UNITED STATES PATENT AND TRADEMARK OFFICE
`
`BEFORE THE PATENT TRIAL AND APPEAL BOARD
`
`APPLE INC.,
`
`Petitioner,
`
`v.
`
`UNIVERSAL SECURE REGISTRY, LLC,
`
`Patent Owner.
`
`_________________________________________
`
`Case IPR2018-00810
`
`U.S. Patent No. 9,100,826
`
`_________________________________________
`
`DECLARATION OF DR. VICTOR SHOUP
`
`IN SUPPORT OF PETITIONER’S OPPOSITION TO
`
`PATENT OWNER’S CONDITIONAL MOTION TO AMEND
`
`Apple 1019
`Apple v. USR
`IPR2018-00810
`
`

`

`Table of Contents
`
`U.S. Patent No. 9,100,826
`Declaration of Dr. Shoup
`
`Page
`
`I.
`II.
`
`C.
`
`INTRODUCTION ...........................................................................................1
`LEGAL PRINCIPLES.....................................................................................2
`A.
`Claim Construction................................................................................2
`B.
`Obviousness...........................................................................................3
`C. Written Description...............................................................................5
`D.
`Enablement............................................................................................6
`E.
`Indefiniteness.........................................................................................7
`F.
`Subject Matter Eligibility......................................................................7
`III. OPINIONS.......................................................................................................8
`A.
`Substitute Claim 56 Does Not Satisfy § 112.........................................8
`B.
`The Substitute Claims Would Have Been Obvious To A Person Of
`Ordinary Skill In The Art....................................................................11
`1.
`Substitute Claims 36-37 and 45-46 Are Obvious In View Of
`Maritzen, Jakobsson, Niwa, And Schutzer...............................11
`Substitute Claims 56, 57, And 60 Are Obvious Over Maritzen,
`Jakobsson, Niwa, Schutzer, And Burnett. ................................25
`The Substitute Claims Are Drawn To Ineligible Subject Matter........28
`1.
`Alice Step 1: The Substitute Claims Are Directed to the
`Abstract Idea Of Verifying an Account Holder’s Identity Based
`On Codes And/Or Information Related to an Account Holder
`Before Enabling a Transaction..................................................29
`Alice Step 2: The Remaining Limitations Of The Substitute
`Claims Add Nothing Inventive To The Abstract Idea..............31
`IV. CONCLUSION..............................................................................................33
`V. AVAILABILITY FOR CROSS-EXAMINATION ......................................33
`VI. RIGHT TO SUPPLEMENT..........................................................................34
`VII. JURAT...........................................................................................................34
`
`2.
`
`2.
`
`i
`
`

`

`U.S. Patent No. 9,100,826
`Declaration of Dr. Shoup
`
`I, Victor Shoup, Ph.D., declare as follows:
`
`I.
`
`INTRODUCTION
`
`1.
`
`I have been retained by Apple to provide opinions in this proceeding
`
`relating to Universal Secure Registry’s (“USR” or “Patent Owner”) Conditional
`
`Motion to Amend (“CMTA”) the claims of U.S. Patent No. 9,100,826 (“’826
`
`patent”). I previously prepared and submitted a Declaration in support of the
`
`Petition in this proceeding, dated April 4, 2018.
`
`2.
`
`Since preparing my previous Declaration, I have reviewed the
`
`following additional materials in connection with this Declaration:
`
`(cid:120) The Board’s Decision on Institution (“DOI”)
`
`(cid:120) USR’s Patent Owner Response (“POR”)
`
`(cid:120) Dr. Jakobsson’s Declaration in Support of USR’s POR (Ex. 2003)
`
`(cid:120) USR’s CMTA
`
`(cid:120) Dr. Jakobsson’s Declaration in Support of USR’s CMTA (Ex. 2013)
`
`(cid:120) The transcript of Dr. Jakobsson’s March 20, 2019 deposition (Ex.
`
`1017)
`
`(cid:120) EP 1 028 401 to Schutzer (Ex. 1030)
`
`(cid:120) Declaration of Dr. Juels (Ex. 1020)
`
`(cid:120) Declaration of Dr. Mullins (Ex. 1022)
`
`(cid:120) Burnett et al., RSA Security’s Official Guide to Cryptography (Ex.
`
`1
`
`

