`
`BEFORE THE PATENT TRIAL AND APPEAL BOARD
`
`APPLE INC.,
`Petitioner,
`
`v.
`
`UNIVERSAL SECURE REGISTRY, LLC,
`
`Patent Owner.
`
`_________________________________________
`
`Case IPR2018-00813
`
`U.S. Patent No. 9,100,826
`
`_________________________________________
`
`PETITIONER’S OPPOSITION TO PATENT OWNER’S
`
`CONDITIONAL MOTION TO AMEND
`
`
`
`
`
`
`
`
`
`
`
`
`
`U.S. Patent No. 9,100,826
`Petitioner’s Opposition to Conditional Motion to Amend
`Table of Contents
`
`Page
`
`I.
`II.
`
`2.
`
`3.
`
`4.
`
`5.
`
`INTRODUCTION ........................................................................................... 1
`ARGUMENT ................................................................................................... 1
`A. USR Proposes An Unreasonable Number Of Substitute Claims. ......... 1
`B.
`USR Cannot Substitute Claims That Apple Did Not Challenge. .......... 2
`C.
`Substitute Claim 56 Does Not Satisfy § 112. ........................................ 3
`D.
`The Substitute Claims Would Have Been Obvious. ............................. 4
`1.
`Substitute Claims 36-37 and 45-46 Are Obvious Over
`Jakobsson In View of Schutzer. .................................................. 4
`Substitute Claim 49 Is Obvious Over Jakobsson In View Of
`Schutzer, Verbauwhede, And Maritzen. ................................... 12
`Substitute Claim 42 Is Obvious Over Jakobsson In View Of
`Verbauwhede And Maritzen. .................................................... 13
`Substitute Claims 56 And 57 Are Obvious Over Jakobsson In
`View Of Burnett. ....................................................................... 15
`Substitute Claim 60 Is Obvious Over Jakobsson In View Of
`Burnett, Verbauwhede, And Maritzen. ..................................... 18
`The Substitute Claims Are Drawn To Ineligible Subject Matter. ....... 19
`1.
`Alice Step 1: The Substitute Claims Are Directed to the
`Abstract Idea Of Verifying an Account Holder’s Identity Based
`On Codes And/Or Information Related to an Account Holder
`Before Enabling a Transaction. ................................................. 19
`Alice Step 2: The Remaining Limitations Of The Substitute
`Claims Add Nothing Inventive To The Abstract Idea. ............. 22
`USR Failed To Meet Its Duty Of Candor Under 37 C.F.R. § 42.11 ... 25
`
`E.
`
`F.
`
`2.
`
`i
`
`
`
`U.S. Patent No. 9,100,826
`Petitioner’s Opposition to Conditional Motion to Amend
`INTRODUCTION
`
`I.
`
`USR’s proposed amendments cannot save its invalid claims. USR’s
`
`Conditional Motion to Amend (“CMTA”) fails procedurally because, although it
`
`purports a one-for-one claim substitution, it in fact seeks to substitute 26 claims for
`
`16 and to replace claims that Apple did not even challenge. The CMTA also fares
`
`no better on the merits, because USR’s added limitations are well-known
`
`encryption and authentication techniques that existed in the prior art and would be
`
`obvious to combine. Thus, even if the specification supported all added limitations
`
`(it does not), the substitute claims are obvious. USR has also withheld from the
`
`Board prior art cited in a co-pending proceeding that invalidates multiple substitute
`
`limitations. Finally, the substitute claims are directed to patent ineligible subject
`
`matter. For at least these reasons, USR’s CMTA should be denied.
`
`II. ARGUMENT
`A. USR Proposes An Unreasonable Number Of Substitute Claims.
`
`A CMTA must submit a “reasonable number of substitute claims for each
`
`challenged claim.” Lectrosonics, Inc. v. Zaxcom, Inc., IPR2018-01129, -01130,
`
`Paper No. 15, Order, 4 (PTAB Feb. 25, 2019) (precedential). USR’s attempt to
`
`replace 16 challenged claims with 26 new claims is unreasonable. By adding 10
`
`more claims than Apple challenged, USR’s CMTA disregards the rebuttable
`
`presumption that a one-to-one ratio of substitute claims per challenged claims is
`
`1
`
`
`
`U.S. Patent No. 9,100,826
`Petitioner’s Opposition to Conditional Motion to Amend
`reasonable. See id. at 4. Though USR acknowledges this presumption (Paper No.
