42-50.)
`
`B.
`
`The ’809 Patent’s Specification
`
`The ’809 patent’s discussion of the patent’s figures attempts to explain how
`
`the patent combines these concepts in its disclosed embodiment. For example, FIG.
`
`1 purports to depict a computer on which multimedia content is stored. (Id. at 4:59-
`
`Petition for Inter Partes Review of USP 9,436,809
`
`Page 7
`
`

`

`IPR2018-00279
`Patent 9,436,809
`
`63.) The ’809 patent explains that the owner of the computer and content may want
`
`to make the content available to a user via various devices. FIG. 1 further purports
`
`to depict other devices (105, 107, 109, 111, 113, 115, 117, and 119) in various
`
`physical proximities to the computer. (Id. at 4:63-5:6.) “When the user wants to
`
`make a legal copy of the content to another device via e.g. a [secure authenticated
`
`channel], the distance between the other device and the computer 103 is measured
`
`and only devices within a predefined distance illustrated by the devices 105, 107,
`
`109, 111, 113 inside the circle 101 are allowed to receive the content. Whereas the
`
`devices 115, 117, 119 having a distance to the computer 101 being larger than the
`
`predefined distance are not allowed to receive the content.” (Id. at 4:67-5:8.) The
`
`patent goes on to use FIG. 2 to explain how the so-called “authenticated distance
`
`measurement” between the devices may be performed. (Id. at 5:25-43.) After the
`
`distance has been measured, data can then be sent between the eligible devices. (Id.
`
`at 6:21-24.)
`
`C. The Prosecution History
`
`No third party prior art was discussed during the prosecution of the ’493
`
`application. The primary examiner also examined U.S. Patent No. 8,543,819, which
`
`issued on September 24, 2013. The ’819 patent issued from the same parent ’858
`
`PCT application as the ’809 patent. Several third party prior art references were
`
`discussed during the examination of the ’819 patent, including Willey. (Ex. 1002.)
`
`Petition for Inter Partes Review of USP 9,436,809
`
`Page 8
`
`

`

`IPR2018-00279
`Patent 9,436,809
`
`During prosecution, the Applicants acknowledged that “Willey discloses a
`
`system for establishing a link key between corresponds in a public key cryptographic
`
`scheme. The method provides a means for mutual authentication of the services and
`
`for establishing a link key by introducing the first and second correspondent (device)
`
`within a predetermined distance, establishing a key agreement when the devices are
`
`within the predetermined distance and implementing challenge-response routine for
`
`authentication.” (Id. at 642.)
`
`The Applicants then argued that the prior art “fails to provide any teaching
`
`regarding the second device being compliant with predefined compliance rules,” and
`
`further that the art fails to disclose “the claim element of ‘which secret is used to
`
`modify a spreading code of a spread-spectrum communication signal between the
`
`first device and the second device.’” (Id. at 642-644.) The Applicants later argued
`
`that “Willey fails to disclose securely sharing the common secret after the second
`
`device has been determined to be compliant.” (Id. at 71.)
`
`As noted above, the Challenged Claims involve three distinct techniques:
`
`challenge-response protocols, digital certificates, and proximity control. This
`
`petition relies on Willey primarily for its disclosure of the proximity control-related
`
`claim limitations. Indeed, the Applicants never disputed that Willey discloses
`
`proximity control as claimed by the ’917 application. The secondary references
`
`Petition for Inter Partes Review of USP 9,436,809
`
`Page 9
`
`

