`
`UNITED STATES PATENT AND TRADEMARK OFFICE
`________________
`
`BEFORE THE PATENT TRIAL AND APPEAL BOARD
`________________
`
`APPLE INC.
`Petitioner,
`
`v.
`
`UNIVERSAL SECURE REGISTRY LLC
`Patent Owner
`________________
`
`Case IPR2018-00809
`U.S. Patent No. 9,530,137
`________________
`
`PATENT OWNER’S SUR-REPLY
`
`
`
`I.
`
`II.
`
`IV.
`
`V.
`
`TABLE OF CONTENTS
`
`Case No. IPR2018-00809
`U.S. Patent No. 9,530,137
`
`Page
`
`i
`
`B.
`
`C.
`
`B.
`
`C.
`
`2.
`
`3.
`
`THE PETITION FAILED TO SHOW THAT THE INDEPENDENT
`CLAIMS WOULD HAVE BEEN OBVIOUS ................................................ 2
`A.
`Petitioner Plays Fast and Loose With Its Analysis of the
`Claimed “One of More Signals” (Limitations 1[e], 1[f], 12[e],
`12[f]) ...................................................................................................... 2
`Jakobsson (At a Minimum) Must Use a One-Way Function, and
`The Resultant One-Way Output Cannot Be Reasonably
`Interpreted to “Include” All Three Pieces of Claimed
`Information ............................................................................................ 6
`Petitioner’s New Arguments Regarding the Claimed
`“Enablement Signal” Miss the Mark (Limitations 1[h], 1[i],
`12[h], and 12[i]) .................................................................................... 9
`1.
`The Claimed Enablement Signal Must Be Provided
`Based on the Specific Information Recited in the Claims ........ 10
`Jakobsson’s “Acknowledgement” Is Not an “Enablement
`Signal” Because It Merely Acknowledges Receipt .................. 11
`Jakobsson Teaches Away From Use of Enablement
`Signals ....................................................................................... 13
`THE PETITION FAILED TO SHOW THAT THE DEPENDENT
`CLAIMS WOULD HAVE BEEN OBVIOUS .............................................. 14
`A.
`Petitioner Fails To Show that Dependent Claim 5 Would Have
`Been Obvious ...................................................................................... 14
`Petitioner Fails To Show that Dependent Claim 6 Would Have
`Been Obvious ...................................................................................... 16
`Petitioner Fails To Show that Dependent Claim 7 Would Have
`Been Obvious ...................................................................................... 19
`III. A POSITA WOULD NOT BE MOTIVATED TO COMBINE THE
`REFERENCES .............................................................................................. 20
`PETITIONER FAILED TO REBUT THE STRONG EVIDENCE OF
`SECONDARY CONSIDERATIONS OF NON-OBVIOUSNESS .............. 24
`CONCLUSION .............................................................................................. 26
`PATENT OWNER’S LIST OF EXHIBITS
`
`
`
`Case No. IPR2018-00809
`U.S. Patent No. 9,530,137
`
`Exhibit #
`2001
`
`Description
`Declaration of Dr. Markus Jakobsson in Support of Patent
`Owner’s Preliminary Response.
`
`2002
`2003
`2004
`2005
`2006
`2007
`2008
`2009
`2010
`
`2011
`2012
`
`2013
`
`2014
`
`2015
`2016
`
`2017
`2018
`2019
`2020
`2021
`
`Curriculum Vitae of Dr. Markus Jakobsson.
`USR Disclaimer Filed July 6, 2018.
`Declaration ISO Motion Pro Hac Vice Harold Barza.
`Declaration ISO Motion Pro Hac Vice Jordan Kaericher.
`U.S. Application No. 15/019,660.
`U.S. Application No. 11/677,490.
`U.S. Provisional Application No. 60/775,046.
`U.S. Provisional Application No. 60/812,279.
`Declaration of Dr. Markus Jakobsson in Support of Patent
`Owner’s Response.
`Deposition Transcript of Dr. Victor John Shoup.
`N. Asokan, et. al, The State of the Art in Electronic Payment
`Systems, IEEE Computer, Vol. 30, No. 9, pp. 28-35 (IEEE
`Computer Society Press, Sept. 1997).
