Paper 12
`
`UNITED STATES PATENT AND TRADEMARK OFFICE
`________________
`
`BEFORE THE PATENT TRIAL AND APPEAL BOARD
`________________
`
`VISA INC. and VISA U.S.A. INC.,
`Petitioners,
`
`v.
`
`UNIVERSAL SECURE REGISTRY LLC,
`Patent Owner
`________________
`
`Case IPR2018-01350
`U.S. Patent No. 8,856,539
`________________
`
`PATENT OWNER’S RESPONSE
`PURSUANT TO 37 C.F.R. § 42.120
`
`
`
`
`
`
`
`

`

`TABLE OF CONTENTS
`
`Case No. IPR2018-01350
`U.S. Patent No. 8,856,539
`
`Page
`
`I.
`
`II.
`
`OVERVIEW OF THE ’539 PATENT ............................................................ 3
`A.
`The ’539 Patent Specification ............................................................... 3
`B.
`The ’539 Patent Claims ......................................................................... 8
`C.
`Prosecution History of the ’539 Patent ................................................. 8
`OVERVIEW OF THE CITED ART ............................................................... 9
`A.
`Brener (Ex-1005) ................................................................................... 9
`B. Weiss (Ex-1006) .................................................................................. 10
`C.
`Desai (Ex-1007) .................................................................................. 11
`III. LEVEL OF ORDINARY SKILL IN THE ART ........................................... 11
`IV. CLAIM CONSTRUCTION .......................................................................... 12
`A.
`“Entity” ................................................................................................ 13
`B.
`“Based at least in part on the indication of the provider and the
`time-varying multicharacter code of the transaction request” ............ 13
`“Third party” ....................................................................................... 16
`C.
`“The Provider Requesting The Transaction” (Claims 1 and 22) ........ 18
`D.
`STANDARD OF REVIEW ........................................................................... 21
`V.
`VI. THE PETITION FAILS TO PROVE BRENER IN VIEW OF WEISS
`AND DESAI RENDERS THE CHALLENGED CLAIMS OBVIOUS ....... 22
`A.
`The Petition Has Failed To Prove Brener Discloses Limitation
`1.6 ........................................................................................................ 22
`A Person of Ordinary Skill in the Art Would Not Combine
`Brener and Weiss to Obtain a Time-varying Multicharacter
`Code ..................................................................................................... 25
`1.
`Petitioner’s Proposed Modification to Brener’s PKI-
`based Authentication Scheme Renders the Combination
`Unsatisfactory for Its Intended Purpose and/or Changes
`Brener’s Principle of Operation ................................................ 27
`Time-Varying Public-Private Key Pairs Would Render
`Brener’s Intended Purpose of Recognizing Returning
`Customers Inoperable. .............................................................. 38
`
`B.
`
`2.
`
`
`
`i
`
`

`

`Case No. IPR2018-01350
`U.S. Patent No. 8,856,539
`
`C.
`
`3. Whether Brener’s customer object could have been made
`time-varying through a smart card or at the user’s
`computer is irrelevant. .............................................................. 40
`A Person of Ordinary Skill in the Art Would Not Combine
`Brener and Desai to Obtain “Access Restrictions” (Limitation
`1.4) ....................................................................................................... 42
`1.
`Petitioner’s Proposed Combination is Based on Features
`of Brener and Desai that Both Teach Away or Contradict
`the Invention as Claimed .......................................................... 43
`A Person of Ordinary Skill in the Art at the Time of the
`Invention Would Not Have Had a Reasonable
`Expectation of Success of Implementing Desai’s
`Information Exchange System into Brener’s Anonymous
`Transaction System ................................................................... 46
`Petitioner Fails to Show Claims 3 and 24 are Obvious ....................... 49
`D.
`VII. STRONG EVIDENCE OF SECONDARY CONSIDERATIONS OF
`NON-OBVIOUSNESS .................................................................................. 51
`A.
`Long-felt Need and Failure of Others ................................................. 51
`B.
`Commercial Success............................................................................ 55
`VIII. CONCLUSION .............................................................................................. 57
`
`
`
`2.
`
`
`
`
`
`ii
`
`