`

`U.S. Patent No. 9,100,826
`Declaration of Dr. Shoup
`
`1021)
`
`(cid:120) Copy of Burnett et al., RSA Security’s Official Guide to Cryptography
`
`from deposition of Dr. Jakobsson (Ex. 1023)
`
`(cid:120) Introduction to Cryptography (Ex. 1024)
`
`3.
`
`My background and qualifications are summarized in Section I of my
`
`previous Declaration and my curriculum vitae, which was attached thereto as
`
`Appendix A.
`
`4.
`
`I am being compensated at my normal consulting rate for my work.
`
`My compensation is not dependent on the outcome of this IPR proceeding or the
`
`related litigation, and does not affect the substance of my statements in this
`
`Declaration.
`
`5.
`
`I have no financial interest in Petitioner. I have no financial interest in
`
`the ’826 patent.
`
`II.
`
`LEGAL PRINCIPLES
`
`6.
`
`I am not an attorney. For purposes of this Declaration, I have been
`
`informed about certain aspects of the law that are relevant to my analysis and
`
`opinions.
`
`A.
`
`7.
`
`Claim Construction
`
`I have been informed that claim construction is a matter of law and
`
`that the final claim construction will be determined by the Board.
`
`2
`
`

`

`U.S. Patent No. 9,100,826
`Declaration of Dr. Shoup
`I have been informed that the claim terms in an IPR review should be
`
`8.
`
`given their broadest reasonable construction in light of the specification as
`
`commonly understood by a person of ordinary skill in the art (“POSITA”). I have
`
`applied this standard in my analysis.
`
`B.
`
`9.
`
`Obviousness
`
`I have been informed and understand that a patent claim can be
`
`considered to have been obvious to a POSITA at the time the application was filed.
`
`I understand that this means that, even if all the requirements of a claim are not
`
`found in a single prior art reference, the claim is not patentable if the differences
`
`between the subject matter in the prior art and the subject matter in the claim
`
`would have been obvious to a POSITA at the time the application was filed.
`
`10.
`
`I have been informed and understand that a determination of whether
`
`a claim would have been obvious should be based upon several factors, including,
`
`among others:
`
`(cid:120) the level of ordinary skill in the art at the time the application was
`
`filed;
`
`(cid:120) the scope and content of the prior art; and
`
`(cid:120) what differences, if any, existed between the claimed invention and
`
`the prior art.
`
`11.
`
`I have been informed and understand that the teachings of two or
`
`3
`
`

`

`U.S. Patent No. 9,100,826
`Declaration of Dr. Shoup
`more references may be combined in the same way as disclosed in the claims, if
`
`such a combination would have been obvious to a POSITA. In determining
`
`whether a combination based on either a single reference or multiple references
`
`would have been obvious, it is appropriate to consider, among other factors:
`
`(cid:120) whether the teachings of the prior art references disclose known
`
`concepts combined in familiar ways, and when combined, would yield
`
`predictable results;
`
`(cid:120) whether a POSITA could implement a predictable variation, and
`
`would see the benefit of doing so;
`
`(cid:120) whether the claimed elements represent one of a limited number of
`
`known design choices, and would have a reasonable expectation of
`
`success by those skilled in the art;
`
`(cid:120) whether a POSITA would have recognized a reason to combine
`
`known elements in the manner described in the claim;
`
`(cid:120) whether the proposed modification would have a reasonable
`
`expectation of success by those skilled in the art;
`
`(cid:120) whether there is some teaching or suggestion in the prior art to make
`
`the modification or combination of elements claimed in the patent;
`
`and
`
`(cid:120) whether the innovation applies a known technique that had been used
`
`4
`
`

