UNITED STATES PATENT AND TRADEMARK OFFICE
`________________
`
`BEFORE THE PATENT TRIAL AND APPEAL BOARD
`________________
`
`APPLE INC.
`Petitioner,
`
`v.
`
`UNIVERSAL SECURE REGISTRY LLC
`Patent Owner
`________________
`
`Case IPR2018-00813
`U.S. Patent No. 9,100,826
`________________
`
`PATENT OWNER'S RESPONSE
`PURSUANT TO 37 C.F.R. § 42.120
`
`
`
`
`
`
`
`
`
`Paper No. 18
`
`

`

`TABLE OF CONTENTS
`
`Case No. IPR2018-00809
`U.S. Patent No. 9,530,137
`
`Page
`
`I.
`II.
`
`INTRODUCTION ........................................................................................... 1
`OVERVIEW OF THE ’826 PATENT ............................................................ 8
`A.
`The ’826 Patent Specification ............................................................... 8
`B.
`The ’826 Patent Claims ....................................................................... 11
`C.
`Prosecution History of the ’826 Patent ............................................... 12
`III. OVERVIEW OF THE ASSERTED PRIOR ART ........................................ 12
`A.
`Jakobsson (Ex. 1104) .......................................................................... 12
`B. Maritzen (Ex. 1105) ............................................................................ 13
`C.
`Gullman (Ex. 1106) ............................................................................. 15
`D. Verbauwhede (Ex. 1107) ..................................................................... 16
`IV. LEVEL OF ORDINARY SKILL IN THE ART ........................................... 17
`V.
`CLAIM CONSTRUCTION .......................................................................... 18
`A.
`“Authentication Information” ............................................................. 19
`B.
`“To […] enable or disable use of the first handheld device
`based on a result of the comparison” .................................................. 23
`VI. STANDARD OF REVIEW ........................................................................... 28
`VII. PETITIONER FAILS TO PROVE JAKOBSSON DISCLOSES
`“RETRIEVES OR RECEIVES” SECOND AUTHENTICATION
`INFORMATION (CLAIMS 1-20) ................................................................ 28
`VIII. PETITIONER FAILS TO PROVE CLAIMS 7, 14, 26 AND 34 ARE
`INVALID ....................................................................................................... 31
`A.
`The Petition Fails To Prove Jakobsson In View Of Maritzen
`Disclose Enabling Or Disabling .......................................................... 31
`1.
`The Petition fails to prove Jakobsson Discloses Enabling
`Or Disabling .............................................................................. 32
`The Petition fails to prove Maritzen Discloses Enabling
`Or Disabling .............................................................................. 33
`The Petition fails to prove a POSITA would combine
`Jakobsson with Maritzen ........................................................... 36
`
`2.
`
`3.
`
`
`
`i
`
`

`

`Case No. IPR2018-00809
`U.S. Patent No. 9,530,137
`
`B.
`
`2.
`
`The Petition Fails To Prove A POSITA Would Combine
`Jakobsson With Verbauwhede ............................................................ 44
`1.
`The Petition fails to prove Jakobsson Discloses
`Comparing ................................................................................. 44
`The Petition fails to prove a POSITA would combine
`Jakobsson with Verbauwhede ................................................... 45
`IX. PETITIONER FAILS TO PROVE CLAIMS 8 AND 15 ARE
`INVALID ....................................................................................................... 49
`A.
`The Petition Fails To Prove Gullman Discloses Storage For
`Multiple Distinguishable Users ........................................................... 49
`The Petition Fails To Prove a POSITA Would Be Motivated To
`Combine Jakobsson With Gullman ..................................................... 51
`PETITIONER AND ITS EXPERT FAILED TO CONSIDER THE
`STRONG EVIDENCE OF SECONDARY CONSIDERATIONS OF
`NON-OBVIOUSNESS .................................................................................. 55
`A.
`Long-felt Need and Failure of Others ................................................. 56
`B.
`Commercial Success............................................................................ 60
`XI. CONCLUSION .............................................................................................. 61
`
`B.
`
`X.
`
`
`
`ii
`
`

