`
`UNITED STATES PATENT AND TRADEMARK OFFICE
`
`________________
`
`BEFORE THE PATENT TRIAL AND APPEAL BOARD
`
`________________
`
`APPLE INC.,
`
`Petitioner,
`
`v.
`
`UNIVERSAL SECURE REGISTRY LLC,
`
`Patent Owner
`
`________________
`
`Case IPR2018-00813
`
`U.S. Patent No. 9,100,826
`
`________________
`
`PATENT OWNER’S REPLY IN SUPPORT OF ITS MOTION TO AMEND
`PURSUANT TO 37 C.F.R. § 42.121
`
`
`
`TABLE OF CONTENTS
`
`Case No. IPR2018-00813
`U.S. Patent No. 9,100,826
`
`Page
`
`B.
`
`C.
`
`PATENT OWNER’S LIST OF EXHIBITS ............................................................ III
`I.
`INTRODUCTION ........................................................................................... 1
`II.
`SUBSTITUTE CLAIMS DIRECTED AT UNCHALLENGED
`CLAIMS .......................................................................................................... 1
`III. CLAIM 56 HAS WRITTEN DESCRIPTION SUPPORT.............................. 2
`IV.
`SUBSTITUTE CLAIMS ARE NOVEL AND NONOBVIOUS .................... 4
`A.
`Petitioner Fails to Show that Cited References Render Obvious
`“to conduct a credit and/or debit card [financial] transaction”
`(Limitations 36[pre], 36[b], 36[j], 45[pre], 45[e], 45[i]) ...................... 4
`Petitioner Fails to Identify and Address All Three of “First
`Authentication Information,” “One-time Code,” and “Digital
`Signature” Included in the Claimed First Wireless Signal ................... 8
`Petitioner Fails to Address “the digital signature generated
`using a private key associated with the first handheld device”
`(36[f]) .................................................................................................. 10
`Petitioner Fails to Address Several Limitations of Claim 45.............. 12
`D.
`Petitioner Fails to Show Prior Art Discloses “Separable Fields” ....... 15
`E.
`Jakobsson and Burnett Fail to Disclose Limitations 56[c], 56[e] ....... 18
`F.
`SUBSTITUTE CLAIMS ARE PATENT ELIGIBLE UNDER § 101 .......... 22
`PETITIONER’S ALLEGATIONS CONCERNING PATENT
`OWNER’S BREACH OF ITS DUTY OF CANDOR ARE
`MERITLESS .................................................................................................. 24
`VII. CONCLUSION .............................................................................................. 25
`
`V.
`VI.
`
`i
`
`
`
`Case No. IPR2018-00813
`U.S. Patent No. 9,100,826
`TABLE OF AUTHORITIES
`
`Cases
`
`Page
`
`In re Oda,
`443 F.2d 1200, 170 USPQ 268 (CCPA 1971) ................................................... 2-3
`In re Magnum Oil Tools Int’l, Ltd.,
`829 F.3d 1364, 1380 (Fed. Cir. 2016) ................................................................... 6
`Harmonic Inc. v. Avid Tech., Inc.,
`815 F.3d 1356, 1363 (Fed. Cir. 2016) ................................................................... 6
`Becton, Dickinson & Co. v. Tyco Healthcare Grp., LP,
`616 F.3d 1249, 1254 (Fed. Cir. 2010) .................................................................10
`Ex parte Levy,
`17 USPQ2d 1461, 1464 (Bd. Pat. App. & Inter. 1990) .......................................11
`Aqua Prods., Inc. v. Matal,
`872 F.3d 1290 (Fed. Cir. 2017) ..................................................................... 11-12
`Ariosa Diagnostics v. Verinata Health, Inc.,
`805 F.3d 1359, 1367 (Fed. Cir. 2015) .......................................................... 12, 15
`Lectrosonics, Inc. v. Zaxcom, Inc.,
`IPR2018-01129, -01130, Paper 15 (PTAB Feb. 25, 2019) .................................24
`Daikin Industries, Ltd. v. The Chemours Company FC, LLC,
`IPR2018-00993, Paper 12 (PTAB Nov. 13, 2018) ..............................................25
`Statutory Authorities
`35 U.S.C. § 101 ........................................................................................................22
`Rules and Regulations
`Office Patent Trial Practice Guide August 2018 Update
` 83 Fed. Reg. 39989 ....................................................................................... 12, 15
`37 C.F.R. § 42.6(e) ...................................................................................................27
`37 C.F.R. § 42.121 ...................................................................................................27
`
`ii
`
`
`
`Case No. IPR2018-00813
`U.S. Patent No. 9,100,826
`
`Ex. 2001
`
`Ex. 2002
`
`Ex. 2101
`
`Ex. 2102
`
`Ex. 2103
`
`Ex. 2104
`
`Ex. 2105
`
`Ex. 2106
`
`Ex. 2107
`
`Ex. 2108
`
`Ex. 2109
`
`Ex. 2110
`
`Ex. 2111
`
`Ex. 2112
`
`PATENT OWNER’S LIST OF EXHIBITS
`
`Declaration ISO Motion Pro Hac Vice Harold Barza.
