`
`UNITED STATES PATENT AND TRADEMARK OFFICE
`________________
`
`BEFORE THE PATENT TRIAL AND APPEAL BOARD
`________________
`
`APPLE INC.
`Petitioner,
`
`v.
`
`UNIVERSAL SECURE REGISTRY LLC
`Patent Owner
`________________
`
`Case IPR2018-00812
`U.S. Patent No. 8,856,539
`________________
`
`PATENT OWNER’S PRELIMINARY RESPONSE
`PURSUANT TO 35 U.S.C. § 313 AND 37 C.F.R. § 42.107
`
`
`
`TABLE OF CONTENTS
`
`Case No. IPR2018-00812
`U.S. Patent No. 8,856,539
`
`Page
`
`I.
`II.
`
`IV.
`V.
`
`VI.
`
`INTRODUCTION ........................................................................................... 1
`OVERVIEW OF THE ’539 PATENT ............................................................ 5
`A.
`The ’539 Patent Specification ............................................................... 5
`B.
`The ’539 Patent Claims ....................................................................... 10
`C.
`Prosecution History of the ’539 Patent ............................................... 14
`III. OVERVIEW OF THE ASSERTED PRIOR ART REFERENCES .............. 15
`A.
`Ex. 1131 - Reber .................................................................................. 15
`B.
`Ex. 1132 - Franklin .............................................................................. 18
`LEVEL OF ORDINARY SKILL IN THE ART ........................................... 19
`CLAIM CONSTRUCTION .......................................................................... 19
`A.
`“Third Party” (All Challenged Claims) ............................................... 20
`THE PETITION FAILS TO DEMONSTRATE A REASONABLE
`LIKELIHOOD THAT ANY CLAIM IS INVALID BASED ON
`REBER IN VIEW OF FRANKLIN .............................................................. 22
`A.
`A POSITA Would Not Combine Reber and Franklin ........................ 22
`1.
`Franklin Teaches Away From Reber ........................................ 23
`2.
`Petitioner’s Reasons Why a POSITA Would Combine
`Reber And Franklin Fail ........................................................... 27
`Reber and Franklin Fail to Disclose that a Secure Registry
`Receives a Transaction Request That Includes Time-Varying
`Multicharacter Code and Indication of a Provider From the
`Provider Requesting the Transaction. (Limitations 1[b], 22[a]) ......... 37
`Petitioner Fails To Show Disclosure Of “Secure Data” or
`“Secure Registry” (Limitations Preamble 1, 1[a], 1[d],
`Preamble 22, Preamble 37, 37[a], 37[e], 37[f], Preamble 38,
`38[a], 38[c], 38[e]) .............................................................................. 43
`Petitioner Fails To Show Any Disclosure of Executing A
`Restriction Mechanism to Determine Compliance With Any
`Access Restrictions For The Provider (Limitations 1[d],
`22[c][d], and 37[e]). ............................................................................ 45
`
`B.
`
`C.
`
`D.
`
`i
`
`
`
`Case No. IPR2018-00812
`U.S. Patent No. 8,856,539
`
`E.
