`
`UNITED STATES PATENT AND TRADEMARK OFFICE
`________________
`
`BEFORE THE PATENT TRIAL AND APPEAL BOARD
`________________
`
`
`APPLE INC.,
`Petitioner,
`
`v.
`
`UNIVERSAL SECURE REGISTRY LLC,
`Patent Owner
`________________
`
`Case IPR2018-00809
`U.S. Patent No. 9,530,137
`________________
`
`
`
`
`
`
`PATENT OWNER’S EXHIBIT 2014
`
`DECLARATION OF MARKUS JAKOBSSON
`
`IN SUPPORT OF PATENT OWNER’S CONDITIONAL MOTION TO
`
`AMEND
`
`
`
`
`
`
`
`USR Exhibit 2014
`
`
`
`
`
`
`IPR2018-00809
`
`1.
`
`I have been retained on behalf of Universal Secure Registry LLC
`
`(“Patent Owner”) in connection with the above-captioned inter partes review
`
`(IPR). I have been retained to provide my opinions in support of USR’s
`
`Conditional Motion to Amend. I am being compensated for my time at the rate of
`
`$625 per hour. I have no interest in the outcome of this proceeding.
`
`2.
`
`In preparing this declaration, I have reviewed and am familiar with the
`
`Petition for IPR2018-00809, U.S. Patent No. 9,530,137 (hereinafter “’137 patent”),
`
`and its file history, and all other materials cited and discussed in the Petition
`
`(including all prior art references cited therein) and all other materials cited and
`
`discussed in this Declaration.
`
`3.
`
`The statements made herein are based on my own knowledge and
`
`opinion. This Declaration represents only the opinions I have formed to date. I may
`
`consider additional documents as they become available or other documents that
`
`are necessary to form my opinions. I reserve the right to revise, supplement, or
`
`amend my opinions based on new information and on my continuing analysis.
`
`I.
`
`QUALIFICATIONS
`
`4. My qualifications can be found in my Curriculum Vitae, which
`
`includes my detailed employment background, professional experience, and list of
`
`technical publications and patents. Ex. 2002.
`
`
`
`
`USR Exhibit 2014, Page 1
`
`
`
`IPR2018-00809
`
`5.
`
`I am currently the Chief of Security and Data Analytics at Amber
`
`Solutions, Inc., a cybersecurity company that develops home and office automation
`
`technology. At Amber, my research studies and addresses abuse, including social
`
`engineering, malware and privacy intrusions. My work primarily involves
`
`identifying risks, developing protocols and user experiences, and evaluating the
`
`security of proposed approaches.
`
`6.
`
`I received a Master of Science degree in Computer Engineering from
`
`the Lund Instituted of Technology in Sweden in 1993, a Master of Science degree
`
`in Computer Science from the University of California at San Diego in 1994, and a
`
`Ph.D. in Computer Science from the University of California at San Diego in 1997,
`
`specializing in Cryptography. During and after my Ph.D. studies, I was also a
`
`Researcher at the San Diego Supercomputer Center, where I did research on
`
`authentication and privacy.
`
`7.
`
`From 1997 to 2001, I was a Member of Technical Staff at Bell Labs,
`
`where I did research on authentication, privacy, multi-party computation, contract
`
`exchange, digital commerce including crypto payments, and fraud detection and
`
`prevention. From 2001 to 2004, I was a Principal Research Scientist at RSA Labs,
`
`where I worked on predicting future fraud scenarios in commerce and
`
`authentication and developed solutions to those problems. During that time I
`
`predicted the rise of what later became known as phishing. I was also an Adjunct
`
`
`
`
`USR Exhibit 2014, Page 2
`
`
`
`IPR2018-00809
`
`Associate Professor in the Computer Science department at New York University
`
`from 2002 to 2004, where I taught cryptographic protocols.
`
`8.
