`
`UNITED STATES PATENT AND TRADEMARK OFFICE
`________________
`
`BEFORE THE PATENT TRIAL AND APPEAL BOARD
`________________
`
`APPLE INC.
`Petitioner,
`
`v.
`
`UNIVERSAL SECURE REGISTRY LLC
`Patent Owner
`________________
`
`Case IPR2018-00810
`U.S. Patent No. 9,100,826
`________________
`
`PATENT OWNER'S SUR-REPLY
`
`
`
`I.
`
`II.
`
`III.
`
`TABLE OF CONTENTS
`
`Case No. IPR2018-00810
`U.S. Patent No. 9,100,826
`
`Page
`
`i
`
`THE PETITION FAILED TO PROVE THAT THE INDEPENDENT
`CLAIMS WOULD HAVE BEEN OBVIOUS ................................................ 2
`A.
`The Petition Failed To Show The Recited "First Authentication
`Information" (Limitations 1[h], 10[c], 21[g], 30[b]) ............................ 2
`1.
`The Petition did not show that Maritzen's "biometric key"
`is determined/derived from "first biometric information" .......... 2
`The Petition did not show that a POSITA would have
`been motivated to combine Maritzen with Jakobsson's
`"combination function" to meet the recited "first
`authentication information" ........................................................ 6
`The Petition Failed To Show Authentication Of A User Based
`On "Authentication Information" (Limitations 1[a], 10[a]) ................ 11
`The Petition Failed To Show Retrieving Or Receiving "Second
`Biometric [Information/Data]" (Limitations 21[i], 30[d]) .................. 13
`The Petition Failed To Show Receiving "First Authentication
`Information" (Limitation 21[h]) .......................................................... 14
`The Petition Failed To Show Authentication Based On "Second
`Biometric Information" (Limitation 30[e]) ......................................... 15
`The Petition Failed To Show The "First Handheld Device"
`(Limitations 1[a], 10[a], 21[a], 30[a]) ................................................. 16
`THE PETITION FAILED TO PROVE THAT MANY DEPENDENT
`CLAIMS WOULD HAVE BEEN OBVIOUS .............................................. 20
`A.
`The Petition Failed To Show That Dependent Claims 2 And 11
`Would Have Been Obvious ................................................................. 20
`The Petition Failed To Show That Dependent Claims 7, 14, 26,
`And 34 Would Have Been Obvious .................................................... 21
`The Petition Failed To Show That Dependent Claim 15 Would
`Have Been Obvious ............................................................................. 24
`PETITIONER FAILED TO REBUT EVIDENCE OF SECONDARY
`CONSIDERATIONS OF NON-OBVIOUSNESS ........................................ 24
`IV. CONCLUSION .............................................................................................. 26
`
`2.
`
`B.
`
`C.
`
`D.
`
`E.
`
`F.
`
`B.
`
`C.
`
`
`
`Case No. IPR2018-00810
`
`Case No. IPR2018-00810
`U.S. Patent No. 9,100,826
`US. Patent No. 9,100,826
`
`ii ii
`
`
`
`Case No. IPR2018-00810
`U.S. Patent No. 9,100,826
`
`PATENT OWNER'S LIST OF EXHIBITS
`
`Description
`Declaration ISO Motion Pro Hac Vice Harold Barza.
`Declaration ISO Motion Pro Hac Vice Jordan Kaericher.
`Declaration of Dr. Markus Jakobsson in Support of Patent
`Owner's Response.
`Curriculum Vitae of Dr. Markus Jakobsson.
`Transcript of December 14, 2018 Deposition of Dr. Victor
`John Shoup.
`N. Asokan, et. al, The State of the Art in Electronic Payment
`Systems, IEEE Computer, Vol. 30, No. 9, pp. 28-35 (IEEE
`Computer Society Press, Sept. 1997).
`M. Baddeley, Using E-Cash in the New Economy: An
`Economic Analysis of Micropayment Systems, J. Electronic
`Commerce Research, Vol. 5, No. 4, pp. 239-253 (Nov.
`2004).
`U.S. Application No. 14/027,860.
`U.S. Application No. 11/677,490.
`U.S. Provisional Application No. 60/775,046.
`U.S. Provisional Application No. 60/812,279.
