Paper No. 31
`
`UNITED STATES PATENT AND TRADEMARK OFFICE
`
`________________
`
`BEFORE THE PATENT TRIAL AND APPEAL BOARD
`
`________________
`
`APPLE INC.,
`
`Petitioner,
`
`v.
`
`UNIVERSAL SECURE REGISTRY LLC,
`
`Patent Owner
`
`________________
`
`Case IPR2018-00813
`
`U.S. Patent No. 9,100,826
`
`________________
`
`PATENT OWNER’S REPLY IN SUPPORT OF ITS MOTION TO AMEND
`PURSUANT TO 37 C.F.R. § 42.121
`
`
`
`UNITED STATES PATENT AND TRADEMARK OFFICE
`
`________________
`
`BEFORE THE PATENT TRIAL AND APPEAL BOARD
`
`________________
`
`APPLE INC.,
`
`Petitioner,
`
`v.
`
`UNIVERSAL SECURE REGISTRY LLC,
`
`Patent Owner
`
`________________
`
`Case IPR2018-00813
`
`U.S. Patent No. 9,100,826
`
`________________
`
`PATENT OWNER’S REPLY IN SUPPORT OF ITS MOTION TO AMEND
`PURSUANT TO 37 C.F.R. § 42.121
`
`
`
`TABLE OF CONTENTS
`
`Case No. IPR2018-00813
`U.S. Patent No. 9,100,826
`
`Page
`
`B.
`
`C.
`
`PATENT OWNER’S LIST OF EXHIBITS ............................................................ III
`I.
`INTRODUCTION ........................................................................................... 1
`II.
`SUBSTITUTE CLAIMS DIRECTED AT UNCHALLENGED
`CLAIMS .......................................................................................................... 1
`III. CLAIM 56 HAS WRITTEN DESCRIPTION SUPPORT.............................. 2
`IV.
`SUBSTITUTE CLAIMS ARE NOVEL AND NONOBVIOUS .................... 4
`A.
`Petitioner Fails to Show that Cited References Render Obvious
`“to conduct a credit and/or debit card [financial] transaction”
`(Limitations 36[pre], 36[b], 36[j], 45[pre], 45[e], 45[i]) ...................... 4
`Petitioner Fails to Identify and Address All Three of “First
`Authentication Information,” “One-time Code,” and “Digital
`Signature” Included in the Claimed First Wireless Signal ................... 8
`Petitioner Fails to Address “the digital signature generated
`using a private key associated with the first handheld device”
`(36[f]) .................................................................................................. 10
`Petitioner Fails to Address Several Limitations of Claim 45.............. 12
`D.
`Petitioner Fails to Show Prior Art Discloses “Separable Fields” ....... 15
`E.
`Jakobsson and Burnett Fail to Disclose Limitations 56[c], 56[e] ....... 18
`F.
`SUBSTITUTE CLAIMS ARE PATENT ELIGIBLE UNDER § 101 .......... 22
`PETITIONER’S ALLEGATIONS CONCERNING PATENT
`OWNER’S BREACH OF ITS DUTY OF CANDOR ARE
`MERITLESS .................................................................................................. 24
`VII. CONCLUSION .............................................................................................. 25
`
`V.
`VI.
`
`i
`
`
`
`Case No. IPR2018-00813
`U.S. Patent No. 9,100,826
`TABLE OF AUTHORITIES
`
`Cases
`
`Page
`
`In re Oda,
`443 F.2d 1200, 170 USPQ 268 (CCPA 1971) ................................................... 2-3
`In re Magnum Oil Tools Int’l, Ltd.,
`829 F.3d 1364, 1380 (Fed. Cir. 2016) ................................................................... 6
`Harmonic Inc. v. Avid Tech., Inc.,
`815 F.3d 1356, 1363 (Fed. Cir. 2016) ................................................................... 6
`Becton, Dickinson & Co. v. Tyco Healthcare Grp., LP,
`616 F.3d 1249, 1254 (Fed. Cir. 2010) .................................................................10
`Ex parte Levy,
`17 USPQ2d 1461, 1464 (Bd. Pat. App. & Inter. 1990) .......................................11
`Aqua Prods., Inc. v. Matal,
`872 F.3d 1290 (Fed. Cir. 2017) ..................................................................... 11-12
`Ariosa Diagnostics v. Verinata Health, Inc.,
`805 F.3d 1359, 1367 (Fed. Cir. 2015) .......................................................... 12, 15
`Lectrosonics, Inc. v. Zaxcom, Inc.,
`IPR2018-01129, -01130, Paper 15 (PTAB Feb. 25, 2019) .................................24
`Daikin Industries, Ltd. v. The Chemours Company FC, LLC,
`IPR2018-00993, Paper 12 (PTAB Nov. 13, 2018) ..............................................25
`Statutory Authorities
`35 U.S.C. § 101 ........................................................................................................22
`Rules and Regulations
`Office Patent Trial Practice Guide August 2018 Update
` 83 Fed. Reg. 39989 ....................................................................................... 12, 15
`37 C.F.R. § 42.6(e) ...................................................................................................27
`37 C.F.R. § 42.121 ...................................................................................................27
`
`ii
`
`
`
`Case No. IPR2018-00813
`U.S. Patent No. 9,100,826
`
`Ex. 2001
`
`Ex. 2002
`
`Ex. 2101
`
`Ex. 2102
`
`Ex. 2103
`
`Ex. 2104
`
`Ex. 2105
`
`Ex. 2106
`
`Ex. 2107
`
`Ex. 2108
`
`Ex. 2109
`
`Ex. 2110
`
`Ex. 2111
`
`Ex. 2112
`
`PATENT OWNER’S LIST OF EXHIBITS
`
`Declaration ISO Motion Pro Hac Vice Harold Barza.