`

`U.S. Patent No. 9,100,826
`Declaration of Dr. Shoup
`
`to improve a similar device or method in a similar way.
`
`12.
`
`I have been informed and understand that a POSITA has ordinary
`
`creativity, and is not an automaton.
`
`13.
`
`I have been informed and understand that in considering obviousness,
`
`it is important not to determine obviousness using the benefit of hindsight derived
`
`from the patent being considered.
`
`14.
`
`I have also been informed that objective evidence can also be relevant
`
`to the question of obviousness. I understand that such evidence, which is
`
`sometimes referred to as “secondary considerations,” can include evidence of
`
`commercial success, long-felt but unsolved needs, failure of others, copying by
`
`others, and unexpected results. I also understand that when considering the
`
`strength of secondary considerations, weight is not given unless a nexus is
`
`established between the rebuttal evidence and the claimed invention. In other
`
`words, secondary considerations only carry weight when the secondary
`
`considerations are attributable to the claimed invention.
`
`C. Written Description
`
`15.
`
`I have been informed that a patent must satisfy the written description
`
`requirement separate from any enablement requirement. I understand that a patent
`
`owner seeking to amend the claims in an Inter Partes Review (“IPR”) proceeding
`
`must show that the substitute claims are supported by the specification.
`
`5
`
`

`

`U.S. Patent No. 9,100,826
`Declaration of Dr. Shoup
`To satisfy the written description requirement under § 112, I
`
`16.
`
`understand that the patent’s description must describe the claimed invention in
`
`sufficient detail that a POSITA can reasonably conclude that the inventor had
`
`possession of the claimed invention. I understand that the breadth of the claims
`
`determines the extent of the required disclosure. I understand that the written
`
`description must be commensurate with the scope of the claims. In other words, I
`
`understand that the test is whether the disclosure of the application reasonably
`
`conveys to those skilled in the art that the inventor had possession of the claimed
`
`subject matter as of the filing date, which I have been informed to assume is
`
`February 21, 2006 for this proceeding. I understand that new matter is matter not
`
`supported by the disclosure.
`
`D.
`
`17.
`
`Enablement
`
`I have been informed that a patent must satisfy the enablement
`
`requirement separate from any written description requirement.
`
`18.
`
`To satisfy the enablement requirement, the patent’s description must
`
`describe the invention such that one skilled in the art is enabled to make and use it
`
`without undue or unreasonable experimentation. I understand that certain factors
`
`are relevant, including the breadth of the claims, the nature of the invention, the
`
`state of the prior art, the level of one of ordinary skill, the level of predictability in
`
`the art, the amount of direction provided by the inventor, the existence of working
`
`6
`
`

`

`U.S. Patent No. 9,100,826
`Declaration of Dr. Shoup
`examples, and the quantity of experimentation needed to make or use the invention
`
`based on the content of the disclosure.
`
`E.
`
`19.
`
`20.
`
`Indefiniteness
`
`I have been informed that a patent claims must be definite.
`
`To be definite, I understand that patent claims must particularly point
`
`out and distinctly claim the subject matter that the patentee regards as his or her
`
`invention. Definite claims definite claims clearly and precisely inform persons of
`
`ordinary skilled in the art of the boundaries of protected subject matter. I
`
`understand that determining if a claim is definite requires a determination of
`
`whether those skilled in the art would understand what is claimed when the claim
`
`is read in light of the specification.
`
`F.
`
`21.
`
`Subject Matter Eligibility
`
`I have been informed that laws of nature, abstract ideas, and natural
`
`phenomena are not patent eligible.
`
`22.
`
`I have been informed that an application of an abstract idea, such as a
`
`mathematical formula, may be patent eligible if the patent claims add significantly
`
`more than routine, conventional activity to the underlying concept.
`
`23.
`
`I have been informed that an important and useful clue to patent
`
`eligibility is whether a claim is tied to a particular machine or apparatus or
`
`transforms a particular article into a different state or thing, according to the so-
`
`7
`
`

