UNITED STATES PATENT AND TRADEMARK OFFICE
`________________
`
`BEFORE THE PATENT TRIAL AND APPEAL BOARD
`________________
`
`APPLE INC.
`Petitioner,
`
`v.
`
`UNIVERSAL SECURE REGISTRY LLC
`Patent Owner
`________________
`
`Case IPR2018-00812
`U.S. Patent No. 8,856,539
`________________
`
`[CORRECTED] PATENT OWNER'S RESPONSE
`PURSUANT TO 37 C.F.R. § 42.120
`
`

`

`TABLE OF CONTENTS
`
`Case No. IPR2018-00812
`U.S. Patent No. 8,856,539
`
`Page
`
`I.
`II.
`
`IV.
`V.
`
`INTRODUCTION ........................................................................................... 2
`OVERVIEW OF THE ’539 PATENT ............................................................ 7
`A.
`The ’539 Patent Specification ............................................................... 7
`B.
`The ’539 Patent Claims ....................................................................... 12
`C.
`Prosecution History of the ’539 Patent ............................................... 12
`III. OVERVIEW OF THE ASSERTED PRIOR ART ........................................ 13
`A.
`Reber (Ex. 1131) ................................................................................. 13
`B.
`Franklin (Ex. 1132) ............................................................................. 16
`LEVEL OF ORDINARY SKILL IN THE ART ........................................... 17
`CLAIM CONSTRUCTION .......................................................................... 18
`A.
`“The Provider Requesting The Transaction” (Claims 1 And 22) ....... 19
`B.
`“Access Restrictions For The Provider To [Secure Data / At
`Least One Portion Of Secure Data]” (Claims 1, 22 And 37) .............. 21
`“Third Party” (All Challenged Claims) ............................................... 23
`C.
`STANDARD OF REVIEW ........................................................................... 26
`VI.
`VII. THE PETITION FAILS TO PROVE REBER IN VIEW OF
`FRANKLIN RENDERS THE CHALLENGED CLAIMS OBVIOUS ........ 26
`A.
`Reber And Franklin Fail To Disclose That Account Identifying
`Information Is Not Provided To A Provider ....................................... 27
`1.
`Reber And Franklin Do Not Disclose Or Render Obvious
`The No Account Identifying Information Limitations ............. 27
`The Petition Fails To Prove A POSITA Would Be
`Motivated To Combine Reber And Franklin—Neither Of
`Which Discloses The Account Identifying Information
`Limitations ................................................................................ 33
`Access Restrictions: Reber and Franklin Fail To Disclose
`Determining Compliance With Any Access Restrictions For
`The Provider (Limitations 1[d], 22[c][d], and 37[e]). ......................... 35
`
`2.
`
`B.
`
`i
`
`

`

`Case No. IPR2018-00812
`U.S. Patent No. 8,856,539
`
`1.
`
`2.
`
`Reber And Franklin Do Not Disclose Or Render Obvious
`The Access Restrictions For The Provider Limitations ............ 36
`Reber And Franklin Do Not Disclose Or Render Obvious
`The Determining Compliance With Access Restrictions
`For The Provider Based On The Indication Of The
`Provider And The Time-Varying Multicharacter Code
`Limitations ................................................................................ 39
`The Petition Fails To Prove A POSITA Would Be
`Motivated To Combine Reber And Franklin—Neither Of
`Which Discloses The Access Restrictions Limitations ............ 42
`Petitioner Fails To Show That Reber Alone Or In Combination
`With Franklin Discloses Account Identifying Information
`Provided To A Third Party To Enable Or Deny The Transaction
`With The Provider Without Providing The Account Identifying
`Information To The Provider .............................................................. 45
`1.
`Reber And Franklin Do Not Disclose Or Render Obvious
`The Third Party Limitation ....................................................... 45
`The Petition Fails To Prove A POSITA Would Be
`Motivated To Combine Reber And Franklin—Neither Of
`Which Discloses The Third Party Limitations ......................... 48
`The Petition Fails To Prove Reber Disclosures That A Secure
`Registry Receives A Transaction Request That Includes Time-
`Varying Multicharacter Code And Indication Of A Provider
`From The Provider Requesting The Transaction. ............................... 55
`The Petition Fails To Prove Claims 3 and 24 Are Invalid .................. 62
`E.
`VIII. CONCLUSION .............................................................................................. 64
`
`D.
`
`C.
`
`3.
`
`2.
`
`ii
`
`

