Paper No. 30
`
`UNITED STATES PATENT AND TRADEMARK OFFICE
`
`________________
`
`BEFORE THE PATENT TRIAL AND APPEAL BOARD
`
`________________
`
`APPLE INC.,
`
`Petitioner,
`
`v.
`
`UNIVERSAL SECURE REGISTRY LLC,
`
`Patent Owner
`
`________________
`
`Case IPR2018-00810
`
`U.S. Patent No. 9,100,826
`
`________________
`
`PATENT OWNER’S REPLY IN SUPPORT OF ITS MOTION TO AMEND
`PURSUANT TO 37 C.F.R. § 42.121
`
`
`
`UNITED STATES PATENT AND TRADEMARK OFFICE
`
`________________
`
`BEFORE THE PATENT TRIAL AND APPEAL BOARD
`
`________________
`
`APPLE INC.,
`
`Petitioner,
`
`v.
`
`UNIVERSAL SECURE REGISTRY LLC,
`
`Patent Owner
`
`________________
`
`Case IPR2018-00810
`
`U.S. Patent No. 9,100,826
`
`________________
`
`PATENT OWNER’S REPLY IN SUPPORT OF ITS MOTION TO AMEND
`PURSUANT TO 37 C.F.R. § 42.121
`
`
`
`TABLE OF CONTENTS
`
`Case No. IPR2018-00810
`U.S. Patent No. 9,100,826
`
`Page
`
`PATENT OWNER’S LIST OF EXHIBITS .............................................................. 1
`I.
`INTRODUCTION ........................................................................................... 3
`II.
`SUBSTITUTE CLAIMS DIRECTED AT UNCHALLENGED
`CLAIMS .......................................................................................................... 3
`III. CLAIM 56 HAS WRITTEN DESCRIPTION SUPPORT.............................. 3
`IV.
`SUBSTITUTE CLAIMS ARE NOVEL AND NONOBVIOUS .................... 6
`A.
`Petitioner Fails to Address “the digital signature generated
`using a private key associated with the first handheld device”
`(36[f]) .................................................................................................... 6
`Petitioner Fails to Address Several Limitations of Claim 45................ 8
`A POSITA Would Not Combine Jakobsson, Maritzen, and
`Schutzer By Prepending First Authentication Information................. 10
`Prior Art Fails to Disclose Limitations 56[c] and 56[e]...................... 14
`D.
`SUBSTITUTE CLAIMS ARE PATENT ELIGIBLE UNDER § 101 .......... 20
`PETITIONER’S ALLEGATIONS CONCERNING PATENT
`OWNER’S BREACH OF ITS DUTY OF CANDOR ARE
`MERITLESS .................................................................................................. 24
`VII. CONCLUSION .............................................................................................. 25
`
`V.
`VI.
`
`B.
`C.
`
`i
`
`
`
`Case No. IPR2018-00810
`U.S. Patent No. 9,100,826
`TABLE OF AUTHORITIES
`
`Cases
`
`Page
`
`Alice,
`134 S. Ct. at 2355 .......................................................................................... 21, 23
`Aqua Prods., Inc. v. Matal,
`872 F.3d 1290 (Fed. Cir. 2017) ............................................................................. 7
`Ariosa Diagnostics v. Verinata Health, Inc.,
`805 F.3d 1359 (Fed. Cir. 2015) .................................................................. 7, 8, 10
`Daikin Industries, Ltd. v. The Chemours Company FC, LLC,
`IPR2018-00993, Paper 12 ....................................................................................25
`KSR Int’l. Co. v. Teleflex, Inc.,
`550 U.S. 398 (2007) ...................................................................................... 10, 23
`Lectrosonics, Inc. v. Zaxcom, Inc.,
`IPR2018-01129, -01130, Paper 15 (Feb. 25, 2019) .............................................24
`Ex parte Levy,
`17 USPQ2d 1461 (Bd. Pat. App. & Inter. 1990) ................................................... 6
`In re Oda,
`443 F.2d 1200, 170 USPQ 268 (CCPA 1971) ....................................................... 3
`Polaris Industries, Inc. v. Arctic Cat, Inc.,
`882 F.3d 1056 (Fed. Cir. 2018) .................................................................... 10, 11
`Universal Secure Registry, LLC v. Apple, Inc.,
`1:17-cv-00585-JFB-SRF, Dkt. 137 (D. Del. Sep. 18, 2018) ........................ 20, 21
`Statutory Authorities
`35 U.S.C. § 112 .......................................................................................................... 3
`Rules and Regulations
`37 C.F.R. § 42.6(e) ...................................................................................................27
`37 C.F.R. § 42.121 ...................................................................................................27
`Other Authorities
`Office Patent Trial Practice Guide August 2018 Update,
`83 Fed. Reg. 39989 .......................................................................................... 7
`
`ii
`
`
`
`Case No. IPR2018-00810
`U.S. Patent No. 9,100,826
`
`Ex. 2001
`
`Ex. 2002
`
`Ex. 2003
`
`Ex. 2004
`
`Ex. 2005
`
`Ex. 2006
`
`Ex. 2007
`
`Ex. 2008
`
`Ex. 2009
`
`Ex. 2010
`
`Ex. 2011
`
`Ex. 2012
`
`Ex. 2013
`
`Ex. 2014
`
`PATENT OWNER’S LIST OF EXHIBITS
`
`Declaration ISO Motion Pro Hac Vice Harold Barza.