`
`Petitioner Fails to Show Disclosure of Account Identifying
`Information is Provided to a Third Party to Enable or Deny the
`Transaction with the Provider Without Providing the Account
`Identifying Information to the Provider (Limitations 1[e], 22[e],
`37[g], and 38[d]). ................................................................................. 50
`VII. CONCLUSION .............................................................................................. 54
`
`ii
`
`
`
`Case No. IPR2018-00812
`U.S. Patent No. 8,856,539
`
`TABLE OF AUTHORITIES
`
`Page
`
`CASES
`Commvault Systems, Inc. v. Realtime Data LLC,
`IPR2017-02006 (P.T.A.B. March 29, 2018) .................................................53
`Cuozzo Speed Techs., LLC v. Lee,
`136 S. Ct. 2131 (2016) ...................................................................................19
`Merck & Co., Inc. v. Teva Pharm. USA, Inc.,
`395 F.3d 1364 (Fed.Cir.2005) .......................................................................21
`Polaris Industries, Inc. v. Arctic Cat, Inc.,
`882 F.3d 1056 (Fed. Cir. 2018) .....................................................................23
`Santarus, Inc. v. Par Pharmaceutical, Inc.,
`694 F.3d 1344 (Fed. Cir. 2012) .....................................................................23
`Stryker Corp. v. Karl Storz Endoscopy America, Inc.,
`IPR2015-00764 (P.T.A.B. Sept. 2, 2015) ......................................................36
`TRW Automotive U.S. LLC v. Magna Electronics, Inc.,
`IPR2015-00972 (P.T.A.B. Sept. 16, 2015)....................................................35
`10x Genomics, Inc. v. Bio-Rad Labs., Inc.,
`IPR2018-00302 (P.T.A.B. June 15, 2018) .................................................... 36
`
`STATUTES
`35 U.S.C. § 103 .......................................................................................................... 1
`RULES AND REGULATIONS
`37 C.F.R. § 42.100(b) ..............................................................................................19
`37 C.F.R. § 42.24 .....................................................................................................55
`
`iii
`
`
`
`Case No. IPR2018-00812
`U.S. Patent No. 8,856,539
`
`EXHIBIT TABLE
`
`Exhibit #
`2101
`
`Description
`Declaration of Markus Jakobsson
`in Support of Patent Owner’s Preliminary Response
`
`2102
`
`Curriculum Vitae of Markus Jakobsson
`
`iv
`
`
`
`Case No. IPR2018-00812
`U.S. Patent No. 8,856,539
`
`I.
`
`INTRODUCTION
`
`The present petition (Paper 3, IPR2018-00812, hereinafter “Petition”) is one
`
`of three petitions filed by Apple Inc. (hereinafter “Petitioner”) challenging various
`
`claims of U.S. Patent No. 8,856,539 (hereinafter “’539 patent”). See also
`
`IPR2018-00811, CBM2018-00023. The Petition requests inter partes review of
`
`the ’539 patent and relies upon two references in its attempt to invalidate the
`
`challenged claims. See Petition at 19. Specifically, the Petition asserts that claims
`
`1-3, 5-8, 16-24, 26-30, and 37-38 (“Challenged Claims”) are obvious in view of
`
`U.S. Patent No. 5,930,767 (Ex. 1131, “Reber”) and U.S. Patent No. 6,000,832 (Ex.
`
`1132, “Franklin”) under 35 U.S.C. § 103. Id. at 6, 19. Patent Owner strongly
`
`disagrees and submits this Preliminary Response to the Petition requesting the
`
`Board deny institution of inter partes review.
`
`The ’539 patent issued on October 7, 2014 from U.S. application No.
`
`11/768,729 filed on June 26, 2007. It was subject to a thorough and rigorous
`
`examination by Examiners Beemnet Dada and Thomas Gyorfi that lasted over four
`
`years and included seven substantive office actions. See Exs. 1105-1125. During
`
`prosecution, the Applicant and the Examiners discussed the application and prior
`
`art in detail, both through paper submissions and telephonic interviews. See Exs.
`
`1105-1124. Ultimately, Examiner Gyorfi allowed the claims of the ’539 patent
`
`1
`
`
`
`Case No. IPR2018-00812
`U.S. Patent No. 8,856,539
`
`(Ex. 1125 at 5; Ex. 1128 at 5.) over a large body of cited prior art. See Ex. 1101 at
`
`1-3.
`
`The Board should not institute inter partes review of the ’539 patent because
`
`the Petition fails to demonstrate that there is a reasonable likelihood that at least
`
`one of the claims challenged in the Petition is unpatentable. Notwithstanding
`
`deficiencies in the Petition that are unique to the dependent claims, the Petition
`
`fails to show that each and every claim limitation found in independent claims 1,
`
`22, 37, and 38 is disclosed by Reber and Franklin.
