`571-272-7822
`
`
`Paper No. 7
`Entered: February 11, 2019
`
`
`UNITED STATES PATENT AND TRADEMARK OFFICE
`____________
`
`BEFORE THE PATENT TRIAL AND APPEAL BOARD
`____________
`
`VISA INC. and VISA U.S.A. INC.,
`Petitioner,
`
`v.
`
`UNIVERSAL SECURE REGISTRY, LLC,
`Patent Owner.
`____________
`
`Case IPR2018-01350
`Patent 8,856,539 B2
`____________
`
`Before PATRICK R. SCANLON, GEORGIANNA W. BRADEN, and
`JASON W. MELVIN, Administrative Patent Judges.
`
`MELVIN, Administrative Patent Judge.
`
`
`
`DECISION
`Instituting Inter Partes Review
`35 U.S.C. § 314
`
`
`
`
`
`
`
`Case IPR2018-01350
`Patent 8,856,539 B2
`
`
`I.
`INTRODUCTION
`Petitioner, Visa Inc. and Visa U.S.A. Inc., filed a Petition (Paper 2,
`“Pet.”) requesting inter partes review of claims 1–9, 16–31, 37, and 38 of
`U.S. Patent No. 8,856,539 B2 (Ex. 1001, “the ’539 patent”). Patent Owner,
`Universal Secure Registry, LLC, filed a disclaimer of claims 5–8, 17–20,
`and 26–30. Ex. 2003. Thus, claims 1–4, 9, 16, 21–25, 31, 37, and 38 (“the
`challenged claims”) remain challenged in this proceeding.1 Patent Owner
`timely filed a Preliminary Response. Paper 6 (“Prelim. Resp.”). Pursuant to
`35 U.S.C. § 314 and 37 C.F.R. § 42.4(a), we have authority to determine
`whether to institute review.
`An inter partes review may not be instituted unless “the information
`presented in the petition . . . and any response . . . shows that there is a
`reasonable likelihood that the petitioner would prevail with respect to at least
`1 of the claims challenged in the petition.” 35 U.S.C. § 314(a). For the
`reasons set forth below, we conclude that Petitioner has shown a reasonable
`likelihood it will prevail in establishing the unpatentability of at least one
`challenged claim. We, therefore, institute inter partes review of the
`challenged claims of the ’539 patent in this proceeding.
`
`A. RELATED MATTERS
`As required by 37 C.F.R. § 42.8(b)(2), each party identifies various
`judicial or administrative matters that would affect or be affected by a
`
`
`1 37 C.F.R. § 42.107(e) (“No inter partes review will be instituted based on
`disclaimed claims.”); Vectra Fitness, Inc. v. TWNK Corp., 162 F.3d 1379,
`1383–84 (Fed. Cir. 1998) (holding a disclaimer under § 253 removes a
`claim from the original patent for all purposes).
`
`2
`
`
`
`Case IPR2018-01350
`Patent 8,856,539 B2
`
`decision in this proceeding. Pet. 12–13; Paper 4 (Patent Owner’s Mandatory
`Notices).
`
`B. THE ’539 PATENT
`The ’539 patent is titled “Universal Secure Registry” and describes “a
`universal identification system . . . used to selectively provide personal,
`financial or other information about a person to authorized users.” Ex. 1001,
`[54], 3:5–9. The ’539 patent explains that the disclosed secure registry
`system may include “[a] multicharacter public code . . . which the system
`can map to provide permit delivery of items, complete telephone calls and
`perform other functions for entities. The system may also be utilized to
`locate an individual based on limited biological data.” Id. at [57].
`The ’539 patent describes a secure database called a “Universal
`Secure Registry” (“USR”), which can be used as “a universal identification
`system” and/or “to selectively provide information about a person to
`authorized users.” Id. at 3:5–9. The ’539 patent states that the USR database
`is designed to “take the place of multiple conventional forms of
`identification.” Id. at 3:22–24. According to ’539 patent, “the USR system
`may enable the user’s identity to be confirmed or verified without providing
`any identifying information about the person to the entity requiring
`identification.” Id. at 3:25–27.