`

`Case No. IPR2018-00809
`U.S. Patent No. 9,530,137
`
`TABLE OF AUTHORITIES
`
`Cases
`
`Page(s)
`
`Ameranth, Inc. v. Menusoft Systems Corp.,
` 2010 WL 1610079 (E.D. Tex. Apr. 21, 2010) ....................................................26
`Apple Inc. v. Int’l Trade Comm’n,
` 725 F.3d 1356 (Fed. Cir. 2013) ..........................................................................56
`Apple Inc. v. Samsung Elecs. Co. Ltd.,
` 816 F.3d 788 (Fed. Cir. 2016) ............................................................................56
`Augme Technologies, Inc. v. Yahoo! Inc.,
` 755 F.3d 1326 (Fed. Cir. 2014) ................................................................... 20, 22
`Cheese Sys. v. Tetra Pak Cheese & Powder Sys.,
` 725 F.3d 1341 (Fed. Cir. 2013) ..........................................................................38
`In re Cyclobenzaprine Hydrochloride Extended-Release Capsule Patent Litig.,
` 676 F.3d 1063 (Fed. Cir. 2012) ..........................................................................55
`Cyrix Corp. v. Intel Corp.,
` 846 F. Supp. 522 (E.D. Tex. Jan. 21, 1994),
` aff’d, 42 F.3d 1411 (Fed. Cir. 1994)) ..................................................................26
`Digital Biometrics, Inc. v. Identix, Inc.,
` 149 F.3d 1335 (Fed. Cir. 1998) ..........................................................................20
`General Electric Co. v. United Technologies Corp.,
` IPR2016-00531 (Paper 42) (PTAB June 26, 2017) ............................................36
`Halliburton Energy Servs., Inc. v. M-I LLC,
` 514 F.3d 1244 (Fed. Cir. 2008) ..........................................................................19
`Heidelberger Druckmaschinen AG v. Hantscho Commercial Prods., Inc.,
` 21 F.3d 1068 (Fed. Cir. 1994) ............................................................................56
`Interactive Gift Exp., Inc. v. Compuserve Inc.,
` 256 F.3d 1323 (Fed. Cir. 2001) ..........................................................................20
`Kinetic Concepts, Inc. v. Smith & Nephew, Inc.,
` 688 F.3d 1342 (Fed. Cir. 2012) ..........................................................................38
`KSR Int’l Co. v. Teleflex, Inc.,
` 550 U.S. 398 (2007) ............................................................................................38
`
`
`
`iii
`
`

`

`Case No. IPR2018-00809
`U.S. Patent No. 9,530,137
`
`Microsoft Corp. v. Koninkluke Philips N.V.,
` IPR2018-00185 (Paper 7) (PTAB May 22, 2018) ..............................................37
`Nevro Corp. v. Boston Scientific Neuromodulation Corp.,
` IPR2018-00143 (Paper 7) (PTAB May 2, 2018) ................................................49
`Omega Engineering, Inc, v. Raytek Corp.,
` 334 F.3d 1314 (Fed. Cir. 2003) ..........................................................................19
`Phillips v. AWH Corp.,
` 415 F.3d 1303 (Fed. Cir. 2005),
` cert. denied, 546 U.S. 1170 (2006) (en banc) ....................................................21
`Polaris Industries, Inc. v. Arctic Cat, Inc.,
` 882 F.3d 1056 (Fed. Cir. 2018) ..........................................................................45
`In re Rijckaert,
` 9 F.3d 1531 (Fed. Cir. 1993).................................................................. 32, 33, 45
`Samsung Elecs. Co., Ltd. v. Infobridge Pte. Ltd.,
` IPR2017-00100 (Paper 30) (PTAB Apr. 23, 2018) ............................................28
`Securus Technologies, Inc. v. Global Tel*Link Corp.,
` 701 Fed. Appx. 971 (Fed. Cir. 2017) ..................................................... 43, 48, 51
`Stratoflex, Inc. v. Aeroquip Corp.,
` 713 F.2d 1530 (Fed. Cir. 1983) ..........................................................................56
`TALtech Ltd. v. Esquel Apparel, Inc.,
` 2008 WL 2165996 (Fed. Cir. May 22, 2008) .....................................................21
`Trivascular, Inc. v. Samuels,
` 812 F.3d 1056 (Fed. Cir. 2016) ..........................................................................28
`Wi-LAN, Inc. v. Apple, Inc.,
` 811 F.3d 455 (Fed. Cir. 2016) ............................................................................21
`Z4 Technologies, Inc. v. Microsoft Corp.,
` 507 F.3d 1340 (Fed. Cir. 2007) ..........................................................................23
`ZTE Corp. v. ContentGuard Holdings, Inc.,
` IPR2013-00137 (Paper 58) (PTAB July 1, 2014) ...................................... 33, 45
`
`Statutory Authorities
`
`35 U.S.C. § 314(a) ...................................................................................................28
`35 U.S.C. § 316(e) ...............................................................................................1, 28
`
`
`
`iv
`
`