`U.S. Provisional Application No. 60/859,235.
`Declaration by Dr. Markus Jakobsson in Support of Motion
`to Amend.
`U.S. District Court for Delaware Report and
`Recommendation.
`Declaration by Dr. Markus Jakobsson in Support of Motion
`Reply to MTA Opposition.
`Rough transcript of deposition of Dr. Ari Juels.
`
`Exhibit #
`2001
`2002
`2003
`
`2004
`2005
`
`2006
`
`2007
`
`2008
`2009
`2010
`2011
`2012
`2013
`
`2014
`
`2015
`
`2016
`
`iii
`
`
`
`Case No. IPR2018-00810
`U.S. Patent No. 9,100,826
`
`Petitioner's Reply mischaracterizes the prior art and briefing1 and improperly
`
`introduces a multitude of new evidence and arguments, but it still fails to remedy
`
`fatal defects in the Petition that reach every challenged claim. First, the Petition
`
`failed to show any disclosure in the asserted references of multiple elements of the
`
`independent claims. Second, the Petition failed to show that a person of ordinary
`
`skill in the art ("POSITA") would have been motivated to combine the asserted
`
`references to arrive at the independent claims—in fact, the references are
`
`fundamentally different, and they teach directly away from Petitioner's proposed
`
`combination. Third, for additional reasons, the Petition failed to prove that
`
`dependent claims 2, 7, 11, 14, 15, 26, and 34 would have been obvious. Finally,
`
`Petitioner's Reply fails to rebut secondary considerations of non-obviousness.
`
`Accordingly, the Board should not find any challenged claim unpatentable.
`
`1 For example, the very first line of Petitioner's Reply asserts that Patent Owner's
`
`Response ("POR") "repeats arguments that the Board already rejected" (Reply at 1),
`
`but that is plainly wrong. The Board has not rejected (or even had the opportunity
`
`to rule on) any of Patent Owner's substantive arguments in this proceeding.
`
`1
`
`
`
`Case No. IPR2018-00810
`U.S. Patent No. 9,100,826
`
`I.
`
`THE PETITION FAILED TO PROVE THAT THE INDEPENDENT
`CLAIMS WOULD HAVE BEEN OBVIOUS
`
`A.
`
`The Petition Failed To Show The Recited "First Authentication
`Information" (Limitations 1[h], 10[c], 21[g], 30[b])
`
`1.
`
`The Petition did not show that Maritzen's "biometric key" is
`determined/derived from "first biometric information"
`
`The Petition asserted that Maritzen's "biometric key" is derived from "first
`
`biometric information" because "Maritzen discloses that the biometric key…is
`
`derived based on a validation of the biometric information," citing Maritzen's
`
`disclosure that "if the biometric input is valid for the device, privacy card 110 creates
`
`biometric key 350 and transmits biometric key 350 to PTD 100." Pet., 40-41; Ex-
`
`1004, [0088]. The Petition said no more on the matter.
`
`After the POR demonstrated the fatal flaws in this argument (POR, 22-25),
`
`Petitioner chose to change course, arguing for the first time in its Reply that
`
`Maritzen's "biometric key" is actually a term of art that a "POSITA would have
`
`understood…is a cryptographic key…derived from or determined from biometric
`
`information." Reply, 5-6; Ex-1018, ¶21 ("The term 'biometric key' was a term that
`
`had a special meaning to those of skill in the art"). This is an entirely new argument
`
`that should be disregarded on that basis alone, but it also fails on the merits.
`
`First, Petitioner has not shown that the term "biometric key" had any particular
`
`meaning to a POSITA (let alone the meaning Petitioner ascribes to it). On this point,
`
`Petitioner relies solely on its expert. Reply, 5-6. Dr. Shoup, in turn, opines that
`
`2
`
`
`
`Case No. IPR2018-00810
`U.S. Patent No. 9,100,826
`
`"biometric key" had a "special meaning" based on several works from other
`
`researchers, submitted by Petitioner as new exhibits 1025-1029. Ex-1018, ¶21.2 But
`
`exhibits 1025-1028 do not even use the term "biometric key," while exhibit 1029,
`
`dated the year before Maritzen was filed, actually claims to "coin the name
`
`'Biometric Key Cryptography'" for what it describes as a "novel" concept at the
`
`time.3 Ex-1029, 12.4 Thus, if anything, exhibits 1025-1029 show that "biometric
`
`key" was not a term of art at all, and certainly not at the time Maritzen was filed.