`
`C. CHALLENGED CLAIMS
`Challenged claims 1, 22, 37, and 38 are independent. Claim 1 is
`illustrative of the claimed subject matter and is reproduced below:
`1. A secure registry system for providing information to a
`provider to enable transactions between the provider and
`
`3
`
`
`
`Case IPR2018-01350
`Patent 8,856,539 B2
`
`
`entities with secure data stored in the secure registry
`system, the secure registry system comprising:
`[1.1] a database including secure data for each entity,
`wherein each entity is associated with a time-varying
`multicharacter code for each entity having secure data in
`the secure registry system, respectively, each
`time-varying multicharacter code representing an
`identity of one of the respective entities; and
`a processor configured
`[1.2] to receive a transaction request including at least
`the time-varying multicharacter code for the entity on
`whose behalf a transaction is to be performed and an
`indication of the provider requesting the transaction,
`[1.3] to map the time-varying multicharacter code to the
`identity of the entity using the time-varying
`multicharacter code,
`[1.4] to execute a restriction mechanism to determine
`compliance with any access restrictions for the
`provider to secure data of the entity for completing
`the transaction based at least in part on the indication
`of the provider and the time-varying multicharacter
`code of the transaction request, and
`[1.5] to allow or not allow access to the secure data
`associated with the entity including information
`required to enable the transaction based on the
`determined compliance with any access restrictions
`for the provider, the information including account
`identifying information,
`[1.6] wherein the account identifying information is not
`provided to the provider and the account identifying
`information is provided to a third party to enable or
`deny the transaction with the provider without
`providing the account identifying information to the
`provider.
`
`4
`
`
`
`Case IPR2018-01350
`Patent 8,856,539 B2
`
`Ex. 1001, 18:29–60.2
`
`D. PROPOSED GROUND OF UNPATENTABILITY
`Petitioner asserts that all challenged claims are unpatentable under
`35 U.S.C. § 103 as obvious over a combination of Brener,3 Weiss,4 and
`Desai.5 Pet. 13–14. Petitioner also relies on the Declaration of Dr. Douglas
`Tygar (Ex. 1002). See Pet. 7.
`
`II. DISCUSSION
`A. 35 U.S.C. § 325(D)
`Patent Owner argues that we should deny institution because a patent
`claiming priority to Weiss was applied by the examiner in prosecution of the
`’539 patent, as a secondary reference teaching a “time-varying” code.
`Prelim. Resp. 48–49. When determining whether to institute review, we
`“may take into account whether, and reject the petition or request because,
`the same or substantially the same prior art or arguments previously were
`presented to the Office.” See 35 U.S.C. § 325(d). Even accepting Patent
`Owner’s argument that the Office relied on a patent related to Weiss (U.S.
`Pat. No. 5,657,388 to Weiss (“Weiss ’388”)) for the same reason Petitioner
`relies on Weiss here, we conclude Petitioner does not present substantially
`the same prior art or arguments as at issue during prosecution. In particular,
`Petitioner relies on a different primary reference—where the examiner
`
`2 We add formatting and square-bracketed annotations to separate claim
`limitations as identified by the parties. See Pet. 26–39. Our formatting and
`annotations imply no functional or structural aspect of the claim beyond
`identifying limitations for discussion.
`3 PCT Pub. App. WO 00/14648 (pub. Mar. 16, 2000) (Ex. 1005).
`4 U.S. Pat. No. 4,885,778 (iss. Dec. 5, 1989) (Ex. 1006).
`5 U.S. Pat. No. 6,820,204 B1 (iss. Nov. 16, 2004) (Ex. 1007).