`
`Declaration ISO Motion Pro Hac Vice Jordan Kaericher.
`
`Declaration of Dr. Markus Jakobsson ISO
`Patent Owner’s Response.
`
`Curriculum Vitae of Dr. Markus Jakobsson.
`
`Transcript of December 14, 2018 Deposition of Dr.
`Victor John Shoup.
`
`N. Asokan, et. al, The State of the Art in Electronic
`Payment Systems, IEEE Computer, Vol. 30, No. 9, pp.
`28-35 (IEEE Computer Society Press, Sept. 1997).
`
`M. Baddeley, Using E-Cash in the New Economy: An
`Economic Analysis of Micropayment Systems, J.
`Electronic Commerce Research, Vol. 5, No. 4, pp. 239-
`253 (Nov. 2004).
`
`U.S. Application No. 14/027,860.
`
`U.S. Application No. 11/677,490.
`
`U.S. Provisional Application No. 60/775,046.
`
`U.S. Provisional Application No. 60/812,279.
`
`U.S. Provisional Application No. 60/859,235.
`
`Declaration by Dr. Markus Jakobsson ISO Motion to
`Amend.
`
`U.S. District Court for Delaware Report and
`Recommendation.
`
`iii
`
`
`
`Case No. IPR2018-00813
`U.S. Patent No. 9,100,826
`
`Ex. 2113
`
`Ex. 2114
`
`Ex. 2115
`
`Declaration by Dr. Markus Jakobsson ISO Reply to
`MTA Opposition.
`
`Rough transcript of deposition of Dr. Ari Juels.
`
`Juels and Hubaux, “Privacy Is Dead; Long Live
`Privacy,” Communications of the ACM, Vol. 59, No. 6
`(June 2016))
`
`Ex. 2116
`
`Brainard, Juels, et. al., A New Two-Server Approach for
`Authentication with Short Secrets (Apr. 9, 2003).
`
`iv
`
`
`
`Case No. IPR2018-00813
`U.S. Patent No. 9,100,826
`
`UNIVERSAL SECURE REGISTRY LLC (“Patent Owner”) submits this
`
`Reply in support of its Conditional MTA, Paper 19 (“Motion”), in response to
`
`Petitioner’s Opposition to Patent Owner’s Conditional MTA, Paper 25 (“Op.”).
`
`I.
`
`INTRODUCTION
`
`Petitioner’s unpatentability analysis of the substitute claims in view of the
`
`prior art consistently glosses over—and in some cases outright neglects to address
`
`even at all—key claim limitations found in the substitute claims. For instance,
`
`Petitioner fails to allege what feature in the prior art corresponds to the claimed “first
`
`authentication information” of claims 36 and 45. Even more egregiously, the
`
`Opposition makes no mention of amended limitations 45[e] and 45[g] and similarly
`
`fails to account for the “separable fields” amendment of independent claim 45.
`
`Omissions like this are endemic to Petitioner’s brief, and Petitioner’s failure to make
`
`a prima facie case of obviousness in its Opposition cannot be saved by attempts to
`
`fill these omissions in its sur-reply, to which Patent Owner will have no opportunity
`
`to respond.
`
`II.
`
`SUBSTITUTE CLAIMS DIRECTED AT UNCHALLENGED CLAIMS
`
`Per the conference call the parties had with the Board on April 22, 2019, all
`
`substitute claims directed at unchallenged claims are void. The Board also indicated
`
`that inclusion of such substitute claims do not render the Motion invalid.