`
`19, 2), it does not attempt to demonstrate a need to submit more claims than Apple
`
`challenged. Instead, USR makes the following untrue assertion: “[c]onsistent with
`
`this presumption, the present Motion provides only one substitute claim for each
`
`Challenged Claim.” Id. at 2.1 Twenty-six for sixteen is not one-to-one.
`
`By failing to demonstrate a need for additional claims, USR waived its right
`
`to do so. That USR had no space to demonstrate need in its CMTA due to its
`
`reduced page limits is no excuse—the Board already informed USR here that USR
`
`“assumes the risk that it will not have sufficient space to make the preliminary
`
`showing required in a motion to amend.” Paper No. 16, Order, 2. Accordingly,
`
`the Board should deny USR’s amendment for failing to comply with the
`
`procedural requirements in 37 C.F.R. § 42.121(a)(3). See SAP America, Inc. v.
`
`Lakshmi Arunachalam, CBM2016-00081, Paper No. 28, 53-54 (PTAB Dec. 21,
`
`2017) (holding that Patent Owner did not comply with §42.221(a)(3) when it failed
`
`to address a need for adding more claims than were challenged).
`
`B. USR Cannot Substitute Claims That Apple Did Not Challenge.
`
`The Board should deny USR’s CMTA because it seeks to substitute claims
`
`that were not challenged in the present Petition. 35 U.S.C § 316(d)(1) only allows
`
`
`1 Emphasis added unless otherwise indicated.
`
`2
`
`
`
`U.S. Patent No. 9,100,826
`Petitioner’s Opposition to Conditional Motion to Amend
`a patent owner to amend “challenged” claims. Thus, USR has no statutory basis
`
`for substituting claims 38-41, 44, 47, 48, 51-55, 58, 59, and 61 for unchallenged
`
`claims 3-6, 9, 12, 13, 16-20, 32, 33, 35. Accordingly, the Board should dismiss
`
`USR’s CMTA for failing to comply with § 316.
`
`C.
`
`Substitute Claim 56 Does Not Satisfy § 112.
`
`USR’s attempt to demonstrate that the claimed encryption and decryption
`
`using the second key in substitute claim 56 has written description support is
`
`deficient because the written description either does not support or enable the
`
`claimed symmetric second key.
`
`USR bears the burden of “set[ting] forth written description support in the
`
`originally filed disclosure” “for each proposed substitute claim as a whole,” and
`
`cannot introduce new matter into the claims. Lectrosonics at 7-8 (precedential), 35
`
`U.S.C. § 316(d)(3), 37 C.F.R. §§ 42.121(a)(2)(ii), 42.121(b). The ’826 patent
`
`specification does not describe the claimed invention in sufficient detail that a
`
`POSITA can reasonably conclude that the inventor had possession of the claimed
`
`invention. See, e.g., Moba, B.V. v. Diamond Automation, Inc., 325 F.3d 1306,
`
`1319 (Fed. Cir. 2003). Thus, USR has failed to meet this requirement.
`
`USR’s alleged support for the claimed second key describes only symmetric
`
`encryption because the same public key is used to both encrypt and decrypt. See,
`
`e.g., Ex-2106, ’860 Application, 49:24-32 (encrypting a DES key with a public
`
`3
`
`
`
`U.S. Patent No. 9,100,826
`Petitioner’s Opposition to Conditional Motion to Amend
`key), 50:24-31 (decrypting a DES key with a public key). However, the patent
`
`does not enable this public key encryption scheme because a value encrypted with
`
`a public key, which is an asymmetric key, could not be decrypted using the same
`
`public key. Even with extensive experimentation, it would be impossible for a
`
`POSITA encrypt and decrypt with a public key. Ex-1119, Shoup-Decl., ¶27.
`
`Dr. Jakobsson admits that this encryption and decryption scheme does not
`
`make sense as written. See Ex-1117, Jakobsson Dep., 52-54. Instead, Dr.
`
`Jakobsson argues this must be read as a typographical error, and that the text really
`
`means decrypting the DES key with a different (private) key. Id. Yet Dr.
`
`Jakobsson’s declaration mentions no typographical error. Furthermore, claim 56
`
`requires encrypting and decrypting the first key with the same second key.