`
`First, Petitioner’s sole ground asserts the Challenged Claims are obvious in
`
`view of Reber and Franklin. However, Petitioner has failed to show a person of
`
`ordinary skill in the art at the time of the invention (“POSITA”) would combine
`
`these references. While the Petitioner asserts otherwise, the references are not in
`
`the same field, do not address the same problem and do not have the same
`
`structure. Indeed, Franklin teaches away from Reber. Moreover, combining Reber
`
`and Franklin would not involve known methods to yield predictable results.
`
`Second, Petitioner fails to show that Reber and/or Franklin discloses a
`
`“[secure registry system] processor configured to receive a transaction request
`
`including at least the time-varying multicharacter code for the entity on whose
`
`behalf a transaction is to be performed and an indication of the provider
`
`2
`
`
`
`Case No. IPR2018-00812
`U.S. Patent No. 8,856,539
`
`requesting the transaction.” (Limitations 1[b], 22[a].)1 In Reber, the individual
`
`user (not a provider) transmits “transaction data” to a computer 20 that stores data
`
`used to authenticate the user and approve the transaction. Even if Reber’s
`
`transaction data is assumed to be a transaction request, then Reber at best shows
`
`that a transaction request is received at its transaction-approving/denying computer
`
`20 from a user and not a provider as pending claims 1 and 22 specify.
`
`Third, Petitioner fails to show disclosure of “secure data” or “secure
`
`registry.” (Limitations Preamble 1, 1[a], 1[d], Preamble 22, Preamble 37, 37[a],
`
`37[e], 37[f], Preamble 38, 38[a], 38[c], 38[e].) For example, the Petition admits
`
`that Reber does not explicitly disclose that its database is secure or that it has a
`
`mechanism in place to secure the data stored therein. See Petition at 20-21.
`
`Furthermore, its argument that a POSITA would have understood that Reber’s
`
`database must be inherently secure lacks support and is merely conclusory.
`
`Similarly, to the extent that the Petitioner argues that Reber’s deficiency as to this
`
`limitation is supplied by Franklin, the Petition provides no arguments or evidence
`
`as to how or why a POSITA would combine any alleged teaching of security found
`
`in Franklin (Petition cites Ex. 1132, Franklin at 4:39-44 and 11:39-49) with Reber.
`
`1 This Response adopts the limitation numbering format (e.g., “limitation
`
`1[a]) used by Petitioner in the Petition.
`
`3
`
`
`
`Case No. IPR2018-00812
`U.S. Patent No. 8,856,539
`
`Since “secure data” and “secure registry” are both found in all of the independent
`
`claims, Petitioner’s failure to adequately provide evidence that rectifies Reber’s
`
`admitted failure to explicitly disclose a “secure” database and “secure” data is
`
`reason alone to deny institution of the Petition.
`
`Fourth, Petitioner fails to show that Reber and/or Franklin disclose
`
`“execut[ing] a restriction mechanism to determine compliance with any access
`
`restrictions for the provider” to secure data for completing a transaction.
`
`(Limitations 1[d], 22[c][d], and 37[e].) The Petition admits that Reber fails to
`
`expressly disclose these claim limitations but that Franklin does teach these
`
`limitations because it discusses how the acquiring bank verifies that the merchant
`
`is valid. Petition at 37. However, even if this is assumed to be true, merchant
`
`validation by an acquiring bank is not the same thing as allowing access to data
`
`stored at the database after a restriction mechanism is executed at the secure
`
`registry to determine provider compliance with access restrictions. Thus,
`
`Petitioner fails to establish that Franklin makes up for the deficiencies of Reber.
`
`Fifth, Petitioner fails to show that Reber and/or Franklin disclose that
`
`“account identifying information is provided to a third party to enable or deny the
`
`transaction with the provider without providing the account identifying information
`
`to the provider” (Limitations 1[e], 22[e], 37[g], and 38[d]). In both Reber and
`
`Franklin the alleged account identifying information remains internal to the alleged
`
`4
`
`
`
`Case No. IPR2018-00812
`U.S. Patent No. 8,856,539
`
`secure registry and is never send out from the secure registry to a third party.