`
`1
`
`
`
`Case No. IPR2018-00813
`U.S. Patent No. 9,100,826
`
`III. CLAIM 56 HAS WRITTEN DESCRIPTION SUPPORT
`
`Petitioner contends that substitute claim 56 lacks written description support
`
`and is therefore invalid under 35 U.S.C. § 112. Op. at 3-4. Patent Owner disagrees.
`
`Among other things, limitations 56[c] and 56[e] specify that the first
`
`authentication information includes a first key encrypted by a second key and that
`
`the encrypted first key is decrypted using the second key to retrieve the first key.
`
`Motion at B6. The specification describes that a first wireless signal includes “a PKI
`
`encrypted one-time DES key.” Ex. 2106 at 49:24-26. The specification further
`
`describes how “[t]he second wireless device uses the first public key to decrypt the
`
`PKI encrypted DES key.” Id. at 50:30-31. In response to this disclosure, Petitioner
`
`states “a value encrypted with a public key, which is an asymmetric key, could not
`
`be decrypted using the same public key. Even with extensive experimentation, it
`
`would be impossible for a POSITA to implement encryption and decryption with a
`
`public key.” Op. at 4. Patent Owner admits that the specification as written contains
`
`an obvious error: a public key cannot be used to decrypt ciphertext. Ex. 2113,
`
`Jakobsson Decl. at ¶ 30.
`
`An amendment to correct an obvious error does not constitute new matter
`
`where the ordinary artisan would not only recognize the existence of the error in the
`
`specification, but also recognize the appropriate corrections. In re Oda, 443 F.2d
`
`2
`
`
`
`Case No. IPR2018-00813
`U.S. Patent No. 9,100,826
`
`1200, 170 USPQ 268 (CCPA 1971). The obvious error noted by Petitioner in the
`
`’860 Application would be immediately recognized by a POSITA, who would also
`
`recognize the appropriate corrections. Ex. 2113, Jakobsson Decl. at ¶ 31.
`
`Specifically, as explained by Dr. Jakobsson, a POSITA would know that a public
`
`key cannot be used to both encrypt and decrypt data. Ex. 1117, Jakobsson Depo. Tr.
`
`at 52:16-55:16. Upon identifying this obvious error, a POSITA would also readily
`
`recognize two corrections—both very trivial in nature—that would clarify the
`
`specification. Ex. 2113, Jakobsson Decl. at ¶ 31.
`
`First, since a public key cannot be used to both encrypt and decrypt data, a
`
`POSITA would readily understand that the recipient’s public key would have been
`
`used to encrypt the data (e.g., second wireless device’s public key used to encrypt
`
`DES key) and the recipient’s private key would be used to decrypt the data (e.g.,
`
`second wireless device’s private key used to decrypt DES key). Ex. 1117, Jakobsson
`
`Depo. Tr. at 52:16-55:16; Ex. 2113, Jakobsson Decl. at ¶ 32. Also, since an
`
`asymmetric, public key cannot be used to perform symmetric encryption/decryption,
`
`then the key described in the specification as performing the desired symmetric
`
`encryption and decryption of the DES key may simply be a symmetric key like the
`
`claimed “second key.” Id. A POSITA would readily recognize both of these
`
`3
`
`
`
`Case No. IPR2018-00813
`U.S. Patent No. 9,100,826
`
`corrections in view of the specification. Id. As such, the specification provides
`
`written description and enabling support for limitations 56[c] and 56[e]. Id.
`
`IV.
`
`SUBSTITUTE CLAIMS ARE NOVEL AND NONOBVIOUS
`
`A.
`
`Petitioner Fails to Show that Cited References Render Obvious
`“to conduct a credit and/or debit card [financial] transaction”
`(Limitations 36[pre], 36[b], 36[j], 45[pre], 45[e], 45[i])
`
`Petitioner contends that Jakobsson alone or in combination with Schutzer
`
`discloses the limitation “to conduct a credit and/or debit card [financial] transaction”
`
`of claims 36 and 45. Op. at 4-7, 12. They do not.
`
`First, Petitioner argues that Jakobsson discloses this limitation where it states
`
`that “[a]uthentication can result in…access to such services as financial services…”
`
`and that Jakobsson’s user device 120 can be a “credit-card sized device…such as a
`
`credit card including a magnetic strip or other data store[d] on one of its sides.” Op.