`M. Baddeley, Using E-Cash in the New Economy: An
`Economic Analysis of Micropayment Systems, J. Electronic
`Commerce Research, Vol. 5, No. 4, pp. 239-253 (Nov.
`2004).
`Declaration of Dr. Markus Jakobsson ISO PO’s Conditional
`Motion to Amend.
`U.S. Provisional Application No. 60/859,235.
`U.S. District Court for Delaware Report and
`Recommendation.
`Deposition Transcript of Dr. Markus Jakobsson.
`A. Juels and M. Sudan, “A Fuzzy Vault Scheme.”
`Deposition Transcript (Rough) of Dr. Ari Juels.
`U.S. Patent No. 8,495,372.
`Declaration by Dr. Markus Jakobsson ISO Reply to Motion
`to Amend.
`
`ii
`
`
`
`Case No. IPR2018-00809
`U.S. Patent No. 9,530,137
`
`Petitioner’s Reply plays fast and
`
`loose with
`
`the claim
`
`language,
`
`mischaracterizes the asserted references and this Board’s Institution Decision,1 and
`
`improperly introduces new evidence and arguments. Because Petitioner’s Reply
`
`fails to remedy fatal defects in the Petition that reach every challenged claim, the
`
`Board should not find any challenged claim unpatentable.
`
`First, Petitioner still fails to show any disclosure in the asserted references of
`
`multiple elements of the independent claims. Second, Petitioner fails to show that a
`
`person of ordinary skill in the art (“POSITA”) would have been motivated to
`
`combine the asserted references in the manner proffered in the Petition to arrive at
`
`the independent claims. In fact, the references fundamentally differ and teach
`
`directly away from Petitioner’s proposed modifications. Third, for additional
`
`reasons, the Petition still fails to prove that dependent claims 5, 6, and 7 would have
`
`been obvious. Finally, Petitioner fails to rebut Patent Owner’s strong showing of
`
`secondary considerations of non-obviousness.
`
`1 For example, the very first line of Petitioner’s Reply asserts that Patent Owner’s
`
`Response (“POR”) “repeats arguments that the Board already rejected” (Reply at 1),
`
`but Petitioner’s assertion is clearly wrong. The Board has not rejected (or even ruled
`
`on) any of Patent Owner’s substantive arguments in this proceeding—particularly
`
`not under the preponderance of evidence standard governing this proceeding.
`
`1
`
`
`
`Case No. IPR2018-00809
`U.S. Patent No. 9,530,137
`
`I.
`
`THE PETITION FAILED TO SHOW THAT THE INDEPENDENT
`CLAIMS WOULD HAVE BEEN OBVIOUS
`
`A.
`
`Petitioner Plays Fast and Loose With Its Analysis of the Claimed
`“One of More Signals” (Limitations 1[e], 1[f], 12[e], 12[f])
`
`Both independent claims of the ’137 Patent include at least one limitation
`
`requiring processing and transmitting “the one or more signals.” See limitations 1[f]
`
`and 12[f]. The “one or more signals” that are transmitted to the second device are
`
`“generated” earlier in the independent claims. In particular, these one or more
`
`signals must include three distinct pieces of information: (1) “the first authentication
`
`information”; (2) “an indicator of biometric authentication”; and (3) “a time varying
`
`value.” See limitations 1[e] and 12[e]. While Petitioner ostensibly points to three
`
`pieces of information (i.e., authentication code 291, a strength of biometric match
`
`(E), and a time-varying value (T)) within the Jakobsson reference as allegedly
`
`corresponding to the three claimed pieces of information, that is where the
`
`similarities stop. Reply at 2. When viewed in the proper context of the claims as a
`
`whole, Petitioner’s mapping does not satisfy several important claim limitations.