`
`Since this claim limitation is found in all of the independent claims, Petitioner’s
`
`failure to establish that the cited art teaches this limitation is fatal.
`
`II. OVERVIEW OF THE ’539 PATENT
`
`A.
`
`The ’539 Patent Specification
`
`The ’539 patent provides a unique and highly secure anonymous
`
`identification system that uses a time-varying multicharacter code for both
`
`verifying the identity of an entity and also enabling transactions between the entity
`
`and a provider without requiring the entity to share personal or otherwise sensitive
`
`information with the provider. See Ex. 1101 at 3:5-27; Ex. 2101, Jakobsson at ¶26.
`
`As one non-exclusive example, the system, referred to as a Universal Secure
`
`Registry (USR) system, allows a person to purchase goods from a brick and mortar
`
`or online merchant without publicly providing credit card information to the
`
`merchant for fear that the credit card information may be stolen or used
`
`fraudulently. See Ex. 1101 at 3:44-54; Ex. 2101, Jakobsson at ¶26. As another
`
`example, the USR system may be used by a patient to supply “insurance data,
`
`medical history data, and other appropriate medical information to a medical
`
`provider, once that medical provider has been established as an authorized
`
`recipient [of such data].” See Ex. 1101 at 3:55-60; Ex. 2101, Jakobsson at ¶26.
`
`5
`
`
`
`Case No. IPR2018-00812
`U.S. Patent No. 8,856,539
`
`Other non-financial applications are also described such as, but not limited to,
`
`using the USR system to provide job application information to select potential
`
`employers authorized by the job applicant. See Ex. 1101 at 10:58-66; Ex. 2101,
`
`Jakobsson at ¶26.
`
`FIG. 1 depicts one possible embodiment of the USR system:
`
`The USR system’s main unit 12, which may be connected to a wide area network,
`
`6
`
`
`
`Case No. IPR2018-00812
`U.S. Patent No. 8,856,539
`
`includes a database 24 that stores data entries 30 related to different people or
`
`entities. Ex. 1101 at 7:11-13; 7:40-41; Ex. 2101, Jakobsson at ¶28. Each entry 30
`
`may contain different types of information such as, but not limited to, validation
`
`information, access
`
`information, publicly available
`
`information, address
`
`information, credit card information, medical information, job application
`
`information, and/or tax information. Ex. 1101 at 7:57-63; Ex. 2101, Jakobsson at
`
`¶28. “The validation information [32] is information about the user of the database
`
`to whom the data pertains and is to be used by the USR software 18 to validate that
`
`the person attempting to access the information is the person to whom the data
`
`pertains or is otherwise authorized to receive it.” Ex. 1101 at 8:10-14; Ex. 2101,
`
`Jakobsson at ¶28. In particular, the validation information 32 contains information
`
`that enables the USR software 18 to validate a person that has presented the system
`
`with a one-time nonpredictable code uniquely associated with the user. See Ex.
`
`1101 at 8:17-35; Ex. 2101, Jakobsson at ¶28. The access information 34 allows
`
`“different levels of security to attach to different types of information stored in the
`
`entry 30” so that the user can specify which particular individuals or companies
`
`can have access to what specific data such as credit card numbers, medical
`
`information, and tax information. See Ex. 1101 at 8:62-9:11; Ex. 2101, Jakobsson
`
`at ¶28.
`
`FIG. 8 depicts one possible embodiment of using the USR system “to
`
`7
`
`
`
`Case No. IPR2018-00812
`U.S. Patent No. 8,856,539
`
`purchase goods or services from a merchant without revealing to the merchant
`
`account information relating to the person’s bank or credit card.” Ex. 1101 at
`
`9:46-50; Ex. 2101, Jakobsson at ¶29.