`
`5
`
`
`
`Case IPR2018-01350
`Patent 8,856,539 B2
`
`applied Giordano (U.S. Pat. No. 7,571,139), Petitioner relies on Brener and
`Desai. Compare Ex. 1004, 669 (examiner’s rejection over Giordano and
`Weiss ’388), with Pet. 13–14 (asserting Brener, Weiss, and Desai). Patent
`Owner asserts that an amendment adding access restrictions resulted in
`allowance (see Prelim. Resp. 49–50), and Petitioner’s asserted ground for
`unpatentability relies on Desai for that aspect of the claim (see Pet. 33–36).
`Thus, because Petitioner does not raise substantially the same arguments
`previously presented to the Office, we do not exercise discretion under
`§ 325(d) to decline review.
`
`B. CLAIM CONSTRUCTION
`In an inter partes review, the Board interprets claims of an unexpired
`patent using the broadest-reasonable construction in light of the specification
`of the patent.6 37 C.F.R. § 42.100(b); Cuozzo Speed Techs., LLC v. Lee, 136
`S. Ct. 2131, 2144–46 (2016). Under that standard, we generally give a claim
`term its “ordinary and customary meaning,” which is “the meaning that the
`term would have to a person of ordinary skill in the art in question” at the
`time of the invention. In re Translogic Tech., Inc., 504 F.3d 1249, 1257
`(Fed. Cir. 2007). The specification may impose a specialized meaning,
`departing from the ordinary and customary meaning, by defining a term with
`reasonable clarity, deliberateness, and precision. In re Paulsen, 30 F.3d
`1475, 1480 (Fed. Cir. 1994).
`
`
`6 The Petition was filed before the November 13, 2018, effective date of the
`amendment to 37 C.F.R. § 42.100 changing the claim-construction
`standard applied in inter partes reviews. Changes to the Claim
`Construction Standard for Interpreting Claims in Trial Proceedings Before
`the Patent Trial and Appeal Board, 83 Fed. Reg. 51,340 (Oct. 11, 2018)
`(to be codified at 37 C.F.R. pt. 42).
`
`6
`
`
`
`Case IPR2018-01350
`Patent 8,856,539 B2
`
`
`Petitioner proposes constructions related to two terms in the
`’539 patent: “entity” and “based at least in part on the indication of the
`provider and the time-varying multicharacter code of the transaction
`request.” Pet. 14–17. Patent Owner asserts no construction is required for
`“entity,” contests Petitioner’s construction related to the “based at least in
`part on” term, and additionally proposes constructions for “provider” and
`“access restrictions for the provider.” Prelim. Resp. 21–29.
`Other than as discussed below, we conclude that there is no need to
`construe any additional term to resolve the issues in this Decision. See Nidec
`Motor Corp. v. Zhongshan Broad Ocean Motor Co., 868 F.3d 1013, 1017
`(Fed. Cir. 2017); Vivid Techs., Inc. v. Am. Sci. & Eng’g, Inc., 200 F.3d 795,
`803 (Fed. Cir. 1999).
`
`1. “entity”
`Petitioner asserts that an “entity” within the challenged claims is a
`“purchasing party to a transaction who has data stored in the secure
`registry.” Pet. 14–15. Patent Owner asserts that no construction is required
`for the term at this stage. Prelim. Resp. 21–22. We agree with Patent Owner.
`Petitioner has not identified how “entity” is itself unclear or how expressly
`construing the term would impact an issue for institution. Thus, we decline
`to construe “entity” at this time.
`
`2. “based at least in part on the indication of the provider and the time-
`varying multicharacter code of the transaction request”
`Independent claims 1 and 22 recite “determin[ing] compliance with
`access restrictions for the provider to secure data of the entity for completing
`the transaction based at least in part on the indication of the provider and the
`time-varying multicharacter code of the transaction request.” Ex. 1001,
`
`7
`
`
`
`Case IPR2018-01350
`Patent 8,856,539 B2
`
`18:46–50, 20:16–20. Petitioner submits that the “based at least in part on”
`phrase modifies “completing the transaction” not “determining compliance”
`or “access restrictions for the provider.” Pet. 16–17. In Petitioner’s view,
`therefore, only “completion of the transaction is based on the indication and
`time-varying multicharacter code,” whereas the access restrictions do not
`require consideration of which party may access the information. Id.