`
`It is undisputed that authentication code 290 in Jakobsson can take at least
`
`three alternative forms—authentication code 291, 292, or 293, depending on the
`
`inputs to the authentication function A. For example:
`
`• authentication code 291 is constructed from K, T, and E
`
`• authentication code 292 is constructed from K, T, E, and P
`
`2
`
`
`
`Case No. IPR2018-00809
`U.S. Patent No. 9,530,137
`
`• authentication code 293 is constructed from K, T, E, P, … {N, V, …}
`
`This is shown in Figure 2, reproduced and annotated below:
`
`Ex-1113 at Fig. 2; see also id. at ¶¶[0063], [0071]-[0077]. Thus, it is clear that the
`
`authentication code disclosed in Jakobsson takes different forms depending on how
`
`many inputs are used to construct the code.
`
`In its Reply, Petitioner alleges the claimed “one or more signals” corresponds
`
`to authentication code 292, the claimed “first authentication information”
`
`corresponds to authentication code 291, the claimed “indicator of biometric
`
`authentication” corresponds to a strength of biometric match (E), and the claimed
`
`3
`
`
`
`Case No. IPR2018-00809
`U.S. Patent No. 9,530,137
`
`“time-varying value” corresponds to time-varying value (T). Reply at 2. In doing
`
`so, Petitioner (1) impermissibly combines multiple, alternative embodiments of
`
`Jakobsson and (2) relies on inputs and resultant codes derived from those inputs
`
`for the three distinct pieces of claimed information that are transmitted to the second
`
`device. For instance, Jakobsson does not disclose an embodiment where
`
`authentication code 291, (E), and (T) are each transmitted to a second device in the
`
`same transmission. Rather, Jakobsson merely discloses transmitting a unitary
`
`authentication code (either one of code 291, 292, or 293) in each transmission to
`
`verifier 105. Ex-1113 at ¶¶[0060], [0071]. In other words, there is no disclosure in
`
`Jakobsson of transmitting authentication code 291 in addition to the values (E) and
`
`(T), all in the same transmission—yet this is exactly what is required by Petitioner’s
`
`mapping in view of the clear claim language.
`
`Petitioner’s double-counting—particularly across multiple, alternative
`
`embodiments of Jakobsson—is improper. Becton, Dickinson & Co. v. Tyco
`
`Healthcare Grp., LP, 616 F.3d 1249, 1254 (Fed. Cir. 2010) (“Where a claim lists
`
`elements separately, ‘the clear implication of the claim language is that those
`
`4
`
`
`
`Case No. IPR2018-00809
`U.S. Patent No. 9,530,137
`
`elements are ‘distinct component[s]’ of the patented invention.”) (quoting
`
`Gaus v. Conair Corp., 363 F.3d 1284, 1288 (Fed. Cir. 2004)); see also In re
`
`Robertson, 169 F.3d 743, 745 (Fed. Cir. 1999) (claim reciting multiple fastening
`
`mechanisms is not invalid in view of single fastening mechanism disclosed in prior
`
`art); Ethicon Endo-Surgery, Inc. v. U.S. Surgical Corp., 93 F.3d 1572, 1579 (Fed.
`
`Cir. 1996) (different claim terms presumed to have different meanings); Merck &
`
`Co., Inc. v. Teva Pharm. USA, Inc., 395 F.3d 1364, 1372 (Fed. Cir. 2005) (claim
`
`construction should give meaning to all the terms). In other words, independent
`
`claims 1 and 12 require the first device to transmit three separate and distinct types
`
`of information to a second device for processing because each is a “distinct
`
`component” of the claimed invention. Becton, 616 F.3d at 1254. The transmission
`
`of one of a variety of possible authentication codes—even if derived from some of
`
`the three distinct types of information—is insufficient. Because none of the
`
`references, alone or in combination, show or reasonably suggest this claimed feature,
`
`the Board should not find any challenged claim unpatentable.2 Ex-2010, ¶¶49-53.
`
`2 Petitioner also takes the surprising and erroneous position that “limitation 1[f]
`
`does not require that the authentication code include all three pieces of information.”
`
`Reply, 2. But, since limitation 1[f] expressly references the claimed “the one or
`
`5
`
`
`
`Case No. IPR2018-00809
`U.S. Patent No. 9,530,137
`
`B.
