`
`BEFORE THE PATENT TRIAL AND APPEAL BOARD
`
`APPLE INC.,
`Petitioner,
`v.
`UNIVERSAL SECURE REGISTRY, LLC,
`Patent Owner.
`_________________________________________
`Case IPR2018-00812
`U.S. Patent No. 8,856,539
`________________________________________
`
`PETITIONER APPLE INC.’S SUR-REPLY TO PATENT OWNER’S
`REPLY TO THE OPPOSITION TO THE CONDITIONAL MOTION TO
`AMEND
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`U.S. Patent No. 8,856,539
`Petitioner’s Sur-Reply to PO’s Reply to Opposition to CMTA
`
`
`
`
`Contents
`
`INTRODUCTION .................................................................................................................. 1
`I.
`II. ARGUMENT .......................................................................................................................... 1
`Reber And Franklin Render Obvious A “Transaction Request” Received “From The
`A.
`Provider” (Substitute Claims 39[b], 44[a], 47[b]). ..................................................................... 1
`Reber And Franklin Render Obvious “Extracting” A “Time Value” (Substitute Claims
`B.
`39[c] And 46[b]). ........................................................................................................................ 4
`Reber And Franklin Render Obvious Validating An Identity Of The Provider And
`C.
`Executing A Restriction Mechanism (Substitute Claims 39[e]-[f] And 44[d]-[e]). ................... 6
`Reber, Franklin, And Schutzer Render Obvious Using A “Public ID Code” (Substitute
`D.
`Claims 47[f]-[g]). ........................................................................................................................ 7
`PO Fails To Overcome Petitioner’s Showing That Substitute Limitations 39[h], 44[b],
`E.
`And 47[c] Do Not Satisfy § 112. ................................................................................................ 9
`F. PO Fails To Overcome Petitioner’s Showing That The Substitute Claims Are Patent
`Ineligible Under § 101. ............................................................................................................. 10
`G.
`Patent Owner Has Not Satisfied Its Duty Of Candor. .................................................... 10
`H.
`PO Fails To Rebut Petitioner’s Showing Of Estoppel. .................................................. 11
`III. CONCLUSION .................................................................................................................. 12
`CERTIFICATE OF SERVICE ................................................................................................. 13
`
`
`
`
`
`ii
`
`
`
`U.S. Patent No. 8,856,539
`Petitioner’s Sur-Reply to PO’s Reply to Opposition to CMTA
`
`INTRODUCTION
`Patent Owner’s (“PO”) Reply fails to rebut Petitioner’s showing that the
`
`I.
`
`substitute claims are obvious over the prior art of record, are not drawn to patent
`
`eligible subject matter, and are indefinite. Nor does PO plausibly explain its lack
`
`of candor in offering amendments that reintroduce financial elements that PO
`
`previously disclaimed to avoid CBM Review. The Board should deny PO’s
`
`CMTA.
`
`II. ARGUMENT
`A. Reber And Franklin Render Obvious A “Transaction Request”
`Received “From The Provider” (Substitute Claims 39[b], 44[a], 47[b]).
`In its reply brief, PO concedes that Reber transmits a transaction request
`
`from computer 20 [provider] to computer 64 [secure registry]. CMTA Reply at 5
`
`(discussing “Reber’s first message transmitted from computer 20 to computer
`
`64…” (emphasis added)); see also Ex-1131, Reber, 5:17-19, 5:45-59. Reber
`
`teaches that the transaction data includes a first data element comprising
`
`information about the merchant/provider [indication of the provider] and a
`
`second data element containing a time-varying code [time-varying
`
`multicharacter code] that can be used to authenticate the entity’s identity before
`
`directing a third party to transfer funds. Ex-1131, Reber, 5:48-55, 6:25-29.
`
`Accordingly, there is no dispute that PO’s proposed amendment — requiring the
`
`“transaction request” be sent “from the provider” — is expressly taught by Reber.