`
`Accordingly, under Dr. Jakobsson’s interpretation of the text, the cited passages do
`
`not provide adequate written description support. Either the described encryption
`
`and decryption with a public key is not enabled, or the alleged public/private key
`
`encryption/decryption is not claimed—not both. Ex-1119, Shoup-Decl., ¶28.
`
`D. The Substitute Claims Would Have Been Obvious.
`1.
`Substitute Claims 36-37 and 45-46 Are Obvious Over
`Jakobsson In View of Schutzer.
`
`a)
`
`Substitute Claim 36
`
`(1)
`
`Substitute Limitations 36[pre], 36[b], 36[j]
`
`Substitute claim 36 recites “[a] system for authenticating identities of a
`
`4
`
`
`
`U.S. Patent No. 9,100,826
`Petitioner’s Opposition to Conditional Motion to Amend
`plurality of users to conduct a credit and/or debit card transaction, the system
`
`comprising[.]” 36[pre]; see also 36[b], 36[j]. Jakobsson in view of Schutzer
`
`discloses credit and/or debit card transactions. Ex-1119, Shoup-Decl., ¶29.
`
`As explained in the Petition, Jakobsson discloses “[a] system for
`
`authenticating identities of a plurality of users, the system comprising[.]” See
`
`Paper No. 3, Petition (“Pet.”), at 19. For example, Jakobsson teaches that the
`
`disclosed “[a]uthentication can result in . . . access to such services as financial
`
`services . . . .” Ex-1104, Jakobsson, ¶39. A POSITA would understand the
`
`“financial services” of Jakobsson to include a credit card and/or debit card
`
`transaction. Furthermore, Jakobsson discloses that the device 120 can be a
`
`“credit-card sized device 120 . . . such as a credit card including a magnetic strip
`
`or other data store on one of its sides.” Id. ¶41. Accordingly, Jakobsson discloses
`
`these new limitations. Ex-1119, Shoup-Decl., ¶30; Ex-1120, Juels-Decl., ¶¶37-38.
`
`To the extent that Jakobsson does not expressly disclose conducting a credit
`
`card and/or debit card transaction, Schutzer provides this disclosure. For example,
`
`Schutzer teaches “securely performing a bankcard transaction, such as a credit
`
`card or debit card transaction” in which a transaction card is used to authenticate
`
`a user and authorize a transaction. Ex-1130, Schutzer, ¶10; see also id. at abstract,
`
`¶¶8, 12, 24-37, Figs. 1-4; Ex-1119, Shoup-Decl., ¶31.
`
`Accordingly, Jakobsson in view of Schutzer discloses the credit and/or debit
`
`5
`
`
`
`U.S. Patent No. 9,100,826
`Petitioner’s Opposition to Conditional Motion to Amend
`card transaction in limitations 36[pre], [b], and [j]. Ex-1119, Shoup-Decl., ¶32.
`
`It would have been obvious to combine Schutzer’s teaching of an
`
`authentication system for a bankcard transaction with the authentication system of
`
`Jakobsson. Ex-1119, Shoup-Decl., ¶33.
`
`First, it would have been obvious to combine Schutzer’s bankcard
`
`transaction authentication system with the authentication system of Jakobsson
`
`because it would have involved nothing more than applying a known technique
`
`(using authentication for bankcard transactions) to a known device (the
`
`authentication system of Jakobsson) in the same way (by verifying information).
`
`A POSITA would have had a reasonable expectation of success in doing so at least
`
`because he or she would have recognized that the authentication system of
`
`Jakobsson could be implemented for a number of different transactions, including
`
`bankcard transactions, using simple and predictable computer code. For example,
`
`Jakobsson already discloses that authentication information for a financial
`
`transaction is generated using various values including unique numbers and
`
`alphanumeric number strings. Ex-1104, Jakobsson, ¶72; ¶39.
`
`Second, Jakobsson and Schutzer provide teachings, suggestions, and
`
`motivations that would have led a POSITA to combine the bank card transaction
`
`authentication system of Schutzer with the authentication systems of Jakobsson to
`
`arrive at the claimed credit card and/or debit card transaction. For example, both
`
`6
`
`
`
`U.S. Patent No. 9,100,826
`Petitioner’s Opposition to Conditional Motion to Amend
`recognize the risk of stolen authentication credentials and disclose methods for
`
`protecting such information. Ex-1130, Schutzer, ¶3; ¶9; Ex-1104, Jakobsson, ¶8.