`
`Declaration ISO Motion Pro Hac Vice Jordan Kaericher.
`
`Declaration of Dr. Markus Jakobsson ISO
`Patent Owner’s Response.
`
`Curriculum Vitae of Dr. Markus Jakobsson.
`
`Transcript of December 14, 2018 Deposition of Dr.
`Victor John Shoup.
`
`N. Asokan, et. al, The State of the Art in Electronic
`Payment Systems, IEEE Computer, Vol. 30, No. 9, pp.
`28-35 (IEEE Computer Society Press, Sept. 1997).
`
`M. Baddeley, Using E-Cash in the New Economy: An
`Economic Analysis of Micropayment Systems, J.
`Electronic Commerce Research, Vol. 5, No. 4, pp. 239-
`253 (Nov. 2004).
`
`U.S. Application No. 14/027,860.
`
`U.S. Application No. 11/677,490.
`
`U.S. Provisional Application No. 60/775,046.
`
`U.S. Provisional Application No. 60/812,279.
`
`U.S. Provisional Application No. 60/859,235.
`
`Declaration by Dr. Markus Jakobsson ISO Motion to
`Amend.
`
`U.S. District Court for Delaware Report and
`Recommendation.
`
`1
`
`
`
`Case No. IPR2018-00810
`U.S. Patent No. 9,100,826
`
`Ex. 2015
`
`Declaration by Dr. Markus Jakobsson ISO Reply to
`MTA Opposition.
`
`Ex. 2016
`
`Rough transcript of deposition of Dr. Ari Juels.
`
`2
`
`
`
`Case No. IPR2018-00810
`U.S. Patent No. 9,100,826
`
`UNIVERSAL SECURE REGISTRY LLC (“Patent Owner”) submits this
`
`Reply in support of its Conditional MTA, Paper 19 (“Motion”), in response to
`
`Petitioner’s Opposition to Patent Owner’s Conditional MTA, Paper 25 (“Op.”).
`
`I.
`
`INTRODUCTION
`
`Petitioner’s unpatentability analysis of the substitute claims in view of the
`
`prior art consistently neglects to address key claim limitations found in the substitute
`
`claims. For instance, the Opposition makes no mention of amended limitations 45[e]
`
`and 45[g] and similarly fails to account for the “separable fields” amendment of
`
`independent claim 45. Omissions like this are endemic to Petitioner’s brief, and
`
`Petitioner’s failure to make a prima facie case of obviousness in its Opposition
`
`cannot be saved by attempts to fill these omissions in its sur-reply, to which Patent
`
`Owner will have no opportunity to respond.
`
`II.
`
`SUBSTITUTE CLAIMS DIRECTED AT UNCHALLENGED CLAIMS
`
`Per the conference call the parties had with the Board on April 22, 2019, all
`
`substitute claims directed at unchallenged claims are void. The Board also indicated
`
`that inclusion of such substitute claims do not render the Motion invalid.
`
`III. CLAIM 56 HAS WRITTEN DESCRIPTION SUPPORT
`
`Petitioner contends that substitute claim 56 lacks written description support
`
`and is therefore invalid under 35 U.S.C. § 112. Op. at 3-4. Patent Owner disagrees.
`
`3
`
`
`
`Case No. IPR2018-00810
`U.S. Patent No. 9,100,826
`
`Among other things, limitations 56[c] and 56[e] specify that the first
`
`authentication information includes a first key encrypted by a second key and that
`
`the encrypted first key is decrypted using the second key to retrieve the first key.
