`
`UNITED STATES PATENT AND TRADEMARK OFFICE
`________________
`
`BEFORE THE PATENT TRIAL AND APPEAL BOARD
`________________
`
`VISA INC. and VISA U.S.A. INC.,
`Petitioners,
`
`v.
`
`UNIVERSAL SECURE REGISTRY LLC,
`Patent Owner
`________________
`
`Case IPR2018-01350
`U.S. Patent No. 8,856,539
`________________
`
`PATENT OWNER’S PRELIMINARY RESPONSE
`PURSUANT TO 35 U.S.C. § 313 AND 37 C.F.R. § 42.107
`
`
`
`
`
`
`
`
`
`TABLE OF CONTENTS
`
`Case No. IPR2018-01350
`U.S. Patent No. 8,856,539
`
`Page
`
`I.
`
`II.
`
`INTRODUCTION ........................................................................................... 1
`
`OVERVIEW OF THE ’539 PATENT ............................................................ 6
`
`A.
`
`B.
`
`C.
`
`The ’539 Patent Specification ............................................................... 6
`
`The ’539 Patent Claims ....................................................................... 12
`
`Prosecution History of the ’539 Patent ............................................... 16
`
`III. OVERVIEW OF THE CITED ART ............................................................. 18
`
`A.
`
`Brener (Ex. 1005) ................................................................................ 18
`
`B. Weiss (Ex. 1006) ................................................................................. 19
`
`C.
`
`Desai (Ex. 1007) .................................................................................. 20
`
`IV. LEVEL OF ORDINARY SKILL IN THE ART ........................................... 21
`
`V.
`
`CLAIM CONSTRUCTION .......................................................................... 21
`
`A.
`
`B.
`
`C.
`
`D.
`
`“Entity” ................................................................................................ 21
`
`“Based at least in part on the indication of the provider and the
`time-varying multicharacter code of the transaction request” ............ 22
`
`“Provider” ............................................................................................ 25
`
`“Access restrictions for the provider” ................................................. 27
`
`VI. THE PETITION FAILS TO DEMONSTRATE A REASONABLE
`LIKELIHOOD THAT ANY CLAIM IS INVALID BASED ON
`BRENER, WEISS AND DESAI (GROUND 1) ........................................... 29
`
`A. A Person of Ordinary Skill in the Art Would Not Combine
`Brener and Weiss to Obtain a Time-varying Multicharacter
`Code ..................................................................................................... 30
`
`1.
`
`2.
`
`3.
`
`A time-varying customer object would defeat a primary
`objective of Brener that allows a vendor to keep track of
`returning customers based on the customer object. .................. 31
`
`A time-varying digital signature renders Brener
`inoperable. ................................................................................. 34
`
`Brener’s public key cryptographic system teaches away
`from the ’539 patent’s claims. .................................................. 36
`
`
`
`i
`
`
`
`Case No. IPR2018-01350
`U.S. Patent No. 8,856,539
`
`4. Whether Brener’s customer object could have been made
`time-varying through a smart card or at the user’s
`computer is irrelevant. .............................................................. 37
`
`B.
`
`C.
`
`D.
`
`A Person of Ordinary Skill in the Art Would Not Combine
`Brener and Desai to Obtain “Access Restrictions” ............................. 38
`
`The Petition Has Failed To Prove Brener Discloses Limitation
`1.6 ........................................................................................................ 42
`
`Petitioner Fails to Show that Brener and Desai Disclose “To
`Store an Appropriate Code With Each Such Portion of Secure
`Data” .................................................................................................... 45
`
`VII. THE BOARD SHOULD DENY INSTITUTION PURSUANT TO 35
`U.S.C. § 325(D) ............................................................................................. 46
`
`A.
`
`B.