`

`Case No. IPR2018-00812
`U.S. Patent No. 8,856,539
`
`TABLE OF AUTHORITIES
`
`Page(s)
`
`Cases
`Abiomed, Inc. v. Maquet Cardiovascular, LLC,
`IPR2017-01204 Paper 8 at 11 ..............................................................................55
`Arendi S.A.R.L. v. Apple Inc.,
`832 F.3d 1355 (Fed. Cir. 2016) ...........................................................................40
`Biodelivery Sciences International, Inc. v. Aquetive Therapuetics, Inc.,
`Case No. IPR2015-00169 (PTAB February 7, 2019) (Paper No. 89) .................35
`Cuozzo Speed Techs., LLC v. Lee,
`136 S. Ct. 2131 (2016) .........................................................................................17
`Cutsforth Inc. v. MotivePower, Inc.,
`636 F. App’x 575 (Fed. Cir. 2016) ......................................................................40
`Facebook, Inc. v. Skky, LLC,
`Case CBM2016-00091, Paper 12 (PTAB Sept. 28, 2017) .................................... 1
`Genomics, Inc. v. Bio-Rad Labs., Inc.,
`IPR2018-00302, (Paper 17) (P.T.A.B. June 15, 2018) ........................................47
`Guinn v. Kopf,
`96 F.3d 1419 (Fed. Cir. 1996)................................................................................ 1
`HTC Corp., ZTE (USA), Inc.,
`877 F.3d at 1368-1369 .........................................................................................35
`Jackel Int’l Ltd. v. Admar Int’l, Inc.,
`IPR2015-00979 Paper 21 .....................................................................................55
`In re Magnum Oil Tools Int’l, Ltd.,
`829 F.3d 1364 (Fed. Cir. 2016) ...........................................................................40
`In re NTP, Inc.,
`654 F.3d 1279 (Fed. Cir. 2011) ...........................................................................50
`Merck & Co., Inc. v. Teva Pharm. USA, Inc.,
`395 F.3d 1364 (Fed. Cir. 2005) ...........................................................................24
`Metalcraft of Mayville, Inc. v. The Toro Company,
`848 F.3d 1358 (Fed. Cir. 2017) ...........................................................................50
`
`iii
`
`

`

`Case No. IPR2018-00812
`U.S. Patent No. 8,856,539
`
`Phillips v. AWH Corp.,
`415 F.3d 1303 (Fed. Cir. 2005) ...........................................................................19
`Samsung Elecs. Co., Ltd. v. Infobridge Pte. Ltd.,
`IPR2017-00100 (Paper 30) (PTAB Apr. 23, 2018) .............................................25
`In re: Stepan Company,
`868 F.3d. 1342 ........................................................................................ 54, 56, 59
`Stryker Corp. v. Karl Storz Endoscopy America, Inc.,
`IPR2015-00764, (Paper 13), slip .........................................................................47
`Toyota Motor Corp. v. Blitzsafe Texas, LLC,
`Case No. IPR2016-00422, Paper 12 (PTAB July 6, 2016) .................................26
`Trivascular, Inc. v. Samuels,
`812 F.3d 1056 (Fed. Cir. 2016) ...........................................................................25
`TRW Automotive U.S. LLC v. Magna Electronics, Inc.,
`IPR2015-00972, (Paper 9) (P.T.A.B. Sept. 16, 2015) .................................. 47, 48
`
`Statutory Authorities
`
`35 U.S.C. § 314(a) ...................................................................................................25
`35 U.S.C. § 316(e) ...............................................................................................1, 25
`
`Rules and Regulations
`
`37 C.F.R. § 42.100(b) ..............................................................................................17
`37 C.F.R. § 42.104(b)(3)–(4) ...................................................................................26
`MPEP § 2143.I.D. ....................................................................................................41
`
`Additional Authorities
`
`U.S. Patent No. 5,930,767 .......................................................................................... 1
`U.S. Patent No. 6,000,832 .......................................................................................... 1
`U.S. Patent No. 7,237,117 ........................................................................................10
`U.S. Patent No. 8,856,539 ................................................................................ passim
`
`iv
`
`

