(cid:56)(cid:49)(cid:44)(cid:55)(cid:40)(cid:39)(cid:3)(cid:54)(cid:55)(cid:36)(cid:55)(cid:40)(cid:54)(cid:3)(cid:51)(cid:36)(cid:55)(cid:40)(cid:49)(cid:55)(cid:3)(cid:36)(cid:49)(cid:39)(cid:3)(cid:55)(cid:53)(cid:36)(cid:39)(cid:40)(cid:48)(cid:36)(cid:53)(cid:46)(cid:3)(cid:50)(cid:41)(cid:41)(cid:44)(cid:38)(cid:40)(cid:3)
`
`(cid:37)(cid:40)(cid:41)(cid:50)(cid:53)(cid:40)(cid:3)(cid:55)(cid:43)(cid:40)(cid:3)(cid:51)(cid:36)(cid:55)(cid:40)(cid:49)(cid:55)(cid:3)(cid:55)(cid:53)(cid:44)(cid:36)(cid:47)(cid:3)(cid:36)(cid:49)(cid:39)(cid:3)(cid:36)(cid:51)(cid:51)(cid:40)(cid:36)(cid:47)(cid:3)(cid:37)(cid:50)(cid:36)(cid:53)(cid:39)(cid:3)
`
`(cid:36)(cid:51)(cid:51)(cid:47)(cid:40)(cid:3)(cid:44)(cid:49)(cid:38)(cid:17)(cid:15)(cid:3)
`(cid:51)(cid:72)(cid:87)(cid:76)(cid:87)(cid:76)(cid:82)(cid:81)(cid:72)(cid:85)(cid:15)(cid:3)
`(cid:89)(cid:17)(cid:3)
`(cid:56)(cid:49)(cid:44)(cid:57)(cid:40)(cid:53)(cid:54)(cid:36)(cid:47)(cid:3)(cid:54)(cid:40)(cid:38)(cid:56)(cid:53)(cid:40)(cid:3)(cid:53)(cid:40)(cid:42)(cid:44)(cid:54)(cid:55)(cid:53)(cid:60)(cid:15)(cid:3)(cid:47)(cid:47)(cid:38)(cid:15)(cid:3)
`(cid:51)(cid:68)(cid:87)(cid:72)(cid:81)(cid:87)(cid:3)(cid:50)(cid:90)(cid:81)(cid:72)(cid:85)(cid:17)(cid:3)
`(cid:66)(cid:66)(cid:66)(cid:66)(cid:66)(cid:66)(cid:66)(cid:66)(cid:66)(cid:66)(cid:66)(cid:66)(cid:66)(cid:66)(cid:66)(cid:66)(cid:66)(cid:66)(cid:66)(cid:66)(cid:66)(cid:66)(cid:66)(cid:66)(cid:66)(cid:66)(cid:66)(cid:66)(cid:66)(cid:66)(cid:66)(cid:66)(cid:66)(cid:66)(cid:66)(cid:66)(cid:66)(cid:66)(cid:66)(cid:66)(cid:66)(cid:3)
`(cid:38)(cid:68)(cid:86)(cid:72)(cid:3)(cid:44)(cid:51)(cid:53)(cid:21)(cid:19)(cid:20)(cid:27)(cid:16)(cid:19)(cid:19)(cid:27)(cid:19)(cid:28)(cid:3)
`(cid:56)(cid:17)(cid:54)(cid:17)(cid:3)(cid:51)(cid:68)(cid:87)(cid:72)(cid:81)(cid:87)(cid:3)(cid:49)(cid:82)(cid:17)(cid:3)(cid:28)(cid:15)(cid:24)(cid:22)(cid:19)(cid:15)(cid:20)(cid:22)(cid:26)(cid:3)
`(cid:66)(cid:66)(cid:66)(cid:66)(cid:66)(cid:66)(cid:66)(cid:66)(cid:66)(cid:66)(cid:66)(cid:66)(cid:66)(cid:66)(cid:66)(cid:66)(cid:66)(cid:66)(cid:66)(cid:66)(cid:66)(cid:66)(cid:66)(cid:66)(cid:66)(cid:66)(cid:66)(cid:66)(cid:66)(cid:66)(cid:66)(cid:66)(cid:66)(cid:66)(cid:66)(cid:66)(cid:66)(cid:66)(cid:66)(cid:66)(cid:3)
`
`(cid:39)(cid:40)(cid:38)(cid:47)(cid:36)(cid:53)(cid:36)(cid:55)(cid:44)(cid:50)(cid:49)(cid:3)(cid:50)(cid:41)(cid:3)(cid:39)(cid:53)(cid:17)(cid:3)(cid:57)(cid:44)(cid:38)(cid:55)(cid:50)(cid:53)(cid:3)(cid:54)(cid:43)(cid:50)(cid:56)(cid:51)(cid:3)(cid:44)(cid:49)(cid:3)(cid:54)(cid:56)(cid:51)(cid:51)(cid:50)(cid:53)(cid:55)(cid:3)(cid:50)(cid:41)(cid:3)(cid:3)
`(cid:51)(cid:40)(cid:55)(cid:44)(cid:55)(cid:44)(cid:50)(cid:49)(cid:40)(cid:53)(cid:182)(cid:54)(cid:3)(cid:53)(cid:40)(cid:51)(cid:47)(cid:60)(cid:3)(cid:55)(cid:50)(cid:3)(cid:51)(cid:36)(cid:55)(cid:40)(cid:49)(cid:55)(cid:3)(cid:50)(cid:58)(cid:49)(cid:40)(cid:53)(cid:182)(cid:54)(cid:3)(cid:53)(cid:40)(cid:54)(cid:51)(cid:50)(cid:49)(cid:54)(cid:40)(cid:3)
`(cid:3)
`
`(cid:3)(cid:3)(cid:3)(cid:3)(cid:3)(cid:3)
`
`(cid:3)
`
`(cid:3) (cid:3) (cid:3)
`
`Apple 1128
`Apple v. USR
`IPR2018-00809
`
`