`
`at 5 (citing Ex. 1104, Jakobsson at [0039], [0041]). But these excerpts do not
`
`disclose that Jakobsson’s user device is used for credit/debit card [financial]
`
`transactions. Ex. 2113, Jakobsson Decl. at ¶¶ 33-34. Paragraph [0039] states that
`
`authentication of the user by the verifier 105 can result in providing “access to a
`
`physical location, communications network, computer system, and so on; access to
`
`such services as financial services and records, health services and records and so
`
`on; or access to levels of information or services.” Ex. 1104, Jakobsson at [0039].
`
`4
`
`
`
`Case No. IPR2018-00813
`U.S. Patent No. 9,100,826
`
`This lone mention of the word “financial” (the only one in Jakobsson) does not
`
`pertain to the authentication device (the alleged first handheld device); instead, it
`
`describes the actions taken by the verifier (the alleged second device). Ex. 2113,
`
`Jakobsson Decl. at ¶ 34.
`
`Moreover, paragraphs [0039] and [0041] do not teach or suggest a first
`
`handheld device that is used to conduct credit/debit card [financial] transactions. Ex.
`
`2113, Jakobsson Decl. at ¶ 35. Rather, consistent with Jakobsson’s other disclosures,
`
`paragraph [0039] teaches that Jakobsson’s system verifies an authentication code
`
`specific to the authentication device to provide the user with access to a “physical
`
`location or object” or “electronic access to a computer system or data.” Ex. 1104,
`
`Jakobsson at [0039]; see also id., [0003]. In other words, a POSITA would
`
`understand that the verifier provides “access to such services as financial services
`
`and records, health services and records and so on” by allowing the user to login to
`
`a computer system having such data (e.g., the website of a financial institution or
`
`healthcare provider) or by providing physical access to a location with the records.
`
`Ex. 2113, Jakobsson Decl. at ¶ 35. Similarly, paragraph [0041] merely states that the
`
`user device may be a credit card sized device including a magnetic strip like that of
`
`a credit card; it does not state that the device is an actual credit card that can be used
`
`5
`
`
`
`Case No. IPR2018-00813
`U.S. Patent No. 9,100,826
`
`to conduct financial transactions. See Ex. 1104, Jakobsson at [0041]; Ex. 2113,
`
`Jakobsson Decl. at ¶ 35.
`
`Second, Petitioner argues that “Schutzer teaches ‘securely performing a
`
`bankcard transaction, such as a credit card or debit card transaction.’” Op. at 5 (citing
`
`Ex. 1130, Schutzer at [0010]) (emphasis removed). Petitioner further contends that
`
`“it would have been obvious to combine Schutzer’s bankcard transaction
`
`authentication system with the authentication system of Jakobsson because it would
`
`have involved nothing more than applying a known technique (using authentication
`
`for bankcard transactions) to a known device (the authentication system of
`
`Jakobsson) in the same way (by verifying information).” Op. at 6.
`
`Petitioner cannot satisfy its burden of proving obviousness by employing
`
`“mere conclusory statements.” In re Magnum Oil Tools Int’l, Ltd., 829 F.3d 1364,
`
`1380 (Fed. Cir. 2016). “In an [inter partes review], the petitioner has the burden
`
`from the onset to show with particularity why the patent it challenges is
`
`unpatentable.” Harmonic Inc. v. Avid Tech., Inc., 815 F.3d 1356, 1363 (Fed. Cir.
`
`2016) (citing 35 U.S.C. § 312(a)(3)) (requiring inter partes review petitions to
`
`identify “with particularity…the evidence that supports the grounds for the challenge
`
`to each claim”)).
`
`6
`
`
`
`Case No. IPR2018-00813
`U.S. Patent No. 9,100,826
`
`Here, Petitioner fails to provide a reasoned explanation as to how a POSITA
`
`would combine/modify Jakobsson’s system with Schutzer’s credit card transaction
`
`scheme. For instance, merely stating that a POSITA would combine the references
`
`“in the same way (by verifying information)” is conclusory in that it fails to explain
`
`with particularity how/why the proposed combination would be made. Indeed,
`
`Schutzer teaches that authentication of the user device 10 with the back end
`
`authenticator 22 occurs as a preliminary step to obtain a proxy credit card number
`
`before the user engages in the credit card transaction by sending the merchant the
`
`proxy card number. See Ex. 1130, Schutzer at [0026], [0028], [0029] (describing use
`
`of a PIN/password to pre-authenticate user); Ex. 2113, Jakobsson Decl. at ¶¶ 36-37.