`
`Thus, it would have been obvious to combine Schutzer’s alternate bankcard system
`
`with the authentication system of Jakobsson because Jakobsson already teaches
`
`that user identifying information should be obscured, and Schutzer teaches an
`
`application for doing so is bankcard transactions. Ex-1119, Shoup-Decl., ¶35.
`
`(2)
`
`Substitute Limitation 36[c]
`
`Limitation 36[c] recites “the first wireless signal including encrypted
`
`authentication information of the user of the first handheld device.” Jakobsson in
`
`view of Schutzer discloses this limitation. Ex-1119, Shoup-Decl., ¶36.
`
`As explained in the Petition, Jakobsson discloses “authentication
`
`information.” See, e.g., Pet. 17-18, 20-21, 24-37. For example, Jakobsson teaches
`
`that “authentication information can also include one or more of a user identifier, a
`
`PIN, password, a biometric reading, and other additional authentication
`
`information.” Ex-1104, Jakobsson, ¶21. Ex-1119, Shoup-Decl., ¶37.
`
`Jakobsson further discloses “the first wireless signal including encrypted
`
`authentication information of the user of the first handheld device.” For example,
`
`Jakobsson discloses encrypting a token sent from a user device. Ex-1104,
`
`Jakobsson, ¶58 (“verifier 105 decrypts a value encrypted by the user authentication
`
`device 120 using symmetric key encryption or asymmetric encryption techniques,
`
`7
`
`
`
`U.S. Patent No. 9,100,826
`Petitioner’s Opposition to Conditional Motion to Amend
`such as public key encryption.”); see also id. ¶¶6-7, 73; Pet., 51-52, Decision
`
`Granting Institution, Paper No. 9, 16. Ex-1119, Shoup-Decl., ¶38.
`
`To the extent that Jakobsson does not disclose encrypting authentication
`
`information, Schutzer discloses this limitation. For example, Schutzer teaches a
`
`similar authentication system in which a cardholder can authenticate his or herself
`
`by providing information, and that “includes, for example, one or more of a
`
`personal identification number, a password, a biometric sample, a digital signature
`
`or the transaction card number for the transaction card user, and the transaction
`
`card user information can be encrypted.” Ex-1130, Schutzer, ¶13; id. at ¶¶3, 8, 28-
`
`29, 57, 59. Accordingly, Jakobsson in view of Schutzer discloses encrypting and
`
`decrypting authentication information. Ex-1119, Shoup-Decl., ¶39.
`
`It would have been obvious to modify the authentication information of
`
`Jakobsson using encryption as taught by Schutzer. Ex-1119, Shoup-Decl., ¶40.
`
`First, it would have been obvious to combine Schutzer’s encryption scheme
`
`with the authentication information of Jakobsson because it would have involved
`
`nothing more than applying a known technique (encrypted authentication
`
`messages) to a known device (Jakobsson’s authentication system) in the same way
`
`(encryption). A POSITA would have had a reasonable expectation of success in
`
`doing so at least because such an encryption scheme could be implemented via
`
`simple, predictable computer code that would improve different types of
`
`8
`
`
`
`U.S. Patent No. 9,100,826
`Petitioner’s Opposition to Conditional Motion to Amend
`communications like those described by Jakobsson. Ex-1119, Shoup-Decl., ¶40.
`
`Second, both Jakobsson and Schutzer provide teachings, suggestions, and
`
`motivations that would have led a POSITA to encrypt the authentication
`
`information of Jakobsson to arrive at limitation 36[c]. For example, both
`
`Jakobsson and Schutzer disclose encrypting information sent from a first device to
`
`a second device. See Ex-1104, Jakobsson, ¶¶6, 7, 58; Ex-1130, Schutzer, ¶¶3, 8,
`
`13, 28-29, 57, 59; see also Pet., 51-52. A POSITA would have understood that
`
`adding encryption to such communications would add more layers of security.
`
`Therefore, it would have been obvious to a POSITA to combine Jakobsson and
`
`Schutzer to arrive at limitation 36[c]. Ex-1119, Shoup-Decl., ¶42.