`
`From 2004 to 2016, I held a faculty position at the Indiana University
`
`at Bloomington, first as an Associate Professor of Computer Science, Associate
`
`Professor of Informatics, Associate Professor of Cognitive Science, and Associate
`
`Director of the Center for Applied Cybersecurity Research (CACR) from 2004 to
`
`2008; and then as an Adjunct Associate Professor from 2008 to 2016. I was the
`
`most senior security researcher at Indiana University, where I built a research
`
`group focused on online fraud and countermeasures, resulting in over 50
`
`publications and two books.
`
`9. While a professor at Indiana University, I was also employed by
`
`Xerox PARC, PayPal, and Qualcomm to provide thought leadership to their
`
`security groups. I was a Principal Scientist at Xerox PARC from 2008 to 2010, a
`
`Director and Principal Scientist of Consumer Security at PayPal from 2010 to
`
`2013, a Senior Director at Qualcomm from 2013 to 2015, and Chief Scientist at
`
`Agari from 2016 to 2018. Agari is a cybersecurity company that develops and
`
`commercializes technology to protect enterprises, their partners and customers
`
`from advanced email phishing attacks. At Agari, my research studied and
`
`addressed trends in online fraud, especially as related to email, including problems
`
`such as Business Email Compromise, Ransomware, and other abuses based on
`
`
`
`
`USR Exhibit 2014, Page 3
`
`
`
`IPR2018-00809
`
`social engineering and identity deception. My work primarily involved identifying
`
`trends in fraud and computing before they affected the market, and developing and
`
`testing countermeasures, including technological countermeasures, user interaction
`
`and education.
`
`10.
`
`I have founded or co-founded several successful computer security
`
`companies. In 2005 I founded RavenWhite Security, a provider of authentication
`
`solutions, and I am currently its Chief Technical Officer. In 2007 I founded
`
`Extricatus, one of the first companies to address consumer security education. In
`
`2009 I founded FatSkunk, a provider of mobile malware detection software; I
`
`served as Chief Technical Officer of FatSkunk from 2009 to 2013, when FatSkunk
`
`was acquired by Qualcomm and I became a Qualcomm employee. In 2013 I
`
`founded ZapFraud, a provider of anti-scam technology addressing Business Email
`
`Compromise, and I am currently its Chief Technical Officer. In 2014 I founded
`
`RightQuestion, a security consulting company.
`
`11.
`
`I have additionally served as a member of the fraud advisory board at
`
`LifeLock (an identity theft protection company); a member of the technical
`
`advisory board at CellFony (a mobile security company); a member of the
`
`technical advisory board at PopGiro (a user reputation company); a member of the
`
`technical advisory board at MobiSocial dba Omlet (a social networking company);
`
`and a member of the technical advisory board at Stealth Security (an anti-fraud
`
`
`
`
`USR Exhibit 2014, Page 4
`
`
`
`IPR2018-00809
`
`company). I have provided anti-fraud consulting to KommuneData (a Danish
`
`government entity), J.P. Morgan Chase, PayPal, Boku, and Western Union.
`
`12.
`
`I have authored five books and over 100 peer-reviewed publications,
`
`and have been a named inventor on over 100 patents and patent applications.
`
`13. My work has included research in the area of applied security,
`
`privacy, cryptographic protocols, authentication, malware, social engineering,
`
`usability and fraud.
`
`II. LEGAL UNDERSTANDING
`
`A. The Person of Ordinary Skill in the Art
`
`14.
`
`I understand that a person of ordinary skill in the relevant art (also
`
`referred to herein as “POSITA”) is presumed to be aware of all pertinent art, thinks
`
`along conventional wisdom in the art, and is a person of ordinary creativity—not
`
`an automaton.
`
`15.
`
`I have been asked to consider the level of ordinary skill in the field
`
`that someone would have had at the time the claimed invention was made. In
`
`deciding the level of ordinary skill, I considered the following:
`
`• the levels of education and experience of persons working in the
`
`field;
`
`• the types of problems encountered in the field; and
`
`• the sophistication of the technology.