`

`Case No. IPR2018-00812
`U.S. Patent No. 8,856,539
`
`PATENT OWNER’S LIST OF EXHIBITS
`
`Description
`Declaration by Dr. Markus Jakobsson Ph.D. in Support of
`Patent Owner's Preliminary Response
`Curriculum Vitae of Markus Jakobsson
`Declaration ISO of Unopposed Motion for Admission Pro
`Hac Vice of Jordan B. Kaericher.
`Declaration ISO of Unopposed Motion for Admission Pro
`Hac Vice of Harold A. Barza
`U.S. Application No. 11/768,729
`U.S. Application No. 09/710,703
`Declaration by Dr. Markus Jakobsson Ph.D. in Support of
`Motion to Amend
`Declaration of Jakobsson Jakobsson in Support of
`Patent Owner’s Response
`Rough Deposition Transcript of Dr. Victor John Shoup
`Disclaimer of Claims 5-8, 17-20, 26-30
`Deposition Transcript of Dr. Victor John Shoup
`
`Exhibit #
`Ex. 2101
`
`Ex. 2102
`Ex. 2103
`
`Ex. 2104
`
`Ex. 2105
`Ex. 2106
`Ex. 2107
`
`Ex. 2108
`
`Ex. 2109
`Ex. 2110
`Ex. 2111
`
`v
`
`

`

`Case No. IPR2018-00812
`U.S. Patent No. 8,856,539
`
`Apple Inc.’s (“Petitioner”) Petition (Paper 3, “Petition”) proffers one
`
`invalidity ground for U.S. Patent No. 8,856,539 (“’539 patent”) (Ex. 1101):
`
`Claims 1-3, 5-8, 16-24, 26-30, and 37-38 are allegedly obvious over U.S. Patent
`
`No. 5,930,767 (“Reber”) (Ex. 1131) in view of U.S. Patent No. 6,000,832
`
`(“Franklin”) (Ex. 1132). On November 7, 2018, the Board instituted review (Paper
`
`9). Patent Owner Universal Secure Registry, L.L.C. (“PO”) timely submits this
`
`Response.1
`
`1 On August 17, 2018, prior to the Board instituting this inter partes review, the
`
`PO disclaimed claims 5-8, 17-20, and 26-30. Ex. 2110. Accordingly, these claims
`
`did not exist at the time of institution and are not addressed in this Response. See
`
`Guinn v. Kopf, 96 F.3d 1419, 1422 (Fed. Cir. 1996) (“A statutory disclaimer under
`
`35 U.S.C. § 253 has the effect of canceling the claims from the patent and the
`
`patent is viewed as though the disclaimed claims had never existed in the patent.”);
`
`Facebook, Inc. v. Skky, LLC, Case CBM2016-00091, Paper 12, *6 (PTAB Sept.
`
`28, 2017) (“The decision whether to institute a CBM patent review… is based on
`
`what the patent ‘claims’ at the time of the institution decision, not as the claims
`
`may have existed at some previous time.”).
`
`1
`
`

`

`Case No. IPR2018-00812
`U.S. Patent No. 8,856,539
`
`I.
`
`INTRODUCTION
`
`Petitioner has not met its “burden of proving a proposition of unpatentability
`
`by a preponderance of the evidence.” 35 U.S.C. § 316(e). The Petition should be
`
`denied for many reasons.
`
`First, each of the independent claims of the ’539 patent—claims 1, 22, 37
`
`and 38—require that the secure registry provide “account identifying information”
`
`to a third party “without providing the account identifying information to the
`
`provider.” Petitioner and its expert, Dr. Victor Shoup, have proffered that
`
`“account identifying information” be construed as “personal information about an
`
`entity such as name, address, or account number.” Pet. at 16; see also id. at 21; Ex.
`
`1102 (Declaration of Victor Shoup), ¶¶ 73-74, 83, 115. Under Petitioner’s own
`
`construction, both of its prior art references—Reber and Franklin—disclose
`
`providing account identifying information to a merchant provider, in contrast to the
`
`requirement of the claims. For example, Reber discloses that the alleged secure
`
`registry (database 66 in computer 64) “sends a message indicating the transaction
`
`to the first party” that can include “a name associated with the second party [i.e.,
`
`purchaser/end user 26], an address associated with the second party, an electronic
`
`address associated with the second party....” Ex. 1131, Reber at 6:18-25.
`
`Similarly, Franklin also discloses making “customer-specific data (e.g., card
`
`holder’s name, account number, etc.)” available “to both the customer and the
`
`2
`
`