`
`(3)
`
`Substitute Limitations 36[f], 36[g], 36[h], 36[j]
`
`Limitation 36[f] has been amended to recite that “the first processor further
`
`programmed to generate a one-time code and a digital signature, the digital
`
`signature generated using a private key associated with the first handheld device,
`
`and to transmit the first wireless signal including the first authentication
`
`information, the one-time code, and the digital signature of the user of the first
`
`handheld device to the second device via the network.” Limitations 36[g], 36[h],
`
`and 36[i] further require that “the second processor is configured to: receive the
`
`first wireless signal . . . [verify] the digital signature,” and “use the first
`
`authentication information, the one-timecode, the digital signature, and the second
`
`9
`
`
`
`U.S. Patent No. 9,100,826
`Petitioner’s Opposition to Conditional Motion to Amend
`authentication information to authenticate an identity of the user . . . .” Jakobsson
`
`in view of Schutzer disclose these limitations. Ex-1119, Shoup-Decl., ¶43.
`
`First, Jakobsson discloses a number of different one-time codes that can
`
`change over time and can be combined with other information using combination
`
`function 230 to generate an authentication code. See Ex-1104, Jakobsson, ¶¶13,
`
`63, 63, 64-77, 116, 140; see also Pet., 20-21. Jakobsson further teaches that the
`
`combined authentication code can be received by a verifier (Pet., 23-26, 35) and
`
`used to authenticate the user of the first handheld device (Pet., 36-37). Ex-1119,
`
`Shoup-Decl., ¶44.
`
`Second, Schutzer discloses that a cardholder can authenticate his or herself
`
`by providing certain information, and that “[i]f the transaction or the customer’s
`
`history warrants, the issuing bank 8 can require more secure authentication, such as
`
`additional secrets, matching biometrics, and/or digital signatures.” Ex-1130,
`
`Schutzer, ¶29. Furthermore, Dr. Jakobsson admits it was well known to use a
`
`digital signature to authenticate the entity that generated the digital signature. See
`
`Ex-1117, Jakobsson Dep., at 76:5-79:9, 82:12-83:5. Ex-1119, Shoup-Decl. ¶45.
`
`Accordingly, Jakobsson in view of Schutzer discloses substitute limitations
`
`36[f], 36[g], 36[h], 36[j]. Ex-1119, Shoup-Decl. ¶46.
`
`A POSITA would have been motivated to add the digital signature of
`
`Schutzer to the authentication code of Jakobsson because such a combination with
`
`10
`
`
`
`U.S. Patent No. 9,100,826
`Petitioner’s Opposition to Conditional Motion to Amend
`the other values of Jakobsson would be a combination of prior art elements (one-
`
`time code, authentication code, and digital signature) according to known methods
`
`(e.g., prepending or appending combination function or inclusion as additional
`
`information) to yield predictable results (combined/additional authentication code
`
`to more securely authenticate a user). Ex-1119, Shoup-Decl. ¶47.
`
`Schutzer and Jakobsson also explicitly teach, suggest, and/or motivate using
`
`multiple authentication elements at the same time. Ex-1130, Schutzer, ¶29; Ex-
`
`1104, Jakobsson, ¶¶ 21, 97, 112. Thus, it also would have been obvious to try
`
`adding the digital signature of Schutzer to the other authentication values disclosed
`
`by Jakobsson. A POSITA would have had a reasonable expectation of success in
`
`prepending or appending the one-time code and digital signature to the
`
`authentication code or including them therewith as other authentication
`
`information because Jakobsson explicitly contemplates combinations or additions
`
`of many different values and the results of such variations or additions would have
`
`been foreseeable. A POSITA also would have understood that doing so would add
`
`another layer of security. Ex-1119, Shoup-Decl. ¶¶48-50.
`
`(4)
`
`The Remaining Limitations
`
`As discussed in the Petition Substitute limitations 36[a], 36[d], 36[e], 36[i],
`
`and the portions of limitations 36[pre], 36[b], 36[c], 36[f], 36[g], 36[h], and 36[j]
`
`not explicitly addressed above are disclosed by Jakobsson. See Pet., 19-37. It
`
`11
`
`
`
`U.S. Patent No. 9,100,826
`Petitioner’s Opposition to Conditional Motion to Amend
`would have been obvious to combine Jakobsson and Schutzer to arrive at these
`
`limitations for at least the reasons discussed above. See, supra, Sections
`
`II.D.1.a.(1)-(3). Ex-1119, Shoup-Decl. ¶51.