`
`The First Four Factors: The Prior Art And Arguments In The
`Current Petition Are Substantially The Same As Those That
`The Office Considered During Examination ...................................... 48
`
`Fifth & Sixth Factors: There Is No Reason To Revisit The
`Office’s Decision During Examination ............................................... 50
`
`VIII. CONCLUSION .............................................................................................. 51
`
`
`
`
`
`
`
`ii
`
`
`
`Case No. IPR2018-01350
`U.S. Patent No. 8,856,539
`
`TABLE OF AUTHORITIES
`
`Page
`
`CASES
`
`Becton Dickinson & Co. v. B. Braun Melsungen AG,
` IPR2017-01586 (PTAB Dec. 15, 2017) (Paper 8) .......................................48
`
`C&D Zodiac, Inc. v. B/E Aerospace, Inc.,
` IPR2014-00727 (PTAB. Oct. 29, 2014) (Paper 15) .....................................42
`
`Canon, Inc. v. Intellectual Ventures, LLC,
` IPR2014-00535 (PTAB Sept. 24, 2014) (Paper 9) .......................................50
`
`Commvault Systems, Inc. v. Realtime Data LLC,
` IPR2017-02006 (PTAB Mar. 29, 2018) (Paper 11) .....................................42
`
`Conopco, Inc. v. The Procter & Gamble Co.,
` IPR2014-00507 (PTAB July 7, 2014) (Paper 17) ........................................51
`
`Cuozzo Speed Techs., LLC v. Lee,
` 136 S. Ct. 2131, 2142 (2016)........................................................................21
`
`Dorco Co. Ltd. v. Gillette Co., LLC,
` IPR2017-0500 (PTAB June 21, 2017) (Paper 7) ........................................50
`
`Facebook, Inc. v. Skky, Inc.,
` IPR2017-00691 (PTAB Aug. 2, 2017) (Paper 9) .........................................51
`
`Google LLC v. Uniloc Lux. S.A.
` IPR2017-02081 (PTAB Mar. 29, 2018) (Paper 10) ....................................47
`
`Harmonic Inc. v. Avid Tech., Inc.,
` 815 F.3d 1356, 1363 (Fed. Cir. 2016) ..........................................................45
`
`Intelligent Bio-Systems, Inc. v. Illumina Cambridge Ltd.,
` No. 2015-1693, 2016 WL 2620512 (Fed. Cir. May 9, 2016) ......................45
`
`SAS Inst. Inc. v. Complementsoft, LLC,
` IPR2013-00581 (Dec. 30, 2013) (Paper 15),
` reh’g denied, Paper 17 (Feb. 24, 2014) .................................................. 50-51
`
`Securus Technologies, Inc. v. Global Tel*Link Corp.,
` 701 Fed. Appx. 971 (Fed. Cir. July 14, 2017) ..............................................40
`
`Sketchers USA, Inc., v. Adidas, AG.,
` IPR2017-00322 (PTAB May 30, 2017) (Paper 9) .......................................46
`
`Toyota Motor Co., v. Adaptive Headlamp Technologies, Inc.,
` IPR2016-01740 (PTAB Mar. 10, 2017) (Paper 7) .......................................47
`
`
`
`iii
`
`
`
`Case No. IPR2018-01350
`U.S. Patent No. 8,856,539
`
`W.L. Gore & Assoc., Inc. v. Garlock, Inc.,
` 721 F.2d 1540 (Fed. Cir. 1983),
` cert. denied,469 U.S. 851 (1984)..................................................................31
`
`STATUTORY AUTHORITIES
`
`35 U.S.C. § 103 .......................................................................................................... 1
`
`35 U.S.C. § 312(a)(3) ...............................................................................................45
`
`35 U.S.C. § 325(d) ........................................................................................... passim
`
`37 C.F.R. § 42.100(b) ..............................................................................................21
`
`RULES AND REGULATIONS
`
`157 Cong. Rec. S1041–42 (daily ed. Mar. 1, 2011) ................................................45
`
`LEGISLATIVE MATERIALS
`
`
`
`
`
`
`
`
`
`
`iv
`
`
`
`Case No. IPR2018-01350
`U.S. Patent No. 8,856,539
`
`EXHIBIT TABLE
`
`
`
`Exhibit #
`2001
`
`2002
`
`2003
`
`Description
`Declaration of Markus Jakobsson
`in Support of Patent Owner’s Preliminary Response
`
`Curriculum Vitae of Markus Jakobsson
`
`Terminal Disclaimer Dated August 17, 2018
`
`
`
`
`
`
`
`
`
`
`
`
`
`v
`
`
`
`Case No. IPR2018-01350
`U.S. Patent No. 8,856,539
`
`I.