`
`Motion at B6. The specification describes that a first wireless signal includes “a PKI
`
`encrypted one-time DES key.” Ex. 2008 at 49:24-26. The specification further
`
`describes how “[t]he second wireless device uses the first public key to decrypt the
`
`PKI encrypted DES key.” Id. at 50:30-31. In response to this disclosure, Petitioner
`
`states “a value encrypted with a public key, which is an asymmetric key, could not
`
`be decrypted using the same public key. Even with extensive experimentation, it
`
`would be impossible for a POSITA to implement encryption and decryption with a
`
`public key.” Op. at 4. Patent Owner admits that the specification as written contains
`
`an obvious error: a public key cannot be used to decrypt ciphertext. Ex. 2015,
`
`Jakobsson Decl. at ¶ 30.
`
`An amendment to correct an obvious error does not constitute new matter
`
`where the ordinary artisan would not only recognize the existence of the error in the
`
`specification, but also recognize the appropriate corrections. In re Oda, 443 F.2d
`
`1200, 170 USPQ 268 (CCPA 1971). The obvious error noted by Petitioner in the
`
`’860 Application would be immediately recognized by a POSITA, who would also
`
`recognize the appropriate corrections. Ex. 2015, Jakobsson Decl. at ¶ 31.
`
`4
`
`
`
`Case No. IPR2018-00810
`U.S. Patent No. 9,100,826
`
`Specifically, as explained by Dr. Jakobsson, a POSITA would know that a public
`
`key cannot be used to both encrypt and decrypt data. Ex. 1017, Jakobsson Depo. Tr.
`
`at 52:16-55:16. Upon identifying this obvious error, a POSITA would also readily
`
`recognize two corrections—both very trivial in nature—that would clarify the
`
`specification. Ex. 2015, Jakobsson Decl. at ¶ 31.
`
`First, since a public key cannot be used to both encrypt and decrypt data, a
`
`POSITA would readily understand that the recipient’s public key would have been
`
`used to encrypt the data (e.g., second wireless device’s public key used to encrypt
`
`DES key) and the recipient’s private key would be used to decrypt the data (e.g.,
`
`second wireless device’s private key used to decrypt encrypted DES key). Ex. 1017,
`
`Jakobsson Depo. Tr. at 52:16-55:16; Ex. 2015, Jakobsson Decl. at ¶ 32. Also, since
`
`an asymmetric, public key cannot be used
`
`to perform
`
`symmetric
`
`encryption/decryption, then the key described in the specification as performing the
`
`desired symmetric encryption and decryption of the DES key may simply be a
`
`symmetric key like the claimed “second key.” Id. A POSITA would readily
`
`recognize both of these corrections in view of the teachings of the specification. Id.
`
`As such, these portions of the specification provide written description and enabling
`
`support for limitations 56[c] and 56[e]. Id.
`
`5
`
`
`
`Case No. IPR2018-00810
`U.S. Patent No. 9,100,826
`
`IV.
`
`SUBSTITUTE CLAIMS ARE NOVEL AND NONOBVIOUS
`
`A.
`
`Petitioner Fails to Address “the digital signature generated using
`a private key associated with the first handheld device” (36[f])
`
`Petitioner fails to show that the prior art of record discloses “the digital
`
`signature generated using a private key associated with the first handheld
`
`device.” Motion at B1 (36[f]). Notably, Petitioner ignores this claim limitation in its
`
`analysis of the prior art. See Op. at 5-10. Instead, Petitioner’s myopic approach
`
`focuses only on whether Schutzer discusses a “digital signature,” and neglects to dig
`
`deeper as to whether Schutzer’s digital signature is specifically generated using a
`
`private key associated with a handheld device. See Op. at 9 (citing Ex. 1030,
`
`Schutzer, ¶29). A close review of the cited portion of Schutzer reveals that Schutzer
`
`is silent on how the digital signature is generated, such as who or what generated the
`
`digital signature. Ex. 2015, Jakobsson Decl. at ¶ 33. In particular, no explicit or
`
`implicit1 disclosure is made that Schutzer’s digital signature was generated using a
`
`private key of a handheld device. Id.
`
`1 No implicit disclosure is made in Schutzer that the digital signature is necessarily
`
`generated by a private key of the user’s computing device 10. Ex parte Levy, 17
`
`USPQ2d 1461, 1464 (Bd. Pat. App. & Inter. 1990) (requiring that the inherent
`
`6
`
`
`
`Case No. IPR2018-00810
`U.S. Patent No. 9,100,826
`
`“[Section] 316(e) unambiguously requires the petitioner to prove all
`
`propositions of unpatentability, including for amended claims.” Aqua Products,
`
`Inc. v. Matal, 872 F.3d 1290, 1296 (Fed. Cir. 2017) (emphasis added). Here,
`
`Petitioner’s failure to address the claim limitation “the digital signature generated
`
`using a private key associated with the first handheld device” represents an
`
`incurable defect to its prima facie case of unpatentability of substitute claim 36.