`
`b)
`
`Substitute Claim 45
`
`As discussed in the Petition, claim 10, which corresponds to substitute claim
`
`45, is anticipated by Jakobsson. See Pet., 39-41; Ex-1102, Shoup-Decl., ¶¶96-109.
`
`Substitute claim 45 adds similar amendments to claim 10 as substitute claim 36 to
`
`claim 1. Accordingly, substitute claim 45 is obvious for at least the same reasons
`
`substitute claim 36 is obvious. Ex-1119, Shoup-Decl. ¶52.
`
`c)
`
`Substitute Claims 37 and 46
`
`As discussed in the Petition, claims 2 and 11, which correspond to substitute
`
`claims 37 and 46, are anticipated by Jakobsson. See Pet., 37-39, 41-42; Ex-1102,
`
`Shoup-Decl., ¶¶91-95, 110. Substitute claims 37 and 46 add similar limitations to
`
`original claims 2 and 11, and are obvious for at least the same reasons claims 36
`
`and 45 are obvious. Ex-1119, Shoup-Decl. ¶53.
`
`2.
`Substitute Claim 49 Is Obvious Over Jakobsson In View Of
`Schutzer, Verbauwhede, And Maritzen.
`
`As discussed in the Petition, claim 14, which corresponds to substitute claim
`
`49, is obvious over Jakobsson in view of Verbauwhede and Maritzen. See Pet. 66-
`
`67; Ex-1102, Shoup-Decl., ¶178. Substitute claim 49 adds similar limitations to
`
`original claim 14 and is obvious for at least the same reasons original claim 14 and
`
`12
`
`
`
`U.S. Patent No. 9,100,826
`Petitioner’s Opposition to Conditional Motion to Amend
`substitute claim 45 are obvious. Ex-1119, Shoup-Decl. ¶54.
`
`3.
`Substitute Claim 42 Is Obvious Over Jakobsson In View Of
`Verbauwhede And Maritzen.
`
`As discussed in the Petition, claim 7, which corresponds to substitute claim
`
`42, is obvious over Jakobsson in view of Verbauwhede and Maritzen. See Pet., 55-
`
`66; Ex-1102, Shoup-Decl., ¶¶163-177. Substitute claim 42 adds similar limitations
`
`to original claim 7, which is obvious for at least the same reasons original claim 7
`
`and substitute claim 36 are obvious. Ex-1119, Shoup-Decl. ¶55.
`
`Substitute claim 42 further adds “wherein the first authentication
`
`information, the one-time code, and the digital signature included in the
`
`transmitted first wireless signal are separable fields of the first wireless signal.”
`
`Jakobsson discloses this limitation. Ex-1119, Shoup-Decl. ¶56.
`
`In the Decision Granting Institution for IPR2018-00809, which addresses
`
`similar issues relating to ’826 family member U.S. Patent No. 9,530,137, the Board
`
`found “Jakobsson’s ‘event state (E)’ to correspond to the claimed indicator of
`
`biometric authentication[,] . . . Jakobsson’s ‘dynamic[, time-varying] value (T)’ to
`
`correspond to the claimed time varying value[, and] . . . the remainder of
`
`Jakobsson’s authentication code, comprising the ‘user data value (P)’ and ‘secret
`
`(K)’ to correspond with the claimed first authentication information.” Paper No. 9,
`
`11 (citations omitted). The Board further found that Jakobsson “discloses a variety
`
`of implementations in which the function may combine certain values at one stage
`
`13
`
`
`
`U.S. Patent No. 9,100,826
`Petitioner’s Opposition to Conditional Motion to Amend
`and then combine the resulting authentication code with further values to result in
`
`another authentication code” and “Jakobsson’s combination of values may occur in
`
`any sequence; the end result is an ‘authentication code’ that includes multiple types
`
`of information.” Id. (citations omitted). Ex-1119, Shoup-Decl. ¶57.
`
`Furthermore, Jakobsson teaches that combination function 230 can generate
`
`an authentication code 292 (another authentication code) by “prepending or
`
`appending the PIN (P) to A (K, T, E).” Ex-1104, Jakobsson, ¶73, 15. POSITA
`
`would have understood that the values in the authentication code could be
`
`combined using any of the disclosed combination techniques, including prepending
`
`or appending, or that or inclusion as additional authentication information could be
`
`included. Id., ¶¶63, 21, 97, 112. A POSITA also would have understood that an
`
`authentication code including prepended, appended, or additional elements would
`
`be capable of being separated by a receiving device. Accordingly, it would have
`
`been obvious to a POSITA to append the one-time code and digital signature to
`
`form the combined authentication code or include them as additions thereto such
`
`that they would be separable to from one another. Ex.-1119, Shoup-Decl., ¶58;
`
`Ex-1120, Juels-Decl. ¶¶39-43.