`
`Second, even if "biometric key" were a term of art for a "cryptographic
`
`key…derived from biometric information" (it was not), a POSITA would have
`
`understood that is not how the term was used in Maritzen. As Dr. Jakobsson
`
`explained, Maritzen's biometric key is not a cryptographic key at all, but a database
`
`key (a well-known term in the art) used by Maritzen's clearing house in performing
`
`2 Exhibits 1025-1029 (and Dr. Shoup's discussion thereof) should be disregarded
`
`both as new evidence and because these exhibits are not discussed (or even cited) in
`
`the Reply.
`
`3 Emphasis added throughout.
`
`4 Notably, exhibit 1029 was not a formal peer-reviewed publication, but merely a
`
`"Technical Report" that had been cited only several times as of Maritzen's filing. Id.
`
`3
`
`
`
`Case No. IPR2018-00810
`U.S. Patent No. 9,100,826
`
`a database lookup. Ex-1004, [0048]; Ex-1017 (Jakobsson Tr.), 203:9-12, 205:21-
`
`206:10.
`
`Hence, Petitioner has not shown that Maritzen's "biometric key" had any
`
`special meaning based on its use in the field. Instead, Maritzen's "biometric key" is
`
`only what Maritzen says it is, and Maritzen never says that the "biometric key" is
`
`determined or derived (or created) from "first biometric information." Rather,
`
`Maritzen suggests the opposite. POR, 22-25.
`
`The Petition alleged that the claimed "first handheld device" is Maritzen's
`
`"PTD" with an "integrated privacy card" (Pet., 20-22) and, as the POR showed,
`
`there is no disclosure in Maritzen that a biometric key is even created in this
`
`embodiment. POR, 22-25. In its Reply, Petitioner argues that an integrated "privacy
`
`card still generates and transmits the biometric key to the PTD to unlock the PTD"
`
`in response to biometric authentication, but fails to identify any such disclosure in
`
`Maritzen. Reply, 5-6. In fact, it's not disclosed. To the contrary, Maritzen teaches
`
`that the privacy card does not even validate biometric information when it is
`
`integrated within the PTD; instead, the PTD performs validation directly. Ex-1004,
`
`[0044], [0088], [0109], [0124], [0148], [0164] ("If privacy card 110 is within PTD
`
`100, validation of the biometric information may be conducted by PTD 100.
`
`Alternatively, if privacy card 110 is separate from PTD 100, validation is conducted
`
`by privacy card 110."). The PTD would not directly validate the biometric input,
`
`4
`
`
`
`Case No. IPR2018-00810
`U.S. Patent No. 9,100,826
`only for a privacy card in the PTD to then "create[] a biometric key that is
`
`transmitted to PTD…[and] used to unlock PTD." Ex-1004, [0044]; POR, 23-25.
`
`Instead, a POSITA would have understood it more likely in this embodiment that
`
`after the PTD validates the user's biometric input, the PTD simply retrieves the
`
`biometric key from "PTD memory" to use in a transaction. Ex-1004, [0069].5 At
`
`the least, a POSITA would have understood the PTD does not necessarily determine
`
`or derive the "biometric key" from "first biometric information."
`
`In contrast, Maritzen does disclose that the privacy card validates biometric
`
`information and creates and transmits a biometric key to unlock the PTD when the
`
`privacy card is "separate from PTD." Ex-1004, [0044]. However, even in this
`
`embodiment (on which Petitioner does not rely), Maritzen never discloses how or
`
`from what the privacy card creates a biometric key, and the fact that it does so "if
`
`5 Petitioner contends that "PTD does not have to retrieve and transmit the same
`
`biometric key" because there were ways to "dynamically generat[e] biometric keys
`
`based on biometric information." Reply, 6-7. In fact, contrary to Petitioner's
`
`assertion, there was no effective way to reliably generate cryptographic keys from
`
`biometric information at the time Maritzen was filed. See, e.g., Ex-1027, 34-35
`
`(section on "Real-world biometric systems").