`
`Moreover, Petitioner cannot introduce new arguments in its sur-reply in an attempt
`
`to fill holes in its prima facie showing. Ariosa Diagnostics v. Verinata Health, Inc.,
`
`805 F.3d 1359, 1367 (Fed. Cir. 2015) (Affirming Board’s rejection of Petitioner’s
`
`reliance on “previously unidentified portions of a prior-art reference to make a
`
`meaningfully distinct contention” in its Reply); Office Patent Trial Practice Guide
`
`August 2018 Update, 83 Fed. Reg. 39989 (referencing August 2018 update at
`
`https://go.usa.gov/xU7GP at pg. 14). Accordingly, the record fails to demonstrate
`
`characteristic necessarily flow from the teachings of the prior art). Indeed,
`
`Schutzer’s digital signature may be generated using the private key of a certificate
`
`authority and be used as part of a digital certificate to authenticate the user. Ex.
`
`2015, Jakobsson Decl. at ¶ 34. The digital signature may also be that of the user itself
`
`and not the user’s device. Id. at ¶ 35.
`
`7
`
`
`
`Case No. IPR2018-00810
`U.S. Patent No. 9,100,826
`
`that the prior art discloses or renders obvious “the digital signature generated using
`
`a private key associated with the first handheld device.”
`
`B.
`
`Petitioner Fails to Address Several Limitations of Claim 45
`
`Petitioner’s analysis of substitute claim 45 is even more deficient, as it fails to
`
`address several claim limitations. Petitioner sweepingly asserts that “Substitute
`
`claim 45 adds similar amendments to claim 10 as substitute claim 36 to 1,” and then
`
`summarily concludes that, “Accordingly, substitute claim 45 is obvious for at least
`
`the same reasons claims 10 and 36 are obvious.” Op. at 11. But Petitioner’s
`
`dismissive analysis neglects limitations that are distinctly unique to claim 45.2 Ex.
`
`2015, Jakobsson Decl. at ¶ 37.
`
`First, Petitioner fails to address limitations 45[e] and 45[g], which
`
`respectively recite, “at least one of the digital signature and/or the one-time code
`
`2 Like claim 36, claim 45 also recites “generating a digital signature at the first
`
`handheld device using a private key associated with the first handheld device.”
`
`Motion at B4 (limitation 45[c]) (emphasis added). Therefore, in addition to
`
`Petitioner’s failure to examine features unique to claim 45, Petitioner also fails to
`
`address this limitation. See discussion supra Section IV.A; Ex. 2015, Jakobsson
`
`Decl. at ¶ 36.
`
`8
`
`
`
`Case No. IPR2018-00810
`U.S. Patent No. 9,100,826
`
`encrypted by the first handheld device” and “decrypting, with the second device, at
`
`least one of the digital signature and/or the one-time code encrypted by the first
`
`handheld device.” Motion at B3. Petitioner does not address anywhere in its
`
`Opposition what prior art reference purportedly discloses these claim features. Ex.
`
`2015, Jakobsson Decl. at ¶ 38. These limitations are unique to claim 45 and are not
`
`found in claim 36. Id. Thus, Petitioner’s summary reliance on its limited analysis of
`
`claim 36 as the basis for its opposition to claim 45 is explicitly deficient, leaving
`
`Petitioner with no argument whatsoever with respect to limitations 45[e] and 45[g].
`
`Second, limitation 45[d] requires that a first signal generated “include[] the
`
`first authentication information of the first entity, the one-time code, and the digital
`
`signature as separable fields of the first signal.” Motion at B4 (emphasis added).
`
`This “separable fields” requirement is not present in claim 36 and is consequently
`
`not addressed by Petitioner in its analysis of claim 36. See Op. at 5-10. While
`
`Petitioner discusses “separable fields” with respect to a different claim, claim 42—
`
`a dependent claim that depends from independent claim 36 not claim 45—Petitioner
`
`does not refer back to or cite to claim 42 in its cursory analysis of claim 45.
`
`Moreover, independent claim 45 includes other distinctly different limitations
`
`not found in independent claim 36 or dependent claim 42 (e.g., “at least one of the
`
`digital signature and/or the one-time code encrypted by the first handheld device”
`
`9
`
`
`
`Case No. IPR2018-00810
`U.S. Patent No. 9,100,826
`
`and “decrypting…at least one of the digital signature and/or the one-time code
`
`encrypted by the first handheld device”). Ex. 2015, Jakobsson Decl. at ¶¶ 39-40.