`Patent Owner disputes Petitioner’s construction. In Patent Owner’s
`view, the “based at least in part on” phrase should be construed to modify
`“determining compliance with any access restrictions for the provider to
`secure data of the entity.” Prelim. Resp. 22 (citing Ex. 2001 ¶¶ 41–47).
`Patent Owner points to the Specification, which describes that “access
`information 34 allows ‘different levels of security to attach to different types
`of information stored in the entry 30’ so that the user can specify which
`particular individuals or companies can have access to what specific data
`such as credit card numbers, medical information, and tax information.”
`Prelim. Resp. 23 (quoting Ex. 1001, 8:62–9:11; Ex. 2001 ¶ 43). It also
`provides that the user “specif[ies] the type of access restrictions and/or
`whom should be allowed to access the advanced personal data.” Ex. 1001,
`10:23–25. In other words, Patent Owner argues, the Specification provides
`context showing that the identity of the requestor (such as a provider) is
`important to access rights. Prelim. Resp. 23.
`We agree with Patent Owner. Most significantly, the claim requires
`the processor receive “an indication of the provider requesting the
`transaction” and recites “access restrictions for the provider.” Giving
`meaning to that claim language—indicating that the access restrictions relate
`to a particular provider—all but requires that determining compliance with
`
`8
`
`
`
`Case IPR2018-01350
`Patent 8,856,539 B2
`
`access restrictions must be based on the indication of the provider. We agree
`with Patent Owner that at least certain embodiments in the Specification
`describe access restrictions that depend on the identification of the provider.
`See Ex. 1001, 8:62–9:11, 10:23–25, 10:40–48. Construing the claim as
`Patent Owner submits is consistent with those embodiments and the claim
`language. Thus, we conclude that determining compliance with any access
`restrictions for the provider must be “based at least in part on the indication
`of the provider and the time-varying multicharacter code of the transaction
`request.”
`
`3. “provider”
`Patent Owner argues that we should construe “provider” as “the party
`that engages in a transaction with an entity having secure data stored at a
`secure registry, the party providing a good or service to the entity and/or the
`party requesting information about the entity.” Prelim. Resp. 25–27. But
`Patent Owner does not identify how such a construction would affect an
`issue in this proceeding. Without any such basis for construing the term, we
`conclude no construction is necessary for “provider” at this stage.
`
`4. “access restrictions for the provider”
`Patent Owner argues that we should construe “access restrictions for
`the provider” as “access restrictions that are specific to the provider.”
`Prelim. Resp. 27–29. We conclude that no construction is required because
`the dispute regarding this term is resolved with our construction of the
`“based on” phrase, discussed above.
`
`9
`
`
`
`Case IPR2018-01350
`Patent 8,856,539 B2
`
`
`C. OBVIOUSNESS OVER BRENER, WEISS, AND DESAI
`For its obviousness contentions, Petitioner relies on Brener as
`modified by both Weiss and Desai. See Pet. 17–24.
`Brener discloses “a method and system of conducting electronic
`commerce which allows a customer to anonymously visit vendor web sites,
`anonymously purchase goods and anonymously receive goods without
`disclosing the customer’s identification and home address information to the
`web site vendor.” Ex. 1005, 1:6–9. Brener’s system uses linking information
`to associate a customer’s personal information with a customer object. Id. at
`2:24–25, 3:12–14. By storing the linking information and personal
`information on a secure computer, Brener permits the customer to interact
`with vendors using just the customer object. Id. at 2:27–29. When a vendor
`desires to complete a purchase by a customer, it may send the customer
`object to a bank, which then interacts with the secure computer to obtain the
`required personal information for completing the purchase. Id. at 9:16–29.
`Brener further discloses a method for a vendor to ship a package without
`obtaining the customer’s personal information, in which the third-party
`shipper uses the customer object to obtain delivery information. Id. at 10:3–
`20.