`
`Declaration ISO Motion Pro Hac Vice Jordan Kaericher.
`
`Declaration of Dr. Markus Jakobsson ISO
`Patent Owner’s Response.
`
`Curriculum Vitae of Dr. Markus Jakobsson.
`
`Transcript of December 14, 2018 Deposition of Dr.
`Victor John Shoup.
`
`N. Asokan, et. al, The State of the Art in Electronic
`Payment Systems, IEEE Computer, Vol. 30, No. 9, pp.
`28-35 (IEEE Computer Society Press, Sept. 1997).
`
`M. Baddeley, Using E-Cash in the New Economy: An
`Economic Analysis of Micropayment Systems, J.
`Electronic Commerce Research, Vol. 5, No. 4, pp. 239-
`253 (Nov. 2004).
`
`U.S. Application No. 14/027,860.
`
`U.S. Application No. 11/677,490.
`
`U.S. Provisional Application No. 60/775,046.
`
`U.S. Provisional Application No. 60/812,279.
`
`U.S. Provisional Application No. 60/859,235.
`
`Declaration by Dr. Markus Jakobsson ISO Motion to
`Amend.
`
`U.S. District Court for Delaware Report and
`Recommendation.
`
`iii
`
`
`
`Case No. IPR2018-00813
`U.S. Patent No. 9,100,826
`
`Ex. 2113
`
`Ex. 2114
`
`Ex. 2115
`
`Declaration by Dr. Markus Jakobsson ISO Reply to
`MTA Opposition.
`
`Rough transcript of deposition of Dr. Ari Juels.
`
`Juels and Hubaux, “Privacy Is Dead; Long Live
`Privacy,” Communications of the ACM, Vol. 59, No. 6
`(June 2016))
`
`Ex. 2116
`
`Brainard, Juels, et. al., A New Two-Server Approach for
`Authentication with Short Secrets (Apr. 9, 2003).
`
`iv
`
`
`
`Case No. IPR2018-00813
`U.S. Patent No. 9,100,826
`
`UNIVERSAL SECURE REGISTRY LLC (“Patent Owner”) submits this
`
`Reply in support of its Conditional MTA, Paper 19 (“Motion”), in response to
`
`Petitioner’s Opposition to Patent Owner’s Conditional MTA, Paper 25 (“Op.”).
`
`I.
`
`INTRODUCTION
`
`Petitioner’s unpatentability analysis of the substitute claims in view of the
`
`prior art consistently glosses over—and in some cases outright neglects to address
`
`even at all—key claim limitations found in the substitute claims. For instance,
`
`Petitioner fails to allege what feature in the prior art corresponds to the claimed “first
`
`authentication information” of claims 36 and 45. Even more egregiously, the
`
`Opposition makes no mention of amended limitations 45[e] and 45[g] and similarly
`
`fails to account for the “separable fields” amendment of independent claim 45.
`
`Omissions like this are endemic to Petitioner’s brief, and Petitioner’s failure to make
`
`a prima facie case of obviousness in its Opposition cannot be saved by attempts to
`
`fill these omissions in its sur-reply, to which Patent Owner will have no opportunity
`
`to respond.
`
`II.
`
`SUBSTITUTE CLAIMS DIRECTED AT UNCHALLENGED CLAIMS
`
`Per the conference call the parties had with the Board on April 22, 2019, all
`
`substitute claims directed at unchallenged claims are void. The Board also indicated
`
`that inclusion of such substitute claims do not render the Motion invalid.