`
`Jakobsson (At a Minimum) Must Use a One-Way Function, and
`The Resultant One-Way Output Cannot Be Reasonably
`Interpreted to “Include” All Three Pieces of Claimed Information
`
`Petitioner argues that Jakobsson discloses that the combination function can
`
`combine values in a number of ways that do not involve a one-way function. Reply,
`
`4-5. But as explained by the author of the reference, Dr. Jakobsson, “[t]he one-way
`
`function is a critical aspect of [the invention described in the Jakobsson reference].”
`
`Ex-2017 at 127:6-20. While certain embodiments of Jakobsson discuss prepending
`
`and appending certain inputs, a one-way function is always used (optionally in
`
`conjunction with other functions). Dr. Jakobsson explained that a person of ordinary
`
`skill in the art would understand that all the examples given involve a one-way
`
`function because otherwise the system would not be secure:
`
`all the examples given and the motivation of this requires that it’s a
`one-way function. Remember, one of these things is -- for example, the
`value K, that’s a secret key. If you were not to apply a one-way
`function to that and you were to, as a result, expose that to an
`eavesdropper, that would not be beneficial.
`
`more signals,” all three pieces of information must be transmitted to the second
`
`device.
`
`6
`
`
`
`Case No. IPR2018-00809
`U.S. Patent No. 9,530,137
`
`Id. at 134:1-133; see also id. at 134:19-135:7 (explaining that it would be “clear to a
`
`person of skill in the art reading this that there has to be a one-way function”).
`
`Dr. Juels’ belated opinion in Reply (Ex-1130, ¶¶39-43) that some other functions
`
`might be used in conjunction with the one-way function do not alter this conclusion.
`
`Reply, 5. In fact, Dr. Juels acknowledged at his deposition that merely concatenating
`
`or XOR’ing inputs together, without more, was an inadequate way to generate or
`
`protect the authentication code from eavesdroppers. Ex-2019 at 30:3-21
`
`(eavesdropper can recover inputs if mere concatenation were used); 34:12-36:12
`
`(same); 40:14-41:6 (adversary can recover input if mere XOR is used as the
`
`combination function).
`
`Since a one-way function must be used at some point during the authentication
`
`code generation process in Jakobsson, the resultant unitary authentication code
`
`does not “include” all three pieces of claimed information. In other words, a
`
`POSITA would not recognize Jakobsson’s system to transmit one or more signals
`
`“including”
`
`first authentication
`
`information, an
`
`indicator of biometric
`
`authentication, and a time varying value because the combination function
`
`transformed those pieces of information into a unitary authentication code prior to
`
`3 All emphases added unless otherwise noted.
`
`7
`
`
`
`Case No. IPR2018-00809
`U.S. Patent No. 9,530,137
`
`transmission. Ex-2010, ¶ 54. As such, even if Petitioner’s mapping were valid, it
`
`still would not show or suggest all the elements of independent claims 1 and 12.
`
`Petitioner also posits, without any support whatsoever, that “[a]s long as the
`
`inputs to the combination function share a computationally one-to-one relationship
`
`with the output authentication code (which they do), a POSITA would have
`
`understood that the authentication code ‘includes’ those inputs.” 4 Reply, 5.
`
`Petitioner then cites some inapposite deposition testimony from its expert regarding
`
`the definition of “computationally one-to-one” mappings. Id. Indeed, if it is
`
`computationally impossible or infeasible to derive the inputs from a one-way
`
`function’s output, as suggested by Petitioner’s own expert, then no reasonable
`
`person would understand the output to “include” those inputs. The cited deposition
`
`testimony of Petitioner’s expert therefore supports Patent Owner’s position.
`
`4 At his deposition, Petitioner’s expert, Dr. Juels, took the untenable view that a
`
`code “includes” a value so long as that value was used to generate the code. Ex-
`
`2019 at 73:12-74:19 (defining “includes” to mean “elements input to the
`
`combination function in order to create the authentication code”). Under the proper
`
`interpretation, a POSITA would understand a code to “include” inputs only if those
`
`inputs could be extracted from the resultant code.