`
`INTRODUCTION
`
`The present petition (Paper 2, IPR2018-01350, “Petition”) is one of two filed
`
`by VISA Inc. and VISA U.S.A. Inc. (collectively “Petitioner”) challenging various
`
`claims of U.S. Patent No. 8,856,539 (“’539 patent”). See also IPR2018-01351.
`
`The Petition requests inter partes review of the ’539 patent, asserting a single
`
`ground of obviousness premised upon a combination of three references. See
`
`Petition at 13-14. Specifically, the Petition alleges that claims 1-9, 16-31, 37, and
`
`381 (collectively “the Challenged Claims”) are obvious under 35 U.S.C. Section
`
`103 over WO 00/14648 (“Brener”), U.S. Patent No. 4,885,778 (“Weiss”) and U.S.
`
`Patent No. 6,820,204 B1 (“Desai”). Id. Universal Secure Registry LLC (“Patent
`
`Owner”) strongly disagrees and submits this Preliminary Response to the Petition
`
`requesting the Board deny institution of inter partes review.
`
`The Board should not institute inter partes review of the ’539 patent because
`
`the Petition fails to demonstrate there is a reasonable likelihood that at least one of
`
`the Challenged Claims is unpatentable. Notwithstanding deficiencies in the
`
`
`1 Claims 5-8, 17-20, and 26-30 are no longer at issue since Patent Owner
`
`disclaimed these claims on August 17, 2018 by filing a terminal disclaimer. See
`
`Ex. 2003.
`
`
`
`1
`
`
`
`Case No. IPR2018-01350
`U.S. Patent No. 8,856,539
`
`Petition that are unique to the dependent claims, the Petition fails to establish that
`
`independent claims 1, 22, 37, and 38 are obvious.
`
`First, Petitioner admits that its primary reference, Brener, fails to disclose a
`
`“time-varying multicharacter code” that is recited in all four independent claims.
`
`Petitioner contends that Weiss makes up for the deficiencies of Brener, and that the
`
`combination teaches a time-varying multicharacter code. As explained in greater
`
`detail below, Petitioner has failed to show a person of ordinary skill in the art at the
`
`time of the invention (hereinafter “POSITA”) would be motivated to combine
`
`Brener and Weiss.
`
`In particular, a POSITA would not be motivated to add Weiss’ time-varying
`
`code into Brener because it would defeat a primary objective of Brener’s
`
`invention: an anonymous transaction system “whereby the customer can remain
`
`anonymous but still visit web sites as a character or persona such that he or she is
`
`recognized upon return to the vendor web site.” Ex. 1005, Brener at 2:16-17.
`
`Furthermore, Petitioner’s specific example of replacing Brener’s private key
`
`authentication code with Weiss’ time-varying code would teach away from such
`
`combination since Brener explicitly discloses that its public key, which is
`
`distributed to vendors, includes the user’s real account number. Nowhere does
`
`Petitioner explain how Brener’s static public key can be used by a vendor or other
`
`party to verify a modified version of Brener’s private key authentication code that
`
`
`
`2
`
`
`
`Case No. IPR2018-01350
`U.S. Patent No. 8,856,539
`
`varies in time. Indeed, a party in possession of such a public key would be unable
`
`to verify the time-varying private key authentication code and render the
`
`combination inoperable. Moreover, compounding these issues is the fact that
`
`Brener and Weiss are directed to fundamentally different approaches for
`
`generating and validating authentication codes. Petitioner’s failure to establish a
`
`motivation to combine Brener and Weiss impacts all independent claims and
`
`counsels denial of the Petition.