`
`1
`
`
`
`Case No. IPR2018-00813
`U.S. Patent No. 9,100,826
`
`III. CLAIM 56 HAS WRITTEN DESCRIPTION SUPPORT
`
`Petitioner contends that substitute claim 56 lacks written description support
`
`and is therefore invalid under 35 U.S.C. § 112. Op. at 3-4. Patent Owner disagrees.
`
`Among other things, limitations 56[c] and 56[e] specify that the first
`
`authentication information includes a first key encrypted by a second key and that
`
`the encrypted first key is decrypted using the second key to retrieve the first key.
`
`Motion at B6. The specification describes that a first wireless signal includes “a PKI
`
`encrypted one-time DES key.” Ex. 2106 at 49:24-26. The specification further
`
`describes how “[t]he second wireless device uses the first public key to decrypt the
`
`PKI encrypted DES key.” Id. at 50:30-31. In response to this disclosure, Petitioner
`
`states “a value encrypted with a public key, which is an asymmetric key, could not
`
`be decrypted using the same public key. Even with extensive experimentation, it
`
`would be impossible for a POSITA to implement encryption and decryption with a
`
`public key.” Op. at 4. Patent Owner admits that the specification as written contains
`
`an obvious error: a public key cannot be used to decrypt ciphertext. Ex. 2113,
`
`Jakobsson Decl. at ¶ 30.
`
`An amendment to correct an obvious error does not constitute new matter
`
`where the ordinary artisan would not only recognize the existence of the error in the
`
`specification, but also recognize the appropriate corrections. In re Oda, 443 F.2d
`
`2
`
`
`
`Case No. IPR2018-00813
`U.S. Patent No. 9,100,826
`
`1200, 170 USPQ 268 (CCPA 1971). The obvious error noted by Petitioner in the
`
`’860 Application would be immediately recognized by a POSITA, who would also
`
`recognize the appropriate corrections. Ex. 2113, Jakobsson Decl. at ¶ 31.
`
`Specifically, as explained by Dr. Jakobsson, a POSITA would know that a public
`
`key cannot be used to both encrypt and decrypt data. Ex. 1117, Jakobsson Depo. Tr.
`
`at 52:16-55:16. Upon identifying this obvious error, a POSITA would also readily
`
`recognize two corrections—both very trivial in nature—that would clarify the
`
`specification. Ex. 2113, Jakobsson Decl. at ¶ 31.
`
`First, since a public key cannot be used to both encrypt and decrypt data, a
`
`POSITA would readily understand that the recipient’s public key would have been
`
`used to encrypt the data (e.g., second wireless device’s public key used to encrypt
`
`DES key) and the recipient’s private key would be used to decrypt the data (e.g.,
`
`second wireless device’s private key used to decrypt DES key). Ex. 1117, Jakobsson
`
`Depo. Tr. at 52:16-55:16; Ex. 2113, Jakobsson Decl. at ¶ 32. Also, since an
`
`asymmetric, public key cannot be used to perform symmetric encryption/decryption,
`
`then the key described in the specification as performing the desired symmetric
`
`encryption and decryption of the DES key may simply be a symmetric key like the
`
`claimed “second key.” Id. A POSITA would readily recognize both of these
`
`3
`
`
`
`Case No. IPR2018-00813
`U.S. Patent No. 9,100,826
`
`corrections in view of the specification. Id. As such, the specification provides
`
`written description and enabling support for limitations 56[c] and 56[e]. Id.
`
`IV.
`
`SUBSTITUTE CLAIMS ARE NOVEL AND NONOBVIOUS
`
`A.
`
`Petitioner Fails to Show that Cited References Render Obvious
`“to conduct a credit and/or debit card [financial] transaction”
`(Limitations 36[pre], 36[b], 36[j], 45[pre], 45[e], 45[i])
`
`Petitioner contends that Jakobsson alone or in combination with Schutzer
`
`discloses the limitation “to conduct a credit and/or debit card [financial] transaction”
`
`of claims 36 and 45. Op. at 4-7, 12. They do not.
`
`First, Petitioner argues that Jakobsson discloses this limitation where it states
`
`that “[a]uthentication can result in…access to such services as financial services…”
`
`and that Jakobsson’s user device 120 can be a “credit-card sized device…such as a
`
`credit card including a magnetic strip or other data store[d] on one of its sides.” Op.