`
`5
`
`
`
`Case No. IPR2018-00810
`U.S. Patent No. 9,100,826
`
`the biometric input is valid" (Ex-1004, [0044]) does not necessarily mean that the
`
`biometric key is "determined" or "derived" from the biometric input. POR, 22-25.
`
`2.
`
`The Petition did not show that a POSITA would have been
`motivated to combine Maritzen with Jakobsson's "combination
`function" to meet the recited "first authentication information"
`
`The POR demonstrated that the Petition failed to prove that a POSITA would
`
`have been motivated to combine Jakobsson's "combination function" with Maritzen
`
`because, among other things, both references teach away from such a combination,
`
`the combination would change the basic principles under which Maritzen was
`
`designed to operate, and the combination would render Maritzen inoperable for its
`
`intended purpose. POR, 25-36. In an effort to avoid these problems, Petitioner's
`
`Reply mischaracterizes both the references and the briefing. Reply, 7-14.
`
`Petitioner attempts to trivialize Maritzen's teachings to provide anonymity and
`
`avoid transmission of any user information during a transaction as mere
`
`"implementation details." Reply, 7. But they are not. In fact, Maritzen's very
`
`purpose is to fill the need for "real-time settlement of vehicle-accessed, financial
`
`transactions that provide[s] anonymity and security." Ex-1004, [0006]. To that end,
`
`Maritzen emphasizes at least six times that the PTD "does not transmit any user
`
`information" during a transaction. Ex-1004, [0045]; [0090], [0111], [0128], [0150],
`
`[0166] ("No user information is transmitted"). Instead, the PTD transmits only a
`
`"transaction key" (not user information). Id. This is critical to Maritzen's purpose,
`
`6
`
`
`
`Case No. IPR2018-00810
`U.S. Patent No. 9,100,826
`and it teaches directly away from Jakobsson's transmission of a user name and/or
`
`other user identifying information along with its authentication code.6 Ex-2003,
`
`¶¶72-79; Ex-1017 (Jakobsson Tr.), 103:10:19, 104:19-106:15; Ex-1005, [0004],
`
`[0021], [0097], [0112]; POR, 26-31.
`
`Next, Petitioner incorrectly contends that Maritzen does not teach "To Avoid
`
`Sending User Information." Reply, 7-10. First, Petitioner notes that Maritzen only
`
`teaches to avoid exposing user information to the VAPGT, not the clearing house,
`
`which clearly does store and access user information. Reply, 7-9. That is of no
`
`consequence. Of course Maritzen's clearing house stores and accesses user
`
`information—it uses such information, for example, to "negotiate[] with a financial
`
`processor" during a transaction (Ex-1004, [0050])—but that is irrelevant to why
`
`Maritzen teaches away from Jakobsson.7
`
`6 Even if the Board finds there is no teaching away, these "statements regarding
`
`preferences are [still] relevant to a finding regarding whether a skilled artisan would
`
`be motivated to combine [the references]." Polaris Industries, Inc. v. Arctic Cat,
`
`Inc., 882 F.3d 1056, 1069 (Fed. Cir. 2018).
`
`7 Petitioner also notes that user information could conceivably be shared with the
`
`clearing house during a "set up stage." Reply, 8. There is no such disclosure in
`
`Maritzen, but even if there were, such sharing would also be irrelevant.
`
`7
`
`
`
`Case No. IPR2018-00810
`U.S. Patent No. 9,100,826
`
`Maritzen seeks to maintain anonymity from the VAPGT (and other
`
`transaction intermediaries). Hence, it teaches that the PTD does not send "any user
`
`information" to the VAPGT during a transaction. Ex-1004, [0045]. And, since the
`
`VAPGT generates and sends the transaction request to the clearing house (which
`
`receives only the transaction request and transaction key), this also necessarily
`
`means that no user information is sent to (or received or verified by) the clearing
`
`house during the transaction. Ex-1004, [0045]-[0048]; [0090]-[0093], [0111]-
`
`[0113], [0128]-[0130]. Maritzen teaches against the transmission and verification
`
`of user information during a transaction, while Jakobsson requires the transmission
`
`and verification of such user information in order to utilize its "combination
`
`function." Ex-2003, ¶¶72-79; POR, 26-31.