`
`Weiss discloses:
`
`an apparatus and method for the electronic generation of
`variable, non-predictable codes and the validation and
`comparison of such codes for the purpose of positively
`identifying an authorized individual or user of an apparatus or
`system and thereafter giving clearance to carry out a privileged
`transaction or access to a protected system or facility.
`
`10
`
`
`
`Case IPR2018-01350
`Patent 8,856,539 B2
`
`Ex. 1006, 1:15–21. Weiss summarizes that its “predetermined algorithm
`constantly generates new unique and verifiable non-predictable codes, which
`are derived from the fixed data and at least one dynamic variable, such as the
`time of day.” Id. at 1:63–67.
`Desai discloses “a system and method for information exchange that
`provides control over the content of stored information, as well as control
`over the access to the stored information.” Ex. 1007, 3:34–37. To that end,
`Desai discloses an “information exchange system” that stores profile data for
`users. Id. at 3:42–45. Using the system, a user “can securely control access
`to its stored profile data on an element-by-element and user-by-user basis.”
`Id. at 9:4–6. Desai’s system uses a “universal ID for each data element” to
`control access on an element-by-element basis. Id. at 14:5–8. Thus, using
`Desai’s system, a “registered user 12 has control over which vendors 24
`have access to its profile data, and which subsets of the profile data are
`provided to those vendors 24.” Id. at 9:55–57.
`
`1. Claim 1
`Claim element 1.1 recites:
`
`a database including secure data for each entity, wherein each
`entity is associated with a time-varying multicharacter code for
`each entity having secure data in the secure registry system,
`respectively, each time-varying multicharacter code
`representing an identity of one of the respective entities.
`Ex. 1001, 18:33–38. Petitioner asserts that Brener’s linking table, which
`matches each customer object with the customer’s personal information,
`teaches a secure provider database. Pet. 27–28 (citing Ex. 1005, 2:25–26,
`8:11–14, 10:14–20; Ex. 1002 ¶¶ 74–76). Petitioner asserts that, “[a]lthough
`Brener discloses that the customer object can be a multicharacter code such
`
`11
`
`
`
`Case IPR2018-01350
`Patent 8,856,539 B2
`
`as a name like ‘GOLFO’ (Ex-1005, 8:9-11), Brener does not expressly
`disclose that the multicharacter code customer object is time-varying.”
`Pet. 28 (citing Ex. 1002 ¶ 77); accord id. at 21. For that aspect of the claim,
`Petitioner relies on Weiss, which discloses that a “predetermined algorithm
`constantly generates new unique and verifiable non-predictable codes,”
`based in part on “at least one dynamic variable, such as the time of day.”
`Ex. 1006, 1:63–67; see Pet. 21–22, 27–28 (citing Ex. 1006, 1:22–40, 1:55–
`2:17). Petitioner asserts that skilled artisans “would have been motivated to
`apply Weiss’s teachings to an anonymous transaction system like the one in
`Brener.” Pet. 28 (citing Ex. 1002 ¶¶ 62–64). Petitioner reasons that skilled
`artisans would have found it “beneficial to incorporate a time-varying aspect
`into Brener’s customer objects, resulting in a time-varying code that
`corresponds to the user’s identity via the linking information stored in the
`secure database.” Id. Petitioner asserts also that the combination “would
`have been a combination of complementary features providing enhanced
`security for user data and online transactions, consistent with Brener’s stated
`goals.” Pet. 22 (citing Ex. 1002 ¶¶ 62–64).
`Patent Owner challenges the combination, arguing that Brener and
`Weiss present fundamentally different approaches. Prelim. Resp. 31.
`According to Patent Owner, Brener’s primary objective is to maintain
`anonymity but also allow recognition of returning customers. Id. at 31–33.
`Patent Owner argues that using a time-varying code as taught by Weiss
`would prohibit achieving that objective. Id. Patent Owner’s argument does
`not overcome Petitioner’s showing for purposes of institution. At this stage,
`Patent Owner’s argument at most establishes an issue of material fact best
`suited for resolution through trial. Although the record may ultimately
`
`12
`
`
`
`Case IPR2018-01350
`Patent 8,856,539 B2
`
`support Patent Owner’s asserted conclusion, the current record appears to
`support instead the conclusion that a customer code would include distinct
`portions, allowing Brener’s objective of recognizing returning customers.