`
`Second, as to independent claims 1, 22, and 37, Petitioner fails to show that
`
`Brener, alone or in combination with Desai and Weiss, discloses the limitation of
`
`“execute a restriction mechanism to determine compliance with any access
`
`restrictions for the provider to at least one portion of secure data for completing the
`
`transaction.” Specifically, the Petition alleges that Desai discloses the claimed
`
`“access restrictions” and a POSITA would be motivated to combine Desai’s
`
`alleged teaching of user defined access restrictions to stored data to one or more
`
`third parties with Brener’s role-based access restriction mechanism by the secure
`
`provider database. However, a POSITA would not be motivated to make such a
`
`combination for several reasons.
`
`To begin with, a POSITA would not be motivated to combine Brener with
`
`Desai because in Desai, the stored information is released directly to the vendor
`
`once the vendor establishes that it has the proper permissions. By contrast, the
`
`
`
`3
`
`
`
`Case No. IPR2018-01350
`U.S. Patent No. 8,856,539
`
`claims of the ’539 patent require that the account identifying information not be
`
`provided to the vendor and instead when access restrictions of the vendor are
`
`successfully satisfied such data is released to a third party. Thus, Desai teaches the
`
`opposite or away from what the claims recite. Moreover, the technical
`
`implementation of these references’ systems are completely different and as such a
`
`POSITA would not be motivated to combine these references. For each of these
`
`reasons, a POSITA would not be motivated to combine Brener with Desai.
`
`Third, as to all independent claims, Petitioner fails to show that Brener
`
`discloses Limitation 1.6. In particular, the Petition relies upon column 9 line 19 to
`
`column 10 line 2 of Brener to establish that “the account identifying information is
`
`not provided to the provider and the account identifying information is provided to
`
`a third party to enable or deny the transaction with the provider without providing
`
`the account identifying information to the provider.” However, the cited portion of
`
`Brener does not teach “that customer identity and account information may be
`
`provided to a third party financial institution or bank computer by the secure
`
`provider to complete the purchase transaction by approving or denying a
`
`transaction” as alleged by Petitioner. Petition at 40 (emphasis added). Instead, it
`
`discusses how the vendor sends the customer object to the third party financial
`
`institution, which then looks up the linking information. Ex. 1005, Brener at 9:20-
`
`26.
`
`
`
`4
`
`
`
`Case No. IPR2018-01350
`U.S. Patent No. 8,856,539
`
`Fourth, as to independent claim 37, Petitioner fails to show that cited art
`
`discloses “to store an appropriate code with each such portion of secure data”
`
`(Limitation 37.5). Specifically, Petitioner wholly fails to provide any reason a
`
`person of ordinary skill in the art at the time of the invention would combine
`
`Brener with Desai. See Petition at 42-44; see Ex. 1002, Tygar Decl. at ¶ 167.
`
`Rather, Petitioner provides only a bare statement that Desai discloses the above
`
`limitation. As such, Petitioner has failed to show with particularity how claim 37 is
`
`rendered obvious by the asserted combination.
`
`Fifth, the Board should also exercise its discretion to reject the Petition
`
`under Section 325(d), because “the petition or request [raises] the same or
`
`substantially the same prior art or arguments [that] previously were presented to
`
`the Office” during the prosecution of the ’539 patent. Specifically, Petitioner relies
`
`upon Weiss (U.S. Patent No. 4,885,778) as one of three references whose
`
`combination purportedly renders obvious all pending claims. Yet, not only was
`
`Weiss disclosed to the Patent Office during prosecution, a related patent (U.S.
`
`Patent No. 5,657,388 (“’388 patent”) claiming priority to Weiss was the basis of a
`
`rejection. Notably, the Patent Office relied upon the ’388 patent for the identical
`
`reason as Petitioner now relies upon Weiss—to supplement a primary reference’s
`
`deficiency in teaching that a multicharacter code could be “time-varying.” In
`
`response to this rejection, Patent Owner amended the claims to add the limitation
`
`
`
`5
`
`
`
`Case No. IPR2018-01350
`U.S. Patent No. 8,856,539
`
`of “access restrictions” and argued that the prior art of record did not disclose this
`
`feature. The Examiner found the amendments and arguments to be persuasive and
`
`subsequently dropped the ’388 patent to Weiss as teaching “time-varying.”