`
`Second, Petitioner asserts that Maritzen only "advises against sending
`
`unprotected personal information, but in no way discourages sending encrypted
`
`personal information." Reply, 9-10. That is plainly false. Maritzen never discloses
`
`that the PTD may send user information if it is encrypted. Instead, Maritzen
`
`repeatedly teaches that the PTD "does not transmit any user information," but
`
`transmits only a "transaction key" (i.e., not user information) that may or may not be
`
`"encrypted prior to transmission." Id. Hence, Maritzen draws no distinction that
`
`allows for transmission of encrypted user information. Rather, it simply teaches that
`
`"[n]o user information is transmitted." Ex-1004, [0090].
`
`8
`
`
`
`Case No. IPR2018-00810
`U.S. Patent No. 9,100,826
`
`Next, Petitioner incorrectly contends that Maritzen does not teach "To
`
`Maintain User Anonymity." Reply, 10-11. As discussed above, Maritzen's very
`
`purpose is to provide a system for "secure, anonymous, real time settlement of
`
`financial transactions." Ex-1004, [0031]. Petitioner also asserts that "anonymous
`
`systems exist that send some forms of user information" (Reply, 11), but even if that
`
`were true, Maritzen repeatedly teaches that "[n]o user information is transmitted"
`
`during a transaction in its system. Ex-1004, [0090]. Instead, the PTD sends only a
`
`transaction key, which is clearly not user information. Id.8
`
`Next, Petitioner mischaracterizes the Petition, asserting that it "Only Relies
`
`On Jakobsson For The Limited Application Of Known Techniques." Reply, 11-12.
`
`In fact, the Petition sought to combine Maritzen with Jakobsson's "combination
`
`function." Pet., 41-46. And implementing Jakobsson's combination function would
`
`require an overhaul of Maritzen's system, including modifying the PTD to maintain
`
`at least time, secret, event state, and user biometric information, and to maintain and
`
`transmit associated user identification information; and modifying the clearing
`
`house to maintain and process the same time, secret, event state, user biometric
`
`8 Petitioner suggests that the "PTD identifier" could be user information (Reply,
`
`11), but the PTD identifier is a part of the transaction request, which Maritzen clearly
`
`and repeatedly distinguishes from user information. Ex-1004, [0045].
`
`9
`
`
`
`Case No. IPR2018-00810
`U.S. Patent No. 9,100,826
`
`information, and user identification information. Petitioner cannot just pick and
`
`choose the parts it likes and ignore the rest—all of these changes would be needed
`
`to make Jakobsson's combination function work in Maritzen's system.9 Ex-2003,
`
`¶¶80-82; POR, 31-33.
`
`Finally, Petitioner argues that "Jakobsson’s Teachings Are Compatible With
`
`Maritzen" (Reply, 12-14), but as demonstrated by the POR (pgs. 25-36), they are
`
`not. First, Petitioner contends that "both Maritzen and Jakobsson are directed toward
`
`secure financial transactions" (Reply, 12), but Jakobsson is not directed to financial
`
`transactions at all. Ex-2003, ¶¶85-88; Ex-1017 (Jakobsson Tr.), 103:3-111:22; POR,
`
`35. Second, Petitioner asserts that "Maritzen only advises against sending user
`
`information in an unprotected fashion" (Reply, 12), but as discussed above, that is
`
`plainly false. Third, Petitioner alleges that "Jakobsson’s authentication does not
`
`send any such information in the clear" (Reply, 12-13), but that is also incorrect
`
`because Jakobsson requires that a user name and/or other user identifying
`
`information be sent with its authentication code. Ex-2003, ¶¶75-77; Ex-1017
`
`(Jakobsson Tr.), 103:10:19, 104:19-106:15; Ex-1005, [0004], [0021], [0097],
`
`9 Moreover, to the extent Petitioner now seeks to combine only parts of Jakobsson's
`
`combination function with Maritzen, that is a new theory that should be disregarded
`
`because it was improperly asserted for the first time in Petitioner's Reply.
`
`10
`
`
`
`Case No. IPR2018-00810
`U.S. Patent No. 9,100,826
`
`[0112]; POR, 28-30. Lastly, Petitioner contends that the references disclose the
`
`same user devices because "Figure 6a of Maritzen makes clear that Maritzen’s PTD
`
`can be a cellular telephone" (Reply, 13-14), but as discussed in Section I.F below,
`
`Maritzen contains no such disclosure.