`Indeed, Petitioner proposes a combination that “incorporate[s] a time-
`varying aspect into Brener’s customer objects,” not one that makes Brener’s
`entire customer object time varying. See Pet. 28.
`Patent Owner argues also that using a time-varying code would render
`Brener inoperable. Prelim. Resp. 34–36. In this regard, Patent Owner argues
`that public–private key pairs are matched and changing the value of one with
`a time-varying code would render the other useless. Id. That argument,
`however, assumes that a skilled artisan would not account for the time-
`varying aspect of a code when making the change to Brener. As Patent
`Owner points out, public and private keys are generated together as a pair
`(id. at 35), so if a skilled artisan modified Brener’s private-key authorization
`code to incorporate a time-varying aspect, the natural result is that a
`matching public key would be generated at that time. Indeed, Brener
`discloses that “bank computer 150 will be provided with access to a
`database 170 of all public keys” (Ex. 1005, 16:19–20), an arrangement that
`is compatible with dynamically generated, time-varying keys. Thus, on the
`present record, we disagree with Patent Owner’s argument that the
`modification would render Brener inoperable.
`Patent Owner argues further that Brener teaches away from the
`claimed system by teaching a public encryption key that includes an account
`number, whereas the claims require that account-identifying information not
`be given to the provider. Prelim. Resp. 36–37 (citing Ex. 1005, 16:8–9,
`16:14–15). Patent Owner asserts that “to the extent that Brener’s system is
`
`13
`
`
`
`Case IPR2018-01350
`Patent 8,856,539 B2
`
`implemented with the public key cryptography scheme it describes, Brener
`teaches away from the ’539 patent’s claims.” Id. at 37. The cited
`embodiment, however, is only one of multiple embodiments in Brener, and
`Petitioner does not rely on Brener in that regard to establish obviousness.
`Although Brener may teach an embodiment in which a vendor has access to
`account information, it is insufficient to teach away from Brener’s other
`embodiments where no account-identifying information is provided to the
`vendor. Thus, on the present record, we disagree with Patent Owner’s
`teaching-away argument based on Brener.
`Claim element 1.4 recites:
`
`a processor configured . . . to execute a restriction mechanism
`to determine compliance with any access restrictions for the
`provider to secure data of the entity for completing the
`transaction based at least in part on the indication of the
`provider and the time-varying multicharacter code of the
`transaction request.
`Ex. 1001, 18:39–50. As discussed above, we construe the “based least in
`part on” phrase as limiting the way that the processor determines compliance
`with any access restrictions for the provider. See supra at 7. Thus, we do not
`agree with Petitioner’s assertion that Brener alone teaches this element. See
`Pet. 35; Prelim. Resp. 39 n.3.
`Petitioner asserts additionally that if “‘access restrictions’ themselves
`must be based on an indication of the provider and the code identifying the
`customer, this is taught by Desai.” Pet. 35 (citing Ex. 1002 ¶ 89); accord id.
`at 22 (citing Ex. 1002 ¶ 65). Petitioner asserts it would have been obvious to
`“incorporate Desai’s teachings of user defined access restrictions to stored
`data to one or more third parties with Brener’s role-based access restriction
`
`14
`
`
`
`Case IPR2018-01350
`Patent 8,856,539 B2
`
`mechanism by the secure provider database.” Pet. 35–36 (citing Ex. 1002
`¶¶ 65–68, 91). Petitioner submits that it would have been obvious to “modify
`a system for securing user data during online transactions, such as disclosed
`by Brener, to give the user more granular control over what data may be
`divulged to particular parties, as taught by Desai.” Pet. 23 (citing Ex. 1002
`¶¶ 65–68). According to Petitioner, doing so would “increase the user’s
`control over access to his or her data and enhance the customizability of the
`security features in a way that would have been readily apparent to a person
`of ordinary skill in the art at the time.” Id. Petitioner further submits that
`combing the systems as asserted “would have been consistent with, and
`enhanced, Brener’s stated purpose of enabling selective access to
`information to provide anonymous shopping, shipping, and other
`transactions.” Pet. 60 (citing Ex. 1002 ¶ 67).