`
`
`
`1
`
`
`
`U.S. Patent No. 8,856,539
`Petitioner’s Sur-Reply to PO’s Reply to Opposition to CMTA
`
`Unable to deny that Reber contains this disclosure, PO instead repeats its
`
`argument that Reber does not disclose a single embodiment in which the
`
`transaction request includes an indication of the provider and a time-varying code.
`
`CMTA Reply at 5-6; see also POPR at 40-42; POR at 61-62. But the Board
`
`already considered and rejected that argument in the Institution Decision in finding
`
`that Reber disclosed two alternative versions of the same transaction method that
`
`did not need to be explicitly “combined.” DI at 12-13; see also Ex-1131, Reber,
`
`5:45-48. Petitioner, too, has addressed this argument in its Petition and Reply to
`
`the POR, and cited to those portions of the record in its CMTA Opposition.1
`
`
`1 PO’s contention that the citations in Petitioner’s CMTA Opposition are
`
`“incorporations by reference” (CMTA Reply at 3-4) is incorrect. Petitioner’s
`
`CMTA Opposition, although focused on the specific limitations at issue, explained
`
`that a POSITA would have been motivated to combine the cited portions of Reber
`
`to arrive at the ’539 claims and referenced other portions of the record where the
`
`issue is treated in more detail. CMTA Opp. at 4-6. Merely citing to other
`
`documents does not violate 37 C.F.R. §42.6(a)(3). Unlike Cisco Systems and
`
`DeSilva cited by PO, in which the parties cited dozens of pages of declarations and
`
`charts in place of substantive argument, Apple merely cited to pages of its Petition
`
`and Reply brief describing the motivation to combine Reber and Franklin, on
`
`
`
`2
`
`
`
`U.S. Patent No. 8,856,539
`Petitioner’s Sur-Reply to PO’s Reply to Opposition to CMTA
`
`Specifically, Petitioner has explained that a POSITA would have found it obvious
`
`to combine Reber’s “alternative” transaction methods in view of (1) Franklin’s
`
`express disclosure of merchant validation prior to a transaction (Ex-1132, Franklin,
`
`11:33-49), and (2) Reber’s own teachings about preventing unauthorized
`
`interception of data (e.g., by an unauthorized merchant). Ex-1131, Reber, 2:29-31,
`
`6:17-28; see also Ex-1135, Shoup-Decl., ¶47; POR Reply at 21-24.
`
`PO’s remaining argument – that it would not have been obvious to conduct
`
`merchant validation at the secure registry (CMTA Reply at 5-6) – is premised on
`
`the unrealistic notion that a POSITA would only have thought to perform merchant
`
`validation at the acquiring bank, not at the secure registry. But Franklin’s
`
`teachings about the importance of working with a valid merchant (Ex-1132,
`
`Franklin, 11:33-49), as well as its broad view of what entities can perform the
`
`functions of the “bank” (id. at 4:3-9, 4:19-21), would have motivated a POSITA to
`
`conduct merchant validation at the secure registry before involving a bank. See
`
`Ex-1102, Shoup-Decl., ¶¶113-114; Ex-1135, Shoup-Decl., ¶¶21, 23. Indeed,
`
`because the secure registry and the banks all have a common interest in preventing
`
`fraud, it would have been obvious for any of or all those parties to take steps to
`
`
`which the Board will rule in its Final Written Decision. Cisco Systems, Inc. v. C-
`
`Cation Techs., LLC, IPR2014-00454, Paper 12 at 8-9 (PTAB, Aug. 29, 2014).
`
`
`
`
`
`3
`
`
`
`U.S. Patent No. 8,856,539
`Petitioner’s Sur-Reply to PO’s Reply to Opposition to CMTA
`
`ensure that the transacting merchant was trustworthy. Ex-1102, Shoup-Decl.,
`
`¶¶163-165; Ex-1135, Shoup-Decl., ¶¶21, 23. And regardless of what entity
`
`performs the merchant validation, the transaction request would still need to
`
`include an indication of the provider so that the merchant could be verified (which
`
`is all that the substitute claim language requires). Ex-1102, Shoup-Decl., ¶¶106,
`
`113-114. Accordingly, substitute claims 39[b], 44[a], and 47[b] would have been
`
`obvious.