`

`Case No. IPR2018-00812
`U.S. Patent No. 8,856,539
`
`merchant.” Ex. 1132, Franklin at 5:27-32, 9:52-58. Petitioner has not provided
`
`any reason why a POSITA would be motivated to modify Reber in view of
`
`Franklin—both of which disclose sending account identifying information under
`
`Petitioner’s construction—to arrive at the limitation of not sending account
`
`identifying information. This limitation is not obvious.
`
`Second, claims 1, 22 and 37 each require “determining compliance with
`
`access restrictions for the provider to secure data of the entity.” The ’539 patent
`
`makes clear that “access restrictions for the provider to secure data of the entity”
`
`should be construed to mean “two or more restrictions specific to the provider that
`
`indicate what secure data may or may not be accessed.” See Section V.B.
`
`Petitioner admits that “Reber does not expressly mention any restriction
`
`mechanism.” Pet. at 36. Instead, Petitioner attempts to satisfy this limitation by
`
`arguing that it would have been obvious to incorporate merchant validation into
`
`Reber’s database. Pet. at 37. Even accepting Petitioner’s contention as true (it is
`
`not), merchant validation would not satisfy the claims because it does not
`
`determine compliance with “two or more restrictions specific to the provider that
`
`indicate what secure data may or may not be accessed.” In fact, the specification
`
`of the ’539 patent expressly distinguishes between validating the identity of the
`
`merchant requesting the transaction from determining compliance with access
`
`restrictions for the merchant. Ex. 1101, ’539 patent at 10:40-48 (“The process of
`
`3
`
`

`

`Case No. IPR2018-00812
`U.S. Patent No. 8,856,539
`
`determining the requestor's rights (602) typically involves validating the requestors
`
`identity and correlating the identity, the requested information and the access
`
`information 34 provided by the person to the USR database”).
`
`Moreover, claims 1 and 22 include the further requirement that the
`
`determination of compliance with “access restrictions for the provider” be “based
`
`at least in part on the indication of the provider and the time-varying multicharacter
`
`code of the transaction request.” The Petition is devoid of any showing that
`
`compliance with any access restrictions for the provider is based on both the
`
`indication of the provider and the time-varying multicharacter code of the
`
`transaction request. This limitation is entirely absent from Reber and Franklin, and
`
`not obvious.
`
`Third, each of the independent claims of the ’539 patent require the secure
`
`registry provide the account identifying information to “a third party to enable or
`
`deny the transaction with the provider without providing the account identifying
`
`information to the provider.” Neither Reber nor Franklin disclose this limitation,
`
`as both disclose a single-component backend architecture (e.g., Reber’s computer
`
`64 and Franklin’s Bank Computing Center 32). Despite the fact that this limitation
`
`is missing from both the prior art references it relies upon, Petitioner contends that
`
`it would be obvious to create a system architecture having a dual-component
`
`backend architecture—a secure registry that provides a third party with the account
`
`4
`
`