`
`at 5 (citing Ex. 1104, Jakobsson at [0039], [0041]). But these excerpts do not
`
`disclose that Jakobsson’s user device is used for credit/debit card [financial]
`
`transactions. Ex. 2113, Jakobsson Decl. at ¶¶ 33-34. Paragraph [0039] states that
`
`authentication of the user by the verifier 105 can result in providing “access to a
`
`physical location, communications network, computer system, and so on; access to
`
`such services as financial services and records, health services and records and so
`
`on; or access to levels of information or services.” Ex. 1104, Jakobsson at [0039].
`
`4
`
`
`
`Case No. IPR2018-00813
`U.S. Patent No. 9,100,826
`
`This lone mention of the word “financial” (the only one in Jakobsson) does not
`
`pertain to the authentication device (the alleged first handheld device); instead, it
`
`describes the actions taken by the verifier (the alleged second device). Ex. 2113,
`
`Jakobsson Decl. at ¶ 34.
`
`Moreover, paragraphs [0039] and [0041] do not teach or suggest a first
`
`handheld device that is used to conduct credit/debit card [financial] transactions. Ex.
`
`2113, Jakobsson Decl. at ¶ 35. Rather, consistent with Jakobsson’s other disclosures,
`
`paragraph [0039] teaches that Jakobsson’s system verifies an authentication code
`
`specific to the authentication device to provide the user with access to a “physical
`
`location or object” or “electronic access to a computer system or data.” Ex. 1104,
`
`Jakobsson at [0039]; see also id., [0003]. In other words, a POSITA would
`
`understand that the verifier provides “access to such services as financial services
`
`and records, health services and records and so on” by allowing the user to login to
`
`a computer system having such data (e.g., the website of a financial institution or
`
`healthcare provider) or by providing physical access to a location with the records.
`
`Ex. 2113, Jakobsson Decl. at ¶ 35. Similarly, paragraph [0041] merely states that the
`
`user device may be a credit card sized device including a magnetic strip like that of
`
`a credit card; it does not state that the device is an actual credit card that can be used
`
`5
`
`
`
`Case No. IPR2018-00813
`U.S. Patent No. 9,100,826
`
`to conduct financial transactions. See Ex. 1104, Jakobsson at [0041]; Ex. 2113,
`
`Jakobsson Decl. at ¶ 35.
`
`Second, Petitioner argues that “Schutzer teaches ‘securely performing a
`
`bankcard transaction, such as a credit card or debit card transaction.’” Op. at 5 (citing
`
`Ex. 1130, Schutzer at [0010]) (emphasis removed). Petitioner further contends that
`
`“it would have been obvious to combine Schutzer’s bankcard transaction
`
`authentication system with the authentication system of Jakobsson because it would
`
`have involved nothing more than applying a known technique (using authentication
`
`for bankcard transactions) to a known device (the authentication system of
`
`Jakobsson) in the same way (by verifying information).” Op. at 6.
`
`Petitioner cannot satisfy its burden of proving obviousness by employing
`
`“mere conclusory statements.” In re Magnum Oil Tools Int’l, Ltd., 829 F.3d 1364,
`
`1380 (Fed. Cir. 2016). “In an [inter partes review], the petitioner has the burden
`
`from the onset to show with particularity why the patent it challenges is
`
`unpatentable.” Harmonic Inc. v. Avid Tech., Inc., 815 F.3d 1356, 1363 (Fed. Cir.
`
`2016) (citing 35 U.S.C. § 312(a)(3)) (requiring inter partes review petitions to
`
`identify “with particularity…the evidence that supports the grounds for the challenge
`
`to each claim”)).
`
`6
`
`
`
`Case No. IPR2018-00813
`U.S. Patent No. 9,100,826
`
`Here, Petitioner fails to provide a reasoned explanation as to how a POSITA
`
`would combine/modify Jakobsson’s system with Schutzer’s credit card transaction
`
`scheme. For instance, merely stating that a POSITA would combine the references
`
`“in the same way (by verifying information)” is conclusory in that it fails to explain
`
`with particularity how/why the proposed combination would be made. Indeed,
`
`Schutzer teaches that authentication of the user device 10 with the back end
`
`authenticator 22 occurs as a preliminary step to obtain a proxy credit card number
`
`before the user engages in the credit card transaction by sending the merchant the
`
`proxy card number. See Ex. 1130, Schutzer at [0026], [0028], [0029] (describing use
`
`of a PIN/password to pre-authenticate user); Ex. 2113, Jakobsson Decl. at ¶¶ 36-37.