`

`Case No. IPR2018-00809
`U.S. Patent No. 9,530,137
`
`Rules and Regulations
`
`37 C.F.R. § 42.6(e) ...................................................................................................63
`37 C.F.R. § 42.24 .....................................................................................................62
`37 C.F.R. § 42.24(b) ................................................................................................62
`
`
`
`
`
`v
`
`

`

`Case No. IPR2018-00809
`U.S. Patent No. 9,530,137
`
`PATENT OWNER’S LIST OF EXHIBITS
`
`
`Description
`Declaration of Markus Jakobsson in Support of
`Patent Owner’s Response
`Curriculum Vitae of Dr. Markus Jakobsson
`N. Asokan, et. al, The State of the Art in Electronic Payment
`Systems, IEEE Computer, Vol. 30, No. 9, pp. 28-35 (IEEE
`Computer Society Press, Sept. 1997)
`M. Baddeley, Using E-Cash in the New Economy: An
`Economic Analysis of Micropayment Systems, J. Electronic
`Commerce Research, Vol. 5, No. 4, pp. 239-253 (Nov. 2004)
`Deposition Transcript of Dr. Victor John Shoup
`
`Exhibit #
`2101
`
`2102
`2103
`
`2104
`
`2105
`
`vi
`
`
`
`
`
`

`

`Apple Inc.’s (“Petitioner”) Petition (Paper 3, “Petition”) proffers three
`
`invalidity grounds for U.S. Patent No. 9,100,826 (“’826 patent”) (Ex. 1101):
`
`Case No. IPR2018-00813
`U.S. Patent No. 9,100,826
`
`(1) Claims 1-2, 10-11, 21-22, 24, 27 and 30-31 are allegedly anticipated by
`
`International Patent Application Publication No. WO 2004/051585 (“Jakobsson”)
`
`(Ex. 1104); (2) Claims 7, 14, 26 and 34 are allegedly obvious in view of
`
`Jakobsson, International Patent Application Publication No. WO 2005/001751
`
`(“Verbauwhede”) (Ex. 1107), and U.S. Patent Application Publication No.
`
`2004/0236632 (“Maritzen”) (Ex. 1105); and (3) Claims 8 and 15 are allegedly
`
`obvious in view of Jakobsson and U.S. Patent No. 5,280,527 (“Gullman”) (Ex.
`
`1106). On October 9, 2018, the Board instituted review (Paper 9). Patent Owner
`
`Universal Secure Registry, L.L.C. (“PO”) submits this Response.
`
`I.
`
`INTRODUCTION
`
`Petitioner has not met its “burden of proving a proposition of unpatentability
`
`by a preponderance of the evidence.” 35 U.S.C. § 316(e). The Petition should be
`
`denied for many reasons.
`
`First, with respect to claims 1-20, the Petition fails to prove that Jakobsson
`
`discloses
`
`the
`
`limitation of receiving or retrieving second authentication
`
`information. Specifically, independent claims 1 and 10 require a second device
`
`that retrieves or receives second authentication information for the user. However,
`
`Jakobsson fails to disclose such limitation as its second device (verifier) neither
`
`
`
`1
`
`