`
`B.
`
`The Petition Failed To Show Authentication Of A User Based On
`"Authentication Information" (Limitations 1[a], 10[a])
`
`The POR demonstrated that the Petition failed to meet its burden for
`
`limitations 1[a] and 10[a] because it improperly identified Maritzen's "biometric
`
`information" as both the "first biometric information" and the separately recited
`
`"authentication information" used to authenticate a user, when the language of the
`
`claims precludes such double-counting. POR, 12-15, 36-38. Petitioner's Reply
`
`maintains that the same biometric information may satisfy both claim elements, yet
`
`fails to resolve the faults inherent in this interpretation of the claims. Reply, 1-3, 14.
`
`For example, claim 10 prohibits Petitioner's interpretation because it requires
`
`performing the step of "authenticating…a user…based on authentication
`
`information," and then performing the step of "retrieving or receiving first
`
`biometric information of the user," thereby requiring authentication with
`
`"authentication information" before the "first biometric information" is even
`
`retrieved or received. POR, 13-14, 37-38. In an attempt to sidestep this problem,
`
`Petitioner simply states that claim 10 "[does] not require any specific sequence," but
`
`11
`
`
`
`Case No. IPR2018-00810
`U.S. Patent No. 9,100,826
`
`bases this unsupported assertion on the incorrect belief that a sequence must be
`
`"expressly set forth in the claim." Reply, 3. In fact, even the case Petitioner cites in
`
`its Reply specifically recognizes that a claim may also "implicitly require that its
`
`steps be performed in the order written." Interactive Gift Exp., Inc. v. Compuserve
`
`Inc., 256 F.3d 1323, 1342-43 (Fed. Cir. 2001). And such is the case here, as claim
`
`10 recites "retrieving or receiving first biometric information of the user" who has
`
`already been authenticated by the device "based on authentication information."
`
`Based on its misunderstanding of the law, Petitioner does not even address this fatal
`
`flaw in its interpretation of the claim.10
`
`Petitioner also asserts that "the specification identifies 'biometric information'
`
`as one example of 'authentication information'" and that a POSITA would have
`
`understood the same (Reply, 3, 14), but that is beside the point. Even if Petitioner's
`
`assertions were true, the specific language of the challenged claims still precludes
`
`Petitioner's reliance on the same biometric information in Maritzen as both the
`
`recited "first biometric information" and "authentication information." See Becton,
`
`Dickinson & Co. v. Tyco Healthcare Grp., LP, 616 F.3d 1249, 1254 (Fed. Cir. 2010)
`
`("Where a claim lists elements separately, the clear implication of the claim
`
`10 Petitioner's interpretation of claim 1 is also flawed. POR, 12-15, 36-38.
`
`12
`
`
`
`Case No. IPR2018-00810
`U.S. Patent No. 9,100,826
`
`language is that those elements are distinct component[s] of the patented
`
`invention.") (citations omitted). Thus, Petitioner did not meet its burden.11
`
`C.
`
`The Petition Failed To Show Retrieving Or Receiving "Second
`Biometric [Information/Data]" (Limitations 21[i], 30[d])
`
`The POR demonstrated that the Petition failed to show a POSITA would have
`
`been motivated to combine Jakobsson's "distributed system" with Maritzen to arrive
`
`at these claim limitations. POR, 38-40. The Reply does not and cannot remedy this
`
`defect in Petitioner's combination. Reply, 15-16.
`
`As it did in addressing limitations 1[h], 10[c], 21[g], 30[b], the Reply attempts
`
`to circumvent Maritzen's repeated and expressed teaching that the PTD "does not
`
`transmit any user information" to the VAPGT during a transaction. Ex-1004,
`
`11 Petitioner's construction of "authentication information" also suffers from other
`
`flaws. First, it refers to "the system," a term that does not even appear in claims 10
`
`and 30. POR, 11-12. Petitioner fails to address this ambiguity. Second, some claims
`
`require that "first authentication information" is determined from "biometric
`
`information." POR, 14-15. To try to avoid this problem, Petitioner contends that its
`
`construction covers only "authentication information," not "first authentication
`
`information" (Reply, 2), but the actual construction draws no such distinction, and
`
`would thereby cover both of these terms.