`
`Accordingly, the Petition should be denied because it involves substantially the
`
`same prior art reference and arguments that the Office has already considered and
`
`dismissed in issuing the ’539 patent.
`
`For each of these reasons, Patent Owner respectfully requests the Board
`
`deny institution of inter partes review.
`
`II. OVERVIEW OF THE ’539 PATENT
`
`A. The ’539 Patent Specification
`
`The ’539 patent provides a unique and highly secure anonymous
`
`identification system that uses a time-varying multicharacter code for both
`
`verifying the identity of an entity and enabling transactions between the entity and
`
`a provider without requiring the entity to share personal or otherwise sensitive
`
`information with the provider. See Ex. 1001 at 2:64-3:1, 3:24-27, 12:19-54; Ex.
`
`2001, Jakobsson at ¶ 25. As one non-exclusive example, the system, referred to as
`
`a Universal Secure Registry (USR) system, allows a person to purchase goods
`
`from a brick and mortar or online merchant without publicly providing credit card
`
`information to the merchant for fear that the credit card information may be stolen
`
`or used fraudulently. See Ex. 1001 at 3:44-54; Ex. 2001, Jakobsson at ¶ 25. As
`
`
`
`6
`
`
`
`Case No. IPR2018-01350
`U.S. Patent No. 8,856,539
`
`another example, the USR system may be used by a patient to supply “insurance
`
`data, medical history data, and other appropriate medical information to a medical
`
`provider, once that medical provider has been established as an authorized
`
`recipient [of such data].” See Ex. 1001 at 3:55-60; Ex. 2001, Jakobsson at ¶ 25.
`
`FIG. 1 depicts one possible embodiment of the USR system:
`
`
`
`
`
`7
`
`
`
`
`
`Case No. IPR2018-01350
`U.S. Patent No. 8,856,539
`
`The USR system’s main unit 12, which may be connected to a wide area network,
`
`includes a database 24 that stores data entries 30 related to different people or
`
`entities. Ex. 1001 at 7:11-13; 7:40-41; Ex. 2001, Jakobsson at ¶ 26. Each entry 30
`
`may contain different types of information such as, but not limited to, validation
`
`information, access
`
`information, publicly available
`
`information, address
`
`information, credit card information, medical information, job application
`
`information, and/or tax information. Ex. 1001 at 7:57-63; Ex. 2001, Jakobsson at ¶
`
`26. “The validation information [32] is information about the user of the database
`
`to whom the data pertains and is to be used by the USR software 18 to validate that
`
`the person attempting to access the information is the person to whom the data
`
`pertains or is otherwise authorized to receive it.” Ex. 1001 at 8:10-14; Ex. 2001,
`
`Jakobsson at ¶ 26. In particular, the validation information 32 contains
`
`information that enables the USR software 18 to validate a person that has
`
`presented the system with a one-time nonpredictable code uniquely associated with
`
`the user. See Ex. 1001 at 8:17-35; Ex. 2001, Jakobsson at ¶ 26. The access
`
`information 34 allows “different levels of security to attach to different types of
`
`information stored in the entry 30” so that the user can specify which particular
`
`individuals or companies can have access to what specific data such as credit card
`
`numbers, medical information, and tax information. See Ex. 1001 at 8:62-9:11;
`
`Ex. 2001, Jakobsson at ¶ 26.
`
`
`
`8
`
`
`
`Case No. IPR2018-01350
`U.S. Patent No. 8,856,539
`
`FIG. 8 depicts one possible embodiment of using the USR system “to
`
`purchase goods or services from a merchant without revealing to the merchant
`
`account information relating to the person’s bank or credit card.” Ex. 1001 at
`
`9:46-50; Ex. 2001, Jakobsson at ¶ 27.