`

`Case No. IPR2018-00813
`U.S. Patent No. 9,100,826
`
`retrieves nor receives second authentication information; rather, the verifier
`
`creates second authentication information to which it compares the first
`
`authentication information.
`
`Second, Petitioner fails to show that claims 7, 14, 26 and 34 are invalid.
`
`These dependent claims add limitations that the first handheld device “enable or
`
`disable use of the first handheld device based on a result of the comparison” of:
`
`stored “authentication information” with “authentication information” of the user
`
`(claims 7 and 14); or stored “biometric information” with “biometric information”
`
`provided by the user (claims 26 and 34). Petitioner contends these limitations are
`
`disclosed by Jakobsson in view of Maritzen and Verbauwhede. Pet., 55, 66-67.
`
`However, Petitioner has failed to prove these claims are invalid for several reasons.
`
`To begin with, neither Jakobsson nor Maritzen disclose the claimed enabling
`
`or disabling limitation. The Petition’s argument that Jakobsson inherently
`
`discloses this limitation (Pet., 58-59) is incorrect because nowhere does the
`
`Petition cite to any disclosure that enabling or disabling of the first device is
`
`necessarily based upon a comparison of stored data with user data—and that is the
`
`standard the Petition is required to meet. Neither does Petitioner proffer expert
`
`support that the limitation is necessarily present; the cited paragraph of the
`
`expert’s declaration is merely a verbatim copy of the brief.
`
`
`
`2
`
`

`

`Case No. IPR2018-00813
`U.S. Patent No. 9,100,826
`
`Maritzen also clearly fails to disclose disabling based upon a comparison
`
`because the disclosed device never reduces the range of functionality available to
`
`the user or otherwise changes the state of the device in any way based upon a
`
`failed authentication attempt (e.g., by shutting down the device and/or deleting
`
`data in its memory). Instead, the device simply maintains the status quo—it
`
`continues to remain in the same locked state that existed before the failed attempt.
`
`And, the user’s ability to use the device has not changed in any way, as the user
`
`may keep trying to unlock the device no matter how many times authentication
`
`fails.
`
`Also, even if Maritzen disclosed the claimed enabling/disabling limitation, a
`
`POSITA would not be motivated to combine it with Jakobsson because it would
`
`remove key components of Jakobsson; it would change the basic principles under
`
`which Jakobsson was designed to operate and/or would render the reference
`
`inoperable for its intended purpose.
`
`In particular, Jakobsson relies upon failed authentication information to
`
`communicate an event state. Indeed, a critical part of the invention is to transmit
`
`such event state data, e.g., information regarding potential tampering. However,
`
`the user’s device remains in a state where it can be used. Thus, modifying
`
`Jakobsson to add Maritzen’s alleged disabling function of Jakobsson’s first device
`
`
`
`3
`
`

`

`Case No. IPR2018-00813
`U.S. Patent No. 9,100,826
`
`would excise this key functionality. A POSITA would not be motivated to make
`
`such a combination.
`
`Claims 7, 14, 26 and 34 also require the first processor to compare stored
`
`authentication/biometric information of the user with the authentication/biometric
`
`information of the user. Petitioner alleges Jakobsson in view of Verbauwhede
`
`discloses this limitation. Pet., 55-67. The Petition has failed to make such a
`
`showing for several reasons.
`
`While the Petition argues that Jakobsson discloses this limitation (Pet., 55-
`
`57), the weakness of this inherency argument is demonstrated by Petitioner’s
`
`alternative reliance upon Verbauwhede. In particular, not only is Jakobsson silent
`
`as to how authentication occurs, but also whether the authentication mechanism
`
`compares stored authentication information with authentication information of the
`
`user, as required by the claims. In fact, a device could authenticate a user in many
`
`ways depending upon what type of authentication information was used, and
`
`Petitioner has not shown that any of these approaches would necessarily involve
`
`the claimed comparison. And, once again, Petitioner proffers no expert support
`
`that the limitation is necessarily present in Jakobsson; the cited paragraph of the
`
`expert’s declaration is another verbatim copy of the brief.
`
`Furthermore, the Petition has failed to prove that a POSITA would be
`
`motivated to combine Jakobsson with Verbauwhede. Particularly because
`
`
`
`4
`
`