`
`A POSITA would have been motivated to do so because such a combination
`
`of the values of Jakobsson would be a combination of prior art elements (one-time
`
`code, digital signature, and authentication code) according to known methods
`
`14
`
`
`
`U.S. Patent No. 9,100,826
`Petitioner’s Opposition to Conditional Motion to Amend
`(appending, prepending, or inclusion as additional authentication information) to
`
`yield predictable results (combined/additional authentication information to more
`
`securely authenticate the user). Ex-1119, Shoup-Decl. ¶59.
`
`Jakobsson also explicitly teaches, suggests, and motivates selecting different
`
`inputs and combination functions: “. . . the manner of combination and the input
`
`provided to the combination function 230 could vary from these examples.” Ex-
`
`1104, Jakobsson, ¶63, 15, 21, 97, 112. Thus, it would have been obvious to try the
`
`prepending or appending combination function or inclusion as additional
`
`authentication information of Jakobsson as one of a finite number of Jakobsson’s
`
`identified and predictable options. A POSITA would have had a reasonable
`
`expectation of success in prepending or appending the event state (E), the dynamic
`
`value (T), and the user data value (P) because Jakobsson explicitly contemplates
`
`varying the combination functions and the results of such variation would have
`
`been foreseeable. Ex-1119, Shoup-Decl. ¶60.
`
`4.
`Substitute Claims 56 And 57 Are Obvious Over Jakobsson
`In View Of Burnett.
`
`a)
`
`Substitute Claim 56
`
`As discussed in the Petition, claim 30, which corresponds to substitute claim
`
`56, is anticipated by Jakobsson. See Pet., 52-55; Ex-1102, Shoup-Decl., ¶¶147-
`
`159. Substitute limitations 56[c], [e], and [g] add “at least a portion of the first
`
`authentication information encrypted by a first key, the first authentication
`
`15
`
`
`
`U.S. Patent No. 9,100,826
`Petitioner’s Opposition to Conditional Motion to Amend
`information including the first key encrypted by a second key” and “decrypting, at
`
`the second device, the encrypted first key using the second key to retrieve the first
`
`key; decrypting, at the second device, the portion of the first authentication
`
`information encrypted by the first key using the first key [to authenticate the first
`
`entity].” Jakobsson in view of Burnett discloses this limitation.
`
`As discussed, supra, Section II.D.1.a.(2), Jakobsson discloses encrypting
`
`authentication information. See also Ex-1104, Jakobsson, ¶¶6-7, 21, 58; Pet., 51-
`
`52, Decision Granting Institution, Paper No. 9, 16 (adopting Petitioner’s position).
`
`To the extent that Jakobsson does not explicitly discuss encrypting data with
`
`a first key and encrypting the first key with a second key, Burnett2 discloses this
`
`limitation. For example, Burnett discloses that a “session key” ([first key]) used to
`
`encrypt information can be encrypted using a key encryption key (“KEK”)
`
`([second key]), and that the same KEK can be used to decrypt the first key. Ex-
`
`1121, Burnett, 54-55, Fig. 3-1. Furthermore, Dr. Jakobsson acknowledges that
`
`such encryption schemes were known in the prior art. Ex-1121, Jakobsson Dep.
`
`Tr., at 34:22-36:12. A POSITA would understand that the session key decrypted
`
`
`2 Burnett qualifies as prior art under 35 U.S.C. § 102(b) because it is a
`
`printed publication that was publicly available more than one year prior to USR’s
`
`earliest alleged priority date. See Ex-1122, Mullins-Decl.
`
`16
`
`
`
`U.S. Patent No. 9,100,826
`Petitioner’s Opposition to Conditional Motion to Amend
`with the KEK would be used to decrypt the data. Accordingly, Jakobsson in view
`
`of Burnett disclose limitations 56[c], [e], and [g]. Ex-1119, Shoup-Decl., ¶63.