`

`Contents
`
`INTRODUCTION .......................................................................................... 1
`I.
`II. LEGAL PRINCIPLES .................................................................................... 2
`A. Claim Construction.................................................................................... 2
`B. Obviousness .............................................................................................. 2
`C.
`Secondary Considerations.......................................................................... 4
`III. OPINIONS ................................................................................................... 5
`A. The Challenged Claims Are Obvious......................................................... 5
`1. Contrary to USR’s Argument, Jakobsson Discloses “One Or More
`Signals.”.......................................................................................................... 5
`2. USR Erroneously Asserts That Jakobsson’s Combination Function Can
`Only Be A One-Way Function. ....................................................................... 8
`Jakobsson In View Of Maritzen Discloses The Claimed “Enablement
`3.
`Signal.” ..........................................................................................................11
`Jakobsson And Niwa Disclose A First Processor Configured To Compare
`4.
`Stored Authentication Information With The Authentication Information Of
`The User.........................................................................................................18
`Jakobsson In View Of Maritzen Discloses A First Processor Configured
`5.
`To Encrypt A First Authentication Information..............................................21
`Jakobsson In View Of Maritzen Discloses A First Memory Configured
`6.
`To Store First Biometric Information. ............................................................25
`The Superficial Differences Identified By USR Would Not Have
`7.
`Dissuaded A POSITA From Combining Jakobsson With Maritzen................26
`B. Claim 5 Is Obvious Over Jakobsson In View Of Maritzen and Niwa........28
`1. A POSITA Would Have Been Motivated To Combine Jakobsson And
`Maritzen With Niwa.......................................................................................28
`C. USR Failed To Demonstrate Secondary Considerations Of Non-
`Obviousness. .....................................................................................................31
`IV. CONCLUSION ...........................................................................................35
`V. AVAILABILITY FOR CROSS-EXAMINATION ........................................35
`VI. RIGHT TO SUPPLEMENT ........................................................................36
`VII. JURAT ........................................................................................................37
`
`ii
`
`