`

`Case No. IPR2018-00813
`U.S. Patent No. 9,100,826
`
`Verbauwhede teaches away from Jakobsson. In that regard, Verbauwhede
`
`discloses a localized biometric authentication device (such as a thumbpod) that
`
`could be configured as a wireless pay-point protocol for brick-and-mortar and e-
`
`commerce applications in which biometric information is localized and does not
`
`require transmission of biometric data for authentication. The reference describes
`
`such localization on the thumpod as the “unique system characteristics.” Ex. 1007,
`
`Verbauwhede, [0089]. See also id., [0050] (“no actual biometric data is
`
`transmitted and no biometric data is stored at the server”).
`
`In direct opposition, Jakobsson discloses not only transmitting biometric
`
`information to the second device but, further discloses that biometric information
`
`is stored on the second device (or elsewhere), as that second device creates a
`
`second authentication code to compare to the code from the first device (i.e., a
`
`thumbpod). See Ex. 1104, Jakobsson, [0139], [0017], [0050]. Thus, while the
`
`Petition proffers an overbroad argument that the references describe systems in the
`
`same field, with the same basic structure and functions that address the same
`
`problem—to a POSITA, Verbauwhede’s localization of user data is not only vastly
`
`different from Jakobsson, but actually teaches away.
`
`Third, the Petition contends claims 8 and 15 are obvious in view of
`
`Jakobsson and Gullman. Pet., 67-74 (Ground 3). For both of these claims,
`
`Petitioner relies upon Gullman to disclose “[a first device] configured to store
`
`
`
`5
`
`

`

`Case No. IPR2018-00813
`U.S. Patent No. 9,100,826
`
`respective biometric information for a second plurality of users.” See, e.g., Pet.,
`
`69. However, Gullman does not disclose the claimed limitation, and even if it did,
`
`a POSITA would not be motivated to combine these references.
`
`The Petition proffers a single citation in support (5:5-65) of its argument that
`
`Gullman discloses the claimed limitation. Pet., 69. However, to a POSITA this
`
`citation does not support disclosure of
`
`the claimed
`
`limitation—multiple
`
`distinguishable users. Considering the reference in its entirety (and not the cited
`
`isolated portion out of context), Gullman merely discloses use of a device by
`
`multiple people having identical access to the same account—for example, a
`
`husband or wife both having access to a bank account, but not having two different
`
`methods of identifying themselves to gain access—as required by the claimed
`
`limitation, i.e., multiple distinguishable users. Accordingly, Gullman fails to
`
`disclose the claimed limitation.
`
`Even if Gullman disclosed the claimed limitation, the Petition has also failed
`
`to demonstrate that a POSITA would be motivated to combine these references.
`
`For instance, while the Petition contends the references are in the same field,
`
`address the same problem, and have the same basic structure and function (Pet.,
`
`70-74), these overbroad contentions are incorrect. The architecture and function of
`
`the references are different, and Gullman teaches away from Jakobsson.
`
`
`
`6
`
`

`

`Case No. IPR2018-00813
`U.S. Patent No. 9,100,826
`
`Especially, Jakobsson uses a “traditional” approach of applying a function to
`
`an input on the user-side to generate a time-varying value that is sent to the
`
`verifier, applying the same function to the (believed) same input at the verifier
`
`side, after which the verifier compares the received value with the computed value.
`
`In contrast, Gullman adopts a different methodology (encryption-decryption) and
`
`expressly discredits Jakobsson’s approach: “The capability to decrypt the token
`
`at the host system allows the token input by the user to be broken down into its
`
`biometric, time-varying and fixed code components. In some applications, this
`
`has distinct advantages over systems [e.g., Jakobsson] which are capable only of
`
`comparing the input token to a stored or time-generated value. Ex. 1106,
`
`Gullman, 5:14-34 (emphasis added).
`
`Furthermore, adding multiple users to Jakobsson’s first device would either
`
`result in a device where multiple users would have access to secure operations with
`
`the first user’s information, or it would require substantial changes to Jakobsson’s
`
`authentication code architecture. A POSITA would not redesign the system in this
`
`manner. For all of these reasons, the Petition has failed to demonstrate that claims
`
`8 and 15 are invalid.
`
`As a result, Petitioner has not met its burden to show the proffered claims
`
`are invalid.
`
`
`
`7
`
`