`

`Case No. IPR2018-00812
`U.S. Patent No. 8,856,539
`
`identifying information for the third party to enable or deny the transaction—as
`
`claimed by the ’539 patent. Petitioner’s contention is precisely the type of
`
`hindsight reconstruction the Federal Circuit has warned against, and Petitioner has
`
`failed to provide any valid reason why a POSITA would be motivated to modify
`
`Reber to arrive at the claimed third party limitation. As demonstrated in this
`
`Response, a POSITA would not be motivated to modify Reber in this manner.
`
`Fourth, claims 1 and 22 require that the secure registry “receive a
`
`transaction request including at least the time-varying multicharacter code for the
`
`entity on whose behalf a transaction is to be performed and an indication of the
`
`provider requesting the transaction.” Patent Owner shows in this Response that the
`
`correct construction for the term “the provider requesting the transaction” is “the
`
`provider that sent the transaction request.” See Section __. To show that the
`
`transaction request is sent from the provider, Petitioner is forced to flip back and
`
`forth between two distinct embodiments in Reber, intermixing select features from
`
`these different embodiments. But Petitioner’s expert, Dr. Victor Shoup, admitted
`
`at deposition that he didn’t provide a motivation to combine Reber’s two
`
`embodiments nor did he “feel it necessary”:
`
`Q: [C]an you point me to any paragraph in your
`declaration where you provide a motivation to combine,
`what you call a first embodiment here and the second
`embodiment?
`
`5
`
`

`

`Case No. IPR2018-00812
`U.S. Patent No. 8,856,539
`
`…
`
`A: I can’t point to such a motivation to combine in my
`declaration [nor did] I feel [it] was necessary.
`Ex. 2109 2111 (Rough Depo. Tr. of Victor Shoup) at 124-12563-64 (emphasis
`
`added).2 The Federal Circuit, however, has long held that there “must be” a
`
`showing of motivation to combine when combining “multiple embodiments from a
`
`single reference.” See, e.g., In re: Stepan Company, 868 F.3d. 1342, 1346 n.1
`
`(“Whether a rejection is based on combining disclosures from multiple
`
`references, combining multiple embodiments from a single reference, or
`
`selecting from large lists of elements in a single reference, there must be a
`
`motivation to make the combination and a reasonable expectation that such a
`
`combination would be successful, otherwise a skilled artisan would not arrive
`
`at the claimed combination.”) (emphasis added); see also Abiomed, Inc. v.
`
`Maquet Cardiovascular, LLC, IPR2017-01204 Paper 8 at 11; Jackel Int’l Ltd. v.
`
`Admar Int’l, Inc., IPR2015-00979 Paper 21 at 4-5. Petitioner’s failure to provide
`
`a motivation to combine dooms its Petition.
`
`2 Patent Owner cites to the Rough Depo. Transcript of Dr. Victor Shoup in this
`
`Response, and will seek permission from the Board to substitute cites to the final
`
`transcript when it is available. The citation are to the page numbers at the bottom
`
`right corner of the Rough Depo. Transcript.
`
`6
`
`

`

`Finally, claim 3 and 24 depend on independent claims 1 and 22,
`
`respectively. Petitioner has failed to show that the limitations added by these
`
`Case No. IPR2018-00812
`U.S. Patent No. 8,856,539
`
`dependent claims are disclosed by the prior art.
`
`II. OVERVIEW OF THE ’539 PATENT
`
`A.
`
`The ’539 Patent Specification
`
`The ’539 patent provides a unique and highly secure anonymous
`
`identification system that uses a time-varying multicharacter code for both
`
`verifying the identity of an entity and also enabling transactions between the entity
`
`and a provider without requiring the entity to share personal or otherwise sensitive
`
`information with the provider. See Ex. 1101, ’539 patent at 3:5-27; Ex. 2108,
`
`Jakobsson at ¶28. As one non-exclusive example, the system, referred to as a
`
`Universal Secure Registry (USR) system, allows a person to purchase goods from
`
`a brick and mortar or online merchant without publicly providing credit card
`
`information to the merchant for fear that the credit card information may be stolen
`
`or used fraudulently. See Ex. 1101, ’539 patent at 3:44-54; Ex. 2108, Jakobsson at
`
`¶28.
`
`FIG. 1 depicts one embodiment of the USR system:
`
`7
`
`

`

`Case No. IPR2018-00812
`U.S. Patent No. 8,856,539
`
`The USR system’s main unit 12, which may be connected to a wide area network,
`
`includes a database 24 that stores data entries 30 related to different people or
`
`8
`
`