`
`
`
`
`USR Exhibit 2014, Page 5
`
`
`
`IPR2018-00809
`
`16. A person of ordinary skill in the art relevant to the ’137 patent at the
`
`time of the invention would have a Bachelor of Science degree in electrical
`
`engineering and/or computer science, and three years of work or research
`
`experience in the fields of secure transactions and encryption, or a Master’s degree
`
`in electrical engineering and/or computer science and two years of work or
`
`research experience in related fields.
`
`17.
`
`I am well-qualified to determine the level of ordinary skill in the art
`
`and am personally familiar with the technology of the ’137 Patent. I was a person
`
`of at least ordinary skill in the art at the time of the priority date of the ’137 patent
`
`in 2006. Regardless if I do not explicitly state that my statements below are based
`
`on this timeframe, all of my statements are to be understood as a POSITA would
`
`have understood something as of the priority date of the ’137 patent.
`
`B.
`
`18.
`
`Legal Principles
`
`I am not a lawyer and will not provide any legal opinions.
`
`19. Though I am not a lawyer, I have been advised that certain legal
`
`standards are to be applied by technical experts in forming opinions regarding the
`
`meaning and validity of patent claims.
`
`20.
`
`I have been informed and understand that if the Board should accept
`
`Petitioner’s arguments and cancel any of the original issued claims of the ’137
`
`patent, Patent Owner has made a conditional motion to amend to substitute the
`
`
`
`
`USR Exhibit 2014, Page 6
`
`
`
`IPR2018-00809
`
`canceled claim(s) with corresponding proposed amended claims 13-21, as set forth
`
`in Section III below.
`
`21.
`
`I have been informed and understand that to permit the proposed
`
`substitute claims to be entered, Patent Owner must show, among other things, that
`
`the substitute claims are supported by the written description of the original
`
`disclosure of the patent, as well as any patent application to which the claim seeks
`
`the benefit of priority in this proceeding.
`
`22.
`
`I have been informed by counsel and understand that to satisfy the
`
`written description requirement, the substitute claims must be disclosed in
`
`sufficient detail such that one skilled in the art can reasonably conclude that the
`
`inventor had possession of the claimed invention as of the filing date sought. I
`
`understand that the Patent Owner can show possession of the claimed invention by
`
`pointing to such descriptive means as words, structures, figures, diagrams, and
`
`formulas that fully set forth the claimed invention.
`
`23.
`
`I have been informed by counsel and understand that incorporation by
`
`reference is a method by which material from one or more documents may be
`
`integrated into a host document. I understand that material incorporated by
`
`reference is considered part of the written description of the patent that can be used
`
`to show possession of the claimed invention.
`
`
`
`
`USR Exhibit 2014, Page 7
`
`
`
`IPR2018-00809
`
`24.
`
`I have been informed by counsel and understand that to permit the
`
`proposed substitute claims to be entered, Patent Owner must show, among other
`
`things, that the substitute claims do not introduce new subject matter.
`
`25.
`
`I understand that new matter is any addition to the claims without
`
`support in the original disclosure.
`
`26.
`
`I have been informed by counsel and understand that to permit the
`
`proposed substitute claims to be entered, Patent Owner must show, among other
`
`things, the substitute claims do not broaden the scope of the original claims.
`
`27.
`
`I understand that claims in dependent form are construed to include all
`
`the limitations of the claim incorporated by reference into the dependent claim and
`
`further limit the claim incorporated by reference.
`
`28.
`
`It has been explained to me by counsel for the Patent Owner that in
`
`proceedings before the USPTO, the claims of an unexpired patent are to be given
`
`their broadest reasonable interpretation in view of the specification from the
`
`perspective of one having ordinary skill in the relevant art at the time of the
`
`invention. I have considered each of the claim terms using the broadest reasonable
`
`interpretation standard.