`

`Case No. IPR2018-00813
`U.S. Patent No. 9,100,826
`
`II. OVERVIEW OF THE ’826 PATENT
`
`A. The ’826 Patent Specification
`
`The ’826 patent relates to a unique and highly secure distributed
`
`authentication system that locally authenticates a user’s identity at a handheld
`
`device (e.g., using a PIN or biometric input), and also remotely authenticates the
`
`user’s identity at a second device based on wirelessly transmitted authentication
`
`information (e.g., comprising a time-varying code) determined from the user’s
`
`biometric information. Ex. 1101, ’826 Patent, Figs. 21-27, 28:32-36:26; Ex. 2101,
`
`Markus Decl., ¶25. 1 Figure 21 depicts one embodiment of such a distributed
`
`authentication system:
`
`
`1 PO’s expert (Dr. Markus Jakobsson) is an inventor of Petitioner’s primary
`
`reference; thus, to avoid confusion, Dr. Jakobsson’s declaration (Ex. 2101) is
`
`referred to herein as “Markus Decl.”
`
`
`
`8
`
`

`

`Case No. IPR2018-00813
`U.S. Patent No. 9,100,826
`
`
`
`Ex. 1101, ’826 Patent, Fig. 21.
`
`In some embodiments, a first handheld device may authenticate the user of
`
`the device based on authentication information (e.g., a PIN) or on biometric
`
`information provided by the user and that may be compared against information
`
`stored in memory of the device. Ex. 1101, ’826 Patent, Fig. 22, 28:56-29:3, 29:65-
`
`30:7, 30:25-31; Ex. 2101, Markus Decl., ¶26. If user authentication fails, the
`
`device may disable use (e.g., by shutting down and/or deleting data stored in
`
`memory). Ex. 1101, ’826 Patent, Fig. 22, 28:56-29:3, 30:3-14. 30:31-39; Ex. 2101,
`
`Markus Decl., ¶26. If the user is successfully authenticated, the device may
`
`prepare and wirelessly transmit “a first wireless signal containing encrypted
`
`authentication information of the first user” to a second device. Ex. 1101, ’826
`
`
`
`9
`
`

`

`Case No. IPR2018-00813
`U.S. Patent No. 9,100,826
`
`Patent, Fig. 22, 28:64-30:14, 30:46-58; Ex. 2101, Markus Decl., ¶26. The wireless
`
`signal may include a time-varying code and/or other information determined from
`
`the provided biometric information. Ex. 1101, ’826 Patent, Fig. 23, 31:55-32:42;
`
`Ex. 2101, Markus Decl., ¶26. After receiving the wireless signal, the second
`
`device may authenticate the identity of the user of the first handheld device using
`
`the encrypted authentication information and other information (e.g., second
`
`biometric information or second authentication information) received or retrieved
`
`from memory. Ex. 1101, ’826 Patent, Fig. 22, 30:59-61, 31:2-10, 31:25-32, 32:46-
`
`54; Ex. 2101, Markus Decl., ¶26.
`
`The ’826 patent identifies a number of disadvantages of prior art
`
`authentication systems. For example, a prior art system may control access to
`
`computer networks using password protected accounts, but such a system is
`
`susceptible to tampering and difficult to maintain; or hand-held computer devices
`
`may be used to verify identity, but security could be compromised if a device ends
`
`up in the wrong hands. Ex. 1101, ’826 Patent, 1:46-2:41; Ex. 2101, Markus Decl.,
`
`¶27.
`
`In contrast, the ’826 patent provides a more secure distributed authentication
`
`system, where a handheld device locally authenticates a user based on gathered
`
`biometric or authentication information, thereby preventing unauthorized use of
`
`the device. Ex. 1101, ’826 Patent, Fig. 22, 28:56-29:3, 29:65-30:39; Ex. 2101,
`
`
`
`10
`
`