`

`IPR2018-00279
`Patent 9,436,809
`
`relied on, Ishibashi and Sims—not discussed during prosecution—render the
`
`Challenged Claims obvious when combined with Willey.
`
`VII. CLAIM CONSTRUCTION AND LEVEL OF SKILL IN THE ART
`
`In mapping the prior art to the Challenged Claims, Petitioners have
`
`considered: (1) the broadest reasonable interpretation (“BRI”) of the claims
`
`consistent with the specification, including the ordinary and customary meaning of
`
`the terms as would be understood by a person having ordinary skill in the art
`
`(“POSITA”) in the context of the entire disclosure; (2) the meaning that a term would
`
`have to a POSITA at the time of the invention taking into account intrinsic evidence
`
`(the claims, specification and prosecution history); and (3) the construction
`
`identified by the District of Delaware in related litigation. The prior art relied on
`
`herein discloses or otherwise teaches the limitations of the Challenged Claims under
`
`any of these standards. While the plain and ordinary meaning of the terms will
`
`suffice for the present petition, the following constructions were provided by the
`
`Court in the District of Delaware litigation and are included within the BRI of the
`
`claims. (See Ex. 1010 at 16-19.)
`
`Claim term/phrase
`
`Construed to mean
`
`certificate
`
`information containing at least the entity’s
`
`distinguishing identifier and public key, and signed
`
`by a certification authority to guard against forgery
`
`Petition for Inter Partes Review of USP 9,436,809
`
`Page 10
`
`

`

`IPR2018-00279
`Patent 9,436,809
`
`Claim term/phrase
`
`Construed to mean
`
`[provide/providing] the
`
`securely [transmits/transmitting] the common secret
`
`secret to the second
`
`with the second device according to a key transport
`
`device
`
`protocol or a key agreement protocol
`
`predetermined time
`
`a time interval selected to ensure that the first and
`
`second communication devices are sufficiently near
`
`one another to permit access to the protected content.
`
`Level of skill: Here, a POSITA should be defined as a person having an
`
`undergraduate education in computer science, or equivalent, plus two years’ work
`
`experience in a combination of software engineering and data communications. (Ex.
`
`1009, ¶53.) More specifically, a POSITA should be expected to understand the
`
`basics of digital communication devices and protocols, and how to apply basic
`
`cryptographic concepts. (Id., ¶54.)
`
`Regarding the claim term “signal,” a POSITA would understand that the BRI
`
`of “signal” as used in the ’809 patent would be consistent with the plain and ordinary
`
`meaning of “signal,” namely “[t]he portion of a transmission that coherently
`
`represents information, unlike the random and meaningless line noise that occurs in
`
`the transmission channel.” (See Ex. 1011; see also Ex. 1012; Ex. 1009, ¶124, n. 51.)
`
`Petition for Inter Partes Review of USP 9,436,809
`
`Page 11
`
`

`

`IPR2018-00279
`Patent 9,436,809
`
`VIII. GROUNDS OF UNPATENTABILITY
`
`The unpatentability challenges are set forth in detail throughout this section.
`
`Willey, the primary reference used in each ground discussed below, is directed to “a
`
`method for establishing a link key between correspondents in a public key
`
`cryptographic scheme, one of the correspondents being an authenticating device and
`
`the other being an authenticated device. The method also provides a means for
`
`mutual authentication of the devices. The method for establishing the link key
`
`includes the steps of introducing the first correspondent and the second
`
`correspondent within a predetermined distance and establishing a key agreement and
`
`implementing challenge-response routine for authentication.” (Ex. 1003 at 4:30-40.)
`
`Willey is directed to devices, such as those that communicate via Bluetooth.
`
`Bluetooth devices of the time had schemes for pairing (establishing communications
`
`links between pairs of devices) that were subject to third-party eavesdropping, called
`
`“man-in-the-middle” attacks. Willey added proximity control – verifying that the
`
`two devices are within a predetermined distance of each other – to challenge-
`
`response authentication as a means of thwarting man-in-the-middle attacks. (Id. at
`
`2:1-47, 13:4-28; Ex. 1009, ¶58.)
`
`Willey’s method starts by establishing a shared secret value in both devices,
`
`using a key agreement scheme, and using that value to derive a symmetric key,
`
`referred to as an “antispoof variable.” (Ex. 1003 at 6:44-7:3.) Both devices store their
`
`Petition for Inter Partes Review of USP 9,436,809
`
`Page 12
`
`