`
`B. Reber And Franklin Render Obvious “Extracting” A “Time
`Value” (Substitute Claims 39[c] And 46[b]).
`Reber alone or in view of Franklin discloses that a time value can be
`
`“extracted” from the received transaction request. For instance, a POSITA would
`
`have understood that the “data representative of … the time of the transaction”
`
`included in Reber’s “transaction records” could have been generated based on time
`
`data that was extracted from a transaction request. Ex-1136, Shoup-Decl., ¶24; see
`
`also Ex-1131, Reber, 5:33-38. Indeed, Reber’s transaction record includes other
`
`data (i.e., transacting party and item information) that is extracted from the
`
`transaction request for use in generating the record. Ex-1136, Shoup-Decl., ¶24;
`
`Ex-1131, Reber, 5:33-38. PO does not challenge Dr. Shoup’s testimony that this
`
`implementation would have been obvious (Ex-1136, Shoup-Decl., ¶24), but rather
`
`only argues that a different implementation was also possible. CMTA Reply at 7.
`
`Accordingly, Reber alone renders this limitation obvious.
`4
`
`
`
`
`
`U.S. Patent No. 8,856,539
`Petitioner’s Sur-Reply to PO’s Reply to Opposition to CMTA
`
`But even if the claimed “extraction” would not have been obvious over
`
`Reber alone, PO admits that Franklin teaches receiving “the transaction date and
`
`time as part of transaction-specific data that the merchant provides to it along with
`
`the transaction number having the embedded MAC value.” CMTA Reply at 9; see
`
`also id. at 10 (“‘The authorization request contains [1] the transaction number and
`
`[2] the transaction-specific data,’ where the latter includes the time data.”).2 This
`
`received time value must be “representative of when the time-varying
`
`multicharacter code was generated” because it is subsequently used to generate a
`
`test MAC that is compared to a received MAC as part of the verification process.
`
`Ex-1132, Franklin, 12:11-26; Ex-1136, Shoup-Decl., ¶¶23, 25. For a POSITA
`
`designing a system in view of Reber and Franklin, the need to generate an identical
`
`MAC value for comparison and validation (as described in Franklin) and a
`
`transaction record with time information (as disclosed in Reber) would have
`
`supplied the necessary motivation (and expectation of success) to include a time
`
`value in the transaction request for extraction. Ex-1136, Shoup-Decl., ¶¶25-26.
`
`
`2 PO’s arguments that it would have been impossible to extract the transaction date
`
`and time from the received MAC (CMTA Reply at 9-10) are irrelevant, since PO
`
`admits that Franklin teaches a separate time information value, included in the
`
`transaction request, that can be extracted and used to generate a test MAC.
`
`
`
`5
`
`
`
`U.S. Patent No. 8,856,539
`Petitioner’s Sur-Reply to PO’s Reply to Opposition to CMTA
`
`Accordingly, substitute claims 39[c] and 46[b] would have been obvious.
`
`C. Reber And Franklin Render Obvious Validating An Identity Of
`The Provider And Executing A Restriction Mechanism (Substitute
`Claims 39[e]-[f] And 44[d]-[e]).
`Reber and Franklin teach transaction methods wherein a merchant is first
`
`validated and then is granted access to data subject to any existing restrictions. In
`
`particular, and as discussed above, Reber and Franklin teach that the transaction
`
`request should contain information sufficient to identify and validate the merchant
`
`involved in a transaction in order to prevent fraud. Ex-1131, Reber, 1:46-49, 2:29-
`
`32; Ex-1132, Franklin, 1:48-54, 11:38-47; Ex-1136, Shoup-Decl., ¶29.