`

`U.S. Patent No. 9,100,826
`Declaration of Dr. Shoup
`called machine-or-transformation test. I have been informed that the machine-or-
`
`transformation test is not the only test for patent eligibility.
`
`24.
`
`I have been informed that the Supreme Court’s decision in the Alice
`
`Corp. case in 2014 articulates a two-step framework for distinguishing patents that
`
`claim ineligible abstract ideas from those that claim eligible applications of those
`
`ideas. In step one, the court must determine whether the claims at issue are
`
`directed to a patent-ineligible abstract concept. If the claim is directed to an
`
`abstract idea, the analysis proceeds to step two. In step two, I understand that the
`
`elements of the claim must be searched, both individually and as an ordered
`
`combination, for an inventive concept—i.e., an element or combination of
`
`elements that is sufficient to ensure that the patent in practice amounts to
`
`significantly more than a patent upon the ineligible concept itself. I am informed
`
`that a patentee cannot circumvent the prohibition on patenting abstract ideas by
`
`limiting the idea to a particular technological environment, nor by adding
`
`insignificant postsolution activity, or well-understood, routine, conventional
`
`features.
`
`III. OPINIONS
`
`A.
`
`Substitute Claim 56 Does Not Satisfy § 112.
`
`25. USR’s attempt to demonstrate that the claimed encryption and
`
`decryption using the second key in substitute claim 56 satisfies § 112 fails because
`
`8
`
`

`

`U.S. Patent No. 9,100,826
`Declaration of Dr. Shoup
`the written description does not support or enable the claimed symmetric second
`
`key.
`
`26.
`
`I have been informed that USR bears the burden of setting forth
`
`written description support in the originally-filed disclosure for each proposed
`
`substitute claim as a whole, and cannot introduce new matter into the claims. I
`
`understand that to satisfy the written description requirement, a patent specification
`
`must describe the claimed invention in sufficient detail that a POSITA can
`
`reasonably conclude that the inventor had possession of the claimed invention.
`
`USR fails to meet this requirement.
`
`27. USR’s alleged support for the claimed second key describes only
`
`symmetric encryption because the same public key is used to both encrypt and
`
`decrypt. See, e.g., Ex-2008, ’860 Application, 49:24-32 (describing encrypting a
`
`DES key with a public key), 50:24-31 (describing decrypting a DES key with a
`
`public key). However, this public key encryption scheme is not enabled because a
`
`value encrypted with a public key, which a POSITA would recognize as an
`
`asymmetric key, could not be decrypted using the same public key. Even with
`
`extensive experimentation, it would be impossible for a POSITA to implement
`
`encryption and decryption with a public key. This is because data encrypted with
`
`an asymmetric key, such as a public key, cannot be decrypted with the same key.
`
`In fact, an important aspect of asymmetric keys is that a different private key is
`
`9
`
`

`

`U.S. Patent No. 9,100,826
`Declaration of Dr. Shoup
`required to decrypt data. Thus, in the case of data encrypted with a public key,
`
`only a private key associated with the public key could decrypt the data. A
`
`POSITA would recognize that using a public key to decrypt data encrypted with
`
`the same public key would be impossible.
`
`28. Dr. Jakobsson admits that the encryption and decryption scheme
`
`described on pages 49 and 50 in the specification is nonsensical as written. See
`
`Ex-1017, Jakobsson Dep., 52-54. But Dr. Jakobsson asserts this language must be
`
`read as a typographical error, and that the text meant to say decrypting the DES
`
`key with a different (private) key. Id. Dr. Jakobsson’s declaration mentions no
`
`typographical error. There are no clues within the rest of the description that
`
`would lead a POSITA to believe that the only way to make sense of the disclosure
`
`would be to replace the term “public key” with “private key.”1 Furthermore, claim
`
`56 requires encrypting and decrypting the first key with the same second key—not
`
`separate public and private keys. Accordingly, even under Dr. Jakobsson’s
`
`interpretation of the text, the page 49 and 50 do not provide adequate written
`
`1 Even if a POSITA were to read the specification in this way, this describes
`
`nothing more than a well-known hybrid cryptosystem that Dr. Jakobsson admits
`
`was already known in the prior art. See Ex-1017, Jakobsson Decl., 44:3-12; see
`
`also Ex-1024, Introduction to Cryptography, 16.
`
`10
`
`