`
`Petitioner fails to explain how or why a POSITA would be motivated to incorporate
`
`the teachings of Schutzer’s PIN/password-based user pre-authentication with
`
`Jakobsson main authentication scheme. A POSITA would not modify or combine
`
`Schutzer’s teachings with Jakobsson because it would lead to the nonsensical result
`
`of pre-authenticating Jakobsson’s user authentication device 120 with the verifier
`
`105 before the user authentication device 120 goes through the complicated, time-
`
`consuming process of generating and transmitting an authentication code 290 to the
`
`verifier 105 for user authentication. Id. at ¶ 37. Moreover, even if both Schutzer and
`
`Jakobsson “recognize the risk of stolen authentication credentials,” as Petitioner
`
`7
`
`
`
`Case No. IPR2018-00813
`U.S. Patent No. 9,100,826
`
`alleges (Op. at 6-7), this does little to explain whether a POSITA would be motivated
`
`to make the suggested combination and whether there’s a reasonable chance of
`
`success. Id.
`
`B.
`
`Petitioner Fails to Identify and Address All Three of “First
`Authentication Information,” “One-time Code,” and “Digital
`Signature” Included in the Claimed First Wireless Signal
`
`Petitioner contends that substitute claims 36 and 45 are obvious over
`
`Jakobsson in view of Schutzer but Petitioner fails to identify and account for all three
`
`features that are included in the claimed “first [wireless] signal” of substitute claims
`
`36 and 45. Specifically, limitations 36[f] and 45[d] specify that the first [wireless]
`
`signal includes a “first authentication information,” a “one-time code,” and a “digital
`
`signature.” Motion at B1, B4. Petitioner’s analysis does not identify what in
`
`Jakobsson or Schutzer allegedly corresponds to the claimed “first authentication
`
`information.” Op. at 9-11.
`
`Instead, Petitioner first alleges that Jakobsson’s “authentication code”
`
`corresponds to the claimed “one-time code.” See Op. at 10 (“Jakobsson discloses a
`
`number of different one-time codes that can change over time and can be combined
`
`with other information using combination function 230 to generate an authentication
`
`code.”). Next, Petitioner alleges that Schutzer discloses the claimed “digital
`
`signature.” Id. Petitioner then abruptly concludes, “Accordingly, Jakobsson in view
`
`8
`
`
`
`Case No. IPR2018-00813
`U.S. Patent No. 9,100,826
`
`of Schutzer discloses substitute limitations 36[f], 36[g], 36[h], 36[j],” providing no
`
`analysis or explanation of what feature in Jakobsson or Schutzer allegedly
`
`corresponds to the claimed “first authentication information.” Id.
`
`Petitioner’s discussion of purported reasons to combine Jakobsson and
`
`Schutzer fares no better and also fails to explain what constitutes the claimed “first
`
`authentication information.” For instance, Petitioner argues that a POSITA would
`
`be allegedly motivated to “add the digital signature of Schutzer to the authentication
`
`code of Jakobsson” because doing so would be “a combination of prior art elements
`
`(one-time code, authentication code, and digital signature) according to known
`
`methods.” Op. at 10-11 (emphasis added). Petitioner further contends that a POSITA
`
`would prepend/append “the one-time code and digital signature to the
`
`authentication code.” Id. at 11; Ex. 2113, Jakobsson Decl. at ¶¶ 38-40.
`
`But the substitute claims do not recite an “authentication code;” the claims
`
`instead recite a “first authentication information” that is “derived from the first
`
`biometric information.” Moreover, Petitioner already relies on Jakobsson’s
`
`“authentication code” as allegedly satisfying the claimed “one-time code,” not “first
`
`authentication information.” Thus, Petitioner’s references to both a “one-time code”
`
`and an “authentication code” as shown in the preceding paragraph is nonsensical.
`
`Petitioner glosses over its double counting of Jakobsson’s authentication code as
`
`9
`
`
`
`Case No. IPR2018-00813
`U.S. Patent No. 9,100,826
`
`being both the claimed “one-time code” and the “first authentication information.”1
`
`Ex. 2113, Jakobsson Decl. at ¶ 41.
`
`Petitioner’s attempt to hand-wave away the three distinct requirements of the
`
`first [wireless] signal of claims 36 and 45 is improper and the Board should
`
`correspondingly deny its failed obviousness analysis.
`
`C.