`
`In addition to ensuring that the merchant is trustworthy, both references also
`
`teach that the secure registry should ensure that a specific merchant is entitled to
`
`access the sensitive data that is being requested. Ex-1136, Shoup-Decl., ¶29. This
`
`determination of “compliance with access restrictions” is performed using the
`
`time-varying multicharacter code in view of the merchant validation. For instance,
`
`Reber explains that computer 64 [secure registry] compares the received second
`
`data element [time-varying multicharacter code] to “entries in a database
`
`associated with the computer 64 and either accepts or rejects” the request for
`
`authorization and transmits an acceptance to the computer 20 [provider]. Ex-
`
`1131, Reber, 5:18-22. In so doing, Reber discloses not only validating the
`
`merchant, but also determining that the merchant is entitled to access the data
`
`
`
`6
`
`
`
`U.S. Patent No. 8,856,539
`Petitioner’s Sur-Reply to PO’s Reply to Opposition to CMTA
`
`needed to authorize the transaction [determining compliance with any access
`
`restrictions]. Ex-1136, Shoup-Decl., ¶29. Franklin likewise discloses that once a
`
`merchant is validated, the secure registry also compares the received MAC to a
`
`generated test MAC to ensure that the transacting parties are entitled to access the
`
`data needed to complete the transaction. Id. at ¶25; Ex-1132, Franklin, 12:17-27.
`
`Although neither reference uses the specific term “access restrictions,” it is
`
`clear that if any such “restrictions” were present, the transaction could not go
`
`forward. Ex-1136, Shoup-Decl., ¶29. Reber and Franklin perform both claimed
`
`steps in the same way as embodiments of the ’539 patent, which authorize
`
`financial transactions after determining that a received code is valid without any
`
`separate reference to access restrictions. See, e.g., Ex-1101, ’539 patent, 11:51-65
`
`(discussing Fig. 7), 12:24-34 (discussing Fig. 8), 13:3-14 (discussing Fig. 9),
`
`13:35-57 (discussing Fig. 10). Accordingly, substitute claims 39[e]-[f] and 44[d]-
`
`[e] would have been obvious.
`
`D. Reber, Franklin, And Schutzer Render Obvious Using A “Public
`ID Code” (Substitute Claims 47[f]-[g]).
`Reber and Franklin each describe transmitting a user’s account number from
`
`the secure registry to a third party that can complete a transaction.3 Ex-1131,
`
`
`3 Petitioner has not “propose[d] modifying Reber in view of Schutzer ... to
`
`introduce a third party” as PO suggests. CMTA Reply at 17. Rather, Reber and
`
`
`
`7
`
`
`
`U.S. Patent No. 8,856,539
`Petitioner’s Sur-Reply to PO’s Reply to Opposition to CMTA
`
`Reber, 6:25-29; Ex-1132, Franklin, 3:65-4:9, 4:16-21; Ex-1135, Shoup-Decl.,
`
`¶¶37-39; Ex-1137, Jakobsson-Dep., 432:11-15. To satisfy this claim limitation, a
`
`POSITA would only have needed to look to Schutzer’s teachings concerning
`
`public ID codes. Specifically, Schutzer teaches that where an account number is
`
`transmitted over a network, it should be replaced by an “alternate card number”
`
`[Public ID Code] to prevent unauthorized use. Ex-1130, Schutzer, ¶¶3, 11, 27.
`
`Contrary to PO’s assertion (CMTA Reply at 18-19), Schutzer’s teaching is not
`
`limited to transmissions over public networks or merely a “byproduct” of
`
`preventing the merchant from having access to the real account number. Rather,
`
`Schutzer warns generally about a card number being intercepted during
`
`transmission and of the “degree of risk” associated with transmitting sensitive data
`
`over an encrypted link or even storing it in a database (like the secure registry).
`
`Ex-1130, Schutzer, ¶¶3, 4, 59. Accordingly, Schutzer explains that a public ID
`
`code should be used as a substitute for account numbers even where data is stored
`
`in a database or transmitted over an encrypted link between two banks. Id. at ¶27
`
`(“At S6, the merchant (acquiring) bank’s server 18 … sends the request with the
`
`alternate card number over the card association network 20 to the card issuer’s
`
`
`Franklin each disclose the claimed “third party” apart from any teachings of
`
`Schutzer. See POR Reply at 14-19.