`

`Case No. IPR2018-00812
`U.S. Patent No. 8,856,539
`
`entities. Ex. 1101, ’539 patent at 7:11-13; 7:40-41; Ex. 2108, Jakobsson at ¶¶29-30.
`
`Each entry 30 may contain different types of information such as, but not limited to,
`
`validation information, access information, publicly available information, address
`
`information, credit card information, medical information, job application
`
`information, and/or tax information. Ex. 1101, ’539 patent at 7:57-63; Ex. 2108,
`
`Jakobsson at ¶30. “The validation information [32] is information about the user
`
`of the database to whom the data pertains and is to be used by the USR software 18
`
`to validate that the person attempting to access the information is the person to
`
`whom the data pertains or is otherwise authorized to receive it.” Ex. 1101, ’539
`
`patent at 8:10-14; Ex. 2108, Jakobsson at ¶30. In particular, the validation
`
`information 32 contains information that enables the USR software 18 to validate a
`
`person that has presented the system with a one-time nonpredictable code uniquely
`
`associated with the user. See Ex. 1101, ’539 patent at 8:17-35; Ex. 2108,
`
`Jakobsson at ¶30. The access information 34 allows “different levels of security to
`
`attach to different types of information stored in the entry 30” so that the user can
`
`specify which particular individuals or companies can have access to what specific
`
`data such as credit card numbers, medical information, and tax information. See
`
`Ex. 1101, ’539 patent at 8:62-9:11; Ex. 2108, Jakobsson at ¶30.
`
`FIG. 8 depicts an embodiment of using the USR system “to purchase goods
`
`or services from a merchant without providing the merchant with the user's credit
`
`9
`
`

`

`card number.” Ex. 1101m ’539 patent at 12:47-50; Ex. 2108, Jakobsson at ¶31.
`
`Case No. IPR2018-00812
`U.S. Patent No. 8,856,539
`
`A user desiring to make a purchase at a merchant without providing their financial
`
`10
`
`

`

`Case No. IPR2018-00812
`U.S. Patent No. 8,856,539
`
`information, such as a credit or debit card number, may enter a secret code into
`
`their electronic ID device (any type of electronic device that may be used to obtain
`
`access to the USR database (Ex. 1101, ’539 patent at 8:45-47)), which generates a
`
`one-time nonpredictable code that is provided to the merchant. Id. at 12:21-24; Ex.
`
`2108, Jakobsson at ¶32. The merchant, in turn, may transmit the one-time
`
`nonpredictable code, a store number, and a purchase amount to the USR. Ex.
`
`1101, ’539 patent at 12:24-26; Ex. 2108, Jakobsson at ¶32. The USR may then
`
`determine whether the code received is valid, and if valid, accesses from the USR
`
`database the user’s actual credit card information. Ex. 1101, ’539 patent at 12:27-
`
`29; Ex. 2108, Jakobsson at ¶32. The USR next transmits to the credit card
`
`company the credit card number, the store number, and the purchase amount. Ex.
`
`1101, ’539 patent at 12:29-31; Ex. 2108, Jakobsson at ¶32. The credit card
`
`company then processes the transaction, such as by checking the credit worthiness
`
`of the person, and either declines the card or debits the user’s account and transfers
`
`money to the merchant’s account. Ex. 1101, ’539 patent at 12:40-43; Ex. 2108,
`
`Jakobsson at ¶32. The credit card company notifies the USR the transaction result
`
`and the USR may in turn notify the merchant. Ex. 1101, ’539 patent at 12:43-46;
`
`Ex. 2108, Jakobsson at ¶32.
`
`Hence, the USR system provides a secure anonymous identification system
`
`that uses a time-varying multicharacter code for both verifying the identity of an
`
`11
`
`