`
`III. SUBSTITUTE CLAIMS 13-21
`
`29. My understanding is that proposed substitute claims 13-21 read as
`
`follows, wherein underlining (additions) and strike-through text and double
`
`
`
`
`USR Exhibit 2014, Page 8
`
`
`
`IPR2018-00809
`
`brackets (deletions) show the Patent Owner’s proposed modifications to the
`
`original claim being made in the corresponding substitute claim:
`
`Claim 13. (Proposed Substitute for Claim 1) A system for authenticating a
`
`user for enabling a credit and/or debit card transaction, the system
`
`comprising:
`
`a first device including:
`
`a first processor, the first processor programmed to authenticate
`
`a user of the first device based on secret information and to retrieve or
`
`receive first biometric information of the user of the first device;
`
`a first wireless transceiver coupled to the first processor and
`
`programmed to transmit a first wireless signal including first
`
`authentication information of the user of the first device, the first
`
`authentication information including a multi-digit identification (ID)
`
`code allowing a networked validation-information entity to map the
`
`multi-digit ID code to a credit and/or debit card number; and
`
`a biometric sensor configured to capture the first biometric
`
`information of the user;
`
`wherein the first processor is programmed to generate one or
`
`more signals having at least three separable fields that include
`
`including the first authentication information, an indicator of
`
`
`
`
`USR Exhibit 2014, Page 9
`
`
`
`IPR2018-00809
`
`biometric authentication, and a time varying value in response to valid
`
`authentication of the first biometric information, and to provide the
`
`one or more signals having the at least three separable fields including
`
`the first authentication information, the indicator of biometric
`
`authentication, and the time varying value for transmitting to a second
`
`device, the second device being the networked validation-information
`
`entity configured to enable the credit and/or debit card transaction
`
`based on authentication of the user; and
`
`wherein the first processor is further configured to receive an
`
`enablement signal from the second device; and
`
`the system further including the second device that is configured to
`
`provide the enablement signal indicating that the second device approved the
`
`credit and/or debit card transaction based on use of the one or more signals;
`
`wherein the second device includes a second processor that is
`
`configured to provide the enablement signal based on the indication of
`
`biometric authentication of the user of the first device, at least a
`
`portion of the first authentication information, and second
`
`authentication information of the user of the first device to enable and
`
`complete processing of the credit and/or debit card transaction.
`
`
`
`
`
`
`USR Exhibit 2014, Page 10
`
`
`
`IPR2018-00809
`
`Claim 14. (Proposed Substitute for Claim 2) The system according to claim
`
`13, [[1, ]]wherein the first processor is programmed to determine the first
`
`authentication information so that the first authentication information is
`
`generated based on at least part of the first biometric information or
`
`generated based on receiving the first biometric information.
`
`
`
`Claim 15. (Proposed Substitute for Claim 3) The system according to claim
`
`13, [[1, ]]the second device including:
`
`a second communication interface coupled to the second processor,
`
`and wherein the second processor is configured to receive the first
`
`authentication information of the user of the first device, to retrieve or
`
`receive the second [[the ]]authentication information of the user of the first
`
`device; and
`
`use the first authentication information and the second authentication
`
`information to authenticate the user of the first device to enable the credit
`
`and/or debit card transaction.
`
`
`
`Claim 16. (Proposed Substitute for Claim 4) The system according to claim
`
`13, [[1, ]]the second device including:
`
`a second wireless transceiver coupled to the second processor, and
`
`
`
`
`USR Exhibit 2014, Page 11
`
`
`
`IPR2018-00809
`
`wherein the second processor is configured to receive the first authentication
`
`information of the user of the first device, to retrieve or receive the second
`
`authentication information of the user of the first device; and
`
`use the first authentication information and the second authentication
`
`information to authenticate the user of the first device to enable the credit
`
`and/or debit card transaction.