`

`U.S. Patent No. 9,100,826
`Declaration of Dr. Shoup
`description support. The remaining sections USR cite to for alleged support fail to
`
`cure this deficiency. Either the patent does not enable the described encryption
`
`and decryption with a public key, or it does not claim the alleged public/private
`
`key encryption/decryption—not both.
`
`The Substitute Claims Would Have Been Obvious To A Person Of
`B.
`Ordinary Skill In The Art.
`
`Substitute Claims 36-37 and 45-46 Are Obvious In View Of
`1.
`Maritzen, Jakobsson, Niwa, And Schutzer.
`
`a)
`
`Substitute Claim 36
`
`(1)
`
`Substitute Limitations 36[pre], 36[b], 36[j]
`
`29.
`
`Substitute claim 36 recites “[a] system for authenticating identities of
`
`a plurality of users to conduct a credit and/or debit card transaction, the system
`
`comprising[.]” 36[pre]; see also 36[b], 36[j]. Maritzen in view of Jakobsson and
`
`Niwa discloses credit and/or debit card transactions.
`
`30. As explained in my previous Declaration, Maritzen discloses “[a]
`
`system for authenticating identities of a plurality of users, the system
`
`comprising[.]” See Ex-1002, Shoup-Decl., ¶¶45-47. Maritzen further teaches that
`
`“[t]he appropriate enabling authority may be, for example, a financial institution,
`
`a third party distributor, a credit card issuer, or the like.” Ex-1004, Maritzen,
`
`11
`
`

`

`U.S. Patent No. 9,100,826
`Declaration of Dr. Shoup
`¶¶38, 85, 108, 144.2 A POSITA would understand the “financial services” and
`
`“credit card issuer” of Maritzen to include a credit card and/or debit card
`
`transaction or would have found it obvious to do so. For example, in the context
`
`of implementing Maritzen’s payment gateway, a POSITA would have understood
`
`that the reason financial services would have been offered and that a credit card
`
`issuer would be involved would have been to process and enable transactions such
`
`as the purchase of goods, for example via credit and/or debit card transactions.
`
`Financial services providers and credit card issuers routinely provided the function
`
`of processing and enabling credit card and/or debit card transactions, so a POSITA
`
`would have understood this disclosure in Maritzen to teach that financial services
`
`providers and credit card issuers would be involved for such purposes.
`
`Accordingly, Maritzen discloses these added limitations.
`
`31.
`
`To the extent that Maritzen does not expressly disclose conducting a
`
`credit card and/or debit card transaction, Schutzer provides this disclosure. For
`
`example, Schutzer teaches “a method and system for securely performing a
`
`bankcard transaction, such as a credit card or debit card transaction” in which
`
`a transaction card is used to authenticate a user and authorize a transaction. Ex-
`
`1030, Schutzer, ¶10; see also id. abstract, ¶¶8, 12, 24-37, Figs. 1-4.
`
`2 Emphasis added unless otherwise noted.
`
`12
`
`

`

`U.S. Patent No. 9,100,826
`Declaration of Dr. Shoup
`32. Accordingly, Maritzen in view of Jakobsson, Niwa, and Schutzer
`
`discloses the credit and/or debit card transaction in limitations 36[pre], [b], and [j].
`
`33.
`
`It would have been obvious to combine Schutzer’s teaching of an
`
`authentication system for a bankcard transaction with the authentication system of
`
`Maritzen, Jakobsson, and Schutzer.
`
`34.
`
`First, it would have been obvious to combine Schutzer’s bankcard
`
`transaction authentication system with the authentication system of Maritzen,
`
`Jakobsson, and Niwa because it would have involved nothing more than applying a
`
`known technique (using authentication for bankcard transactions of Schutzer) to a
`
`known device (the authentication system of Maritzen, Jakobsson, and Niwa) in the
`
`same way (by verifying information). A POSITA would have had a reasonable
`
`expectation of success in doing so at least because they would have recognized that
`
`the authentication system of Maritzen, Jakobsson, and Niwa could be implemented
`
`using simple and predictable computer code for a number of different transactions,
`
`including bankcard transactions.
`
`35.
`
`Second, Maritzen, Jakobsson, Niwa, and Schutzer provide teachings,
`
`suggestions, and motivations that would have led a POSITA to combine the bank
`
`card transaction authentication system of Schutzer with the authentication systems
`
`of Maritzen, Jakobsson, and Niwa to arrive at the claimed credit card and/or debit
`
`card transaction. For example, all references recognize the risk of stolen
`
`13
`
`