`

`TABLE OF AUTHORITIES
`
`Case No. IPR2018-01350
`U.S. Patent No. 8,856,539
`
`Page
`
`CASES
`
`Apple Inc. v. Int'l Trade Comm’n,
` 725 F.3d 1356 (Fed. Cir. 2013) ....................................................................51
`
`Apple Inc. v. Samsung Elecs. Co. Ltd.,
` 816 F.3d 788 (Fed. Cir. 2016) ......................................................................51
`
`Cuozzo Speed Techs., LLC v. Lee,
` 136 S. Ct. 2131 (2016) ..................................................................................12
`
`DyStar Textilfarben GmbH & Co. Deutschland KG v. C.H. Patrick Co.,
` 464 F.3d 1356 (Fed. Cir. 2006) ............................................................. 45, 46
`
`Guinn v. Kopf,
` 96 F.3d 1419 (Fed. Cir. 1996) ........................................................................ 1
`
`Cyclobenzaprine Hydrochloride Extended-Release Capsule Patent Litig.,
` 676 F.3d 1080 (Fed. Cir. 2012) ....................................................................50
`
`Heidelberger Druckmaschinen AG v. Hantscho Commercial Prods., Inc.,
` 21 F.3d 1068 (Fed. Cir. 1994) ......................................................................51
`
`In re Gordon,
` 733 F.2d 900 (Fed. Cir. 1984) ......................................................................27
`
`In re Ratti,
` 270 F.2d 810 (CCPA 1959) ..........................................................................27
`
`In re Stepan Co.,
` 868 F.3d 1342 (Fed. Cir. 2017) ............................................................. 36, 46
`
`Innogenetics, N.V. v. Abbott Labs.,
` 512 F.3d 1374 (Fed. Cir. 2008) ....................................................................40
`
`Intelligent Bio-Sys., Inc. v. Illumina Cambridge Ltd.,
` 821 F.3d 1359 (Fed. Cir. 2016) ............................................................. 36, 46
`
`Kinetic Concepts, Inc. v. Smith & Nephew, Inc.,
` 688 F.3d 1342 (Fed. Cir. 2012) ....................................................................40
`
`KSR Int’l Co. v. Teleflex Inc.,
` 550 U.S. 398 (2007)......................................................................................40
`
`Merck & Co., Inc. v. Teva Pharm. USA, Inc.,
` 395 F.3d 1364 (Fed. Cir. 2005) ....................................................................17
`
`
`
`iii
`
`

`

`Case No. IPR2018-01350
`U.S. Patent No. 8,856,539
`
`Phillips v. AWH Corp.,
` 415 F.3d 1303 (Fed. Cir. 2005) ...................................................................... 1
`
`Plas-Plak Industries, Inc. v. Sulzer Mixpac AG,
` 600 Fed. Appx. 755 (Fed. Cir. 2015) ...........................................................27
`
`Samsung Elecs. Co., Ltd. v. Infobridge Pte. Ltd.,
` IPR2017-00100 (Paper 30) (PTAB Apr. 23, 2018) ......................................21
`
`Stratoflex, Inc. v. Aeroquip Corp.,
` 713 F.3d 1538 (Fed. Cir. 1983) ....................................................................51
`
`Trivascular, Inc. v. Samuels,
` 812 F.3d 1056 (Fed. Cir. 2016) ....................................................................21
`
`
`
`
`STATUTORY AUTHORITIES
`
`35 U.S.C. § 253 .......................................................................................................... 1
`
`35 U.S.C. § 314(a) ..................................................................................................... 1
`
`35 U.S.C. § 316(e) ..................................................................................................... 1
`
`
`
`37 C.F.R. § 42.100(b) ..............................................................................................12
`
`RULES AND REGULATIONS
`
`
`
`
`
`
`
`
`
`
`iv
`
`