`
`
`
`Claim 17. (Proposed Substitute for Claim 5) The system of claim [[1, ]]13,
`
`wherein the first device communicates with the second device periodically
`
`to prevent intentional deletion of information stored at the first device, and
`
`wherein the first processor is further configured to compare stored
`
`authentication information with the first authentication information of the
`
`user and configured to enable the first device based on a valid comparison.
`
`
`
`Claim 18. (Proposed Substitute for Claim 6) The system of claim [[1, ]]13,
`
`wherein the first processor is further configured to encrypt the first
`
`authentication information to communicate to the second device, the first
`
`authentication information further including a digital signature generated
`
`using a private key associated with the first device.
`
`
`
`
`
`
`USR Exhibit 2014, Page 12
`
`
`
`IPR2018-00809
`
`Claim 19. (Proposed Substitute for Claim 7) The system of claim [[1, ]]13,
`
`wherein the first device includes a first memory coupled to the first
`
`processor and configured to store the first biometric information.
`
`
`
`Claim 20. (Proposed Substitute for Claim 9) The system of claim [[1, ]]13,
`
`wherein the first processor is further configured to communicate information
`
`associated with the biometric information of the user of the first device, and
`
`wherein the enablement signal includes a random code to authenticate the
`
`second device to the first device.
`
`
`
`Claim 21. (Proposed Substitute for Claim 12) A system for authenticating a
`
`user for enabling a financial transaction, the system comprising:
`
`a first device including:
`
`a biometric sensor configured to capture a first biometric
`
`information of the user;
`
`a first processor programmed to:
`
`1) authenticate a user of the first device based on secret
`
`information,
`
`2) retrieve or receive first biometric information of the user of
`
`the first device,
`
`
`
`
`USR Exhibit 2014, Page 13
`
`
`
`IPR2018-00809
`
`3) authenticate the user of the first device based on the first
`
`biometric, and
`
`4) generate one or more signals including first authentication
`
`information, an indicator of biometric authentication of the user of the
`
`first device, and a time varying value, the first authentication
`
`information including a multi-digit identification (ID) code allowing a
`
`networked validation-information entity to map the multi-digit ID
`
`code to a financial account number; and
`
`a first wireless transceiver coupled to the first processor and
`
`programmed to wirelessly transmit the one or more signals to a
`
`second device for processing, the second device being the networked
`
`validation-information entity configured to enable the financial
`
`transaction based on authentication of the user;
`
`wherein generating the one or more signals occurs responsive to
`
`valid authentication of the first biometric information; and
`
`wherein the first processor is further programmed to receive an
`
`enablement signal indicating an approved financial transaction from
`
`the second device,
`
`wherein the enablement signal is provided from the second device
`
`based on acceptance of the indicator of biometric authentication and use of
`
`
`
`
`USR Exhibit 2014, Page 14
`
`
`
`IPR2018-00809
`
`the first authentication information and use of second authentication
`
`information to enable the financial transaction.
`
`IV. WRITTEN DESCRIPTION SUPPORT IN ORIGINALLY FILED
`APPLICATION AND PRIORITY DOCUMENTS
`
`30.
`
`It is my understanding that the ’137 patent issued from originally-filed
`
`non-provisional Application No. 15/019,660 (“the ’660 application”) (Ex. 2006),
`
`filed on Feb. 9, 2016, which claims priority through a series of intervening
`
`continuation applications to U.S. non-provisional application No. 11/677,490, filed
`
`on Feb. 21, 2007 (“the ’490 application”) (ex. 2007). The ’660 application also
`
`claims priority to three provisional applications (collectively referred to herein as
`
`“Provisional Applications”), including provisional application no. 60/775,046,
`
`filed Feb. 21, 2006 (“the ’046 application”) (Ex. 2008), provisional application no.
`
`60/812,279, filed Jun. 9, 2006 (“the ’279 application”) (Ex. 2009), and provisional
`
`application no. 60/859,235, filed Nov. 15, 2006 (“’235 application”) (Ex. 2015).
`
`31.