`
`Petitioner fails to explain how or why a POSITA would be motivated to incorporate
`
`the teachings of Schutzer’s PIN/password-based user pre-authentication with
`
`Jakobsson main authentication scheme. A POSITA would not modify or combine
`
`Schutzer’s teachings with Jakobsson because it would lead to the nonsensical result
`
`of pre-authenticating Jakobsson’s user authentication device 120 with the verifier
`
`105 before the user authentication device 120 goes through the complicated, time-
`
`consuming process of generating and transmitting an authentication code 290 to the
`
`verifier 105 for user authentication. Id. at ¶ 37. Moreover, even if both Schutzer and
`
`Jakobsson “recognize the risk of stolen authentication credentials,” as Petitioner
`
`7
`
`
`
`Case No. IPR2018-00813
`U.S. Patent No. 9,100,826
`
`alleges (Op. at 6-7), this does little to explain whether a POSITA would be motivated
`
`to make the suggested combination and whether there’s a reasonable chance of
`
`success. Id.
`
`B.
`
`Petitioner Fails to Identify and Address All Three of “First
`Authentication Information,” “One-time Code,” and “Digital
`Signature” Included in the Claimed First Wireless Signal
`
`Petitioner contends that substitute claims 36 and 45 are obvious over
`
`Jakobsson in view of Schutzer but Petitioner fails to identify and account for all three
`
`features that are included in the claimed “first [wireless] signal” of substitute claims
`
`36 and 45. Specifically, limitations 36[f] and 45[d] specify that the first [wireless]
`
`signal includes a “first authentication information,” a “one-time code,” and a “digital
`
`signature.” Motion at B1, B4. Petitioner’s analysis does not identify what in
`
`Jakobsson or Schutzer allegedly corresponds to the claimed “first authentication
`
`information.” Op. at 9-11.
`
`Instead, Petitioner first alleges that Jakobsson’s “authentication code”
`
`corresponds to the claimed “one-time code.” See Op. at 10 (“Jakobsson discloses a
`
`number of different one-time codes that can change over time and can be combined
`
`with other information using combination function 230 to generate an authentication
`
`code.”). Next, Petitioner alleges that Schutzer discloses the claimed “digital
`
`signature.” Id. Petitioner then abruptly concludes, “Accordingly, Jakobsson in view
`
`8
`
`
`
`Case No. IPR2018-00813
`U.S. Patent No. 9,100,826
`
`of Schutzer discloses substitute limitations 36[f], 36[g], 36[h], 36[j],” providing no
`
`analysis or explanation of what feature in Jakobsson or Schutzer allegedly
`
`corresponds to the claimed “first authentication information.” Id.
`
`Petitioner’s discussion of purported reasons to combine Jakobsson and
`
`Schutzer fares no better and also fails to explain what constitutes the claimed “first
`
`authentication information.” For instance, Petitioner argues that a POSITA would
`
`be allegedly motivated to “add the digital signature of Schutzer to the authentication
`
`code of Jakobsson” because doing so would be “a combination of prior art elements
`
`(one-time code, authentication code, and digital signature) according to known
`
`methods.” Op. at 10-11 (emphasis added). Petitioner further contends that a POSITA
`
`would prepend/append “the one-time code and digital signature to the
`
`authentication code.” Id. at 11; Ex. 2113, Jakobsson Decl. at ¶¶ 38-40.
`
`But the substitute claims do not recite an “authentication code;” the claims
`
`instead recite a “first authentication information” that is “derived from the first
`
`biometric information.” Moreover, Petitioner already relies on Jakobsson’s
`
`“authentication code” as allegedly satisfying the claimed “one-time code,” not “first
`
`authentication information.” Thus, Petitioner’s references to both a “one-time code”
`
`and an “authentication code” as shown in the preceding paragraph is nonsensical.
`
`Petitioner glosses over its double counting of Jakobsson’s authentication code as
`
`9
`
`
`
`Case No. IPR2018-00813
`U.S. Patent No. 9,100,826
`
`being both the claimed “one-time code” and the “first authentication information.”1
`
`Ex. 2113, Jakobsson Decl. at ¶ 41.