`

`Case No. IPR2018-01350
`U.S. Patent No. 8,856,539
`
`Exhibit #
`Ex-2001
`
`Ex-2002
`
`Ex-2003
`Ex-2004
`
`Ex-2005
`
`Ex-2006
`
`Ex-2007
`
`Ex-2008
`Ex-2009
`Ex-2010
`
`EXHIBIT TABLE
`
`
`
`Description
`Declaration of Dr. Markus Jakobsson in Support of Patent
`Owner’s Preliminary Response .
`
`Curriculum Vitae of Dr. Markus Jakobsson.
`
`Terminal Disclaimer Dated August 17, 2018.
`Declaration of Dr. Markus Jakobsson in Support of Patent
`Owner’s Response.
`Transcript of Dr. J. Douglas Tygar Deposition Dated April
`19, 2019.
`N. Asokan, et. al, The State of the Art in Electronic Payment
`Systems, IEEE Computer, Vol. 30, No. 9, pp. 28-35 (IEEE
`Computer Society Press, Sept. 1997)
`M. Baddeley, Using E-Cash in the New Economy: An
`Economic Analysis of Micropayment Systems, J. Electronic
`Commerce Research, Vol. 5, No. 4, pp. 239-253 (Nov. 2004)
`U.S. Application No. 11/768,729.
`U.S. Application No. 09/710,703.
`Declaration of Dr. Markus Jakobsson in Support of Motion
`to Amend.
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`v
`
`

`

`Case No. IPR2018-01350
`U.S. Patent No. 8,856,539
`
`VISA, Inc. and VISA U.S.A. Inc.’s Petition (Paper 2, “Petition” or “Pet.”)
`
`proffers one invalidity ground for U.S. Patent No. 8,856,539 (“’539 patent”) (Ex-
`
`1001): Claims 1-9, 16-31, 37, and 38 are allegedly obvious over WO 00/14648
`
`(“Brener”) (Ex-1005) in view of U.S. Patent No. 4,885,778 (“Weiss”) (Ex-1006)
`
`and U.S. Patent No. 6,820,204 B1 (“Desai”) (Ex-1007). On February 11, 2019, the
`
`Board instituted review (Paper 7, “Inst. Dec.”). Patent Owner Universal Secure
`
`Registry, L.L.C. (“PO”) timely submits this Response.1
`
`Petitioner has not met its “burden of proving a proposition of unpatentability
`
`by a preponderance of the evidence.” 35 U.S.C. § 316(e). The Petition should be
`
`denied for many reasons.
`
`First, Petitioner fails to show Brener discloses that account identifying
`
`information is not provided to a provider and that such information is instead
`
`provided from a secure registry to a third party to enable or deny a transaction.
`
`
`1 On August 17, 2018, PO disclaimed claims 5-8, 17-20, and 26-30. Ex-
`
`2003. Accordingly, these claims did not exist at the time of institution and are not
`
`addressed herein. See Guinn v. Kopf, 96 F.3d 1419, 1422 (Fed. Cir. 1996) (“A
`
`statutory disclaimer under 35 U.S.C. § 253 has the effect of canceling the claims
`
`from the patent and the patent is viewed as though the disclaimed claims had never
`
`existed in the patent.”).
`
`
`
`1
`
`

`

`Case No. IPR2018-01350
`U.S. Patent No. 8,856,539
`
`Instead, the cited sections of Brener relied upon at best show that the merchant
`
`provider—not the secure registry—sends account identifying information to an
`
`alleged third party (e.g., bank computer).
`
`Second, Petitioner’s attempt to add Weiss’ non-predictable code into Brener
`
`by modifying Brener’s private key authorization code to be time-varying renders
`
`the combination unsatisfactory for Brener’s intended purpose. Specifically, as
`
`admitted by Petitioner’s expert, Brener’s private key authorization code is a digital
`
`certificate issued by a certificate authority. Causing such a certificate to vary in
`
`time would wreak havoc on Brener’s public key cryptographic scheme for
`
`numerous reasons and ultimately render the result unworkable.
`
`Third, varying Brener’s customer object over time would also defeat a key
`
`objective of Brener to allow vendors to recognize returning customers. Fourth,
`
`Petitioner’s proposed combination of Brener and Desai to achieve the claimed
`
`“access restrictions” overlooks key aspects of Desai’s inner-workings that when
`
`incorporated into Brener would destroy any reasonable expectation of success.
`
`Fifth, Petitioner fails to show that dependent claims 3 and 24 are obvious because
`
`Brener does not teach or disclose that its customer object (alleged time-varying
`
`multicharacter code) is encrypted and decrypted.
`
`For each of these reasons, and others described below, PO respectfully
`
`requests that the Board deny the Petition.
`
`
`
`2
`
`