`
`I have reviewed the ’660 application and it is my opinion that a person
`
`of ordinary skill in the art reading the ’660 application would have understood that
`
`the inventor of the ’137 patent would have been in possession of the inventions as
`
`recited in substitute claims 13-21. That is, it is my opinion that each limitation of
`
`the proposed substitute claims 13-21 is disclosed in, and fully supported by, the
`
`’660 application, which is the originally-filed specification of the ’137 patent. It is
`
`my further opinion that because all of the limitations recited in the substitute
`
`
`
`
`USR Exhibit 2014, Page 15
`
`
`
`IPR2018-00809
`
`claims 13-21 have sufficient written support in the ’660 application, as set forth
`
`below, the substitute claims do not introduce new subject matter.
`
`32.
`
`I have reviewed the ’490 application and it is my opinion that a person
`
`of ordinary skill in the art reading the ’490 application would have understood that
`
`the inventor of the ’137 patent would have been in possession of the inventions as
`
`recited in substitute claims 13-21. That is, it is my opinion that each limitation of
`
`the proposed substitute claims 13-21 is disclosed in, and fully supported by, the
`
`’490 application, to which the ’137 patent claims priority. It is my further opinion
`
`that because all of the limitations recited in the substitute claims 13-21 have
`
`sufficient written support in the ’490 application, as set forth below, the substitute
`
`claims have an effective priority date at least as early as Feb. 21, 2007.
`
`33.
`
`I have reviewed the Provisional Applications and it is my opinion that
`
`a person of ordinary skill in the art reading the Provisional Applications would
`
`have understood that the inventor of the ’137 patent would have been in possession
`
`of the inventions as recited in substitute claims 13-21. That is, it is my opinion that
`
`each limitation of the proposed substitute claims 13-21 is disclosed in, and fully
`
`supported by, the Provisional Applications, to which the ’137 patent claims
`
`priority. It is my further opinion that because all of the limitations recited in the
`
`substitute claims 13-21 have sufficient written support in the Provisional
`
`
`
`
`USR Exhibit 2014, Page 16
`
`
`
`IPR2018-00809
`
`Applications, as set forth below, the substitute claims have an effective priority
`
`consistent with the respective filing dates of the Provisional Applications.
`
`Observations on Some Proposed Claim Amendments and Limitations
`
`34. Regarding claim limitation 13[c]1, I believe a person of ordinary skill
`
`in the art reading the ’660 application would have understood that the inventor of
`
`the ’137 patent would have been in possession of the subject matter of limitation
`
`13[c] because the ’660 application discloses in FIG. 21 and at 38:6-19 a first
`
`device 2110 having a wireless transceiver 2114, 2142 coupled to a processor 2116
`
`that communicates signals to a second wireless device. FIG. 23 and 42:24-44:12
`
`describe that the first wireless signal 300 transmitted from the first device to the
`
`second device may include a plurality of different fields, such as “a digital
`
`signature field 306 containing a digital signature of the first user,” “a public ID
`
`field 304,” and an “other ID data field 314” any one or combination of which may
`
`include non-limiting, non-exclusive examples of the claimed “first authentication
`
`information.” FIG. 7 and 23:34-24:2 explains that the public ID code can be used
`
`by a credit card company (e.g., one non-limiting, non-exclusive example of a
`
`“networked validation-information entity”) to map the ID code to the correct card
`
`
`1 I adopt the claim limitation notation used in Appendix B of Patent
`
`Owner’s Conditional Motion to Amend. IPR2018-00809, Paper 19.
`
`
`
`
`USR Exhibit 2014, Page 17
`
`
`
`IPR2018-00809
`
`number. Referring to 10:27-29, the ’660 application states “a networked credit card
`
`validation-information entity [is] configured to approve and deny financial
`
`transactions based on authentication of the user.” Similar support for this claim
`
`limitation can be found in one or more of the Provisional Applications and ’490
`
`application.