`

`I, Victor Shoup, Ph.D., declare as follows:
`I.
`INTRODUCTION
`1.
`I have been retained by Apple to provide opinions in this proceeding
`
`relating to U.S. Patent No. 9,530,137 (“’137 patent”). I submit this Declaration to
`
`address and respond to the arguments made in Patent Owner’s Response and the
`
`declaration submitted by Dr. Jakobsson in support of the Patent Owner’s Response.
`
`2.
`
`My background and qualifications are summarized in my previous
`
`declaration (Ex-1102, Shoup-Decl.) and my curriculum vitae is attached thereto as
`
`Appendix A. In preparing this Declaration, I have reviewed the following
`
`materials and the relevant exhibits cited in each of these filings:
`
`(cid:120) Petition (“Pet.”) (Paper 3) and the exhibits cited therein
`
`(cid:120) Patent Owner’s Preliminary Response (“POPR”) (Paper 8) and the
`
`exhibits cited therein
`
`(cid:120) Declaration of Markus Jakobsson In Support Of Patent Owner’s
`
`Preliminary Response (Ex-2001) and the exhibits cited therein
`
`(cid:120) Decision on Institution (Paper 9) (“DI”)
`
`(cid:120) Patent Owner’s Response (“POR”) (Paper 18) and the exhibits cited
`
`therein
`
`(cid:120) Declaration of Markus Jakobsson In Support Of POR (“Jakobsson-
`
`Decl.”) (Ex-2010)
`
`1
`
`

`

`(cid:120) Conditional Motion to Amend (Paper 19) (“CMTA”)
`
`(cid:120) Declaration of Markus Jakobsson In Support Of CMTA (Ex-2014)
`
`(cid:120) Transcript of March 20, 2019 deposition of Markus Jakobsson
`(“Jakobsson-Dep.”) (Ex-1127)
`
`II.
`
`(cid:120) Declaration of Ari Juels In Support Of Petitioner’s Reply (Ex-1130)
`LEGAL PRINCIPLES
`3.
`I am not an attorney. For purposes of this Declaration, I have been
`
`informed about certain aspects of the law that are relevant to my analysis and
`
`opinions.
`
`A.
`4.
`
`Claim Construction
`I have been informed that claim construction is a matter of law and
`
`that the final claim construction will be determined by the Board.
`
`5.
`
`I have been informed that the claim terms in an IPR review should be
`
`given their broadest reasonable construction in light of the specification as
`
`commonly understood by a person of ordinary skill in the art (“POSITA”). I have
`
`applied this standard in my analysis.
`
`B.
`6.
`
`Obviousness
`I have been informed and understand that a patent claim can be
`
`considered to have been obvious to a POSITA at the time the application was filed.
`
`This means that, even if all the requirements of a claim are not found in a single
`
`prior art reference, the claim is not patentable if the differences between the subject
`
`2
`
`

`

`matter in the prior art and the subject matter in the claim would have been obvious
`
`to a POSITA at the time the application was filed.
`
`7.
`
`I have been informed and understand that a determination of whether
`
`a claim would have been obvious should be based upon several factors, including,
`
`among others:
`
`(cid:120) the level of ordinary skill in the art at the time the application was
`
`filed;
`
`(cid:120) the scope and content of the prior art; and
`
`(cid:120) what differences, if any, existed between the claimed invention and
`
`the prior art.
`
`8.
`
`I have been informed and understand that the teachings of two or
`
`more references may be combined in the same way as disclosed in the claims, if
`
`such a combination would have been obvious to a POSITA. In determining
`
`whether a combination based on either a single reference or multiple references
`
`would have been obvious, it is appropriate to consider, among other factors:
`
`(cid:120) whether the teachings of the prior art references disclose known
`
`concepts combined in familiar ways, and when combined, would yield
`
`predictable results;
`
`(cid:120) whether a POSITA could implement a predictable variation, and
`
`would see the benefit of doing so;
`
`3
`
`