`

`Case No. IPR2018-01350
`U.S. Patent No. 8,856,539
`
`I.
`
`OVERVIEW OF THE ’539 PATENT
`
`A. The ’539 Patent Specification
`
`The ’539 patent provides a unique and highly secure anonymous
`
`identification system that uses a time-varying multicharacter code for both
`
`verifying the identity of an entity and enabling transactions between the entity and
`
`a provider without requiring the entity to share personal or otherwise sensitive
`
`information with the provider. See Ex-1001, ’539 patent, 2:64-3:1, 3:24-27, 12:19-
`
`54; Ex-2004, Decl. of Dr. Markus Jakobsson (“Jakobsson”), ¶25. As one example,
`
`the system, referred to as a Universal Secure Registry (USR) system, allows a
`
`person to purchase goods from a brick and mortar or online merchant without
`
`publicly providing credit card information to the merchant for fear that the credit
`
`card information may be stolen or used fraudulently. See Ex-1001, ’539 patent,
`
`3:44-54; Ex-2004, Jakobsson, ¶25.
`
`FIG. 1 depicts one embodiment of the USR system:
`
`
`
`3
`
`

`

`Case No. IPR2018-01350
`U.S. Patent No. 8,856,539
`
`
`
`The USR system’s main unit 12, which may be connected to a wide area network,
`
`includes a database 24 that stores data entries 30 related to different people or
`
`entities. Ex-1001, ’539 patent, 7:11-13; 7:40-41; Ex-2004, Jakobsson, ¶26. Each
`
`entry 30 may contain different types of information such as, but not limited to,
`
`validation information, access information, publicly available information, address
`
`information, credit card information, medical information, job application
`
`
`
`4
`
`

`

`Case No. IPR2018-01350
`U.S. Patent No. 8,856,539
`
`information, and/or tax information. Ex-1001, ’539 patent, 7:57-63; Ex-2004,
`
`Jakobsson, ¶26. “The validation information [32] is information about the user of
`
`the database to whom the data pertains and is to be used by the USR software 18 to
`
`validate that the person attempting to access the information is the person to whom
`
`the data pertains or is otherwise authorized to receive it.” Ex-1001, ’539 patent,
`
`8:10-14; Ex-2004, Jakobsson. ¶26. In particular, the validation information 32
`
`contains information that enables the USR software 18 to validate a person that has
`
`presented the system with a one-time nonpredictable code uniquely associated with
`
`the user. See Ex-1001, ’539 patent, 8:17-35; Ex-2004, Jakobsson, ¶26. The access
`
`information 34 allows “different levels of security to attach to different types of
`
`information stored in the entry 30” so that the user can specify which particular
`
`individuals or companies can have access to what specific data such as credit card
`
`numbers, medical information, and tax information. See Ex-1001, ’539 patent,
`
`8:62-9:11; Ex-2004, Jakobsson, ¶26. As such, the USR system may execute a
`
`restriction mechanism to determine compliance with any access restrictions for the
`
`provider to secure data of the user.
`
`FIG. 8 depicts an embodiment of using the USR system “to purchase goods
`
`or services from a merchant without revealing to the merchant account information
`
`relating to the person’s bank or credit card.” Ex-1001, ’539 patent, 9:46-50; Ex-
`
`2004, Jakobsson, ¶27.
`
`
`
`5
`
`

`

`Case No. IPR2018-01350
`U.S. Patent No. 8,856,539
`
`A user desiring to make a purchase at a merchant without providing their financial
`
`information, such as a credit or debit card number, may enter a secret code into
`
`their electronic ID device (any type of electronic device that may be used to obtain
`
`
`
`
`
`6
`
`