`
`35. Regarding claim limitation 13[e], in my opinion a person of ordinary
`
`skill in the art reading the ’660 application would have understood that the inventor
`
`of the ’137 patent would have been in possession of the subject matter of limitation
`
`13[e] because FIG. 23 and 42:24-44:12 of the ’660 application describe how the
`
`signal 300 (e.g., claimed “one or more signals”) may have a plurality of fields 302-
`
`314 that may be transmitted from the first device to the second device. As
`
`illustrated in FIG. 23 and described in 42:24-44:12, the fields are separate from one
`
`another and/or are separable from one another once received by the second device.
`
`For example, the second device may receive one or more of these fields in
`
`encrypted form and decrypt the encrypted fields to recover the separate fields. See,
`
`e.g., 42:24-44:12. As just one non-limiting, non-exclusive example, the public ID
`
`field 304, the digital signature field 306, and/or the other ID field 314 may include
`
`the claimed first authentication information, the one-time time varying code field
`
`308 may include the claimed time varying value, and the biometric data field 312
`
`may include the claimed indicator of biometric authentication. Further, the ’660
`
`
`
`
`USR Exhibit 2014, Page 18
`
`
`
`IPR2018-00809
`
`application describes that the second device may be a networked validation-
`
`information entity configured to enable the credit and/or debit card transaction
`
`based on authentication of the user. See, e.g., ’660 application 10:27-29, 59:3-9.
`
`Similar support for this claim limitation can be found in one or more of the
`
`Provisional Applications and ’490 application.
`
`36. Since substitute independent claim 21 substantively includes one or
`
`more of the aforementioned claim features described above with respect to claim
`
`13, the ’660 application, the ’490 application, and one or more of the Provisional
`
`Applications provide support for the limitations found in claim 21 for at least the
`
`same reasons explained above and also as further described below.
`
`37. Regarding claim limitation 17[a], I believe a person of ordinary skill
`
`in the art reading the ’660 application would have understood that the inventor of
`
`the ’137 patent would have been in possession of the subject matter of limitation
`
`17[a] because the ’660 application discloses that the first device communicates
`
`with the second device periodically to prevent intentional deletion of the
`
`information stored at the first device. See, e.g., ’660 application at 40:19-24 (where
`
`first device communicates periodically with “secure database 2146,” which may be
`
`considered part of the claimed “second device”). Similar support for this claim
`
`limitation can be found in one or more of the Provisional Applications and ’490
`
`application.
`
`
`
`
`USR Exhibit 2014, Page 19
`
`
`
`IPR2018-00809
`
`38. Regarding claim limitation 18[b], in my opinion a person of ordinary
`
`skill in the art reading the ’660 application would have understood that the inventor
`
`of the ’137 patent would have been in possession of the subject matter of limitation
`
`18[b] because the ’660 application explains that the first authentication information
`
`may include a digital signature generated using a private key associated with the
`
`first device. See, e.g., ’660 application at 42:24-44:12 (signal 300 includes a
`
`plurality of fields, one of which may be a digital signature field 306 that may
`
`include the “first authentication information”). Similar support for this claim
`
`limitation can be found in one or more of the Provisional Applications and ’490
`
`application.
`
`39. Regarding claim limitation 20[b], I believe a person of ordinary skill
`
`in the art reading the ’660 application would have understood that the inventor of
`
`the ’137 patent would have been in possession of the subject matter of limitation
`
`20[b] because the ’660 application describes that an enablement signal may include
`
`a random code to authenticate the second device to the first device. See, e.g., ’660
`
`application at 48:17-19 (enablement signal received by first device includes
`
`random code to authenticate the secure database (e.g., may be part of claimed
`
`“second device”) to the first device). Similar support for this claim limitation can
`
`be found in one or more of the Provisional Applications and ’490 application.
`
`Independent Claim 13
`
`
`
`
`USR Exhibit 2014, Page 20
`
`
`
`IPR2018-00809
`
`40.