`
`
`
`8
`
`
`
`U.S. Patent No. 8,856,539
`Petitioner’s Sur-Reply to PO’s Reply to Opposition to CMTA
`
`server 14.”); see also id. at ¶19 (“The merchant’s bank sends the anonymous card
`
`number over the card association network …”). As such, a POSITA would have
`
`been motivated to apply Schutzer’s teaching to protect the account number when it
`
`is sent to the third party. Ex-1136, Shoup-Decl., ¶44.
`
`E.
`PO Fails To Overcome Petitioner’s Showing That Substitute
`Limitations 39[h], 44[b], And 47[c] Do Not Satisfy § 112.
`Each of substitute limitations 39[h], 44[b], and 47[c] refers to “a biometric”
`
`that is used to verify “the identity of the entity.” The substitute limitations are
`
`indefinite because they fail to inform those skilled in the art about where and how
`
`this validation is to be performed with reasonable certainty. Although PO contends
`
`that the claim does not limit where or how verification is to be performed (CMTA
`
`Reply at 24), that boundless interpretation is unsupported by the written
`
`description since the specification does not identify the “other” verification
`
`methods that PO claims are within the scope of the substitute claims. Under PO’s
`
`interpretation, a potential infringer would have no basis to understand what types
`
`of prior biometric verification—much less by whom or what, or at what time—
`
`would satisfy the amended limitations. Put differently, the written description
`
`would not enable a person of ordinary skill in the art to make and use the claimed
`
`invention as required by § 112, ¶ 1. Therefore, PO’s proposed scope is
`
`unreasonable, and substitute limitations 39[h], 44[b], and 47[c] are indefinite.
`
`
`
`9
`
`
`
`U.S. Patent No. 8,856,539
`Petitioner’s Sur-Reply to PO’s Reply to Opposition to CMTA
`
`F.
`PO Fails To Overcome Petitioner’s Showing That The Substitute
`Claims Are Patent Ineligible Under § 101.
`The substitute claims are ineligible under § 101 because they are directed to
`
`the abstract idea of verifying an account holder’s identity based on codes and/or
`
`the account holder’s information before enabling a transaction without adding an
`
`inventive concept. CMTA Opp. at 18-25; Ex-1136, Shoup-Decl., ¶¶47-56.
`
`PO’s asserted “technological improvements,” such as a “secure registry,” a
`
`“time-varying multicharacter code,” “biometric information,” a “restriction
`
`mechanism,” and “account identifying information” are all abstract concepts that
`
`one could implement using a pen and paper or perform in their mind. CMTA
`
`Reply at 21-22. That the claims implement these abstract concepts with a generic
`
`“database” or “processor” or in a particular order does not render them any less
`
`abstract. See, e.g., CMTA Opp. at 22-23. PO’s CMTA Reply fails to identify a
`
`single case in which analogous claims were found patent eligible. Therefore, PO
`
`fails to rebut Petitioner’s showing that the substitute claims are patent ineligible.
`
`G.
`Patent Owner Has Not Satisfied Its Duty Of Candor.
`PO’s inconsistent positions warrant denial of its CMTA. Specifically,
`
`during a co-pending CBM proceeding relating to the ’539 patent (CBM2018-
`
`00023), PO argued against institution because the ’539 patent “includes no ...
`
`claim” that “require[s] … finance-related activities.” Apple Inc. v. Universal
`
`Secure Registry, LLC, Case CBM2018-00023 (Paper 9) at 2. PO’s argument was
`
`
`
`10
`
`
`
`U.S. Patent No. 8,856,539
`Petitioner’s Sur-Reply to PO’s Reply to Opposition to CMTA
`
`based on its disclaimer of dependent claims 5-8, 17-20, and 26-30, which
`
`contained limitations directed to financial activity. Id. at 2 n.1. The -0023 CBM
`
`was denied because the board found that the remaining claims did not include a
`
`“financial activity element.” Apple Inc., CBM2018-00023 (Paper 10) at 13.