`
`Petitioner’s attempt to hand-wave away the three distinct requirements of the
`
`first [wireless] signal of claims 36 and 45 is improper and the Board should
`
`correspondingly deny its failed obviousness analysis.
`
`C.
`
`Petitioner Fails to Address “the digital signature generated using
`a private key associated with the first handheld device” (36[f])
`
`Petitioner fails to show that the prior art of record discloses “the digital
`
`signature generated using a private key associated with the first handheld
`
`device.” Motion at B1 (36[f]). Notably, Petitioner ignores this claim limitation in its
`
`1 Such double-counting of Jakobsson’s authentication code as being both the
`
`claimed “one-time code” and “first authentication information” is improper. Becton,
`
`Dickinson & Co. v. Tyco Healthcare Grp., LP, 616 F.3d 1249, 1254 (Fed. Cir. 2010)
`
`(“Where a claim lists elements separately, ‘the clear implication of the claim
`
`language is that those elements are ‘distinct component[s]’ of the patented
`
`invention.”). Claims 36 and 45 require the first device to transmit three separate and
`
`distinct types of information to a second device for processing because each is a
`
`“distinct component” of the claimed invention. Becton, 616 F.3d at 1254.
`
`10
`
`
`
`Case No. IPR2018-00813
`U.S. Patent No. 9,100,826
`
`analysis of the prior art. See Op. at 4-11. Instead, Petitioner’s myopic approach
`
`focuses only on whether Schutzer discusses a “digital signature,” and neglects to dig
`
`deeper as to whether Schutzer’s digital signature is specifically generated using a
`
`private key associated with a handheld device. See Op. at 10 (citing Ex. 1130,
`
`Schutzer, ¶29). A close review of the cited portion of Schutzer reveals that Schutzer
`
`is silent on how the digital signature is generated, such as who or what generated the
`
`digital signature. Ex. 2113, Jakobsson Decl. at ¶ 43. In particular, no explicit or
`
`implicit2 disclosure is made that Schutzer’s digital signature was generated using a
`
`private key of a handheld device. Id.
`
`“[Section] 316(e) unambiguously requires the petitioner to prove all
`
`2 No implicit disclosure is made in Schutzer that the digital signature is necessarily
`
`generated by a private key of the user’s computing device 10. Ex parte Levy, 17
`
`USPQ2d 1461, 1464 (Bd. Pat. App. & Inter. 1990) (requiring that the inherent
`
`characteristic necessarily flow from the teachings of the prior art). Indeed,
`
`Schutzer’s digital signature may be generated using the private key of a certificate
`
`authority and be used as part of a digital certificate to authenticate the user. Ex.
`
`2113, Jakobsson Decl. at ¶ 44. The digital signature may also be that of the user itself
`
`and not the user’s device. Id. at ¶ 45.
`
`11
`
`
`
`Case No. IPR2018-00813
`U.S. Patent No. 9,100,826
`
`propositions of unpatentability, including for amended claims.” Aqua Products,
`
`Inc. v. Matal, 872 F.3d 1290, 1296 (Fed. Cir. 2017) (emphasis added). Here,
`
`Petitioner’s failure to address the claim limitation “the digital signature generated
`
`using a private key associated with the first handheld device” represents an
`
`incurable defect to its prima facie case of unpatentability of substitute claim 36.
`
`Moreover, Petitioner cannot introduce new arguments in its sur-reply in an attempt
`
`to fill holes in its prima facie showing. Ariosa Diagnostics v. Verinata Health, Inc.,
`
`805 F.3d 1359, 1367 (Fed. Cir. 2015) (Affirming Board’s rejection of Petitioner’s
`
`reliance on “previously unidentified portions of a prior-art reference to make a
`
`meaningfully distinct contention” in its Reply); see also Office Patent Trial Practice
`
`Guide August 2018 Update, 83 Fed. Reg. 39989 (referencing August 2018 update at
`
`https://go.usa.gov/xU7GP at pg. 14). Accordingly, the record fails to demonstrate
`
`that the prior art discloses or renders obvious “the digital signature generated using
`
`a private key associated with the first handheld device.”
`
`D.