`
`13
`
`
`
`Case No. IPR2018-00810
`U.S. Patent No. 9,100,826
`
`[0045]; [0090], [0111], [0128], [0150], [0166]. The Reply also ignores Maritzen's
`
`repeated disclosure that it is the VAPGT that generates and sends the transaction
`
`request to the clearing house, and the necessary consequence that the clearing house
`
`only receives and only verifies the contents of the transaction request and transaction
`
`key, which do not contain any user information (biometric or otherwise). Ex-1004,
`
`[0045]-[0048]; [0090]-[0093], [0111]-[0113], [0128]-[0130]. For these reasons, and
`
`as explained more fully in the POR and in Section I.A.2. above, a POSITA would
`
`have had no motivation to modify Maritzen's clearing house to store and use
`
`biometric information of the user, as handling such information would be a pointless
`
`risk without any information in a transaction request to compare it to.
`
`D.
`
`The Petition Failed To Show Receiving "First Authentication
`Information" (Limitation 21[h])
`The Petition alleged that "Jakobsson discloses this limitation." Pet., 62; Ex-
`
`1002, ¶162. After the POR pointed out Petitioner's complete failure of proof (POR,
`
`40-41), Petitioner now contends that "Maritzen discloses [this] limitation." Reply,
`
`16-17. But Petitioner ignores that the Petition never alleged that Maritzen discloses
`
`the limitation. Hence, this is a new theory that should be disregarded because it was
`
`improperly asserted for the first time in Petitioner's Reply.
`
`Petitioner's new theory also fails on the merits. For example, Petitioner
`
`alleges that Maritzen discloses limitation 21[h] because its "clearing house" receives
`
`14
`
`
`
`Case No. IPR2018-00810
`U.S. Patent No. 9,100,826
`
`a "biometric key [first authentication information…]." Reply, 17. But as
`
`explained in the POR (pgs. 22-25) and Section I.A.1. herein, Maritzen's "biometric
`
`key" is not "first authentication information" because it is not "derived from the first
`
`biometric information." Thus, Maritzen also fails to disclose limitation 21[h].
`
`E.
`
`The Petition Failed To Show Authentication Based On "Second
`Biometric Information" (Limitation 30[e])
`The Petition alleged that "Maritzen discloses…limitation" 30[e], relying
`
`solely on its analysis of Maritzen's purported disclosure of limitation 1[l]. Pet., 74;
`
`Ex-1002, ¶202. In response, the POR explained why Petitioner's analysis of
`
`limitation 1[l] failed to show that Maritzen discloses limitation 30[e] because, among
`
`other things, Maritzen's "pre-established biometric key" is not "second biometric
`
`information." POR, 41-43. In response, Petitioner asserts a new theory, arguing that
`
`limitation 30[e] is actually disclosed by the combination of "Maritzen and
`
`Jakobsson," and attempts to support its new theory with new citations to the
`
`references and Petition's analysis of numerous other claim limitations. Reply, 17-
`
`18. But Petitioner ignores that the Petition never alleged that the combination of
`
`Maritzen and Jakobsson discloses limitation 30[e]. This is a new theory based on
`
`new evidence and arguments that should all be disregarded because they were
`
`improperly introduced for limitation 30[e] for the first time in Petitioner's Reply.
`
`15
`
`
`
`Case No. IPR2018-00810
`U.S. Patent No. 9,100,826
`
`Moreover, Petitioner's new theory fails on the merits. First, Petitioner does
`
`not even allege (let alone attempt to show how or why) a POSITA would have been
`
`motivated to combine Maritzen and Jakobsson to meet the specific requirements of
`
`limitation 30[e]. See Pet., 74; Reply, 17-18. This alone is fatal, especially in light
`
`of the fundamental differences between these references, as discussed in the POR
`
`(pgs. 25-36, 38-40) and Sections I.A.2. and I.C. herein. Second, Petitioner still
`
`contends that Maritzen's "pre-established biometric key" is "second biometric
`
`information" (Reply, 18), but as explained in the POR (pg. 42), it cannot be because
`
`the "biometric key" is not "biometric information" at all. Third, Petitioner contends
`
`that Maritzen's "biometric key" is "first authentication information" (Reply, 18), but
`
`as explained in the POR (pgs. 22-25) and Section I.A.1. herein, it cannot be because
`
`it is not "derived from the first biometric information." Hence, Petitioner's new
`
`theory also fails.