`

`Case No. IPR2018-00812
`U.S. Patent No. 8,856,539
`
`entity and also enabling transactions between the entity and a provider, such as a
`
`merchant, without requiring the entity to share personal or otherwise sensitive
`
`information with the provider. Ex. 2108, Jakobsson at ¶33. In one case, this
`
`allows a user to purchase goods or services from a merchant without providing the
`
`merchant the user’s credit card number. Id. Advantageously, the USR system also
`
`allows such secure transactions to be transparent to the credit card company and
`
`thus requires no or minimal cooperation from the credit card company to
`
`implement. Id.
`
`B.
`
`The ’539 Patent Claims
`
`The ’539 patent has four independent claims: 1, 22, 37 and 38. All of the
`
`claims relate to communicating authentication information from an electronic ID
`
`device. Ex. 2108, Jakobsson at ¶34.
`
`C.
`
`Prosecution History of the ’539 Patent
`
`The ‘539 patent was filed as U.S. Application No. 11/768,729 (“’729
`
`Application”) on June 26, 2007. The ’729 Application is a continuation
`
`application of U.S. Application No. 09/810,703 filed on March 16, 2001, now U.S.
`
`Patent No. 7,237,117. The ’539 patent was subject to a thorough examination. See
`
`Exs. 1105-1125. During prosecution, the Applicant and the Examiners discussed
`
`the application and prior art in detail, both through paper submissions and
`
`telephonic interviews. See Exs. 1105-1124. Claim amendments were made to
`
`12
`
`

`

`Case No. IPR2018-00812
`U.S. Patent No. 8,856,539
`
`further distinguish the invention from the prior art. Ultimately, the Examiners
`
`allowed the claims of the ’539 patent (Ex. 1125 at 5; Ex. 1128 at 5) over a large
`
`body of cited prior art. See Ex. 1101, ’539 patent at 1-3.
`
`III. OVERVIEW OF THE ASSERTED PRIOR ART
`
`A.
`
`Reber (Ex. 1131)
`
`Petitioner’s primary reference (Reber) can most accurately be described as a
`
`personalized version of the bar-code checkout system used in stores, and which
`
`was common at the time of the patent’s filing. Ex. 2108, Jakobsson at ¶36. In
`
`particular, Reber discloses a method and system to authenticate a user “in a
`
`transaction based upon machine readable data read by a data reader at the end
`
`user’s location.” Ex. 1131, Reber at 2:24-26; see Ex. 2108, Jakobsson at ¶36.
`
`Figure 8, reproduced below, is an example of the data reader and the network
`
`access apparatus at the user location (Ex. 1131, Reber).
`
`13
`
`

`

`Case No. IPR2018-00812
`U.S. Patent No. 8,856,539
`
`See Ex. 2108, Jakobsson at ¶36.
`
`As expressly disclosed in Reber, the invention’s improvement over the prior
`
`art was to use a bar code reader rather than existing PIN based systems. Ex. 1131,
`
`Reber at 1:48-56 (drawback of prior art’s substitution of PIN for a credit card
`
`number was user having to remember multiple PINs, and PIN can be intercepted),
`
`2:29-31 (time varying bar code for authentication reduces likelihood of
`
`interception), 11:23-32 (bar codes relieve user of recalling PIN); see Ex. 2108,
`
`Jakobsson at ¶37. This feature is so critical to Reber that every independent claim
`
`in Reber requires that both entities to a transaction utilize bar codes. See, e.g., Ex.
`
`1131, Reber at Cl. 1 (“first data element read by a bar code reader . . . indicating a
`
`first party of a transaction,” “second data element read from the member by the bar
`
`code reader . . . indicating a second party to the transaction”); see also Ex. 2108,
`
`Jakobsson at ¶37.
`
`In a first embodiment, Reber transmits first and second data elements
`
`(“transaction data”)
`
`to a
`
`local authentication computer 20 or a remote
`
`authentication computer 64 that approves or disapproves the transaction by
`
`comparing the second data element (i.e., the purchaser’s identity) to entries in its
`
`database to determine the authenticity of the transacting party. See Ex. 1131,
`
`Reber at 4:63-5:27; Ex. 2108, Jakobsson at ¶38. In the first embodiment, the
`
`14
`
`