`
`Petitioner Fails to Address Several Limitations of Claim 45
`
`Petitioner’s analysis of substitute claim 45 is even more deficient, as it fails to
`
`address several claim limitations. Petitioner sweepingly asserts that “Substitute
`
`claim 45 adds similar amendments to claim 10 as substitute claim 36 to claim 1,”
`
`and then summarily concludes that, “Accordingly, substitute claim 45 is obvious for
`
`12
`
`
`
`Case No. IPR2018-00813
`U.S. Patent No. 9,100,826
`
`at least the same reasons claim 36 is obvious.” Op. at 12. But Petitioner’s dismissive
`
`analysis neglects claim limitations that are distinctly unique to claim 45.3
`
`First, Petitioner fails to address limitations 45[e] and 45[g], which
`
`respectively recite, “at least one of the digital signature and/or the one-time code
`
`encrypted by the first handheld device” and “decrypting, with the second device, at
`
`least one of the digital signature and/or the one-time code encrypted by the first
`
`handheld device.” Motion at B3. The Opposition does not state anywhere what prior
`
`art reference purportedly discloses these claimed features. These limitations are
`
`unique to claim 45 and are not found in claim 36. Thus, Petitioner’s summary
`
`reliance on its limited analysis of claim 36 as the basis for its opposition to claim 45
`
`is explicitly deficient, leaving Petitioner with no argument whatsoever with respect
`
`to limitations 45[e] and 45[g]. Ex. 2113, Jakobsson Decl. at ¶¶ 46-47.
`
`Second, limitation 45[d] requires that a first signal generated “include[] the
`
`first authentication information of the first entity, the one-time code, and the digital
`
`3 In addition to Petitioner’s failure to examine features unique to claim 45,
`
`Petitioner also fails to address “generating a digital signature at the first handheld
`
`device using a private key associated with the first handheld device.” Motion at
`
`B4 (limitation 45[c]) (emphasis added). See discussion supra Section IV.C.
`
`13
`
`
`
`Case No. IPR2018-00813
`U.S. Patent No. 9,100,826
`
`signature as separable fields of the first signal.” Motion at B4 (emphasis added).
`
`This “separable fields” requirement is not present in claim 36 and is consequently
`
`not addressed by Petitioner in its analysis of claim 36. See Op. at 4-11. While
`
`Petitioner discusses “separable fields” with respect to a different claim, claim 42—
`
`a dependent claim that depends from independent claim 36 not claim 45—Petitioner
`
`does not refer back to or cite to claim 42 in its cursory analysis of claim 45.
`
`Moreover, independent claim 45 includes other distinctly different limitations not
`
`found in independent claim 36 or dependent claim 42 (e.g., “at least one of the digital
`
`signature and/or the one-time code encrypted by the first handheld device” and
`
`“decrypting…at least one of the digital signature and/or the one-time code encrypted
`
`by the first handheld device”). These limitations have a material impact on how
`
`claim 45 comes together as a whole to define a distinctly different invention than
`
`claim 36 or claim 42. To satisfy its burden, these differences require that Petitioner
`
`to articulate in its Opposition how and why—if indeed Petitioner believed at all—
`
`the “separable fields” limitation was obvious with respect to claim 45 as a whole.
`
`Ex. 2113, Jakobsson Decl. at ¶¶ 48-49.
`
`By neglecting to analyze multiple features of claim 45 in its Opposition,
`
`Petitioner fails to make a prima facie showing of unpatentability. Moreover,
`
`14
`
`
`
`Case No. IPR2018-00813
`U.S. Patent No. 9,100,826
`
`Petitioner cannot introduce new arguments by addressing these missing limitations
`
`for the first time in its sur-reply. Ariosa Diagnostics at 1367; OPTPG Update at 14.
`
`Petitioner Fails to Show Prior Art Discloses “Separable Fields”
`E.
`Similar to its patchwork analysis of limitations 36[f] and 45[d] (see discussion
`
`supra Section IV.B), Petitioner’s analysis of claim 42 fails to account for all three
`
`claimed components and further fails to show how the cited art discloses “separable
`
`fields.” Petitioner first begins its analysis with an inapposite recitation of the Board’s
`
`institution decision from a different proceeding regarding a different patent. See Op.
`
`at 13-14. Indeed, whether the Board stated that certain features of the ’137 patent’s
`
`independent claims correspond to elements of Jakobsson has no bearing here
`
`because the substitute claims do not recite “a time-varying value” and “an indicator
`
`of biometric authentication”, and the presently claimed “first authentication
`
`information” is specifically “derived from the first biometric information” whereas
`
`the ’137 patent’s “first authentication information” does not have that requirement.