`
`8
`
`
`
`Case No. IPR2018-00809
`U.S. Patent No. 9,530,137
`
`Moreover, Petitioner’s own expert, Dr. Juels, testified that it would be
`
`computationally difficult to derive the inputs from the output of a one-way function,
`
`like the one-way functions described in Jakobsson and used to generate the
`
`authentication codes. Ex-2019 at 70:6-71:10, 79:4-24. For these reasons,
`
`Petitioner’s arguments are misplaced. 5 Since none of the authentication codes
`
`described in Jakobsson “include” all three pieces of information recited by the
`
`challenged claims (and Petitioner does not point to any other reference as allegedly
`
`disclosing this missing feature), Petitioner has not met its burden to show any of the
`
`challenged claims are obvious.
`
`C.
`
`Petitioner’s New Arguments Regarding the Claimed “Enablement
`Signal” Miss the Mark (Limitations 1[h], 1[i], 12[h], and 12[i])
`
`With respect to the claimed “enablement signal,” Petitioner now contends that
`
`“Jakobsson discloses other embodiments where a first authentication information
`
`5 Patent Owner’s conditional motion to amend, which adds a “separable field”
`
`requirement, merely emphasizes that the claimed “one or more signals” must include
`
`all three pieces of information. It is not a concession that the present claims do not
`
`require separate inputs, as Petitioner alleges. Reply, 5-6. As explained above, all
`
`three pieces of information must be included within the claimed “one or more
`
`signals” and transmitted.
`
`9
`
`
`
`Case No. IPR2018-00809
`U.S. Patent No. 9,530,137
`
`and an indicator of biometric authentication are separate items combined to form an
`
`authentication code on which an enablement signal is based.” Reply, 7. This new
`
`argument in Reply comes too late. 37 C.F.R. § 42.23(b). Moreover, for the reasons
`
`discussed below, Petitioner’s new argument is wrong on the merits.
`
`1.
`
`The Claimed Enablement Signal Must Be Provided Based on
`the Specific Information Recited in the Claims
`
`Limitations 1[i] and 12[i] require the claimed “enablement signal” to be
`
`provided “based on…the indication of biometric authentication,…the first
`
`authentication
`
`information, and…second authentication
`
`information.”
`
` But
`
`Petitioner continues to erroneously point to the same item for both an “indication of
`
`biometric authentication” and “first authentication information.” In Reply,
`
`Petitioner argues “the Petition points to two different items: the ‘indication of
`
`biometric authentication’ corresponds to a strength of a biometric match (E), while
`
`‘first authentication information’ corresponds to Jakobsson’s authentication code.”
`
`Reply, 7. But it is undisputed that Jakobsson’s authentication code is the only code
`
`transmitted to the second device. Even if Jakobsson’s authentication code were
`
`derived from the strength of a biometric match (E), this does not mean that the
`
`recited enablement signal is provided “based on” the distinct pieces of information
`
`recited in claims 1 and 12. Rather, the alleged enablement signal in Jakobsson (i.e.,
`
`10
`
`
`
`Case No. IPR2018-00809
`U.S. Patent No. 9,530,137
`
`the “positive or negative acknowledgement”) is merely based on successful receipt
`
`of the unitary authentication code.
`
`As explained in Patent Owner’s Response, Petitioner is attempting to
`
`improperly re-write the claims. The language of the claims requires that the
`
`enablement signal be based on at least two different types of information. Ex.-2010,
`
`¶57. For example, Claim 12 recites that the enablement signal is “based on the
`
`acceptance of the indicator of biometric authentication and use of the first
`
`authentication information.” Limitation 12[i]; see also limitation 1[i]. The claims
`
`do not recite that the enablement signal is based on first authentication information
`
`generated using an indicator of biometric authentication. Id., ¶57. Petitioner’s
`
`attempt to double count Jakobsson’s authentication information and read the two
`
`types of information recited in the claims as one is inappropriate for at least the same
`
`reasons discussed above.
`
`2.
`
`Jakobsson’s “Acknowledgement” Is Not an “Enablement
`Signal” Because It Merely Acknowledges Receipt
`
`Limitation 1[h] recites that the second device is configured “to provide the
`
`enablement signal indicating that the second device approved the transaction based
`
`on use of the one or more signals.” See also limitation 12[h] (“wherein the first
`
`processor is further programmed to receive an enablement signal indicating an
`
`approved transaction from the second device”). Even assuming the double counting
`
`11
`
`
`
`Case No. IPR2018-00809
`U.S. Patent No. 9,530,137
`
`described above is proper—it is not—Petitioner continues to erroneously point to a
`
`mere “positive or negative acknowledgement” as the claimed “enablement signal.”