`

`Case No. IPR2018-00813
`U.S. Patent No. 9,100,826
`
`Markus Decl., ¶28. And, rather than relying solely on local user authentication,
`
`the ’826 patent provides additional security by imposing additional remote user
`
`authentication, based on different authentication information (e.g., one-time
`
`variable token or other information determined from the provided biometric
`
`information) wirelessly transmitted by the first device and other information (e.g.,
`
`second authentication information or biometric information) available at the
`
`second device (e.g., securely stored or received by the second device). Ex.
`
`1101, ’826 Patent, Fig. 24, Fig. 26, 32:43-56, 34:7-25; Ex. 2101, Markus Decl.,¶28.
`
`B.
`
`The ’826 Patent Claims
`
`The ’826 patent includes 35 claims, of which claims 1, 10, 21, and 30 are
`
`independent. All of the ’826 patent’s claims relate to distributed authentication
`
`systems or methods that authenticate the identity of a user of a handheld device.
`
`Independent claims 1 and 10 are similar in some respects. Ex. 1101, ’826
`
`Patent, 44:24-58, 45:30-47. Independent claims 21 and 30 are also similar to
`
`claims 1 and 10, but differ in significant ways. Id. at 46:21-57, 47:29-48:13. For
`
`example, while claims 1 and 10 refer to a first handheld device that authenticates
`
`the user of the device based on “authentication information,” claims 21 and 30
`
`refer, instead, to a first handheld device that authenticates the user of the device
`
`based on “first biometric information” provider by the user. Id. at 46:23-29, 47:31-
`
`33. In addition, while claims 1 and 10 refer to a second device that authenticates
`
`
`
`11
`
`

`

`Case No. IPR2018-00813
`U.S. Patent No. 9,100,826
`
`the user of the first handheld device based upon “second authentication
`
`information,” claims 21 and 30 refer, instead, to a second device that authenticates
`
`the user of the first handheld device based upon “second biometric information,”
`
`(id. at 46:47-57, 48:6-13), where “second authentication information” and “second
`
`biometric information” are also different types of information in this context. The
`
`dependent claims also add a variety of significant features.
`
`C.
`
`Prosecution History of the ’826 Patent
`
`The ’826 patent issued on August 4, 2015, following a thorough examination
`
`that considered a large body of prior art. See Ex. 1108, ’826 Patent File History.
`
`III. OVERVIEW OF THE ASSERTED PRIOR ART
`
`A.
`
`Jakobsson (Ex. 1104)
`
`Jakobsson discloses an event detecting and alert system for personal
`
`identification systems. Ex. 2101, Markus Decl., ¶31. Specifically, “[t]he invention
`
`addresses the[] shortcomings [of the prior art] by including an indication of the
`
`occurrence of an event directly into the efficient computation of an identity
`
`authentication code, where the verifier may efficiently verify the authentication
`
`code and identify the signaling of an event state.” Ex. 1104, Jakobsson [0010].
`
`“Example reportable events include: device tampering; an event external to the
`
`device detected by the device; an environmental event, such as temperature
`
`exceeding or falling below a threshold; static discharge; high or low battery power;
`
`
`
`12
`
`

`

`Case No. IPR2018-00813
`U.S. Patent No. 9,100,826
`
`geographic presence at a particular location; confidence level in a biometric
`
`reading; and so on.” Ex. 1104, Jakobsson, [0011]; Ex. 2101, Markus Decl., ¶31.
`
`Jakobsson’s user device (such as a key fob or telephone, Ex. 1104,
`
`Jakobsson, [0016]) generates an “identity authentication code” that depends on
`
`values including at least a dynamic variable, an event state, and a device secret.
`
`Id., [0017], [0020]; Ex. 2101, Markus Decl., ¶32. The identity authentication code
`
`is sent with “one or more of a user identifier, a PIN, password, a biometric reading,
`
`and other additional authentication information” to a verifier for verification. Ex.
`
`1005, Jakobsson, [0021]; Ex. 2101, Markus Decl., ¶32.
`
`B. Maritzen (Ex. 1105)
`
`Maritzen discloses a toll booth payment system focused upon maintaining
`
`anonymity. Ex. 2101, Markus Decl., ¶33. It recognizes “[a] situation that still
`
`requires use of cash is in the collection of fees at vehicle-accessed payment
`
`gateways such as toll booths, vehicular kiosks, smog-certification stations, and the
`
`like.” Ex. 1005, Maritzen, [0003]. Maritzen explains that “[t]he collection of fees
`
`at these gateways is time consuming and subject to fraud.” Id. Accordingly,
`
`Maritzen seeks to provide “a system and method for the real-time settlement of
`
`vehicle-accessed, financial transactions that provide anonymity and security.” Id.
`
`at [0006]; Ex. 2101, Markus Decl., ¶33.
`
`
`
`13
`
`