`

`IPR2018-00279
`Patent 9,436,809
`
`own copies of the antispoof variable. (Id.; Ex. 1009, ¶60.) Although the antispoof
`
`variable may be a different value from the shared secret value, it too is a shared
`
`secret and is referred to as such, or as “common secret,” in the analysis below. (Ex.
`
`1009, ¶60.)
`
`Once the two devices have their own copies of the antispoof variable, they
`
`perform a challenge-response protocol to mutually authenticate each other, and to
`
`ensure proximity. (Id., ¶61.) This is the embodiment of Willey’s invention described
`
`starting at column 12, line 50 and depicted in Figures 11 and 11a. (Id.) Using the
`
`terminology introduced above, the verifier sends the prover a random challenge, a
`
`value that is the same size (in bits) as the antispoof variable. (Id.)
`
`The prover receives the challenge and sends a response consisting of the XOR
`
`of the challenge and the antispoof variable. (Id., ¶62 (citing Ex. 1003 at 13:29-14:4,
`
`15:7-32).) The verifier receives the response, takes the XOR of the response with
`
`the random challenge, and verifies that the result is the bits of the antispoof variable.
`
`(Id.) The verifier also calculates the time from sending the challenge to receiving the
`
`response), and checks that this round-trip time is within a predefined interval. (Ex.
`
`1009, ¶63 (citing Ex. 1003 at 15:33-50, 17:1-6, 20-25).) Willey satisfies the
`
`construction of “predefined interval” as “a time interval selected to ensure that the
`
`first and second communication devices are sufficiently near one another to permit
`
`access to the protected content.” (Ex. 1009, ¶63.) For example, Willey’s disclosed
`
`Petition for Inter Partes Review of USP 9,436,809
`
`Page 13
`
`

`

`IPR2018-00279
`Patent 9,436,809
`
`time interval of 0.833 milliseconds (see Ex. 1003 at 17:1-6) corresponds to a distance
`
`of less than one foot, which is considered to be sufficiently close for authentication.
`
`(Ex. 1009, ¶63.) The predefined interval depends on the communication medium
`
`used, which could be different RF (radio frequency) schemes or acoustic audio. (Id.)
`
`Once the challenge-response and proximity protocol have completed
`
`successfully, a “link key” between the two devices is established so they can
`
`communicate securely. (Id., ¶64 (citing Ex. 1003 at 12:50-51).)
`
`A. Ground #1: Claims 1-4, 6, 9, 11, 14,
`34-37, 41, 43, 46, 49, 52-55, 58-60
`Are Obvious Over Willey In View Of Ishibashi
`
`As explained below, claims 1-4, 6, 9, 11, 14, 34-37, 41, 43, 46, 49, 52-55, 58-
`
`60 are obvious over Willey in view of Ishibashi.
`
`Motivation to Combine: A POSITA implementing the teachings of Willey
`
`would have been motivated to improve the security of the Willey authentication
`
`techniques by incorporating the teachings of Ishibashi. (Ex. 1009, ¶¶93-108.)
`
`Specifically, Willey and Ishibashi each discloses overlapping features of entity
`
`authentication, including challenge-response protocols. (Id., ¶¶93-95.) Ishibashi
`
`discloses the use of digital certificates as well as the use of key transport protocols
`
`to convey secrets from one device to another. (Id., ¶93.) A POSITA would have been
`
`motivated to combine Ishibashi’s use of digital certificates into the challenge-
`
`response elements disclosed by Willey. (Id., ¶¶95-96.) Digital certificates were well-
`
`Petition for Inter Partes Review of USP 9,436,809
`
`Page 14
`
`