`Patent Owner challenges Petitioner’s proposed combination with
`Desai, arguing that Petitioner has the impact of Desai wrong. Prelim.
`Resp. 38–42. In Patent Owner’s view, because Desai teaches releasing
`account-identifying information to a vendor, not to a third party, it teaches a
`skilled artisan away from the claimed invention. Id. at 39–40. Patent
`Owner’s argument, however, relies on aspects of Desai that are not relevant
`to the combination Petitioner asserts. Patent Owner has not identified why
`Desai providing account-identifying information to a vendor would
`discourage a skilled artisan from using Desai’s teaching of access
`restrictions with Brener’s system. To the extent we would reach such a
`conclusion, it is an issue best resolved though a factual determination based
`on a full trial record. Thus, on the present record, we disagree with Patent
`Owner’s teaching-away argument based on Desai.
`
`15
`
`
`
`Case IPR2018-01350
`Patent 8,856,539 B2
`
`
`Patent Owner argues further that, in the proposed combination, a user
`would have to allow access for each merchant and each transaction, a result
`contrary to Petitioner’s assertion that modifying Brener with Desai “will
`make databases more ‘efficient and allow for timely sharing of information
`with selected individuals on a granular level and provide security against
`unwanted disclosures and edits to the stored information’” Prelim. Resp. 41
`(citing Pet. 61 (quoting Ex. 1007, 3:27–31)). In Patent Owner’s view, Desai
`imposes overhead and therefore sacrifices efficiency; thus, a skilled artisan
`would not use Desai’s system, regardless of any security improvement it
`offered. Id. As with Patent Owner’s similar arguments discussed above, we
`view this as a factual issue appropriate for resolution through trial.
`Claim element 1.6 recites
`
`wherein the account identifying information is not provided to
`the provider and the account identifying information is
`provided to a third party to enable or deny the transaction with
`the provider without providing the account identifying
`information to the provider.
`Ex. 1001, 18:55–60. Petitioner asserts Brener teaches this limitation through
`two separate disclosures. Pet. 39–40. First, Petitioner asserts that Brener
`discloses providing information “to a third party shipping carrier to complete
`the purchase transaction by shipping the purchased goods.” Id. (citing
`Ex. 1005, 14:28–15:10; Ex. 1002 ¶ 96). Patent Owner contests that mapping,
`arguing that Brener’s shipping carrier cannot be the “third party” because the
`carrier is not involved until a transaction is approved. Prelim. Resp. 44–45.
`We agree with Patent Owner, based on Brener’s disclosures. Ex. 1005, 10:3–
`4 (“Once a purchase by the customer has been approved, the vendor arranges
`for the package to be picked up by a third party carrier.”), 14:20–22 (“Upon
`
`16
`
`
`
`Case IPR2018-01350
`Patent 8,856,539 B2
`
`approval of the transaction, the vendor readies the goods for anonymous
`shipment as explained below.”).
`Petitioner asserts alternatively that Brener discloses providing
`customer identity and account information “to a third party financial
`institution or bank computer by the secure provider to complete the purchase
`transaction by approving or denying a transaction.” Pet. 40 (citing Ex. 1005,
`9:19–10:2; Ex. 1002 ¶ 97). Patent Owner challenges that assertion too,
`arguing that, in Brener, the vendor (not the secure provider) sends
`information to a bank. Prelim. Resp. 42–44. We do not agree with Patent
`Owner. Brener discloses the bank determining a customer’s credit status
`based on a customer object can “include ascertaining the identity of the
`customer based on the linking information obtained by the financial
`institution from the secure provider.” Ex. 1005, 3:30–4:2. Although Brener
`discloses that the vendor sends a customer object, such customer object does
`not contain identifying information. Rather, the bank receives identifying
`information only as a result of the linking information it obtains from the
`secure provider. See Ex. 1005, 9:19–10:2. Thus, Petitioner has adequately
`shown claim element 1.6 for purposes of institution.