`

`Case No. IPR2018-01350
`U.S. Patent No. 8,856,539
`
`access to the USR database (Ex-1001, ’539 patent, 8:45-47)), which generates a
`
`one-time nonpredictable code that is provided to the merchant. Id., 12:21-24; Ex-
`
`2004, Jakobsson, ¶27. The merchant in turn may transmit the one-time
`
`nonpredictable code, a store number, and a purchase amount to the USR. Ex-1001,
`
`’539 patent, 12:24-26; Ex-2004, Jakobsson, ¶27. The USR may then determine
`
`whether the code received is valid, and if valid, accesses from the USR database
`
`the user’s actual credit card information. Ex-1001, ’539 patent, 12:27-29; Ex-
`
`2004, Jakobsson, ¶27. The USR next transmits to the credit card company the
`
`credit card number, the store number, and the purchase amount. Ex-1001, ’539
`
`patent, 12:29-31; Ex-2004, Jakobsson. ¶27. The credit card company then
`
`processes the transaction, such as by checking the credit worthiness of the person,
`
`and either declines the card or debits the user’s account and transfers money to the
`
`merchant’s account. Ex-1001, ’539 patent, 12:40-43; Ex-2004, Jakobsson, ¶27.
`
`The credit card company notifies the USR the transaction result and the USR may
`
`in turn notify the merchant. Ex-1001, ’539 patent, 12:43-46; Ex-2004, Jakobsson,
`
`¶27.
`
`Hence, the USR system provides a secure anonymous identification system
`
`that uses a time-varying multicharacter code for both verifying the identity of an
`
`entity and also enabling transactions between the entity and a provider, such as a
`
`merchant, without requiring the entity to share personal or otherwise sensitive
`
`
`
`7
`
`

`

`Case No. IPR2018-01350
`U.S. Patent No. 8,856,539
`
`information with the provider. Ex-2004, Jakobsson, ¶28. In one case, this allows a
`
`user to purchase goods or services from a merchant without providing the
`
`merchant the user’s credit card number. Id. Advantageously, the USR system also
`
`allows such secure transactions to be transparent to the credit card company and
`
`thus requires no or minimal cooperation from the credit card company to
`
`implement. Id.
`
`B.
`
`The ’539 Patent Claims
`
`The ’539 patent has four independent claims: 1, 22, 37 and 38. All of the
`
`claims relate to communicating authentication information from an electronic ID
`
`device. Ex-2004, Jakobsson, ¶29.
`
`C.
`
`Prosecution History of the ’539 Patent
`
`The ’539 patent was filed as U.S. Application No. 11/768,729 (“’729
`
`Application”) filed on June 26, 2007. The ’729 Application is a continuation
`
`application of U.S. Application No. 09/810,703 filed on March 16, 2001, now U.S.
`
`Patent No. 7,237,117.
`
`The ’539 patent was subject to a thorough examination by Examiners
`
`Beemnet Dada and Thomas Gyorfi. During prosecution, the Applicant and the
`
`Examiners discussed the application and prior art in detail, both through paper
`
`submissions and telephonic interviews. Claim amendments were made to further
`
`distinguish the invention from the prior art. Ultimately, Examiner Gyorfi allowed
`
`
`
`8
`
`

`

`the claims of the ’539 patent over a large body of cited prior art. See Ex-1001,
`
`Case No. IPR2018-01350
`U.S. Patent No. 8,856,539
`
`’539 patent, 1-3.
`
`II. OVERVIEW OF THE CITED ART
`
`A. Brener (Ex-1005)
`
`Brener is directed to a centralized system that generates and distributes static
`
`objects to a vendor that allow for anonymous shopping. Ex-2004, Jakobsson, ¶30.
`
`Brener emphasizes that a goal of its invention is “to provide such an e-commerce
`
`system whereby the customer can remain anonymous but still visit web sites as a
`
`character or persona such that he or she is recognized upon return to the vendor
`
`web site.” Ex-1005, Brener, 2:15-17; Ex-2004, Jakobsson, ¶30.
`
`To accomplish this goal, Brener touts that the “customer object” (i.e., screen
`
`name persona like “GOLFO”) it uses to act as a proxy for the user/purchaser’s real
`
`identity can be remembered by the vendor (e.g., using cookies) so the vendor may
`
`“develop a relationship with the customer through his persona” and promote
`
`goods/services that the vendor may believe the customer would be interested in
`
`based on prior purchases/site visits. Ex-1005, Brener, 12:7-20; Ex-2004,
`
`Jakobsson, ¶31.
`
`In particular, Brener teaches its’ customer object comprises a public/private
`
`key pair wherein the public key includes the user’s account number. Ex-1005,
`
`Brener, 16:8-9 (“The public key will contain information such as a customer object
`
`
`
`9
`
`