`

`U.S. Patent No. 9,100,826
`Declaration of Dr. Shoup
`authentication credentials and disclose methods for protecting such information.
`
`Ex-1030, Schutzer, ¶3 (“The link between the cardholder and the merchant must be
`
`encrypted to prevent the card number from being intercepted and fraudulently read
`
`by an unauthorized third party. This type of fraud is sometimes referred to as the
`
`man-in-the-middle attack. The link is encrypted so that no eavesdropper can listen
`
`in and steal the card number”), ¶9 (“It is another feature and advantage of the
`
`present invention to provide a method and system for securely performing a
`
`bankcard transaction which eliminates transmitting the customer’s actual card
`
`number over the Internet to the merchant and likewise eliminates the need for a
`
`secure link between the customer and the merchant.”); Ex-1004, Maritzen, ¶29 (“In
`
`this embodiment, the funds are uniquely identified with the owner of the PTD and,
`
`thus, if the PTD is stolen, the funds cannot be used by another user.”); Ex-1005,
`
`Jakobsson, ¶8 (“an unattended or stolen token remains vulnerable to attack.
`
`Would-be attackers who gain access to tokens can subject the tokens to
`
`sophisticated analysis intended to determine their methods of operation, and/or the
`
`secret(s) stored within.”); Ex-1007, Niwa, 8:66-9:3 (“Advantageously, the method
`
`and system of the present invention readily provides for authorizing transactions
`
`over a network in which all parties to the transaction maintain confidence that the
`
`initiator (e.g., the customer) of the transaction is authorized to enter into the
`
`transaction.”). Thus, it would have been obvious to combine Schutzer’s alternate
`
`14
`
`

`

`U.S. Patent No. 9,100,826
`Declaration of Dr. Shoup
`bankcard system with the authentication system of Maritzen, Jakobsson, and Niwa
`
`because Maritzen, Jakobsson, and Niwa already teach that user identifying
`
`information should be obscured, and Schutzer teaches that an application for
`
`obscuring such information is bankcard transactions.
`
`(2)
`
`Substitute Limitation 36[c]
`
`36.
`
`Limitation 36[c] recites “the first wireless signal including encrypted
`
`authentication information of the user of the first handheld device.” Maritzen
`
`discloses this limitation.
`
`37. As explained in my previous Declaration, Maritzen discloses a
`
`transaction or biometric key [authentication information] that is transmitted
`
`wirelessly. Ex-1002, Shoup-Decl., ¶¶48-50. Maritzen further teaches that the
`
`transaction or biometric key can be encrypted with well-known encryption
`
`algorithms. Ex-1004, Maritzen, ¶¶45 (“[T]he transaction key is encrypted prior to
`
`transmission using standard encrypting methods such as, for example, public key
`
`infrastructure (PKI) encryption.”), 47 (“[C]learing house 130 decrypts . . . the
`
`transaction key.”); see also id. at ¶¶46, 50, 82, 88, 90, 92, 96, 109-111, 114, 124,
`
`129, 134, 138, 148-151,164-167. Accordingly, Maritzen discloses this limitation.
`
`(3)
`
`Substitute Limitations 36[f], 36[g], 36[h], 36[j]
`
`38.
`
`Limitation 36[f] has been amended to recite that “the first processor
`
`further programmed to generate a one-time code and a digital signature, the digital
`
`15
`
`