`
`8
`
`
`
`Case No. IPR2018-00812
`U.S. Patent No. 8,856,539
`
`A user desiring to make a purchase at a merchant without providing their financial
`
`information, such as a credit or debit card number, may enter a secret code into
`
`their electronic ID device (any type of electronic device that may be used to obtain
`
`access to the USR database (Ex. 1101 at 8:45-47)), which generates a one-time
`
`nonpredictable code that is provided to the merchant. Id. at 12:21-24; Ex. 2101,
`
`Jakobsson at ¶30. The merchant in turn may transmit the one-time nonpredictable
`
`code, a store number, and a purchase amount to the USR. Ex. 1101 at 12:24-26;
`
`Ex. 2101, Jakobsson at ¶30. The USR may then determine whether the code
`
`received is valid, and if valid, accesses from the USR database the user’s actual
`
`credit card information. Ex. 1101 at 12:27-29; Ex. 2101, Jakobsson at ¶30. The
`
`USR next transmits to the credit card company the credit card number, the store
`
`number, and the purchase amount. Ex. 1101 at 12:29-31; Ex. 2101, Jakobsson at
`
`¶30. The credit card company then processes the transaction, such as by checking
`
`the credit worthiness of the person, and either declines the card or debits the user’s
`
`account and transfers money to the merchant’s account. Ex. 1101 at 12:40-43; Ex.
`
`2101, Jakobsson at ¶30. The credit card company notifies the USR the transaction
`
`result and the USR may in turn notify the merchant. Ex. 1101 at 12:43-46; Ex.
`
`2101, Jakobsson at ¶30.
`
`Hence, the USR system provides a secure anonymous identification system
`
`that uses a time-varying multicharacter code for both verifying the identity of an
`
`9
`
`
`
`Case No. IPR2018-00812
`U.S. Patent No. 8,856,539
`
`entity and also enabling transactions between the entity and a provider, such as a
`
`merchant, without requiring the entity to share personal or otherwise sensitive
`
`information with the provider. Ex. 2101, Jakobsson at ¶31. In one case, this
`
`allows a user to purchase goods or services from a merchant without providing the
`
`merchant the user’s credit card number. Id. Advantageously, the USR system also
`
`allows such secure transactions to be transparent to the credit card company and
`
`thus requires no or minimal cooperation from the credit card company to
`
`implement. Id. As another example, a user may obtain medical treatment from a
`
`medical care provider without having to directly supply the medical care provider
`
`her medical history, which may not be with the patient herself. Id.
`
`B.
`
`The ’539 Patent Claims
`
`The ’539 patent includes 38 claims, of which claims 1, 22, 37, and 38 are
`
`independent. The four independent claims of the ’539 patent are reproduced
`
`below:
`
`A secure registry system for providing information to a
`1.
`provider to enable transactions between the provider and entities with secure
`data stored in the secure registry system, the secure registry system
`comprising:
`a database including secure data for each entity, wherein each entity is
`associated with a time-varying multicharacter code for each entity having
`secure data in the secure registry system, respectively, each time-varying
`
`10
`
`
`
`Case No. IPR2018-00812
`U.S. Patent No. 8,856,539
`
`multicharacter code representing an identity of one of the respective entities;
`and
`
`a processor configured to receive a transaction request including at
`least the time-varying multicharacter code for the entity on whose behalf a
`transaction is to be performed and an indication of the provider requesting
`the transaction, to map the time-varying multicharacter code to the identity
`of the entity using the time-varying multicharacter code, to execute a
`restriction mechanism to determine compliance with any access restrictions
`for the provider to secure data of the entity for completing the transaction
`based at least in part on the indication of the provider and the time-varying
`multicharacter code of the transaction request, and to allow or not allow
`access to the secure data associated with the entity including information
`required to enable the transaction based on the determined compliance with
`any access restrictions for the provider, the information including account
`identifying information, wherein the account identifying information is not
`provided to the provider and the account identifying information is provided
`to a third party to enable or deny the transaction with the provider without
`providing the account identifying information to the provider.
`
`Ex. 1101 at 18:29-60.