`

`Case No. IPR2018-00812
`U.S. Patent No. 8,856,539
`
`transaction data’s first data element indicates the item being purchased. Ex. 1131,
`
`Reber at 2:58-59; Ex. 2108, Jakobsson at ¶38.
`
`Moreover, computer 20 has personal information about the consumer/entity
`
`initiating a transaction:
`
`After approving the transaction, the computer 20 creates a
`record of the transaction . . . that includes data representative of the
`date of the transaction, the time of the transaction, the party initiating
`the transaction, the item, a party associated with the item, and a
`charge amount for the transaction.
`
`Additionally, the computer 20 can initiate an action to be
`performed based upon the transaction. Examples of actions include,
`but are not limited to, sending an item to the party, preparing an item
`for pick-up by the party, providing a service for the party, accounting
`that a bill has been paid by the party, or sending a receipt to the party.
`
`Ex. 1131, Reber at 5:33-44; Ex. 2108, Jakobsson at ¶39. For example, as disclosed
`
`above, computer 20 must have the consumer/entity’s name and address in order to
`
`send them an item. Ex. 2108, Jakobsson at ¶40. Under Petitioner's own
`
`construction, such information constitutes “account identifying information.” See
`
`Pet. at 16 (according to Petitioner, “the term “account identifying information” as
`
`used in the ’539 patent means “personal information about an entity such as name,
`
`address, or account number”).
`
`15
`
`

`

`Case No. IPR2018-00812
`U.S. Patent No. 8,856,539
`
`In a second embodiment, the authentication computer 64 approves or denies
`
`a transaction between a first party merchant and a second party user based on the
`
`second data element. Ex. 1131, Reber at 5:45-6:40; Ex. 2108, Jakobsson at ¶41.
`
`By contrast to the first embodiment, in the second embodiment the transaction
`
`data’s first data element indicates the first party merchant. Ex. 1131, Reber at
`
`5:48-50; Ex. 2108, Jakobsson at ¶41. And like the first embodiment, Reber’s
`
`second embodiment discloses sending “account identifying information” of the
`
`second party user to the first party merchant, including “a name associated with the
`
`second party,” “an address associated with the second party,” and an “electronic
`
`address associated with the second party.” Ex. 1131, Reber at 6:17-26; Ex. 2108,
`
`Jakobsson at ¶41.
`
`Notably, in neither embodiment does Reber disclose that information used to
`
`authenticate the user at the computer 20 or computer 64 is provided to a third
`
`party. Ex. 2108, Jakobsson at ¶42.
`
`B.
`
`Franklin (Ex. 1132)
`
`Franklin can most accurately be described as a backwards compatible
`
`modification of the credit card payment method, in which static credit card
`
`numbers are replaced by temporary transaction numbers. Ex. 2108, Jakobsson at
`
`¶43. Specifically, Franklin’s invention uses a digital “commerce card” assigned by
`
`an issuing institution to a user in place of a typical credit card. Id.; Ex. 1132,
`
`16
`
`

`

`Case No. IPR2018-00812
`U.S. Patent No. 8,856,539
`
`Franklin at Abstract, 2:8-10. This invention was an improvement over prior art
`
`because of the ease of integration into existing merchant and banking systems. Ex.
`
`1132, Franklin at 1:55-64 (new model “should not usurp these systems, nor require
`
`merchants to change their existing practices”), 1:65-67 (“The inventors have
`
`developed a card-based online commerce system that improves security and
`
`integrates with existing card verification and settlement systems.”); see Ex. 2108,
`
`Jakobsson at ¶43. Thus, a merchant would not have to change its prior practices,
`
`i.e., it continued to submit a customer’s credit card information as it always had,
`
`such as to the issuing bank. Ex. 2108, Jakobsson at ¶43; see Ex. 1132, Franklin at
`
`2:43-46 (“merchant handles the proxy transaction number according to traditional
`
`protocols, including seeking authorization from the issuing institution to honor the
`
`card number.”).
`
`IV. LEVEL OF ORDINARY SKILL IN THE ART
`
`A person of ordinary skill in the art (“POSITA”) relevant to the ’539 patent
`
`at the time of the invention would have a Bachelor of Science degree in electrical
`
`engineering and/or computer science, and three years of work or research
`
`experience in the fields of secure transactions and encryption, or a Master’s degree
`
`in electrical engineering and/or computer science and two years of work or
`
`research experience in related fields. Ex. 2108, Jakobsson Decl., ¶16-20. PO’s
`
`description of the level of ordinary skill in the art is essentially the same as that of
`
`17
`
`

`

`Case No. IPR2018-00812
`U.S. Patent No. 8,856,539
`
`the Petitioner, except that Petitioner’s description requires two years of work or
`
`research experience (as compared to