`
`These limitations have a material impact on how claim 45 comes together as a whole
`
`to define a distinctly different invention than claim 36 or claim 42. Id. at 40. To
`
`satisfy its burden, these differences require that Petitioner articulate in its Opposition
`
`how and why—if indeed Petitioner believed at all—the “separable fields” limitation
`
`was obvious with respect to claim 45 as a whole. Id.
`
`By neglecting to analyze multiple features of claim 45 in its Opposition,
`
`Petitioner fails to make a prima facie showing of unpatentability. Moreover,
`
`Petitioner cannot introduce new arguments by addressing these missing limitations
`
`for the first time in its sur-reply. Ariosa Diagnostics at 1367; OPTPG Update at 14.
`
`C.
`
`A POSITA Would Not Combine Jakobsson, Maritzen, and
`Schutzer By Prepending First Authentication Information
`Substitute Claims 36 and 45
`
`“A reference may be said to teach away when a person of ordinary skill, upon
`
`reading the reference, would be discouraged from following the path set out in the
`
`reference, or would be led in a direction divergent from the path that was taken by
`
`the applicant.” Polaris Industries, Inc. v. Arctic Cat, Inc., 882 F.3d 1056, 1069 (Fed.
`
`Cir. 2018). If the disclosure “criticize[s], discredit[s], or otherwise discourage[s]”
`
`the solution claimed, then the disclosure teaches away such that a POSITA would
`
`10
`
`
`
`Case No. IPR2018-00810
`U.S. Patent No. 9,100,826
`
`not have been motivated to combine the references. Id. “Even if a reference is not
`
`found to teach away, its statements regarding preferences are relevant to a finding
`
`regarding whether a skilled artisan would be motivated to combine that reference
`
`with another reference.” Id. Here, a person of ordinary skill in the art at the time of
`
`the invention (POSITA) would not be motivated to combine Jakobsson, Maritzen,
`
`and Schutzer in the manner suggested by Petitioner.
`
`Petitioner argues that a POSITA would be motivated to “add[] the digital
`
`signature of Schutzer and one-time code disclosed by Jakobsson to the key of
`
`Maritzen” by “prepending or appending values such as Maritzen’s keys,
`
`Jakobsson’s one-time code, and Schutzer’s digital signature.” Op. at 10 (emphasis
`
`added); see also id. at 13-14 (prepending or appending same values to achieve
`
`limitations of
`
`claim 42). However,
`
`even
`
`assuming
`
`that Maritzen’s
`
`transaction/biometric key was derived from biometric information,3 a POSITA
`
`would not prepend or append Maritzen’s keys to Jakobsson’s code and Schutzer’s
`
`digital signature because doing so would be redundant since Jakobsson already
`
`teaches that its authentication code incorporates biometric data (e.g., authentication
`
`3 Patent Owner disputes that Maritzen’s biometric/transaction key is derived from
`
`biometric information. See Ex. 1004, Maritzen at [0044], [0088]; POR at 22-25.
`
`11
`
`
`
`Case No. IPR2018-00810
`U.S. Patent No. 9,100,826
`
`code A (K, T, E, P) 292 where P may be biometric data). See Ex. 1005, Jakobsson
`
`at [0072], [0073]; Ex. 2015, Jakobsson Decl. at ¶ 42. Thus, there would be no
`
`motivation to make the proposed modification in order to send substantially the same
`
`information twice at the same time: once by prepending/appending and another by
`
`incorporating the value into an authentication code. Id.
`
`Furthermore, Maritzen repeatedly emphasizes that neither “biometric
`
`information identifying the user” nor any other “user information” is transmitted
`
`from the user device at any time during a transaction. Ex. 1004, Maritzen at [0044]
`
`(“The biometric information identifying the user is not transmitted at any time.”);
`
`see also id. at [0045], [0088], [0090], [0109], [0111], [0124], [0128], [0148], [0150],
`
`[0164], [0166]. Thus, Maritzen itself teaches away from prepending/appending and
`
`sending the claimed “first authentication information derived from the first biometric
`
`information.” As such, independent substitute claims 36 and 45 are novel and non-
`
`obvious over the prior art. Ex. 2015, Jakobsson Decl. at ¶ 43.
`
`Substitute Claim 42
`
`Moreover, even if it were assumed that Jakobsson’s authentication code was
`
`generated without using biometric data (i.e., did not include user data (P)) and
`
`Maritzen’s keys supplied information derived from a biometric, a POSITA would
`
`still not prepend/append Maritzen’s keys to Jakobsson’s code and Schutzer’s digital
`
`12
`
`
`
`Case No. IPR2018-00810
`U.S. Patent No. 9,100,826
`
`signature for Petitioner’s stated purpose of “more securely authenticat[ing] the user.”