`

`(cid:120) whether the claimed elements represent one of a limited number of
`
`known design choices, and would have a reasonable expectation of
`
`success by those skilled in the art;
`
`(cid:120) whether a POSITA would have recognized a reason to combine
`
`known elements in the manner described in the claim;
`
`(cid:120) whether there is some teaching or suggestion in the prior art to make
`
`the modification or combination of elements claimed in the patent;
`
`and
`
`(cid:120) whether the innovation applies a known technique that had been used
`
`to improve a similar device or method in a similar way.
`
`9.
`
`I have been informed and understand that a POSITA has ordinary
`
`creativity, and is not an automaton.
`
`10.
`
`I have been informed and understand that in considering obviousness,
`
`it is important not to determine obviousness using the benefit of hindsight derived
`
`from the patent being considered.
`
`C.
`11.
`
`Secondary Considerations
`I have been informed and understand that certain factors may support
`
`or rebut the obviousness of a claim. I understand certain secondary considerations
`
`may rebut a showing of obviousness and that such secondary considerations
`
`include, among other things, commercial success of the patented invention,
`
`4
`
`

`

`skepticism of those having ordinary skill in the art at the time of invention,
`
`unexpected results of the invention, any long-felt but unsolved need in the art that
`
`was satisfied by the alleged invention, the failure of others to make the alleged
`
`invention, praise of the alleged invention by those having ordinary skill in the art,
`
`and copying of the alleged invention by others in the field. I understand that there
`
`must be a nexus, that is, a connection, between any such secondary considerations
`
`and the alleged invention. I also understand that contemporaneous and
`
`independent invention by others is a secondary consideration tending to show
`
`obviousness.
`
`III. OPINIONS
`A.
`The Challenged Claims Are Obvious.
`1.
`Contrary to USR’s Argument, Jakobsson Discloses “One
`Or More Signals.”
`Claim 1 includes the following limitation:
`
`wherein the first processor is programmed to generate
`one or more signals including first authentication
`information, an indicator of biometric authentication of
`the user of the first device, and a time varying value in
`response to valid authentication
`
`12.
`
`Claim 12 contains a similar limitation. As I explained in my prior
`
`declaration, Jakobsson discloses this limitation. Ex-1102, Shoup-Decl., ¶¶77-83.
`
`USR reiterates its POPR argument that the Petition fails to adequately map the
`
`5
`
`

`

`“one or more signals” and “merely attempts to satisfy its burden by showing that
`
`some (but not all) of the three types of information are transmitted and processed.”
`
`POR, 18-19. I disagree. In my declaration, I mapped all “three types of
`
`information” to Jakobsson’s teachings at the first mention of the limitation, and
`
`then expressly referred back to this mapping when the limitation appears in
`
`subsequent claims. See Ex-1102, Shoup-Decl., ¶¶84-87, 91-94.
`
`13.
`
`Jakobsson discloses that its combination function can generate
`
`authentication codes based on other authentication codes (e.g., authentication
`
`codes that were derived earlier) or on other variables “in any order” and “in
`
`stages.” (Ex-1113, Jakobsson, [0071], [0073].) As the Board recognized,
`
`Jakobsson “discloses a variety of implementations in which the function may
`
`combine certain values at one stage and then combine the resulting authentication
`
`code with further values to result in another authentication code.” (DI, 11.) Thus,
`
`as I explained with respect to limitation 1[e] (the first mention of this limitation):
`
`“Jakobsson discloses that the processor of user authentication device [first
`
`processor] is programmed to generate an authentication code [one or more
`
`signals] including a first authentication code [first authentication information],
`
`the “strength of a biometric match” (E) [indicator of biometric authentication],
`
`and a “dynamic, time-varying value” (T) [time varying value].” Ex-1102, Shoup-
`
`Decl., ¶78.
`
`6
`
`