`
`Petitioner next argues that a POSITA would have understood that Jakobsson’s
`
`combination function 230 could be used to generate authentication codes by
`
`prepending or appending various values together to arrive at a separable
`
`authentication code, and that, “Accordingly, it would have been obvious to a
`
`POSITA to append the one-time code and digital signature to form the
`
`15
`
`
`
`Case No. IPR2018-00813
`U.S. Patent No. 9,100,826
`
`combined authentication code or include them as additions thereto such that they
`
`would be separable to from one another.” Op. at 14.
`
`There are at least two things wrong with this line of reasoning. Ex. 2113,
`
`Jakobsson Decl. at ¶ 51. First, appending a one-time code to a digital signature to
`
`form a combined authentication code results in a two-field composite signal whereas
`
`the substitute claims require at least three. Ex. 2113, Jakobsson Decl. at ¶ 52. Indeed,
`
`Petitioner fails to make reference to what feature in Jakobsson, if anything, is the
`
`claimed “first authentication information.” Id.
`
`Second, Jakobsson never discloses an embodiment where an authentication
`
`code is generated without use of—at least at some stage—a one-way function, such
`
`as a hash function. Id. at ¶ 53. Even in the embodiment where Jakobsson describes
`
`a PIN (P) being appended to authentication code A(K, T, E), the latter value is the
`
`result of a one-way function. Id.; See Ex. 1104, Jakobsson at [0073]. Indeed, as
`
`explained by Dr. Jakobsson, use of a one-way function is critical to Jakobsson’s
`
`system because otherwise the system would not be secure:
`
`all the examples given and the motivation of this requires that it’s a
`one-way function. Remember, one of these things is -- for example, the
`value K, that’s a secret key. If you were not to apply a one-way
`function to that and you were to, as a result, expose that to an
`eavesdropper, that would not be beneficial.
`
`16
`
`
`
`Case No. IPR2018-00813
`U.S. Patent No. 9,100,826
`
`Ex. 1117, Jakobsson Depo. at 134:1-13 (emphasis added); see also id. at 134:19-
`
`135:7 (explaining that it would be “clear to a person of skill in the art reading this
`
`that there has to be a one-way function”). Even Petitioner’s new expert, Dr. Juels,
`
`conceded at his deposition that merely concatenating or XOR’ing inputs together,
`
`without more, was an inadequate way to generate or protect the authentication code
`
`from eavesdroppers. Ex. 2114, Juels Depo. at 30:3-21 (eavesdropper can recover
`
`inputs if mere concatenation were used), 34:12-36:12 (same), 40:14-41:6 (adversary
`
`can recover input if mere XOR is used as the combination function). Thus, in light
`
`of the teachings of Jakobsson, a POSITA would not, for example, prepend/append
`
`various values without applying a one-way function because certain types of
`
`information described in Jakobsson, such as the secret key K or biometric value P,
`
`would be put at risk of interception and misuse. Ex. 2113, Jakobsson Decl. at ¶ 53.
`
`Petitioner also makes the conclusory argument that, “A POSITA would have
`
`had a reasonable expectation of success in prepending or appending the event state
`
`(E), the dynamic value (T), and the user data value (P) because Jakobsson explicitly
`
`contemplates varying the combination functions and the results of such variation
`
`would have been foreseeable.” Op. at 15. However, Petitioner makes no reference
`
`to what values of the substitute claims any of Jakobsson’s values correspond to. At
`
`best, reference to these values appears to relate back to Petitioner’s immaterial
`
`17
`
`
`
`Case No. IPR2018-00813
`U.S. Patent No. 9,100,826
`
`citation to the Board’s ’137 patent findings which, as described above, include very
`
`different claim features.
`
`F.
`
`Jakobsson and Burnett Fail to Disclose Limitations 56[c], 56[e]
`
`Petitioner relies on Jakobsson in view of Burnett to show that claim 56 is
`
`obvious. However, Petitioner’s analysis of Jakobsson and Burnett is fatally flawed.
`
`Petitioner argues that “[t]o the extent that Jakobsson does not explicitly
`
`discuss encrypting data with a first key and encrypting the first key with a sec