`

`Case No. IPR2018-01350
`U.S. Patent No. 8,856,539
`
`and a customer bank account or credit card number.”). And, Brener further teaches
`
`that the public key is sent to the vendor 140. Id., 16:15-16 (“When a customer
`
`computer 100 enters the web site of the vendor computer 140, the vendor computer
`
`140 is provided with the public key.”); see Ex-2004, Jakobsson, ¶32.
`
`Brener also discloses that in a preferred embodiment the bank computer 150
`
`keeps a blind eye to “the transactional information of the customer” and that “the
`
`bank need not know what is being purchased and from where, only that the
`
`customer has the money or credit to cover the transaction.” Ex-1005, Brener,
`
`13:26-14:4 (emphasis added); see Ex-2004, Jakobsson, ¶33.
`
`B. Weiss (Ex-1006)
`
`Weiss is directed to a code-generation system that synchronizes generation
`
`of separate, free running, time dependent equipment. Ex-1006, Weiss, Title; Ex-
`
`2004, Jakobsson. ¶34. In particular, Weiss discloses a distribution architecture that
`
`includes the capability of every system participant to generate the same
`
`authentication code at the same time. Ex-1006, Weiss, Abstract; Ex-2004,
`
`Jakobsson, ¶34. Most importantly, the invention uses a “predetermined algorithm
`
`[that] constantly generates new unique and verifiable non-predictable codes, which
`
`are derived from the fixed data and at least one dynamic variable, such as the time
`
`of day.” Ex-1006, Weiss, 1:63-65; Ex-2004, Jakobsson, ¶34. Moreover, Weiss
`
`
`
`10
`
`

`

`Case No. IPR2018-01350
`U.S. Patent No. 8,856,539
`
`requires the algorithm that generates the authentication code to be secret. Ex-1006,
`
`Weiss, Abstract, line 3; Ex-2004, Jakobsson, ¶34.
`
`C. Desai (Ex-1007)
`
`Desai discloses a system that “provid[es] users with granular control over
`
`arbitrary information that allows for selective, real-time information sharing in a
`
`communications network.” Ex-1007, Desai, Abstract, lines 1-3 (emphasis added);
`
`Ex-2004, Jakobsson, ¶35. Specifically, Desai teaches providing user-by-user and
`
`element-by-element restrictions to data. Ex-1007, Desai, Abstract, lines 17-21
`
`(“Each registered user may selectively control the granting and denying of access
`
`to each of its associated data elements by other respective user, on an element-by-
`
`element, and user-by-user basis.”); see id., 3:38-40 (“Each user of the system and
`
`method has granular control over its own user profile information, and can control
`
`access to each stored data element”); see Ex-2004, Jakobsson, ¶35. Moreover, in
`
`Desai, the stored information is released directly to the vendor once the vendor
`
`establishes that it has the proper permissions. Ex-1007, Desai, 4:16-18 (“the
`
`vendors will not receive this information unless and until the registered user
`
`provides access to the vendor.”); Ex-2004, Jakobsson, ¶35.
`
`III. LEVEL OF ORDINARY SKILL IN THE ART
`
`A person of ordinary skill in the art (“POSITA”) relevant to the ’539 patent
`
`at the time of the invention would have a Bachelor of Science degree in electrical
`
`
`
`11
`
`

`

`Case No. IPR2018-01350
`U.S. Patent No. 8,856,539
`
`engineering and/or computer science, and three years of work or research
`
`experience in the fields of secure transactions and encryption, or a Master’s degree
`
`in electrical engineering and/or computer science and two years of work or
`
`research experience in related fields. Ex-2004, Jakobsson, ¶16. PO’s description
`
`of the level of ordinary skill in the art is essentially the same as that of the
`
`Petitioner, except that Petitioner’s description requires two years of work in the
`
`computer science field. See Pet., 12;. The positions set forth in this preliminary
`
`response would be the same under either parties’ proposal. Ex-2004, Jakobsson,
`
`¶17.
`
`IV. CLAIM CONSTRUCTION
`
`For inter partes reviews filed before November 13, 2018, claim terms are
`
`given their broadest reasonable interpretation (“BRI”) in view of the specification
`
`in which they appear. 37 C.F.R. § 42.100(b); see also Cuozzo Speed Techs., LLC v.
`
`Lee, 136 S. Ct. 2131, 2142 (2016).
`
`Petitioner identifies two terms that purportedly require construction:
`
`“entity” and “based at least in part on the indication of the provider and the time-
`
`varying multicharacter code of the transaction request.” Pet., 14-17. PO contends
`
`no construction of “entity” is necessary to resolve matters raised here, and the
`
`Board has agreed. Inst. Dec., 7. With respect to Petitioner’s other proffered term,
`
`PO proposed a different construction, to which the Board also agreed. Id., 7-9.
`
`
`
`12
`
`