`

`14.
`
`Limitation 1[f] requires a first processor programmed “to provide the
`
`one or more signals including the first authentication information for transmitting
`
`to a second device.” ’137 patent, claim 1. USR argues that my analysis fails to
`
`address “transmitting all three types of recited information” (POR, 20), but USR is
`
`mistaken. First, as explained above, my analysis under limitation 1[e] explains
`
`how an authentication code discloses the claimed “one or more signals,” and
`
`includes each of the three recited types of information. My analysis with respect to
`
`limitation 1[e] is expressly incorporated into my analysis for limitation 1[f]. Ex-
`
`1102, Shoup-Decl., ¶85 (see internal citation to Section VII.B.1.vii). Claim 1[f]
`
`does not require a showing that the authentication code can include all three pieces
`
`of information, and even if it did, I already made this showing with respect to
`
`limitation 1[f] and incorporated this analysis through an express internal citation.
`
`In limitation 1[e], I showed that an authentication code included all three pieces of
`
`information, and in limitation 1[f], I showed that the same authentication code is
`
`transmitted to verifier.
`
`15.
`
`Similarly, limitation 1[h] requires a second device “configured to
`
`provide the enablement signal indicating that the second device approved the
`
`transaction based on use of the one or more signals.” ’137 patent, claim 1. USR
`
`argues that “Petitioner’s mere allegation of Jakobsson’s authentication code falls
`
`short of the limitation 1[h]’s requirement that the second device approve the
`
`7
`
`

`

`transaction based on use of ‘the one or more signals’ that includes all three types
`
`of recited information.” POR, 20. USR is mistaken because my analysis under
`
`1[e] clearly shows that an authentication code can comprise a first authentication
`
`information, a strength of a biometric match, and a time varying value. Thus, if a
`
`second device approves the transaction based on the same authentication code (as
`
`shown in my analysis for limitation 1[h]), then the second device also approves the
`
`transaction based on an authentication code that includes constituent elements used
`
`to derive that authentication code.
`
`USR Erroneously Asserts That Jakobsson’s Combination
`2.
`Function Can Only Be A One-Way Function.
`For three reasons, USR is incorrect to suggest that Jakobsson’s
`
`16.
`
`combination function is only a one-way function that transforms the inputs into a
`
`“unitary authentication code” and does not “include” the separate values input into
`
`the combination function. POR, 22.
`
`8
`
`

`

`17.
`
`First, Jakobsson discloses that the combination function can combine
`
`values in a number of ways that do not involve a one-way function1 such as
`
`“prepending[, ] appending[, ] arithmetically adding … or other algorithm, or a
`
`combination of these and other techniques that combine two or more values
`
`together.” Ex-1113, Jakobsson, [0073]. Thus, Jakobsson does not require one-
`
`way functions. USR erroneously relies on a single example in Jakobsson that is a
`
`one-way function, while ignoring all the other ways that Jakobsson discloses
`
`combining values not involving a one-way function.
`
`18.
`
`Second, even if Jakobsson’s combination function were always
`
`implemented as a one-way function (which it is not), a “unitary authentication
`
`code” that is generated as a function of three pieces of information (using any of
`
`the functions disclosed in Jakobsson) necessarily includes those three pieces of
`
`information. USR argues that “[a] POSITA would not recognize Jakobsson’s
`
`1 As explained in Jakobsson, a one-way function is “a mathematical function that
`
`maps a universe of input values to a universe of output values in such a way that
`
`knowledge of the output of the function does not allow one to reconstruct the input
`
`provided.” Ex-1113, Jakobsson, [0071]. In contrast, a POSITA would have
`
`understood that prepending, appending, arithmetic addition, and XOR are not one-
`
`way functions.
`
`9
`
`

`

`system to transmit one or more signals ‘including’ [the three elements] because the
`
`combination function transformed those pieces of information into a unitary
`
`authentication code prior to transmission.” But as long as the inputs to the
`
`combination function share a computationally one-to-one relationship with the
`
`output authentication code (which they do), a POSITA would have understood that
`
`the authentication code “includes” those inputs. See Shoup Dep. 51:20-52:6, 52-
`
`18-24 (“So mapping is one-to-one if there are no two inputs that yield the same
`
`output. And computationally one-to-one means it’s hard to find computationally
`
`difficult to find two inputs mapped to the same output even though they may
`
`exist.”). The claim does not require that the inputs are separately identifiable once
`
`combined. USR acknowledges that the claim does not require separable elements
`
`in its Conditional Motion to Amend, which attempts to distinguish the existing
`
`claims from Jakobsson’s disclosure by adding limitations that require “separable
`
`fields.” Paper No. 19 at A1 (amending claim 1 to recite “wherein the first
`
`processor is programmed to generate one or more signals having at least three
`
`separable fields that include including the first authentication information, an
`
`indicator of biometric authentication, and a time varying value”).
`
`19.
`
`Finally, even if the claims required that the elements be separable
`
`once combined, Jakobsson teaches that the combination function can, among other
`
`functions, prepend or append the inputs together. Ex-1113, Jakobsson, [0073]
`
`10
`
`