`
`Reply, 9.
`
`Petitioner now argues that “[a] POSITA would have understood that the
`
`‘positive or negative acknowledgement’ indicates an acknowledgment of successful
`
`or failed authentication because the context of Jakobsson’s disclosure makes clear
`
`that the positive or negative acknowledgement is sent in response to an
`
`authentication attempt and in connection with the authentication procedure
`
`discussed in [0050].” Reply, 9-10. But, a simple acknowledgement that data has
`
`been successfully received would still be sent “in response to an authentication
`
`attempt” in order to inform the sender that some data was successfully received, not
`
`whether the second device actually approved the transaction, as required by the
`
`independent claims.6 Ex-2010, ¶¶60-61.
`
`6 The fact that the acknowledgement can be communicated “directly to the user”
`
`does not alter the calculus. Reply, 10. First, Jakobsson does not indicate the
`
`acknowledgement is tied in any way to the authentication procedure. Ex-1113
`
`¶[0050]. Second, Jakobsson merely says that the terminal “may or may not
`
`communicate the acknowledgement to the device 120 or directly to the user 110.”
`
`Id. There is no requirement that the acknowledgement be communicated directly to
`
`12
`
`
`
`Case No. IPR2018-00809
`U.S. Patent No. 9,530,137
`
`3.
`
`Jakobsson Teaches Away From Use of Enablement Signals
`
`Although Jakobsson briefly discusses the difference between “covert” and
`
`“overt” communications in the background, as noted by Petitioner (see Reply, 11),
`
`adding an enablement signal to Jakobsson would be antithetical to a primary goal of
`
`Jakobsson: to covertly convey an event state without alerting a potential attacker that
`
`the state has been conveyed to the verifier. Ex-2010, ¶62. For example, as explained
`
`in Patent Owner’s Response, Jakobsson discloses that an event state may indicate
`
`whether “tampering” with the first device has occurred. Ex-1113 at ¶[0014].
`
`Jakobsson explains “[i]t may be advantageous if an attacker with access to device
`
`[sic] is unable to determine if an event was detected and communicated because an
`
`unwarned attacker is more likely to take actions that can lead to observation and
`
`apprehension by authorities.” Id. at ¶[0015]. By modifying Jakobsson to send an
`
`“enablement signal” back to the first processor, the user of the first device would
`
`learn whether the second device approved the transaction (and the event state
`
`indicative of tampering). Ex-2010, ¶62. A POSITA would not make this
`
`the user in all embodiments. Id. Third, in some circumstances it might be beneficial
`
`for the user to know if communication with the verifier was currently active
`
`(connected) or successful, so communicating this acknowledgement directly to user
`
`may be appropriate in some circumstances.
`
`13
`
`
`
`Case No. IPR2018-00809
`U.S. Patent No. 9,530,137
`
`modification to Jakobsson because it would reveal the event state (and whether
`
`verification was ultimately successful) to a would-be attacker. Id. Petitioner’s own
`
`expert, Dr. Juels, conceded at his deposition that adding an enablement signal to
`
`Jakobsson would indicate to the device whether authentication was successful and
`
`permit the user to learn the event state of tampering, which would be undesirable.
`
`Ex-2019 at 123:18-124:6, 125:8-23, 126:16-23. In short, there is simply no reason
`
`to add a new enablement signal into Jakobsson’s system.
`
`II.
`
`THE PETITION FAILED TO SHOW THAT THE DEPENDENT
`CLAIMS WOULD HAVE BEEN OBVIOUS
`
`A.