`
`Ex. 2015, Jakobsson Decl. at ¶ 44. Jakobsson never discloses an embodiment where
`
`an authentication code is generated without use of—at least at some stage—a one-
`
`way function, such as a hash function. Id. Even in the embodiment where Jakobsson
`
`describes a PIN (P) being appended to authentication code A(K, T, E), the latter
`
`value is the result of a one way function. Id.; See Ex. 1104, Jakobsson at [0073].
`
`Indeed, as explained by Dr. Jakobsson, use of a one-way function is critical to
`
`Jakobsson’s system because otherwise the system would not be secure:
`
`all the examples given and the motivation of this requires that it’s a
`one-way function. Remember, one of these things is -- for example, the
`value K, that’s a secret key. If you were not to apply a one-way
`function to that and you were to, as a result, expose that to an
`eavesdropper, that would not be beneficial.
`Ex. 1017, Jakobsson Depo. at 134:1-13 (emphasis added); see also id. at 134:19-
`
`135:7 (explaining that it would be “clear to a person of skill in the art reading this
`
`that there has to be a one-way function”). Even Petitioner’s new expert, Dr. Juels,
`
`conceded at his deposition that merely concatenating or XOR’ing inputs together,
`
`without more, was an inadequate way to generate or protect the authentication code
`
`from eavesdroppers. Ex. 2016, Juels Depo. at 30:3-21 (eavesdropper can recover
`
`inputs if mere concatenation were used), 34:12-36:12 (same), 40:14-41:6 (adversary
`
`13
`
`
`
`Case No. IPR2018-00810
`U.S. Patent No. 9,100,826
`
`can recover input if mere XOR is used as the combination function). Thus, in light
`
`of the teachings of Jakobsson, a POSITA would not, for example, prepend/append
`
`various values without applying a one-way function because certain types of
`
`information described in Jakobsson, such as the secret key K or biometric value P,
`
`would be put at risk of interception and misuse. Ex. 2015, Jakobsson Decl. at ¶ 44.
`
`Moreover, if Maritzen’s biometric key were biometric information (and it is
`
`not), it is well understood that it would suffer from errors, such as translation and
`
`rotation errors. Ex. 2015, Jakobsson Decl. at ¶ 45. Petitioner’s expert admits as
`
`much. See Ex. 2016, Juels Depo. at 146:10-147:7. That these errors are not knowable
`
`to the verifier would make it practically impossible for the verifier to verify a
`
`received authentication code, as the verifier would not know what input to provide
`
`to Jakobsson’s one-way combination function for the generation of the verifier-
`
`generated authentication code. Ex. 2015, Jakobsson Decl. at ¶ 45.
`
`D.
`
`Prior Art Fails to Disclose Limitations 56[c] and 56[e]
`
`Petitioner relies on Maritzen in view of Jakobsson further in view of Niwa
`
`further in view of Schutzer and further in view of Burnett in its attempt to show that
`
`claim 56 is obvious. Despite relying on five different references for its proposed
`
`combination, Petitioner fails to make a prima facie showing of obviousness.
`
`14
`
`
`
`Case No. IPR2018-00810
`U.S. Patent No. 9,100,826
`
`Petitioner first contends that Maritzen in view of Jakobsson discloses claim
`
`limitations 56[c] and 56[e]. Op. at 15 (citing: Ex. 1019, Shoup Decl. at ¶ 55-56; Op.
`
`at Section II.D.1.a(2); Ex. 1005, Jakobsson at ¶¶ 6, 7, 21, 58; Ex. 1004, Maritzen at
`
`¶¶ 45-46). However, the cited portions of Maritzen and Jakobsson do not disclose
`
`that a first key used to encrypt at least a portion of first authentication information is
`
`itself encrypted by a second key and then decrypted at a second device using the
`
`same second key. Ex. 2015, Jakobsson Decl. at ¶ 47.
`
`For example, Maritzen describes how a “transaction key” may be encrypted
`
`using “standard encrypting methods, such as, for example, public key infrastructure
`
`(PKI) encryption.” Ex. 1004, Maritzen at ¶ 45. However, Maritzen’s “transaction
`
`key” is merely an authentication value and is not an encryption key that encrypts or
`
`decrypts data. See, e.g., id. at ¶ 44-50. Instead, Maritzen simply validates the
`
`transaction key by comparing the transaction key to other keys stored at the clearing
`
`house 130 to determine if there is a match. See id. at ¶ 48. By contrast, claim 56
`
`requires that “at least a portion of the first authentication information [is] encrypted
`
`by a first key” and the first key is used to “decrypt[], at the second device, the portion
`
`of the first authentication information encrypted by the first key using the first key.”