`
`22. A method for providing information to a provider to enable
`transactions between the provider and entities who have secure data stored in
`a secure registry in which each entity is identified by a time-varying
`multicharacter code, the method comprising:
`receiving a transaction request including at least the time-varying
`multicharacter code for an entity on whose behalf a transaction is to take
`place and an indication of the provider requesting the transaction;
`
`11
`
`
`
`Case No. IPR2018-00812
`U.S. Patent No. 8,856,539
`
`mapping the time-varying multicharacter code to an identity of the
`entity using the time-varying multicharacter code;
`determining compliance with any access restrictions for the provider
`to secure data of the entity for completing the transaction based at least in
`part on the indication of the provider and the time-varying multicharacter
`code of the transaction request;
`accessing information of the entity required to perform the transaction
`based on the determined compliance with any access restrictions for the
`provider, the information including account identifying information;
`providing the account identifying information to a third party without
`providing the account identifying information to the provider to enable or
`deny the transaction; and
`enabling or denying the provider to perform the transaction without
`the provider's knowledge of the account identifying information.
`
`Id. at 20:4-31.
`
`37. A secure registry system for providing information to a
`provider to enable transactions between the provider and entities with secure
`data stored in the secure registry system, the secure registry system
`comprising:
`a database including secure data for each entity, wherein each entity is
`associated with a time-varying multicharacter code for each entity having
`secure data in the secure registry system, respectively, each time-varying
`multicharacter code representing an identity of one of the respective entities,
`wherein the database is configured to permit or deny access to information
`on the respective entity using the time-varying multicharacter code; and
`
`12
`
`
`
`Case No. IPR2018-00812
`U.S. Patent No. 8,856,539
`
`a processor configured to receive the time-varying multicharacter
`code for the entity on whose behalf a transaction is to be performed,
`configured to map the time-varying multicharacter code to the identity of the
`entity to identify the entity, configured to execute a restriction mechanism to
`determine compliance with any access restrictions for the provider to at least
`one portion of secure data for completing the transaction and to store an
`appropriate code with each such portion of secure data, configured to obtain
`from the database the secure data associated with the entity including
`information required to enable the transaction, the information including
`account identifying information, and configured to provide the account
`identifying information to a third party to enable or deny the transaction
`without providing the account identifying information to the provider.
`
`Id. at 21:25-22:13.
`
`38. A secure registry system for providing information to a
`provider to enable transactions between the provider and entities with secure
`data stored in the secure registry system, the secure registry system
`comprising:
`a database including secure data for each entity, wherein each entity is
`associated with a time-varying multicharacter code for each entity having
`secure data in the secure registry system, respectively, each time-varying
`multicharacter code representing an identity of one of the respective entities;
`and
`
`a processor configured to receive the time-varying multicharacter
`code for the entity on whose behalf a transaction is to be performed,
`configured to map the time-varying multicharacter code to the identity of the
`entity without requiring further information to identify the entity, configured
`
`13
`
`
`
`Case No. IPR2018-00812
`U.S. Patent No. 8,856,539
`
`to access from the database secure data associated with the entity including
`information required to enable the transaction, the information including
`account identifying information, and configured to provide the account
`identifying information to a third party to enable or deny the transaction
`without providing the account identifying information to the provider, and
`wherein enabling or denying the transaction without providing account
`identifying information to the provider includes limiting transaction
`information provided by the secure registry system to the provider to
`transaction approval information.
`
`Id. at 22:14-22:40.
`
`C.
`
`Prosecution History of the ’539 Patent
`
`The ’539 patent issued on October 7, 2014 from U.S. Application
`
`No. 11/768,729 (“’729 Application”) filed on June 26, 2007. The ’729 Application
`
`is a continuation application of U.S. Application No. 09/810,703 filed on March
`
`16, 2001, now U.S. Patent No. 7,237,117.