`
`Petitioner Fails to Address “the digital signature generated using
`a private key associated with the first handheld device” (36[f])
`
`Petitioner fails to show that the prior art of record discloses “the digital
`
`signature generated using a private key associated with the first handheld
`
`device.” Motion at B1 (36[f]). Notably, Petitioner ignores this claim limitation in its
`
`1 Such double-counting of Jakobsson’s authentication code as being both the
`
`claimed “one-time code” and “first authentication information” is improper. Becton,
`
`Dickinson & Co. v. Tyco Healthcare Grp., LP, 616 F.3d 1249, 1254 (Fed. Cir. 2010)
`
`(“Where a claim lists elements separately, ‘the clear implication of the claim
`
`language is that those elements are ‘distinct component[s]’ of the patented
`
`invention.”). Claims 36 and 45 require the first device to transmit three separate and
`
`distinct types of information to a second device for processing because each is a
`
`“distinct component” of the claimed invention. Becton, 616 F.3d at 1254.
`
`10
`
`
`
`Case No. IPR2018-00813
`U.S. Patent No. 9,100,826
`
`analysis of the prior art. See Op. at 4-11. Instead, Petitioner’s myopic approach
`
`focuses only on whether Schutzer discusses a “digital signature,” and neglects to dig
`
`deeper as to whether Schutzer’s digital signature is specifically generated using a
`
`private key associated with a handheld device. See Op. at 10 (citing Ex. 1130,
`
`Schutzer, ¶29). A close review of the cited portion of Schutzer reveals that Schutzer
`
`is silent on how the digital signature is generated, such as who or what generated the
`
`digital signature. Ex. 2113, Jakobsson Decl. at ¶ 43. In particular, no explicit or
`
`implicit2 disclosure is made that Schutzer’s digital signature was generated using a
`
`private key of a handheld device. Id.
`
`“[Section] 316(e) unambiguously requires the petitioner to prove all
`
`2 No implicit disclosure is made in Schutzer that the digital signature is necessarily
`
`generated by a private key of the user’s computing device 10. Ex parte Levy, 17
`
`USPQ2d 1461, 1464 (Bd. Pat. App. & Inter. 1990) (requiring that the inherent
`
`characteristic necessarily flow from the teachings of the prior art). Indeed,
`
`Schutzer’s digital signature may be generated using the private key of a certificate
`
`authority and be used as part of a digital certificate to authenticate the user. Ex.
`
`2113, Jakobsson Decl. at ¶ 44. The digital signature may also be that of the user itself
`
`and not the user’s device. Id. at ¶ 45.
`
`11
`
`
`
`Case No. IPR2018-00813
`U.S. Patent No. 9,100,826
`
`propositions of unpatentability, including for amended claims.” Aqua Products,
`
`Inc. v. Matal, 872 F.3d 1290, 1296 (Fed. Cir. 2017) (emphasis added). Here,
`
`Petitioner’s failure to address the claim limitation “the digital signature generated
`
`using a private key associated with the first handheld device” represents an
`
`incurable defect to its prima facie case of unpatentability of substitute claim 36.
`
`Moreover, Petitioner cannot introduce new arguments in its sur-reply in an attempt
`
`to fill holes in its prima facie showing. Ariosa Diagnostics v. Verinata Health, Inc.,
`
`805 F.3d 1359, 1367 (Fed. Cir. 2015) (Affirming Board’s rejection of Petitioner’s
`
`reliance on “previously unidentified portions of a prior-art reference to make a
`
`meaningfully distinct contention” in its Reply); see also Office Patent Trial Practice
`
`Guide August 2018 Update, 83 Fed. Reg. 39989 (referencing August 2018 update at
`
`https://go.usa.gov/xU7GP at pg. 14). Accordingly, the record fails to demonstrate
`
`that the prior art discloses or renders obvious “the digital signature generated using
`
`a private key associated with the first handheld device.”
`
`D.
`
`Petitioner Fails to Address Several Limitations of Claim 45
`
`Petitioner’s analysis of substitute claim 45 is even more deficient, as it fails to
`
`address several claim limitations. Petitioner sweepingly asserts that “Substitute
`
`claim 45 adds similar amendments to claim 10 as substitute claim 36 to claim 1,”
`
`and then summarily concludes that, “Accordingly, substitute claim 45 is obvious for
`
`12
`
`
`
`Case No. IPR2018-00813
`U.S. Patent No. 9,100,826
`
`at least the same reasons claim 36 is obvious.” Op. at 12. But Petitioner’s dismissive
`
`analysis neglects claim limitations that are distinctly unique to claim 45.3
`
`First, Petitioner fails to address limitations 45[e] and 45[g], which
`
`respectively recite, “at least one of the digital signature and/or the one-time code
`
`encrypted by the first handheld device” and “decrypting, with the second device, at
`
`least one of the digital signature and/or the one-time code encrypted by the first
`
`handheld device.” Motion at B3. The Opposition does not state anywhere what prior
`
`art reference purportedly discloses these claimed features. These limitations are
`
`unique to claim 45 and are not found in claim 36. Thus, Petitioner’s summary
`
`reliance on its limited analysis of claim 36 as the basis for its opposition to claim 45
`
`is explicitly deficient, leaving Petitioner with no argument whatsoever with respect
`
`to limitations 45[e] and 45[g]. Ex. 2113, Jakobsson Decl. at ¶¶ 46-47.