`
`Motion at B6 (56[c], 56[e]). Maritzen’s transaction key performs no encryption or
`
`15
`
`
`
`Case No. IPR2018-00810
`U.S. Patent No. 9,100,826
`
`decryption. The cited portions of Jakobsson also fail to disclose these claim
`
`limitations. Ex. 2015, Jakobsson Decl. at ¶ 48.
`
`Petitioner further argues that “[t]o the extent that Maritzen and Jakobsson do
`
`not explicitly discuss encrypting data with a first key and encrypting the first key
`
`with a second key, Burnett discloses this limitation.” Op. at 15. Specifically,
`
`Petitioner states that “Burnett discloses that a ‘session key’ ([first key]) used to
`
`encrypt information can be encrypted using a key encryption key (‘KEK’) ([second
`
`key]), and that the same KEK can be used to decrypt the first key.” Op. at 15 (citing
`
`Ex. 1021, Burnett at 54-55, FIG. 3-1). Petitioner also claims that it would have been
`
`obvious to “modify the authentication information of Maritzen, Jakobsson, Niwa,
`
`and Schutzer by encrypting it with a session key, encrypting the session key with a
`
`KEK, and transmitting the KEK-encrypted session key…to the second device
`
`for decryption as taught by Burnett.” Op. at 16.
`
`A review of Burnett reveals that Petitioner’s contentions are fatally flawed.
`
`Among other things, Chapter 3 of Burnett discusses password-based encryption
`
`(PBE); specifically, how a “session key,” which is used to encrypt and decrypt bulk
`
`data, may itself be encrypted using another key that is known as a key encryption
`
`key (KEK). Ex. 1021, Burnett at 54. Burnett further discusses how, advantageously,
`
`the KEK is not stored and is instead generated as needed at the device to
`
`16
`
`
`
`Case No. IPR2018-00810
`U.S. Patent No. 9,100,826
`
`encrypt or decrypt the session key to recover the encrypted data. Id. (“When he
`
`needs a KEK to encrypt, [he] will generate it, use it, and then throw it away. When
`
`he needs to decrypt the data, he generates the KEK again, uses it, and throws it
`
`away.”). In particular, the process uses PBE where a “mixing algorithm” blends a
`
`“salt” (i.e., a random value) and a user-selected password together to generate a
`
`KEK. Id. at 55. After the KEK is used to encrypt the session key, it is thrown away
`
`and the salt used to generate the KEK is stored alongside the encrypted session key
`
`at the device. Id. To decrypt the stored, encrypted session key, the salt is retrieved
`
`and inputted into the same mixing algorithm along with the same password to
`
`regenerate the same KEK. Id.; Ex. 2015, Jakobsson Decl. at ¶ 50.
`
`Notably, however, subsequent pages of Burnett explain that the KEK is
`
`personal to each user/device and is not shared with other users/devices. In
`
`particular, Burnett discloses:
`
`There are a couple of reasons to use a session key and a KEK.
`First, suppose you need to share the data with other people and you
`want to keep it stored encrypted. In that case, you generate one
`session key, and everyone gets a copy of it. Then everyone protects
`his or her copy of the session key using PBE. So rather than share
`a password (something everyone would need for decrypting if you
`had used PBE to encrypt the bulk data), you share the key.
`
`17
`
`
`
`Case No. IPR2018-00810
`U.S. Patent No. 9,100,826
`
`Id. at 58 (emphasis added). Thus, if a first and second device were to share a session
`
`key used to encrypt and decrypt bulk data, each would generate its own KEK using
`
`its own password and salt to encrypt and store the shared session key instead of
`
`sharing the same password and KEK. Burnett teaches that the KEK used to
`
`encrypt the session key at a first device is not used to decrypt the encrypted
`
`session key at a second device. Ex. 2015, Jakobsson Decl. at ¶ 51. Annotated FIG.
`
`3-4 of Burnett below makes this clear, and shows how a session key shared by two
`
`users, Pao-Chi and Gwen, is encrypted with a KEK unique to each user.
`
`18
`
`
`
`Case No. IPR2018-00810
`U.S. Patent No. 9,100,826
`
`By contrast, substitute claim 56 requires that the same “second key” used to
`
`encrypt the first key at the first handheld device is also used at the second device to
`
`decrypt the encrypted first key to retrieve the first key at the second device. As
`
`described in detail above, Burnett’s KEK is not shared between users/devices and
`
`instead each user generates their own KEK to encrypt and store a shared session key
`
`using passwords and salts unique to them. Consequently, Petitioner fails to establish
`
`that Burnett discloses limitations 56[c] and 56[e]. Ex. 2015, Jakobsson Decl. at ¶ 52.