`

`Case No. IPR2018-01350
`U.S. Patent No. 8,856,539
`
`Furthermore, PO identifies two additional terms that require construction: “third
`
`party” and “the provider requesting the transaction.”
`
`A.
`
`“Entity”
`
`Petitioner states the term “entity” purportedly requires construction. Pet., 14-
`
`15. PO contends construction of this term is not necessary to resolve the matters
`
`raised by this Petition; the Board agreed in its institution decision. Inst. Dec., 7.
`
`B.
`
`“Based at least in part on the indication of the provider and the
`time-varying multicharacter code of the transaction request”
`
`Petitioner argues the phrase “based at least in part on the indication of the
`
`provider and the time-varying multicharacter code of the transaction request”
`
`should be read to modify the terms “completing the transaction” instead of “access
`
`restrictions for the provider.” See Pet., 17.
`
`Consistent with the plain language of the claims and in view of the
`
`specification, PO contends the phrase “based at least in part on the indication of the
`
`provider and the time-varying multicharacter code of the transaction request”
`
`should be construed to modify “determining compliance with any access
`
`restrictions for the provider to secure data of the entity.” See Ex-2004, Jakobsson,
`
`¶37. The Board agreed with PO’s construction and reasoning. Inst. Dec., 8-9.
`
`In particular, the specification of the ’539 patent explains that the USR
`
`system’s main unit 12, which may be connected to a wide area network, and
`
`include a database 24 that stores data entries 30 related to different people or
`
`
`
`13
`
`

`

`Case No. IPR2018-01350
`U.S. Patent No. 8,856,539
`
`entities. Ex-1001, ’539 patent, 7:11-13; 7:40-41; Ex-2004, Jakobsson, ¶38.
`
`Among other things, each database entry 30 may contain “access information 34”
`
`and certain pieces of data such as “Credit Card and Other Financial Information,”
`
`“Medical Information,” Job Application Information,” and “Tax Information.” Ex-
`
`1001, ’539 patent, FIG. 3, 7:57-63; Ex-2004, Jakobsson, ¶38. The access
`
`information 34 allows “different levels of security to attach to different types of
`
`information stored in the entry 30” so that the user can specify which particular
`
`individuals or companies can have access to what specific data such as credit card
`
`numbers, medical information, and tax information. See Ex-1001, ’539 patent,
`
`8:62-9:11; Ex-2004, Jakobsson, ¶38.
`
`The specification further provides that during “training” of the USR
`
`database 24, the user “specif[ies] the type of access restrictions and/or whom
`
`should be allowed to access the advanced personal data.” Ex-1001, ’539 patent,
`
`10:23-25. Referring to FIG. 6 of the ’539 patent, once the database 24 has been
`
`trained, “USR software 18 queries whether the requester has the right to
`
`access the type of requested data,” and “determining the requestor’s rights
`
`(602) typically involves validating the requestor’s identity and correlating the
`
`identity, the requested information and the access information 34 provided by
`
`the person to the USR database during the training process.” Ex-1001. ’539
`
`patent, 10:40-48 (emphasis added). Thus, the context that “access rights” and
`
`
`
`14
`
`