`

`U.S. Patent No. 9,100,826
`Declaration of Dr. Shoup
`signature generated using a private key associated with the first handheld device,
`
`and to transmit the first wireless signal including the first authentication
`
`information, the one-time code, and the digital signature of the user of the first
`
`handheld device to the second device via the network.” Limitations 36[g], 36[h],
`
`and 36[i] further require that “the second processor is configured to: receive the
`
`first wireless signal . . . [verify] the digital signature,” and “use the first
`
`authentication information, the one-timecode, the digital signature, and the second
`
`authentication information to authenticate an identity of the user of the first
`
`handheld device . . . .” Maritzen in view of Jakobsson, Niwa, and Schutzer
`
`disclose these additional limitations.
`
`39.
`
`First, Jakobsson discloses transmitting an authentication code that
`
`depends on a number of different one-time codes that can be combined with other
`
`information using combination function 230 to generate an authentication code.
`
`See, e.g., Ex-1005, Jakobsson, ¶¶13 (describing dynamic variables that vary over
`
`time), 63 (“authentication code 291 is constructed from a stored secret (K), a
`
`dynamic value (T), and an event”), 64-77 (describing various combinations
`
`including the values (K), (T), (E), and (P), including A(KTE)), 116 (describing an
`
`authentication value (S), which is formed by (K) and (T), which is a typical one-
`
`time code known in the art as shown in Fig. 7), 140 (describing “a set quantity of
`
`temporary secrets can be supplied where each secret can be used once at any time
`
`16
`
`

`

`U.S. Patent No. 9,100,826
`Declaration of Dr. Shoup
`prior to the end of an expiration period”). Jakobsson further teaches that the
`
`combined authentication code can be received by a verifier (see, e.g., id. at 43, 44,
`
`48, 112) and used to authenticate the user of the first handheld device (see, e.g., id.
`
`at 21, 118).
`
`40.
`
`Second, Schutzer discloses that a cardholder can authenticate his or
`
`herself by providing certain information, and that “[i]f the transaction or the
`
`customer’s history warrants, the issuing bank 8 can require more secure
`
`authentication, such as additional secrets, matching biometrics, and/or digital
`
`signatures.” Ex-1030, Schutzer, ¶29. Furthermore, it was well known to use a
`
`digital signature to authenticate the entity that generated the digital signature, as
`
`Dr. Jakobsson admits. See Ex-1017, Jakobsson Dep., 76:5-79:9, 82:12-83:5.
`
`41. Accordingly, Maritzen, Jakobsson, Niwa, and Schutzer discloses
`
`substitute limitations 36[f], 36[g], 36[h], 36[j].
`
`42. A POSITA would have been motivated to add the one-time code of
`
`Jakobsson and the digital signature of Schutzer to the authentication system of
`
`Maritzen because such a combination would be a combination of prior art elements
`
`(e.g., the one-time code and digital signature) according to known methods (the
`
`combination function 230, including prepending or appending, or inclusion as
`
`additional authentication information of Jakobsson) to yield predictable results (a
`
`combined or addition to authentication code that can be used to more securely
`
`17
`
`