`

`IPR2018-00279
`Patent 9,436,809
`
`known in the art; indeed, the ’809 patent incorporates by reference both the ISO
`
`11770 and 9798 standards. (Id.) Digital certificates improve security compared to
`
`pure challenge-response protocols by localizing trust to a single, known, highly
`
`managed entity – the certificate authority – instead of delegating it to a multitude of
`
`consumer-accessible devices that are in the field and thus both harder for the entity
`
`responsible for security to access and more susceptible to hacking. (Id.)
`
`Moreover, digital certificates are not sufficient by themselves for entity
`
`authentication. (Id., ¶97.) Entity authentication with certificates also requires
`
`protocols by which a verifier obtains a prover’s certificate, checks it for validity,
`
`informs the prover that its certificate’s validity has been established, and finally
`
`establishes a basis for further activity, such as a shared key for encrypting data
`
`communicated between entities. As this necessarily involves some kind of protocol
`
`between the verifier and the prover, a POSITA implementing digital certificates,
`
`such as those taught by Ishibashi, would have been motivated to include challenge-
`
`response elements (such as those disclosed by Willey) to certificate-based entity
`
`authentication schemes. (Id.)
`
`Another feature disclosed in Ishibashi that would have improved the security
`
`methods taught by Willey (such as Willey’s use of an XOR operation for conveying
`
`data between devices) is Ishibashi’s use of public-key cipher for key transport to
`
`share secrets securely from one device to another. (Id., ¶¶102-106.) Willey discloses
`
`Petition for Inter Partes Review of USP 9,436,809
`
`Page 15
`
`

`

`IPR2018-00279
`Patent 9,436,809
`
`using logical XOR operations to convey values from one device to another, which
`
`is known to be a weak way of protecting data in transit. (Id., ¶103.)
`
`Willey’s method was designed to be executed as quickly as possible on voice-
`
`based wireless devices such as mobile phones, personal digital assistants, and
`
`headsets. (Id.) Notably, in the time frame of Willey’s filing (i.e., late 1990s, early
`
`2000s), the media and technology industries were converging as more and more
`
`consumers had multiples types of devices and networking capabilities in their
`
`homes. (Id., ¶¶27-31.) Home devices were interconnected and had the ability to
`
`transfer content from one device to another. (Id., ¶32.) With the rise of wireless
`
`networking and interconnectivity, media companies were looking for ways to
`
`improve security to reduce unauthorized use and distribution of content. (Id., ¶¶32-
`
`41.) As bandwidth capabilities were increasing, it was becoming apparent to skilled
`
`artisans that it extreme efficiencies was not necessarily as important as strong
`
`security. (Id., ¶¶27-41, 104.) The problem involved devices capable of transmitting,
`
`copying, and playing digital video on high-bandwidth home networks – that is,
`
`devices of considerably more cost and complexity than the wireless devices of
`
`Willey. (Id., ¶104.) Therefore it was possible and desirable to use a more secure
`
`scheme than that disclosed for encrypting secrets via key transport protocols.
`
`Generally speaking, public-key algorithms are much stronger than XOR symmetric
`
`Petition for Inter Partes Review of USP 9,436,809
`
`Page 16
`
`

`

`IPR2018-00279
`Patent 9,436,809
`
`ciphers, while still efficient enough to run quickly in the relevant equipment of the
`
`time. (Id.)
`
`The use of public-key ciphers for key transport was well known in the art by
`
`the early 2000s; for example, the ISO 11770-3 and 9798-3 standards each
`
`incorporates this technique. (Id., ¶105.) As with certificates, a POSITA would have
`
`been aware and understood the advantages of key transport with public-key
`
`encryption, such as that disclosed by Ishibashi. (Id.) Furthermore, digital certificates
`
`contain public keys such that providing the second device’s certificate to the first
`
`device results in the first device having access to the second device’s public key,
`
`making it convenient for the first device to use that public key, along with standard
`
`algorithms, to encrypt a secret to transmit to the second