`
`Petitioner Fails To Show that Dependent Claim 5 Would Have
`Been Obvious
`
`Claim 5, which depends from claim 1, recites “wherein the first processor is
`
`further configured to compare stored authentication information with authentication
`
`information of the user.” Petitioner alleges, for the first time in Reply, that
`
`“Jakobsson provides an express disclosure that authentication is conducted by
`
`comparing a stored value to a value received from the user.” Reply, 12. Not only is
`
`this new argument too late, the disclosure cited by Petitioner merely provides
`
`background information relating to how verifiers might work (by comparing
`
`biological characteristics to “records”). Ex-1113, ¶[0005]. Jakobsson never even
`
`states that these “records” are stored, particularly not stored somewhere the first
`
`processor can access them. Rather, Jakobsson is silent as to how local authentication
`
`14
`
`
`
`Case No. IPR2018-00809
`U.S. Patent No. 9,530,137
`
`occurs and whether the authentication mechanism compares stored authentication
`
`information with authentication information of the user, as required by claim 5. Ex-
`
`2010, ¶¶ 63-64.
`
`While Petitioner maintains that “a POSITA would have understood that
`
`locally authenticating a user involves comparing a stored value against a received
`
`value” (Reply, 12), Petitioner does not explain why the first processor must do the
`
`comparison or where the comparison takes place. As explained by Dr. Jakobsson, a
`
`device could authenticate a user in many ways depending on what type of
`
`authentication information was used. Ex-2010, ¶64. Petitioner has not shown that
`
`any of these approaches would necessarily involve the first processor comparing
`
`stored authentication information with authentication information of the user, as
`
`required by claim 5. Id.; see In re Rijckaert, 9 F.3d 1531, 1534 (Fed. Cir. 1993)
`
`(“The mere fact that a certain thing may result from a given set of circumstances is
`
`not sufficient”) (emphasis in original); see also ZTE Corp. v. ContentGuard
`
`Holdings, Inc., IPR2013-00137, Paper 58 at 25-26 (PTAB July 1, 2014)
`
`(same). Petitioner’s claim that “USR and Dr. Jakobsson fail to identify a single
`
`viable alternative for conducting the claimed local authentication without comparing
`
`a stored value with a received value” is plainly false, since authentication could
`
`occur remotely (not involving the claimed first processor) or without comparing
`
`stored authentication information to authentication information of the user (for
`
`15
`
`
`
`Case No. IPR2018-00809
`U.S. Patent No. 9,530,137
`
`example, as Dr. Jakobsson explains is done with a “zero-knowledge password
`
`proof”). Ex-2010, ¶¶64-65. Accordingly, the Petition fails to establish that
`
`Jakobsson discloses or renders obvious the claimed limitation.
`
`Petitioner’s arguments regarding Niwa are equally flawed. Without any
`
`support whatsoever, Petitioner asserts that “there are no other practical ways to
`
`confirm the validity of a particular value without comparing it against a stored
`
`value.” Reply, 13. Petitioner, however, ignores Dr. Jakobsson’s testimony
`
`summarized above that a device could authenticate a user in many ways depending
`
`on what type of authentication information was used. Petitioner then acknowledges
`
`that Niwa fails to disclose that the first processor performs the comparison. Id.
`
`(“Niwa merely reinforces that authentication involves a stored value that is matched
`
`to a received value – not whether it is performed by a first processor.”) This is yet
`
`another reason why dependent claim 5 is not obvious.
`
`B.
`
`Petitioner Fails To Show that Dependent Claim 6 Would Have
`Been Obvious
`
`Claim 6, which depends from claim 1, recites “wherein the first processor is
`
`further configured to encrypt the first authentication information to communicate to
`
`the second device.” Petitioner now alleges that “Jakobsson discloses various
`
`embodiments using encryption algorithms including block ciphers to encrypt an
`
`authentication code.” Reply, 14. But these new arguments in Reply are too late.