`
`It would have been obvious to modify the authentication information of
`
`Jakobsson by encrypting it with a session key, encrypting the session key with a
`
`KEK, and transmitting the KEK-encrypted session key and the session key
`
`encrypted authentication information to the second device for decryption as taught
`
`by Burnett to arrive at limitations 56[c], [e], and [g]. Ex-1119, Shoup-Decl., ¶64.
`
`First, it would have been obvious to use Burnett’s encryption scheme with
`
`Jakobsson’s authentication information because it would have involved nothing
`
`more than applying a known technique (KEK cryptosystem) to a known device
`
`(the authentication system of Jakobsson) in the same way (using a known KEK and
`
`session key for encryption/decryption). A POSITA would have had a reasonable
`
`expectation of success in doing so at least because this encryption scheme could be
`
`implemented via predictable computer code that would improve different types of
`
`communications including those in Jakobsson. Ex-1119, Shoup-Decl., ¶65.
`
`Second, both Jakobsson and Burnett provide teachings, suggestions, and
`
`motivations that would have led a POSITA to encrypt the authentication
`
`information of Jakobsson with Burnett’s KEK cryptosystem to arrive at limitations
`
`56[c], [e], and [g]. For example, both Jakobsson and Burnett disclose encrypting
`
`information sent from a first to a second device. See Ex-1104, Jakobsson, ¶¶6, 7,
`
`17
`
`
`
`U.S. Patent No. 9,100,826
`Petitioner’s Opposition to Conditional Motion to Amend
`58; Ex-1121, Burnett, 54-55; see also Pet., 51-52. Jakobsson further teaches that
`
`decryption can include symmetric key encryption (Ex-1104, Jakobsson, ¶58), and
`
`Burnett’s KEK key and session key are both symmetric keys. A POSITA would
`
`have understood that adding a encryption to such communications would add more
`
`layers of security. Furthermore, Burnett teaches such a technique is more secure
`
`than other techniques, such as standard password-based encryption. Ex-1121,
`
`Burnett, 58. A POSITA also would have recognized that encrypting/decrypting
`
`authentication information with a session key as taught by Burnett could be done w
`
`than with other encryption options, such as a public-key cryptosystem. Therefore,
`
`it would have been obvious to a POSITA to combine Jakobsson and Burnett to
`
`arrive at limitations 56[c], [e], and [g]. Ex-1119, Shoup-Decl., ¶66.
`
`b)
`
`Substitute Claim 57
`
`As discussed in the Petition, claim 31, which corresponds to substitute
`
`claims 57, is anticipated by Jakobsson. See Pet. 55; Ex-1102, Shoup-Decl., ¶161.
`
`Substitute claim 57 adds similar limitations to original claim 31, and is obvious for
`
`at least the same reasons claim 56 is obvious. Ex-1119, Shoup-Decl. ¶67.
`
`5.
`Substitute Claim 60 Is Obvious Over Jakobsson In View Of
`Burnett, Verbauwhede, And Maritzen.
`
`As discussed in the Petition, claim 34, which corresponds to substitute claim
`
`60, is obvious over Jakobsson in view of Verbauwhede and Maritzen. See Pet. 67;
`
`Ex-1102, Shoup-Decl., ¶182. Substitute claim 60 adds similar limitations to
`
`18
`
`
`
`U.S. Patent No. 9,100,826
`Petitioner’s Opposition to Conditional Motion to Amend
`original claim 31, and is obvious for at least the same reasons original claim 31 and
`
`substitute claim 56 are obvious. Ex-1119, Shoup-Decl. ¶68.
`
`E.
`
`The Substitute Claims Are Drawn To Ineligible Subject Matter.
`
`The Board should also deny USR’s motion because the substitute claims
`
`recite ineligible subject matter under 35 U.S.C. § 101, which is a prerequisite for a
`
`CMTA. See Amazon.com, Inc. et al. v. Uniloc Luxembourg S.A., IPR2017-00948,
`
`Paper No. 31 Final Written Decision, 58-59 (PTAB Aug. 1, 2018) (precedential).
`
`Even with USR’s proposed amendments, the claims fail each prong of the well-
`
`known two-step framework for identifying claims that recite ineligible subject
`
`matter. Alice Corp. Pty. v. CLS Bank Int’l, 573 U.S. 208, 2355, 2358 (2014).
`
`1.
`Alice Step 1: The Substitute