`
`
`
`9
`
`
`
`Case No. IPR2018-01350
`U.S. Patent No. 8,856,539
`
`A user desiring to make a purchase at a merchant without providing their financial
`
`information, such as a credit or debit card number, may enter a secret code into
`
`their electronic ID device (any type of electronic device that may be used to obtain
`
`
`
`
`
`10
`
`
`
`Case No. IPR2018-01350
`U.S. Patent No. 8,856,539
`
`access to the USR database (Ex. 1001 at 8:45-47)), which generates a one-time
`
`nonpredictable code that is provided to the merchant. Id. at 12:21-24; Ex. 2001,
`
`Jakobsson at ¶ 27. The merchant in turn may transmit the one-time nonpredictable
`
`code, a store number, and a purchase amount to the USR. Ex. 1001 at 12:24-26;
`
`Ex. 2001, Jakobsson at ¶ 27. The USR may then determine whether the code
`
`received is valid, and if valid, accesses from the USR database the user’s actual
`
`credit card information. Ex. 1001 at 12:27-29; Ex. 2001, Jakobsson at ¶ 27. The
`
`USR next transmits to the credit card company the credit card number, the store
`
`number, and the purchase amount. Ex. 1001 at 12:29-31; Ex. 2001, Jakobsson at ¶
`
`27. The credit card company then processes the transaction, such as by checking
`
`the credit worthiness of the person, and either declines the card or debits the user’s
`
`account and transfers money to the merchant’s account. Ex. 1001 at 12:40-43; Ex.
`
`2001, Jakobsson at ¶ 27. The credit card company notifies the USR the transaction
`
`result and the USR may in turn notify the merchant. Ex. 1001 at 12:43-46; Ex.
`
`2001, Jakobsson at ¶ 27.
`
`Hence, the USR system provides a secure anonymous identification system
`
`that uses a time-varying multicharacter code for both verifying the identity of an
`
`entity and also enabling transactions between the entity and a provider, such as a
`
`merchant, without requiring the entity to share personal or otherwise sensitive
`
`information with the provider. Ex. 2001, Jakobsson at ¶ 28. In one case, this
`
`
`
`11
`
`
`
`Case No. IPR2018-01350
`U.S. Patent No. 8,856,539
`
`allows a user to purchase goods or services from a merchant without providing the
`
`merchant the user’s credit card number. Id. Advantageously, the USR system also
`
`allows such secure transactions to be transparent to the credit card company and
`
`thus requires no or minimal cooperation from the credit card company to
`
`implement. Id. As another example, a user may obtain medical treatment from a
`
`medical care provider without having to directly supply the medical care provider
`
`her medical history, which may not be with the patient herself. Id. at ¶ 29. In yet
`
`another example, the user may facilitate shipment of goods purchased from a
`
`merchant without having to provide the merchant their shipping address. Id.
`
`B.
`
`The ’539 Patent Claims
`
`The ’539 patent includes 38 claims, of which claims 1, 22, 37, and 38 are
`
`independent. The four independent claims of the ’539 patent are reproduced
`
`below:
`
`1.
`
`A secure registry system for providing information to a
`
`provider to enable transactions between the provider and entities with secure
`
`data stored in the secure registry system, the secure registry system
`
`comprising:
`
`a database including secure data for each entity, wherein each entity is
`
`associated with a time-varying multicharacter code for each entity having
`
`secure data in the secure registry system, respectively, each time-varying
`
`multicharacter code representing an identity of one of the respective entities;
`
`and
`
`
`
`12
`
`
`
`Case No. IPR2018-01350
`U.S. Patent No. 8,856,539
`
`a processor configured to receive a transaction request including at
`
`least the time-varying multicharacter code for the entity on whose behalf a
`
`transaction is to be performed and an indication of the provider requesting
`
`the transaction, to map the time-varying multicharacter code to the identity
`
`of the entity using the time-varying multicharacter code, to execute a
`
`restriction mechanism to determine compliance with any access restrictions
`
`for the provider to secure data of the entity for completing the transaction
`
`based at least in part on the indication of the provider and the time-varying
`
`multicharacter code of the transaction request, and to allow or not allow
`
`access to the secure data associated with the entity including information
`
`required to enable the transaction based on the determined compliance with
`
`any access restrictions for the provider, the information including account
`
`identifying information, wherein the account identifying information is not
`
`provided to the provider and the account identifying information is provided
`
`to a third party to enable or deny the transaction with the provider without
`
`providing the account identifying information to the provider.