`

`Case No. IPR2018-00813
`U.S. Patent No. 9,100,826
`
`Maritzen expressly discloses a system and method for electronic payment of
`
`fees using a personal transaction device (PTD) at a vehicle-accessed, payment-
`
`gateway terminal (VAPGT). Ex. 1005, Maritzen, Abstract, [0002], [0007]-[0009].
`
`
`
`Id., Fig. 1. As a vehicle with a PTD nears a VAPGT, the VAPGT transmits a
`
`payment request to the PTD. Id., [0040]-[0042]. A user accesses the PTD to make
`
`a payment using a biometric input—in the preferred embodiment, the user provides
`
`the biometric input to a separate “privacy card” that transmits a separate “biometric
`
`key” to the PTD. Id., [0043]-[0044]. The privacy card “only transmits the
`
`biometric key” to the PTD, while “biometric information identifying the user is not
`
`transmitted at any time.” Id., [0044]. Next, the PTD transmits a “transaction key”
`
`including the biometric key to the VAPGT (id., [0045])—the “PTD does not
`
`transmit any user information to [the] VAPGT.” Id. Then, the VAPGT transmits a
`
`
`
`14
`
`

`

`Case No. IPR2018-00813
`U.S. Patent No. 9,100,826
`
`“transaction request” including the transaction key to a clearing house, which
`
`validates information in the transaction request. Id., [0046]-[0048].
`
`C. Gullman (Ex. 1106)
`
`Gullman is directed to using biometric input for host devices such as
`
`automatic teller machines (ATMs). Ex. 2101, Markus Decl., ¶35. The reference
`
`explains that “[a]utomatic teller machines for banking transactions allow anyone in
`
`possession of a select bank card and knowledge of a corresponding personal
`
`identification number (PIN) to access a corresponding bank account to withdraw or
`
`transfer money.” Ex. 1106, Gullman, 1:17-27. Gullman teaches an improved
`
`security mechanism for such host systems, which utilizes a security token. Ex.
`
`2101, Markus Decl., ¶35.
`
`In particular, Gullman teaches that “Figure 1 is a block diagram of a security
`
`system including a biometric security apparatus for generating a token according to
`
`an embodiment of this invention”:
`
`
`
`15
`
`
`
`

`

`Case No. IPR2018-00813
`U.S. Patent No. 9,100,826
`
`Ex. 1106, Gullman, 3:7-12, Fig. 1. In Gullman, “a user turns on the apparatus 14
`
`using switch 16, then enters biometric input” and then a “security token” is
`
`generated and shown on the display. Id., 6:9-35. “The user then reads the token
`
`from the display 20 and enters the token at the access device 12,” for transmission
`
`to the host and determination of whether access is authorized. Id., 6:35-45.
`
`D. Verbauwhede (Ex. 1107)
`
`Verbauwhede discloses a localized biometric authentication device. Ex.
`
`2101, Markus Decl., ¶37. Such a device could be “configured as a wireless pay-
`
`point protocol for brick-and-mortar and e-commerce applications in which
`
`biometric information is localized and does not require transmission of biometric
`
`data for authentication.” Ex. 1107, Verbauwhede, Abstract.
`
`According to the reference, use of biometric information solves “[a]
`
`significant problem with the current credit card-type transactions protocol [which]
`
`is the weak authentication tie between the user and the transaction device” . . . by
`
`replacing it with “a relatively strong authentication protocol (e.g., biometric
`
`authentication).”
`
` Id., [0051-0052].
`
` And, localization of such biometric
`
`information, “rather than a widespread distribution of biometric data to each
`
`financial institution, allow