`
`F.
`
`The Petition Failed To Show The "First Handheld Device"
`(Limitations 1[a], 10[a], 21[a], 30[a])
`
`The Petition identified Maritzen's "PTD" as the "first handheld device," but
`
`did not present any arguments or evidence to show that the PTD is "handheld." See
`
`Pet., 20; Ex-1002, ¶49.12 Instead, Petitioner held back its arguments, improperly
`
`12 The POR analyzed this failure of proof. POR, 43-45.
`
`16
`
`
`
`Case No. IPR2018-00810
`U.S. Patent No. 9,100,826
`
`introducing them for the first time in its Reply. Id., 19-21. These new arguments
`
`should be disregarded on that basis alone, but they also fail on the merits.
`
`First, Petitioner argues for the first time that a POSITA would have
`
`understood the PTD is handheld because "personal devices are typically kept on a
`
`user's person…[and are] small and capable of being held in one's hand." Reply, 19.
`
`But the term "personal" imparts no such meaning; rather, it simply indicates that a
`
`device
`
`is
`
`"of …
`
`a
`
`particular
`
`person"
`
`(https://www.merriam-
`
`webster.com/dictionary/personal). Many "personal devices" are not handheld.
`
`POR, 44-45.13 For example, a "personal computer" generally refers to a desktop
`
`computer, not a handheld device (and this was especially true when Maritzen was
`
`filed). Ex-1017 (Jakobsson Tr.), 215:19-216:2. Hence, the word "personal" does
`
`not indicate that the PTD must be handheld.
`
`Second, Petitioner argues for the first time that "Maritzen describes various
`
`embodiments of the PTD and its embedded privacy card as being 'the size of a credit
`
`13 Petitioner's unsupported assertion that a POSITA would not consider toll
`
`transponders and other vehicular devices to be "personal" devices (Reply, 19) stems
`
`from its misunderstanding of the term "personal." Indeed, even an entire vehicle
`
`can be "personal" (i.e., a personal vehicle).
`
`17
`
`
`
`Case No. IPR2018-00810
`U.S. Patent No. 9,100,826
`
`card,'" and that such a device is handheld. Reply, 19.14 But Petitioner is plainly
`
`wrong. Although Maritzen discloses that the "privacy card…is configured, in one
`
`embodiment, to be the size of a credit card" (Ex-1004, [0069]), Maritzen never
`
`describes the PTD in that way (whether it contains an integrated privacy card or not).
`
`Third, Petitioner argues for the first time that the heavily blurred images in
`
`Maritzen's Figures 6a and 6b "disclose embodiments of the PTD that are clearly
`
`handheld devices," but identifies no such disclosure in Maritzen (as none exists).
`
`Reply, 20. Petitioner asserts that "Figure 6a is a cellular telephone," but cites no
`
`evidence. For example, Petitioner has not shown that any cellular telephone
`
`available when Maritzen was filed even had a "biometric input," let alone identified
`
`any model that looks anything like the unnamed device depicted in Figure 6a.
`
`Petitioner also contends that the presence of a "biometric input" "reveals that the
`
`dimensions of the entire device are proportioned for handheld use"—this is wrong,15
`
`but even if correct, it would equally reveal that the device is "proportioned" to be
`
`14 Petitioner misleadingly quotes Dr. Jakobsson on this point, omitting significant
`
`intervening and surrounding testimony. See Ex-1017 (Jakobsson Tr.), 208:16-209:9.
`
`15 Maritzen discloses using "any means of biometric access." Ex-1004, [0043].
`
`Thus, the biometric input components in the figures may not be fingerprint sensors,
`
`and the size of those components is unclear. Ex-1017 (Jakobsson Tr.), 211:2-212:2.
`
`18
`
`
`
`Case No. IPR2018-00810
`U.S. Patent No. 9,100,826
`
`mounted in a vehicle (e.g., on the dashboard, sun visor, etc.). Hence, as explained
`
`in the POR, a POSITA would have been unable to determine from the heavily
`
`blurred images in Figures 6a and 6b whether the devices are meant to be mounted or
`
`handheld. E