`

`(“The combination function 230 then combines the generated authentication code
`
`291 with [other input values] to generate an authentication code 292 …. The [other
`
`input values] can be combined with [the generated authentication code 291] by
`
`prepending or appending the [other input values] to [the generated authentication
`
`code 291], by arithmetically adding the [other input values] to [the generated
`
`authentication code 291], or using a block cipher or other one-way function, or
`
`other algorithm, or a combination of these and other techniques that combine two
`
`or more input values together.”). A POSITA would have understood that an
`
`authentication code created by prepending or appending inputs would “include”
`
`those inputs and would be separable into its constituent inputs after combination.
`
`Prepending or appending merely refers to the concatenation of inputs such that the
`
`bits representing one input are adjacent to the bits representing another input.
`
`Jakobsson also discloses embodiments of the authentication code where inputs are
`
`included as a separable bit field. Ex-1113, Jakobsson, [0015] (“In one
`
`embodiment, the occurrence of an event is communicated explicitly in the
`
`authentication code. For example, one or more bits included in the authentication
`
`code can be dedicated to reporting the occurrence of an event…”). In those
`
`examples, the authentication code clearly “includes” its inputs.
`
`Jakobsson In View Of Maritzen Discloses The Claimed
`3.
`“Enablement Signal.”
`
`11
`
`

`

`20.
`
`Claim 1 recites “a second processor that is configured to provide the
`
`enablement signal based on the indication of biometric authentication of the user of
`
`the first device, at least a portion of the first authentication information, and second
`
`authentication information of the user of the first device to enable and complete
`
`processing of the transaction.” ’137 patent, claim 1. Similarly, claim 12 recites
`
`that the enablement signal “is provided from the second device based on
`
`acceptance of the indicator of biometric authentication and use of the first
`
`authentication information and use of second authentication information to enable
`
`the transaction.” Id., claim 12. USR argues that Jakobsson and Maritzen fail to
`
`disclose these limitations because (1) Jakobsson’s “first authentication
`
`information” and “indicator of biometric authentication” are the same item, (2)
`
`Jakobsson’s “positive or negative acknowledgement” is a receipt acknowledgment,
`
`not an acknowledgment of a successful or failed authentication, and (3) certain
`
`embodiments of Jakobsson are incompatible with the idea of an enablement signal.
`
`POR, 23-27. USR is wrong on all counts.
`
`Contrary To USR’s Argument, Jakobsson’s “First
`a)
`Authentication Information” And “Indication Of Biometric
`Authentication” Are Separate Items.
`
`21. USR incorrectly argues that the Petition points to the “same item” for
`
`both an “indication of biometric authentication” and “first authentication
`
`information.” POR, 23-24. In fact, the Petition points to different items: the
`
`12
`
`

`

`indicator of biometric authentication corresponds to a strength of a biometric
`
`match (E), while Jakobsson’s authentication code corresponds to a first
`
`authentication information. USR also argues that the claims require that “the
`
`enablement signal be based on the two different types of information.” Id. The
`
`claims include no such requirement, or indeed any restrictions on the relationship
`
`between the first authentication information and the indication of biometric
`
`information. Therefore, Jakobsson satisfies the claim requirement of an
`
`“enablement signal based on the indication of biometric authentication….[and] at
`
`least a portion of the first authentication information” (’137 patent, claim 1)
`
`because the enablement signal disclosed in Jakobsson is based on the first
`
`authentication information, and it is also based on the indication of biometric
`
`authentication. Moreover, as explained with respect to limitation 1[e], a first
`
`authentication information (e.g., authentication code 291) can be combined with an
`
`indicator of biometric authentication (E) to form a new authentication code (e.g.,
`
`authentication code 292). Thus, contrary to USR’s argument, the indicator of
`
`biometric authentication (E) and the authentication code are not the “same item.”
`
`POR, 23-24.
`
`22. USR also reiterates its erroneous argument that Jakobsson’s
`
`combination function is limited to a one-way function that “completely
`
`transform[s] the various input data into a new piece of information,” and that “this
`
`13
`
`