`
`Similarly, Petitioner’s assertions as to why a POSITA would be motivated to
`
`combine Maritzen, Jakobsson, Niwa, Schutzer, and Barnett are equally defective.
`
`See Op. at 15-16. As explained above, Barnett never teaches transmitting a KEK-
`
`encrypted session key from one user to another since each user generates its own
`
`KEK based on its own password and salt. See Ex. 1021, Barnett at 58-59. Indeed, a
`
`POSITA would not be motivated to make Petitioner’s proposed combination that
`
`envisions transmitting KEK-encrypted session keys between users since doing so
`
`would require one user to also share its password and salt with the other user so the
`
`latter could decrypt the encrypted session key. See id. at 58 (“So rather than share a
`
`password…”); Ex. 2015, Jakobsson Decl. at ¶ 53. As such, Petitioner fails to
`
`establish that the proposed combination renders claim 56 obvious.
`
`19
`
`
`
`Case No. IPR2018-00810
`U.S. Patent No. 9,100,826
`
`V.
`
`SUBSTITUTE CLAIMS ARE PATENT ELIGIBLE UNDER § 101
`
`Petitioner argues that the substitute claims are unpatentable under § 101
`
`because they purportedly claim patent-ineligible abstract ideas. Op. at 18-24.
`
`However, on September 19, 2018, United States Magistrate Judge Sherry R. Fallon
`
`for the District Court of Delaware issued a Report and Recommendation (R&R)
`
`rejecting similar arguments made by Petitioner, and recommending that the District
`
`Court deny Petitioner’s motion to dismiss under § 101 since the claims of the ’826
`
`patent are “not directed to an abstract idea because ‘the plain focus of the claims is
`
`on an improvement to computer functionality itself, not on economic or other tasks
`
`for which a computer is used in its ordinary capacity.’” Ex. 2016, Universal Secure
`
`Registry, LLC v. Apple, Inc., 1:17-cv-00585-JFB-SRF, Dkt. 137 at 19 (D. Del. Sep.
`
`18, 2018) (emphasis added). Specifically, Judge Fallon stated that:
`
`The ’826 patent is directed to an improvement in computer
`functionality, as
`it requires biometric
`information
`to
`locally
`authenticate the user as well as a second level of remote user
`authentication. (’826 patent, col. 32:43-56; col. 34:7-25) While certain
`elements of claim 10 recite generic steps of authenticating a user
`based on biometric information, the claim as a whole describes an
`improved distributed authentication system with
`increased
`security.
`
`20
`
`
`
`Case No. IPR2018-00810
`U.S. Patent No. 9,100,826
`
`Id. at 20 (emphasis added). As such, the substitute claims, which are narrower than
`
`the ’826 patent’s existing claims, are patent eligible for the same reasons.
`
`This Board also reached the same conclusion of patent eligibility when it
`
`rejected similar arguments made by Petitioner for related U.S. patent 8,577,813 in
`
`CBM2018-00026. Id., Paper 10 at 23-24. Indeed, in its Petition for CBM2018-
`
`00026, Petitioner advanced the same abstract idea of “verifying an account holder’
Accessing this document will incur an additional charge of $.
After purchase, you can access this document again without charge.
Accept $ Charge
Still Working On It
This document is taking longer than usual to download. This can happen if we need to contact the court directly to obtain the document and their servers are running slowly.
Give it another minute or two to complete, and then try the refresh button.
A few More Minutes ... Still Working
It can take up to 5 minutes for us to download a document if the court servers are running slowly.
Thank you for your continued patience.
This document could not be displayed.
We could not find this document within its docket. Please go back to the docket page and check the link. If that does not work, go back to the docket and refresh it to pull the newest information.
Your account does not support viewing this document.
You need a Paid Account to view this document. Click here to change your account type.
Your account does not support viewing this document.
Set your membership
status to view this document.
With a Docket Alarm membership, you'll
get a whole lot more, including:
- Up-to-date information for this case.
- Email alerts whenever there is an update.
- Full text search for other cases.
- Get email alerts whenever a new case matches your search.
One Moment Please
The filing “” is large (MB) and is being downloaded.
Please refresh this page in a few minutes to see if the filing has been downloaded. The filing will also be emailed to you when the download completes.
Your document is on its way!
If you do not receive the document in five minutes, contact support at support@docketalarm.com.
Sealed Document
We are unable to display this document, it may be under a court ordered seal.
If you have proper credentials to access the file, you may proceed directly to the court's system using your government issued username and password.
Access Government Site