`

`Case No. IPR2018-01350
`U.S. Patent No. 8,856,539
`
`compliance therewith is discussed in the specification and figures of the ’539
`
`patent explicitly ties in the identity of the requestor (e.g., provider). Ex-2004,
`
`Jakobsson, ¶39.
`
`As such, claims 1 and 22 specify that compliance with any access
`
`restrictions for the provider to secure data of the entity for completing the
`
`transaction are based at least in part on the indication of the provider (i.e., who the
`
`requesting provider is) and the time-varying multicharacter code. Id., ¶40.
`
`Petitioner argues
`
`the phrase should only modify “completing
`
`the
`
`transaction” because some embodiments of the ’539 patent allegedly describe
`
`access to information “based solely on a determination whether ‘the [electronic ID]
`
`code is valid.’” Pet., 17. As found by the Board, Petitioner is wrong. Inst. Dec.,
`
`8-9.
`
`First, each portion of the ’539 patent cited by Petitioner explicitly recites that
`
`the provider’s request includes a store number (i.e., one example of “indication of
`
`the provider”) before the transaction is approved or denied. Thus, Petitioner’s
`
`statement that these embodiments associated with FIGS. 7-10 are “based solely on
`
`a determination whether the ‘the [electronic ID] code is valid’” lacks merit. Ex-
`
`2004, Jakobsson, ¶42.
`
`Second, even if embodiments in the ’539 patent did not require an indication
`
`of the provider to be sent, the claims at issue recite and require that an indication of
`
`
`
`15
`
`

`

`Case No. IPR2018-01350
`U.S. Patent No. 8,856,539
`
`the provider is provided and that compliance with access restrictions is based on
`
`such an indication of the provider and time-varying multicharacter code. Id., ¶43.
`
`Petitioner’s argument ignores the portion of the claim language that specifically
`
`makes these recitations, and its limiting, improper interpretation and grammatical
`
`manipulations of the claim language runs counter to the ’539 patent’s specification.
`
`For these reasons, proper construction of the phrase “based at least in part on
`
`the indication of the provider and the time-varying multicharacter code of the
`
`transaction request” should be construed to modify the terms “determining
`
`compliance with any access restrictions for the provider to secure data of the
`
`entity.” Ex-2004, Jakobsson, ¶44.
`
`C.
`
`“Third party”
`
`The ’539 patent includes four independent claims 1, 22, 37, and 38, which
`
`all recite the term “the third party.” Consistent with the context of the claims in
`
`which they appear, PO contends “third party” should be construed to mean “a party
`
`other than the entity, the provider, and the secure registry.” Ex-2004, Jakobsson,
`
`¶45. In its institution decision in IPR2018-00812 (for the same ’539 patent), the
`
`Board agreed with PO:
`
`We agree the claim language supports that the third party must
`
`be different from the “provider” and “entity.” As to the secure
`
`registry itself, we agree further with Patent Owner that the claim
`
`language mandates that the “third party” cannot be the secure registry
`
`
`
`16
`
`

`

`Case No. IPR2018-01350
`U.S. Patent No. 8,856,539
`
`system. The claims recite that the secure-registry processor is
`
`configured such that “account identifying information is provided to a
`
`third party.” By using “provided,” the claim instructs that the secure
`
`registry must send account-identifying information somewhere, not
`
`simply perform an additional operation on
`
`the
`
`information.
`
`Accordingly, we construe “third party” as “a party that is not the
`
`secure registry itself, the user, or the provider.
`
`IPR2018-00812 (Paper 9) (“Op”), 6-7 (footnote omitted).
`
`PO’s construction is supported by the context of the claims in which the
`
`term “third party” appears. Ex-2004, Jakobsson, ¶46. All of the Challenged
`
`Claims already recite “a secure registry,” “a provider,” and “an entity.” Ex-1001,
`
`’539 patent, 18:29-60 (claim 1); 20:4-31 (claim 22); 21:25-22:13 (claim 37);
`
`22:14-40 (claim 38); Ex-2004, Jakobsson, ¶46. Thus, the “third party” should
`
`reasonably be interpreted to be a party other than one of these other parties already
`
`recited in the claims otherwise two or more of these terms would be duplicative.
`
`See Merck & Co., Inc. v. Teva Pharm. USA, Inc., 395 F.3d 1364, 1372 (Fed. Cir.
`
`2005) (“A claim construction that gives meaning to all the terms of the claim is
`
`preferred over one that does not do so.”); see also Ex-2004, Jakobsson, ¶46.
`
`Moreover, PO’s construction is consistent with the specification, where the
`
`