`
`The ’539 patent was subject to a thorough examination by Examiners
`
`Beemnet Dada and Thomas Gyorfi. See Exs. 1105-1125. During prosecution, the
`
`Applicant and the Examiners discussed the application and prior art in detail, both
`
`through paper submissions and telephonic interviews. See Exs. 1105-1124. Claim
`
`amendments were made to further distinguish the invention from the prior art.
`
`Ultimately, Examiner Gyorfi allowed the claims of the ’539 patent (Ex. 1125 at 5;
`
`Ex. 1128 at 5.) over a large body of cited prior art. See Ex. 1101 at 1-3.
`
`14
`
`
`
`Case No. IPR2018-00812
`U.S. Patent No. 8,856,539
`
`III. OVERVIEW OF THE ASSERTED PRIOR ART REFERENCES
`
`Petitioner asserts a single ground for cancellation—35 U.S.C. Section 103.
`
`Petition at 6. Specifically, Petitioner asserts the Challenged Claims are obvious in
`
`view of Reber and Franklin. Petition at 19-71.
`
`A.
`
`Ex. 1131 - Reber
`
`Petitioner’s primary reference (Reber) can most accurately be described as a
`
`personalized version of the bar-code checkout system used in stores, and which
`
`was common at the time of the patent’s filing. Ex. 2101, Jakobsson at ¶33. In
`
`particular, Reber discloses a method and system to authenticate a user “in a
`
`transaction based upon machine readable data read by a data reader at the end
`
`user’s location.” Ex. 1131, Reber at 2:24-26; see Ex. 2101, Jakobsson at ¶33.
`
`Figure 8, reproduced below, is an example of the data reader and the network
`
`access apparatus at the user location (Ex. 1131, Reber).
`
`15
`
`
`
`Case No. IPR2018-00812
`U.S. Patent No. 8,856,539
`
`See Ex. 2101, Jakobsson at ¶33.
`
`As expressly disclosed in Reber, the invention’s improvement over the prior
`
`art was to use a bar code reader rather than existing PIN based systems. Ex. 1101
`
`at 1:48-56 (drawback of prior art’s substitution of PIN for a credit card number
`
`was user having to remember multiple PINs, and PIN can be intercepted), 2:29-31
`
`(time varying bar code for authentication reduces likelihood of interception),
`
`11:23-32 (bar codes relieve user of recalling PIN); see Ex. 2101, Jakobsson at ¶34.
`
`This feature is so critical to Reber that every independent claim in Reber requires
`
`that both entities to a transaction utilize bar codes. See, e.g., Ex. 1131, Reber at Cl.
`
`1 (“first data element read by a bar code reader . . . indicating a first party of a
`
`16
`
`
`
`Case No. IPR2018-00812
`U.S. Patent No. 8,856,539
`
`transaction,” “second data element read from the member by the bar code reader . .
`
`. indicating a second party to the transaction”); see also Ex. 2101, Jakobsson at
`
`¶34.
`
`In a first embodiment, Reber transmits first and second data elements
`
`(“transaction data”) to a local authentication computer 20 or a remote
`
`authentication computer 64 that approves or disapproves the transaction by
`
`comparing the second data element (i.e., the purchaser’s identity) to entries in its
`
`database to determine the authenticity of the transacting party. See Ex. 1131,
`
`Reber at 4:63-5:27; Ex. 2101, Jakobsson at ¶35. In the first embodiment, the
`
`transaction data’s first data element indicates the item being purchased. Ex. 1131,
`
`Reber at 2:58-59. “After approving the transaction, the computer 20 creates a
`
`record of the transaction . . . that includes data representative of the date of the
`
`transaction, the time of the transaction, the party initiating the transaction, the item,
`
`a party associated with the item, and a charge amount for the transaction.” Ex.
`
`1131, Reber at 5:33-38; Ex. 2101, Jakobsson at ¶35.
`
`In a second embodiment, the authentication computer 64 approves or denies
`
`a transaction between a first party merchant and a second party user based on the
`
`second data element. Ex. 1131, Reber at 5:45-6:40; Ex. 2101, Jakobsson at ¶36.