`
`It is my opinion that proposed substitute claim 13 is supported by the
`
`’660 application, the originally-filed disclosure, and that a person of ordinary skill
`
`in the art reading the ’660 application would have understood that the inventor of
`
`the ’137 patent would have been in possession of the invention recited in substitute
`
`claim 13. It is my opinion further that proposed substitute claim 13 is supported by
`
`the Provisional Applications and the ’490 application, and accordingly, claims
`
`priority to these applications.
`
`41. For example, claim 13 recites (13[pre]), “A system for authenticating
`
`a user for enabling a credit and/or debit card transaction, the system comprising.”
`
`Support for this limitation can be found in at least: the ’660 application at 8:19-9:8,
`
`10:27-29, 23:20-24:11, 38:6-19, 51:8-16, FIG. 7, FIG. 21, Cl. 1; the ’046
`
`application at 7:12-19; 16:1-5, FIG. 1, Cl. 38; the ’279 application at 18:27-19:25,
`
`36:3-15, FIG. 21, Cl. 37, Cl. 64; and the ’490 application at 9:4-26, 23:7-24:3,
`
`40:4-18, 55:3-12, FIG. 7, FIG. 21.
`
`42. Claim 13 further recites (13[a]), “a first device including.” Support for
`
`this limitation can be found in at least: the ’660 application at 38:6-19, FIG. 21,
`
`FIG. 28, Cl. 1; the ’046 application at 4:22-25, FIG. 1; the ’279 application at 36:3-
`
`15, FIG. 21, Cl. 37, Cl. 64; and the ’490 application at 40:4-18, FIG. 21, FIG. 28.
`
`43. Claim 13 further recites (13[b]), “a first processor, the first processor
`
`programmed to authenticate a user of the first device based on secret information
`
`
`
`
`USR Exhibit 2014, Page 21
`
`
`
`IPR2018-00809
`
`and to retrieve or receive first biometric information of the user of the first device.”
`
`Support for this limitation can be found in at least: the ’660 application at 38:8-9,
`
`38:20-39:2, FIG. 21, FIG. 28, Cl. 1; the ’046 application at 6:17-29, 11:2-10, FIG.
`
`1; the ’279 application at 36:5-6, 36:16-37:2, FIG. 21, Cl. 64; and the ’490
`
`application at 40:4-18, 40:19-41:3, FIG. 21, FIG. 28.
`
`44. Claim 13 further recites (13[c]), “a first wireless transceiver coupled
`
`to the first processor and programmed to transmit a first wireless signal including
`
`first authentication information of the user of the first device, the first
`
`authentication information including a multi-digit identification (ID) code allowing
`
`a networked validation-information entity to map the multi-digit ID code to a
`
`credit and/or debit card number; and.” Support for this limitation can be found in at
`
`least: the ’660 application at 6:26-7:26, 9:9-29, 10:23-11:6, 23:34-24:2, 38:6-19,
`
`41:7-15, 42:24-43:18, 44:3-16, 45:7-46:2, 47:1-13, 48:1-10, 51:8-16, 59:3-9, FIG.
`
`7, FIG. 21, FIG. 23, FIG. 28, Cl. 1; the ’046 application at 7:12-19; 16:1-5, FIG. 1,
`
`Cl. 38; the ’279 application at 5:3-6:2, 19:13-15, 36:3-15, 39:15-26, 41:8-42:8,
`
`43:1-3, 43:8-11, 44:7-45:8, FIG. 7, FIG. 21, FIG. 23, Cl. 37, Cl. 64; and the ’490
`
`application at 7:3-8:8, 23:23-25, 40:4-18, 43:18-27, 45:10-46:9, 46:30-47:12, 48:7-
`
`49:7, 50:10-20, 51:15-25, 55:3-12, 64:6-12, FIG. 7, FIG. 21, FIG. 23, FIG. 28.
`
`45. Claim 13 further recites (13[d]), “a bio