`
`PO’s CMTA now offers amendments that re-incorporate the disclaimed
`
`financial subject matter and are therefore inconsistent with PO’s prior
`
`representation that the ’539 patent claims did not “require finance-related
`
`activities.” Although PO argues that the specific limitation of its proposed
`
`amendment (“a public ID code that identifies a financial account”) was not part of
`
`any disclaimed claim (CMTA Reply at 1-2), that argument misses the point, since
`
`PO’s violation stems from its reintroduction of CBM-eligible financial subject
`
`matter, not any specific claim language. CMTA Opp. at 3-4. As such, PO’s
`
`failure to identify its inconsistent statement is a violation of its duty of candor.
`
`H.
`PO Fails To Rebut Petitioner’s Showing Of Estoppel.
`Relatedly, PO is estopped from submitting at least substitute claim 47 in
`
`view of its disclaimer, on which the Board and Petitioner relied. CMTA Opp. at 3-
`
`4. In its response, PO argues that has not taken any “inconsistent position” or
`
`derived any “unfair advantage.” CMTA Reply at 2-3. But PO cannot reconcile
`
`that it first argued that the ’539 patent was CBM-ineligible, but has now plainly
`
`reintroduced financial subject matter that would render it CBM-eligible.
`
`
`
`11
`
`
`
`U.S. Patent No. 8,856,539
`Petitioner’s Sur-Reply to PO’s Reply to Opposition to CMTA
`
`Moreover, PO’s argument that Petitioner was not prejudiced overlooks two
`
`key facts. First, the CMTA Reply ignores the dismissal of the -023 CBM, which
`
`was found to be CBM-ineligible due to PO’s disclaimer, thereby prejudicing
`
`Petitioner by preventing institution of its CBM as to all ’539 claims (not just those
`
`that were disclaimed). Second, Petitioner’s opportunity to “raise … arguments …
`
`in its Opposition” is not a “full, fair, and timely consideration” of those arguments.
`
`CMTA Reply at 3. Instead, Petitioner has deprived the Board of an opportunity to
`
`consider Apple’s § 101 challenge (as to all claims) on a full CBM record, rather
`
`than exclusively through the MTA briefing process. PO should therefore be
`
`estopped from pursuing claims it previously abandoned, to Petitioner’s detriment.
`
`III. CONCLUSION
`Because PO fails to rebut Petitioner’s showing that the substitute claims are
`
`unpatentable, Petitioner respectfully requests that the Board deny PO’s CMTA.
`
`July 19, 2019
`
`
`
`
`
`
`
`Respectfully Submitted,
`
`
`
`/Monica Grewal/
`
`Monica Grewal
`Registration No. 40,056
`
`
`
`
`
`12
`
`
`
`U.S. Patent No. 8,856,539
`Petitioner’s Sur-Reply to PO’s Reply to Opposition to CMTA
`
`CERTIFICATE OF SERVICE
`
`I hereby certify that on July 19, 2019, I caused a true and correct copy of
`
`
`
`the foregoing materials:
`
` Petitioner Apple Inc.’s Sur-Reply to Patent Owner’s Reply to the Opposition
`to the Conditional Motion to Amend
`
`
`to be served via electronic mail on the following correspondents of record as listed
`
`in Patent Owner’s Mandatory Notices:
`
`For PATENT OWNER:
`James M. Glass (jimglass@quinnemanuel.com)
`Tigran Guledjian (tigranguledjian@quinnemanuel.com)
`Christopher A. Mathews (chrismathews@quinnemanuel.com)
`Nima Hefazi (nimahefazi@quinnemanuel.com)
`Richard Lowry (richardlowry@quinnemanuel.com)
`Razmig Messerian (razmesserian@quinnemanuel.com)
`Jordan B. Kaericher (jordankaericher@quinnemanuel.com)
`Harold A. Barza (halbarza@quinnemanuel.com)
`Quinn Emanuel USR IPR (qe-usr-ipr@quinnemanuel.com)
`QUINN, EMANUEL, URQUHART & SULLIVAN, LLP
`
`
`
`Date: July 19, 2019
`
`Respectfully Submitted,
`
`
`/Monica Grewal/
`Monica Grewal
`Registration No. 40,056
`
`
`
`13
`
`