`
`By contrast to the first embodiment, in the second embodiment the transaction
`
`data’s first data element indicates the first party merchant. Ex. 1131, Reber at
`
`17
`
`
`
`Case No. IPR2018-00812
`U.S. Patent No. 8,856,539
`
`5:48-50; Ex. 2101, Jakobsson at ¶36. Notably, in neither embodiment does Reber
`
`disclose that information used to authenticate the user at the computer 20 or
`
`computer 64 is provided to a third party. Ex. 2101, Jakobsson at ¶36.
`
`B.
`
`Ex. 1132 - Franklin
`
`Franklin can most accurately be described as a backwards compatible
`
`modification of the credit card payment method, in which static credit card
`
`numbers are replaced by time-varying credit card numbers. Ex. 2101, Jakobsson at
`
`¶37. Specifically, Franklin’s invention uses a digital “commerce card” assigned by
`
`an issuing institution to a user in place of a typical credit card. Id.; Ex. 1132,
`
`Franklin at Abstract, 2:8-10. This invention was an improvement over prior art
`
`because of the ease of integration into existing merchant and banking systems. Ex.
`
`1132, Franklin at 1:55-64 (new model “should not usurp these systems, nor require
`
`merchants to change their existing practices”), 1:65-67 (“The inventors have
`
`developed a card-based online commerce system that improves security and
`
`integrates with existing card verification and settlement systems.”); see Ex. 2101,
`
`Jakobsson at ¶37. Thus, a merchant would not have to change its prior practices,
`
`i.e., it continued to submit a customer’s credit card information as it always had,
`
`such as to the issuing bank. Ex. 2101, Jakobsson at ¶37; see Ex. 1132, Franklin at
`
`2:43-46 (“merchant handles the proxy transaction number according to traditional
`
`18
`
`
`
`protocols, including seeking authorization from the issuing institution to honor the
`
`card number.”).
`
`Case No. IPR2018-00812
`U.S. Patent No. 8,856,539
`
`IV. LEVEL OF ORDINARY SKILL IN THE ART
`
`A person of ordinary skill in the art (“POSITA”) relevant to the ’539 patent
`
`at the time of the invention would have a Bachelor of Science degree in electrical
`
`engineering and/or computer science, and three years of work or research
`
`experience in the fields of secure transactions and encryption, or a Master’s degree
`
`in electrical engineering and/or computer science and two years of work or
`
`research experience in related fields. Ex. 2101, Jakobsson at ¶17. Patent Owner’s
`
`description of the level of ordinary skill in the art is essentially the same as that of
`
`the Petitioner, except that Petitioner’s description requires two years of work or
`
`research experience (as compared to three years). See Petition at 10; Ex. 2101,
`
`Jakobsson at ¶18. The positions set forth in this preliminary response would be the
`
`same under either parties’ proposal. Id.
`
`V.
`
`CLAIM CONSTRUCTION
`
`Claim terms in an IPR are given their broadest reasonable interpretation
`
`(“BRI”) in view of the specification in which they appear. 37 C.F.R. § 42.100(b);
`
`see also Cuozzo Speed Techs., LLC v. Lee, 136 S. Ct. 2131, 2142 (2016).
`
`19
`
`
`
`Case No. IPR2018-00812
`U.S. Patent No. 8,856,539
`
`Petitioner identifies six terms that purportedly require construction. Petition
`
`at 12-16. Patent Owner contends construction of these terms is not necessary to
`
`resolve the matters raised by this Preliminary Response. Moreover, Patent Owner
`
`submits that its silence as to the constructions provided by the Petition should not
`
`be construed as an acceptance of these constructions by Patent Owner, and as such
`
`Patent Owner reserves the right to later dispute these constructions and to offer its
`
`own constructions to these or other terms if ever so desired.
`
`Notwithstanding the fact that Patent Owner believes that the six terms
`
`identified by the Petition do not need construction, Patent Owner contends that the
`
`term “third party,” which Petitioner does not proffer