`

`transformation may make it impossible to reconstruct the inputs from the
`
`authentication code.” (POR, 24-25.) This argument fails because (1) as discussed
`
`above, Jakobsson’s combination function is not limited to a one-way function, (2)
`
`the claim does not require that the inputs can be reconstructed from the
`
`authentication code, and (3) even if the combination function “completely
`
`transform[ed]” the inputs (e.g., the indicator of biometric authentication), the
`
`enablement signal would still be based on the indicator of biometric authentication
`
`and the first authentication information because the enablement signal is based on
`
`the authentication code, which is based on the indicator of biometric
`
`authentication. For example, as illustrated below, the output (labeled on the right-
`
`hand side) is based on A, B, C, and D. The relationship between A and D is
`
`irrelevant to the fact that the output is based on both A and D.
`
`23.
`
`Similarly, the enablement signal (an output) is based on an indicator
`
`of biometric authentication and the first authentication information. The
`
`relationship between the two values is irrelevant to the fact that the enablement
`
`signal is based on both.
`
`14
`
`

`

`24. Moreover, as USR itself acknowledges, this transformation, at most,
`
`“may” occur because the combination function is a one-way function only “in
`
`some instances.” POR, 25 (“Jakobsson even teaches that this transformation may
`
`make it impossible to reconstruct the inputs from the authentication code, in some
`
`instances.”).2 As explained above, one-way functions are merely one, non-
`
`limiting embodiment of the combination function. Jakobsson discloses that the
`
`combination function can combine values by appending, prepending, and/or
`
`arithmetically combining values to generate an authentication code. Thus, contrary
`
`to USR’s arguments, a POSITA would consider the authentication code to be both
`
`an “indicator of biometric authentication” and “first authentication information.”
`
`Contrary To USR’s Argument, Jakobsson’s “Positive Or
`b)
`Negative Acknowledgement” Is An Enablement Signal.
`25. USR argues that Jakobsson’s positive or negative acknowledgment
`
`“only indicates successful receipt of the authentication code” (POR, 26), but, as
`
`shown below, Jakobsson’s verifier sends the positive or negative acknowledgment
`
`in response to the result of the authentication procedure.
`
`The verifier 105 compares the authentication information
`received over communications channel 170 and the
`authentication information generated by the verifier 105
`to determine whether any match. If there is a match, then
`
`2 Emphasis added throughout unless otherwise noted.
`
`15
`
`

`

`the verifier 105 can authenticate the identity of the user
`110 depending on the event state determined. In one
`embodiment, when the received and generated user
`information do not match, the user authentication
`attempt fails. In some embodiments, the verifier can
`communicate positive or negative acknowledgement to
`the communications terminal 140 via the
`communications channel 170, and the terminal 140 may
`or may not communicate the acknowledgement to the
`device 120 or directly to the user 110.
`
`Ex-1113, Jakobsson, [0050]. The “positive or negative acknowledgement” is
`
`discussed in the same paragraph and immediately following the discussion about
`
`comparing and authenticating authentication information. A POSITA would have
`
`understood that the “positive or negative acknowledgement” indicates an
`
`acknowledgment of successful or failed authentication because the context of this
`
`disclosure makes clear that the positive or negative acknowledgement is sent in
`
`response to the authentication.
`
`26. Moreover, a POSITA would have understood that Jakobsson’s
`
`“positive or negative acknowledgement” is not a simple acknowledgment that the
`
`verifier 105 successfully received an authentication code. Unlike the
`
`authentication protocol described in Jakobsson, receipt acknowledgments are
`
`typically used by lower layers of a communication protocol stack to detect failed
`
`16
`
`