`
`Second, limitation 45[d] requires that a first signal generated “include[] the
`
`first authentication information of the first entity, the one-time code, and the digital
`
`3 In addition to Petitioner’s failure to examine features unique to claim 45,
`
`Petitioner also fails to address “generating a digital signature at the first handheld
`
`device using a private key associated with the first handheld device.” Motion at
`
`B4 (limitation 45[c]) (emphasis added). See discussion supra Section IV.C.
`
`13
`
`
`
`Case No. IPR2018-00813
`U.S. Patent No. 9,100,826
`
`signature as separable fields of the first signal.” Motion at B4 (emphasis added).
`
`This “separable fields” requirement is not present in claim 36 and is consequently
`
`not addressed by Petitioner in its analysis of claim 36. See Op. at 4-11. While
`
`Petitioner discusses “separable fields” with respect to a different claim, claim 42—
`
`a dependent claim that depends from independent claim 36 not claim 45—Petitioner
`
`does not refer back to or cite to claim 42 in its cursory analysis of claim 45.
`
`Moreover, independent claim 45 includes other distinctly different limitations not
`
`found in independent claim 36 or dependent claim 42 (e.g., “at least one of the digital
`
`signature and/or the one-time code encrypted by the first handheld device” and
`
`“decrypting…at least one of the digital signature and/or the one-time code encrypted
`
`by the first handheld device”). These limitations have a material impact on how
`
`claim 45 comes together as a whole to define a distinctly different invention than
`
`claim 36 or claim 42. To satisfy its burden, these differences require that Petitioner
`
`to articulate in its Opposition how and why—if indeed Petitioner believed at all—
`
`the “separable fields” limitation was obvious with respect to claim 45 as a whole.
`
`Ex. 2113, Jakobsson Decl. at ¶¶ 48-49.
`
`By neglecting to analyze multiple features of claim 45 in its Opposition,
`
`Petitioner fails to make a prima facie showing of unpatentability. Moreover,
`
`14
`
`
`
`Case No. IPR2018-00813
`U.S. Patent No. 9,100,826
`
`Petitioner cannot introduce new arguments by addressing these missing limitations
`
`for the first time in its sur-reply. Ariosa Diagnostics at 1367; OPTPG Update at 14.
`
`Petitioner Fails to Show Prior Art Discloses “Separable Fields”
`E.
`Similar to its patchwork analysis of limitations 36[f] and 45[d] (see discussion
`
`supra Section IV.B), Petitioner’s analysis of claim 42 fails to account for all three
`
`claimed components and further fails to show how the cited art discloses “separable
`
`fields.” Petitioner first begins its analysis with an inapposite recitation of the Board’s
`
`institution decision from a different proceeding regarding a different patent. See Op.
`
`at 13-14. Indeed, whether the Board stated that certain features of the ’137 patent’s
`
`independent claims correspond to elements of Jakobsson has no bearing here
`
`because the substitute claims do not recite “a time-varying value” and “an indicator
`
`of biometric authentication”, and the presently claimed “first authentication
`
`information” is specifically “derived from the first biometric information” whereas
`
`the ’137 patent’s “first authentication information” does not have that requirement.
`
`Petitioner next argues that a POSITA would have understood that Jakobsson’s
`
`combination function 230 could be used to generate authentication codes by
`
`prepending or appending various values together to arrive at a separable
`
`authentication code, and that, “Accordingly, it would have been obvious to a
`
`POSITA to append the one-time code and digital signature to form the
`
`15
`
`
`
`Case No. IPR2018-00813
`U.S. Patent No. 9,100,826
`
`combined authentication code or include them as additions thereto such that they
`
`would be separable to from one another.” Op. at 14.
`
`There are at least two things wrong with this line of reasoning. Ex. 2113,
`
`Jakobsson Decl. at ¶ 51. First, appending a one-time code to a digital signature to
`
`form a combined authentication code results in a two-field composite signal whereas
`
`the substitute claims require at least three. Ex. 2113, Jakobsson Decl. at ¶ 52. Indeed,
`
`Petitioner fails to make reference to what feature in Jakobsson, if anything, is the
`
`claimed “first authentication information.” Id.