`
`16
`
`
`
`Case No. IPR2018-00809
`U.S. Patent No. 9,530,137
`
`In addition, as explained by Dr. Jakobsson, use of an encryption function
`
`(such as a block cipher) does not imply encrypting. Ex-2017,168:17-172:9. In fact,
`
`Jakobsson itself specifies how to provide inputs to an encryption function to cause
`
`this function to be used as a one-way function. Ex-1113, ¶[0071] (use of “a block
`
`cipher, such as RC6 or [AES] algorithms,…to generate the combination of (K) and
`
`(T)”). In other words, Jakobsson provides examples of an encryption function, such
`
`as a block cipher, that is not used to encrypt a value. Even Petitioner’s own expert,
`
`Dr. Juels, confirmed at his deposition that an encryption function, like a block cipher,
`
`is not always used to encrypt data and is sometimes instead used, for example, as a
`
`hash function or other one-way function. Ex-2019 at 66:3-9 (block cipher used to
`
`implement a one-way function), 86:2-18 (possible to build a hash function out of an
`
`encryption function), 96:5-97:13 (AES encryption algorithm used as a one-way
`
`function in SecurID systems, as described in Dr. Juels’ own patent, U.S. Patent No.
`
`8,495,372 (Ex-2020), at 15:33-48), 98:9-99:2 (possible to construct one-way
`
`function from AES block cipher). The mention of block ciphers in Jakobsson
`
`therefore does not implicate any form of “encryption” as required by this claim.
`
`Moreover, the actual value being encrypted is not “the first authentication
`
`information” that is transmitted to the second device for all the reasons previously
`
`explained in Patent Owner’s Response. Ex-1020, ¶¶66-68; POR at 30-31.
`
`17
`
`
`
`Case No. IPR2018-00809
`U.S. Patent No. 9,530,137
`
`Petitioner completely fails to address (and thereby tacitly admits) that
`
`Jakobsson does not describe an embodiment where the hashing/combination
`
`function and encryption are used together because they would be redundant. Reply,
`
`15. Instead, Petitioner baldly argues that “encrypting the inputs to or the outputs of
`
`the one-way function would have improved the overall security of the system.” Id.
`
`If “improving security” were the only motivation required to add additional layers
`
`of encryption, then every encryption scheme would be obvious. Such overly broad
`
`and generic motivations are no motivation at all. See ActiveVideo Networks, Inc. v.
`
`Verizon Commc’ns, Inc., 694 F.3d 1312, 1328 (Fed. Cir. 2012) (Petitioner must
`
`provide a sufficient motivation relating to a “specific combination of prior art
`
`elements.”); Spectrum Brands, Inc. v. ASSA ABLOY AB, Case No. IPR2015-01563,
`
`Paper 7, at 19 (PTAB Jan. 15 2016) (references in the same field of endeavor “falls
`
`short of an adequate rational”); Nokia Solutions & Networks US LLC v. Huawei
`
`Techs. Co., Case No. IPR2017-00660, Paper 8, at 19 (PTAB July 28, 2017)
`
`(suggesting that “a simple assertion that the references are from the same field” may
`
`be “insufficient rationale”).
`
`With regard to Maritzen, Petitioner now argues that Maritzen’s “transaction
`
`key” could be the first authentication information. Reply, 15. However, this
`
`observation does not change the undeniable conclusion that a general disclosure of
`
`encrypting some value or information would not motivate a POSITA to encrypt a
`
`18
`
`
`
`Case No. IPR2018-00809
`U.S. Patent No. 9,530,137
`
`specific value—without reliance on impermissible hindsight. Ex-2010, ¶68.
`
`Petitioner contends that “the teaching of encryption could have been applied to any
`
`transmission or subset thereof.” Reply, 15. But, once again, this motivation is too
`
`broad and generic to motivate anyone to do anything, let alone make the
`
`modifications to the references proffered by Petitioner. Petitioner would like this
`
`Board to believe a single teaching of encryption in a different context and in regard
`
`to different information would render all other uses of encryption obvious—a result
`
`that is nonsensical.
`
`C.
`
`Petitioner Fails To Show that Dependent Claim 7 Would Have
`Been Obvious
`
`Claim 7, which depends from claim 1, recites “wherein the first device
`
`includes a first memory coupled to the first processor and configured to store the
`
`first biometric information.” Claim 1 recites that the first biometric information is
`
`the information captured by the biometric sensor. Petitioner now argues, without
`
`any support, that “[t]he data captured from the biometric sensor is the same as the
`
`data derived from the biometric observation.” Reply, 16. But, as Dr. Jakobsson
`
`explained at his deposition, a biometric template is stored on a device and used for
`
`authentication. Ex-2017 at 154:10-20 (biometric value received from senso