`

`transmissions and facilitate retransmissions in a way that is transparent to the user.
`
`For example, Internet traffic is routinely routed over a transport layer protocol
`
`called TCP. TCP uses acknowledgments (ACKs) and negative acknowledgments
`
`(NACKS) to signal whether messages were successfully received and to retransmit
`
`dropped messages accordingly. These ACKs, NACKs, and retransmissions are
`
`transparent to the user. In contrast, Jakobsson makes clear that its “positive or
`
`negative acknowledgement” can be communicated “directly to the user.” Ex-1113,
`
`Jakobsson, [0050]. A POSITA would have understood that Jakobsson’s “positive
`
`or negative acknowledgement” is not a simple receipt acknowledgment because
`
`such receipt acknowledgments would not be relayed directly to the user.
`
`Contrary To USR’s Argument, Jakobsson Does Not
`c)
`Teach Away From The Use Of Enablement Signals.
`27. USR argues that Jakobsson teaches away from the use of an
`
`“enablement signal” because one, non-limiting embodiment of Jakobsson suggests
`
`that event states can covertly indicate when device tampering occurs and – by
`
`extension – an enablement signal would reveal whether the authentication was
`
`successful thus undermining the covert nature of the embodiment. USR’s
`
`argument fails for at least two reasons. First, Jakobsson plainly does not teach
`
`away from the use of enablement signals because it discloses the use of an
`
`enablement signal. Second, examples of possible embodiments would not
`
`discourage a POSITA from incorporating the enablement signal feature into
`
`17
`
`

`

`Jakobsson’s system. Jakobsson expressly limits the covert communication of
`
`event states to “some embodiments,” not all embodiments. Ex-1113, Jakobsson,
`
`[0019]. Jakobsson discloses numerous other examples that do not involve the
`
`covert transmission of event states. See, e.g., id., [0052]. In fact, Jakobsson
`
`recognizes that overt communication (which is plainly compatible with enablement
`
`signals) has its benefits. Id., [0019] (“Overt communication may be beneficial in
`
`that it allows a general observer to become informed about state information.”).
`
`Thus, Jakobsson does not teach away from the use of enablement signals.
`
`Jakobsson also discloses embodiments where the event state is overtly
`
`communicated as a separate bit field in the authentication code. Ex-1113,
`
`Jakobsson, [0015] (“In one embodiment, the occurrence of an event is
`
`communicated explicitly in the authentication code. For example, one or more bits
`
`included in the authentication code can be dedicated to reporting the occurrence of
`
`an event.”).
`
`Jakobsson And Niwa Disclose A First Processor Configured
`4.
`To Compare Stored Authentication Information With The
`Authentication Information Of The User.
`Claim 5 recites a first processor “further configured to compare stored
`
`28.
`
`authentication information with the authentication information of the user and
`
`configured to enable the first device based on a valid comparison.” I showed that
`
`18
`
`

`

`Jakobsson in view of Maritzen and Niwa discloses this limitation. Ex-1102,
`
`Shoup-Decl., ¶¶149-154.
`
`29. USR is incorrect that Jakobsson is silent as to how a local
`
`authentication occurs because Jakobsson provides an express disclosure that
`
`authentication is conducted by comparing a stored value. For example, Jakobsson
`
`explains that verifying devices performing an authentication “can observe [a
`
`biological] characteristic, and compare the characteristic to records that associate
`
`the characteristic with the entity.” Ex-1113, Jakobsson, [0005]. Moreover, a
`
`POSITA would have understood that locally authenticating a user involves
`
`comparing a stored value against a received value. Authenticating a user in this
`
`way would have been well-understood and conventional. Moreover, there are
`
`really no other practical ways to confirm the validity of a particular value without
`
`comparing3 it against a stored value. A local authentication is possible only if the
`
`provided authentication information is compared in some way with stored
`
`3 Here, "comparison" does not necessary mean "test for equality”, as there are a
`
`number of ways to do this authentication, some of which involve "test for
`
`equality", others of which involve more complicated computations involving t