`

`U.S. Patent No. 9,100,826
`Declaration of Dr. Shoup
`
`authenticate a user). See Ex-1002, Shoup-Decl., ¶¶87-96.
`
`43. Maritzen further teaches sending additional information in a
`
`transaction key (Ex-1004, Maritzen, ¶¶ 45 (“the transaction key may include the
`
`biometric key and a PTD identifier”), 46 (“the transaction request may include
`
`other information”), and Schutzer explicitly teaches, suggests, and/or motivates
`
`using multiple authentication elements at the same time (Ex-1030, Schutzer, ¶29
`
`(“If the transaction or the customer’s history warrants, the issuing bank 8 can
`
`require more secure authentication, such as additional secrets, matching
`
`biometrics, and/or digital signatures.”)). Jakobsson similarly teaches combining
`
`multiple values via appending/prepending to arrive at an authentication code. See,
`
`e.g., Ex-1005, Jakobsson, ¶¶63, 73. In addition to the combination function 230,
`
`Jakobsson also teaches that “[t]he verifier receives the authentication information,
`
`which can optionally include other authentication and identification data, such as
`
`a PIN, password, biometric reading, and the like,” which a POSITA would have
`
`recognized to include the digital signature of Schutzer that performs an
`
`authentication function. Id. at ¶¶112, 97 (“As described above, the output is
`
`communicated to a verifier, potentially along with the same or a different PIN or
`
`password, and a user identifier.”), 21 (“The authentication information can also
`
`include one or more of a user identifier, a PIN, password, a biometric reading, and
`
`other additional authentication information.”). Thus, it also would have obvious
`
`18
`
`

`

`U.S. Patent No. 9,100,826
`Declaration of Dr. Shoup
`to try adding the digital signature of Schutzer and the one-time code of Jakobsson
`
`to the key of Maritzen using, for example, Jakobsson’s combination function or by
`
`adding as additional authentication information. A POSITA would have had a
`
`reasonable expectation of success in prepending or appending values such
`
`Maritzen’s biometric or transaction key, Jakobsson’s “event state (E),” the
`
`“dynamic value (T),” the “user data value (P),” and Schutzer’s digital signature or
`
`adding additional authentication information because Jakobsson explicitly
`
`contemplates variations in the combination functions with many different values
`
`and/or additions thereto, and the results of such variations or additions would have
`
`been easily foreseeable. See, e.g., Ex-1005, Jakobsson, ¶¶21, 69-77, 83, 97, 112.
`
`44. A POSITA would recognize one of these variations of the
`
`combination function, in which Jakobsson discloses reversing a calculation (id. at
`
`¶58), would be compatible with authentication via digital signatures. For example,
`
`a user could decrypt data with their private key to create a digital signature, and
`
`then appended the digital signature to the authentication code. A recipient of this
`
`digital signature could (1) reverse the appending operation and then (2) confirm
`
`that the device that created the digital signature is in possession of user’s private
`
`key by encrypting with the user’s public key, which is another form of reversing
`
`the decryption computation using an inverse function.
`
`45. A POSITA also would have understood that adding the digital
`
`19
`
`

`

`U.S. Patent No. 9,100,826
`Declaration of Dr. Shoup
`signature of Schutzer to and one-time code to the authentication code, either using
`
`the combination function 230 or as additional authentication information, would
`
`add more layers of security. Since only those having the user’s private key could
`
`send the appropriate digital signature, a hacker who obtained information sufficient
`
`to generate the rest of information in the wireless signal from the verifier would
`
`not be able to generate the digital signature because the verifier uses the public,
`
`rather than private key to reverse the operation of generating the digital signature.
`
`Thus, to successfully hack the system, the hacker would have to gain access to
`
`both the verifier and the user’s device holding the private key. This creates
`
`another layer of security.
`
`(4)
`
`The Remaining Limitations
`
`46. As discussed in in my previous Declaration, the substitute limitations
`
`36[a], 36[d], 36[e], 36[i], and the portions of limitations 36[pre], 36[b], 36[c],
`
`36[f], 36[g], 36[h], and 36[j] not explicitly addressed above are disclosed by
`
`Maritzen, Jakobsson, and Niwa. See Ex-1002, Shoup-Decl., ¶¶45-107. It would
`
`have been obvious to combine Maritzen, Jakobsson, and Niwa with Schutzer to
`
`arrive at these limitations for at least the reasons discussed above. See, supra,
`
`Sections III.B.1.a.(1)-(3).
`
`b)
`
`Substitute Claim 45
`
`47. As discussed in my previous Declaration, claim 10, which
`
`20
`
`

`

`U.S. Patent No. 9,100,826
`Declaration of Dr. Shoup
`corresponds to substitute claim 45, is obvious over Maritzen, Jakobsson, and Niwa.
`
`See Ex-1