`
`Second, Jakobsson never discloses an embodiment where an authentication
`
`code is generated without use of—at least at some stage—a one-way function, such
`
`as a hash function. Id. at ¶ 53. Even in the embodiment where Jakobsson describes
`
`a PIN (P) being appended to authentication code A(K, T, E), the latter value is the
`
`result of a one-way function. Id.; See Ex. 1104, Jakobsson at [0073]. Indeed, as
`
`explained by Dr. Jakobsson, use of a one-way function is critical to Jakobsson’s
`
`system because otherwise the system would not be secure:
`
`all the examples given and the motivation of this requires that it’s a
`one-way function. Remember, one of these things is -- for example, the
`value K, that’s a secret key. If you were not to apply a one-way
`function to that and you were to, as a result, expose that to an
`eavesdropper, that would not be beneficial.
`
`16
`
`
`
`Case No. IPR2018-00813
`U.S. Patent No. 9,100,826
`
`Ex. 1117, Jakobsson Depo. at 134:1-13 (emphasis added); see also id. at 134:19-
`
`135:7 (explaining that it would be “clear to a person of skill in the art reading this
`
`that there has to be a one-way function”). Even Petitioner’s new expert, Dr. Juels,
`
`conceded at his deposition that merely concatenating or XOR’ing inputs together,
`
`without more, was an inadequate way to generate or protect the authentication code
`
`from eavesdroppers. Ex. 2114, Juels Depo. at 30:3-21 (eavesdropper can recover
`
`inputs if mere concatenation were used), 34:12-36:12 (same), 40:14-41:6 (adversary
`
`can recover input if mere XOR is used as the combination function). Thus, in light
`
`of the teachings of Jakobsson, a POSITA would not, for example, prepend/append
`
`various values without applying a one-way function because certain types of
`
`information described in Jakobsson, such as the secret key K or biometric value P,
`
`would be put at risk of interception and misuse. Ex. 2113, Jakobsson Decl. at ¶ 53.
`
`Petitioner also makes the conclusory argument that, “A POSITA would have
`
`had a reasonable expectation of success in prepending or appending the event state
`
`(E), the dynamic value (T), and the user data value (P) because Jakobsson explicitly
`
`contemplates varying the combination functions and the results of such variation
`
`would have been foreseeable.” Op. at 15. However, Petitioner makes no reference
`
`to what values of the substitute claims any of Jakobsson’s values correspond to. At
`
`best, reference to these values appears to relate back to Petitioner’s immaterial
`
`17
`
`
`
`Case No. IPR2018-00813
`U.S. Patent No. 9,100,826
`
`citation to the Board’s ’137 patent findings which, as described above, include very
`
`different claim features.
`
`F.
`
`Jakobsson and Burnett Fail to Disclose Limitations 56[c], 56[e]
`
`Petitioner relies on Jakobsson in view of Burnett to show that claim 56 is
`
`obvious. However, Petitioner’s analysis of Jakobsson and Burnett is fatally flawed.
`
`Petitioner argues that “[t]o the extent that Jakobsson does not explicitly
`
`discuss encrypting data with a first key and encrypting the first key with a sec
Accessing this document will incur an additional charge of $.
After purchase, you can access this document again without charge.
Accept $ Charge
Still Working On It
This document is taking longer than usual to download. This can happen if we need to contact the court directly to obtain the document and their servers are running slowly.
Give it another minute or two to complete, and then try the refresh button.
A few More Minutes ... Still Working
It can take up to 5 minutes for us to download a document if the court servers are running slowly.
Thank you for your continued patience.
This document could not be displayed.
We could not find this document within its docket. Please go back to the docket page and check the link. If that does not work, go back to the docket and refresh it to pull the newest information.
Your account does not support viewing this document.
You need a Paid Account to view this document. Click here to change your account type.
Your account does not support viewing this document.
Set your membership
status to view this document.
With a Docket Alarm membership, you'll
get a whole lot more, including:
- Up-to-date information for this case.
- Email alerts whenever there is an update.
- Full text search for other cases.
- Get email alerts whenever a new case matches your search.
One Moment Please
The filing “” is large (MB) and is being downloaded.
Please refresh this page in a few minutes to see if the filing has been downloaded. The filing will also be emailed to you when the download completes.
Your document is on its way!
If you do not receive the document in five minutes, contact support at support@docketalarm.com.
Sealed Document
We are unable to display this document, it may be under a court ordered seal.
If you have proper credentials to access the file, you may proceed directly to the court's system using your government issued username and password.
Access Government Site