`Petitioner asserts additionally that Brener teaches claim limitations
`[1.2] (Pet. 29–31 (citing Ex. 1005, 2:19–3:11, 3:25–30, 14:16–22; Ex. 1002
`¶¶ 80–82)), [1.3] (Pet. 31–33 (citing Ex. 1005, 2:19–3:7, 8:11–20, 10:14–17;
`Ex. 1002 ¶¶ 83–85)), and [1.5] (Pet. 36–39 (citing Ex. 1005, 14:23–26,
`15:1–10, 10:3–20, 16:26–29, 9:23–26; Ex. 1002 ¶¶ 93–95)). Patent Owner
`does not contest those assertions at this stage. We have reviewed Petitioner’s
`assertions and determine that they are adequate for purposes of institution.
`
`17
`
`
`
`Case IPR2018-01350
`Patent 8,856,539 B2
`
`
`Accordingly, we conclude Petitioner has shown a reasonable
`likelihood of succeeding with respect to the unpatentability of claim 1 over
`Brener, Weiss, and Desai.
`
`2. Claim 37
`Independent claim 37 recites limitations parallel to those of claim 1,
`but recites that the access restrictions relate “to at least one portion of secure
`data for completing the transaction” and further requires the processor be
`configured “to store an appropriate code with each such portion of secure
`data.” Ex. 1001, 21:25–22:13. Petitioner cites Desai as teaching the “store an
`appropriate code” limitation by disclosing that “[e]ach data element is
`encrypted with its secret key, and then stored in a database table, along with
`a universal identifier (‘ID’) for the data element.” Pet. 42–43 (quoting
`Ex. 1007, 5:30-32). Petitioner further cites Desai’s statement that Desai’s
`database includes “a universal identifier (‘ID’) for each data element” and
`asserts that doing so “allows the system disclosed in Desai to provide an
`element-by-element access control for the stored data.” Pet. 43 (quoting
`Ex. 1007, 14:2–8).
`Patent Owner challenges Petitioner’s assertion, arguing that Petitioner
`provides no reason to use the asserted teaching from Desai. Prelim.
`Resp. 45–46. Patent Owner’s argument, however, assumes that Desai’s
`disclosures cited against claim 37 are independent of those cited against
`claim 1. Petitioner asserts that Desai includes the “universal ID for each data
`element” so that the system can provide the granular access control relevant
`to the limitations of claim 1. See Pet. 43. Thus, it appears that at least
`Desai’s universal ID is part of the disclosure Petitioner identifies as part of
`the combination asserted against claim 1. With such an understanding,
`
`18
`
`
`
`Case IPR2018-01350
`Patent 8,856,539 B2
`
`Petitioner did not need a separate motivation to use Desai’s universal ID in
`the combination. To the extent that Patent Owner establishes during trial
`that, to prove claim 37 unpatentable, Petitioner requires Desai’s teachings
`unrelated to the combination asserted against claim 1, we may conclude that
`Petitioner has failed to provide adequate justification. Based on the present
`record, we determine that Petitioner has shown a reasonable likelihood of
`prevailing with respect to claim 37.
`
`III. CONCLUSION
`We have addressed all of Patent Owner’s arguments raised in the
`Preliminary Response. For the foregoing reasons, we determine the
`information presented in the Petition establishes a reasonable likelihood that
`Petitioner will prevail in showing at least one challenged claim unpatentable.
`Thus, based on the standard in 35 U.S.C. § 314(a), and our evaluation of the
`present record, we institute inter partes review.
`
`IV. ORDER
`
`Accordingly, it is:
`ORDERED that pursuant to 35 U.S.C. § 314(a), inter partes review of
`the ’539 patent is institute