`
`Ex. 1001 at 18:29-60.
`
`
`22. A method for providing information to a provider to enable
`
`transactions between the provider and entities who have secure data stored in
`
`a secure registry in which each entity is identified by a time-varying
`
`multicharacter code, the method comprising:
`
`receiving a transaction request including at least the time-varying
`
`multicharacter code for an entity on whose behalf a transaction is to take
`
`place and an indication of the provider requesting the transaction;
`
`mapping the time-varying multicharacter code to an identity of the
`
`entity using the time-varying multicharacter code;
`
`
`
`13
`
`
`
`Case No. IPR2018-01350
`U.S. Patent No. 8,856,539
`
`determining compliance with any access restrictions for the provider
`
`to secure data of the entity for completing the transaction based at least in
`
`part on the indication of the provider and the time-varying multicharacter
`
`code of the transaction request;
`
`accessing information of the entity required to perform the transaction
`
`based on the determined compliance with any access restrictions for the
`
`provider, the information including account identifying information;
`
`providing the account identifying information to a third party without
`
`providing the account identifying information to the provider to enable or
`
`deny the transaction; and
`
`enabling or denying the provider to perform the transaction without
`
`the provider's knowledge of the account identifying information.
`
`Id. at 20:4-31.
`
`37. A secure registry system for providing information to a
`
`provider to enable transactions between the provider and entities with secure
`
`data stored in the secure registry system, the secure registry system
`
`comprising:
`
`a database including secure data for each entity, wherein each entity is
`
`associated with a time-varying multicharacter code for each entity having
`
`secure data in the secure registry system, respectively, each time-varying
`
`multicharacter code representing an identity of one of the respective entities,
`
`wherein the database is configured to permit or deny access to information
`
`on the respective entity using the time-varying multicharacter code; and
`
`a processor configured to receive the time-varying multicharacter
`
`code for the entity on whose behalf a transaction is to be performed,
`
`configured to map the time-varying multicharacter code to the identity of the
`
`
`
`14
`
`
`
`Case No. IPR2018-01350
`U.S. Patent No. 8,856,539
`
`entity to identify the entity, configured to execute a restriction mechanism to
`
`determine compliance with any access restrictions for the provider to at least
`
`one portion of secure data for completing the transaction and to store an
`
`appropriate code with each such portion of secure data, configured to obtain
`
`from the database the secure data associated with the entity including
`
`information required to enable the transaction, the information including
`
`account identifying information, and configured to provide the account
`
`identifying information to a third party to enable or deny the transaction
`
`without providing the account identifying information to the provider.
`
`Id. at 21:25-22:13.
`
`38. A secure registry system for providing information to a
`
`provider to enable transactions between the provider and entities with secure
`
`data stored in the secure registry system, the secure registry system
`
`comprising:
`
`a database including secure data for each entity, wherein each entity is
`
`associated with a time-varying multicharacter code for each entity having
`
`secure data in the secure registry system, respectively, each time-varying
`
`multicharacter code representing an identity of one of the respective entities;
`
`and
`
`a processor configured to receive the time-varying multicharacter
`
`code for the entity on whose behalf a transaction is to be performed,
`
`configured to map the time-varying multicharacter code to the identity of the
`
`entity without requiring further information to identify the entity, configured
`
`to access from the database secure data associated with the entity including
`
`information required to enable the transaction, the information including
`
`account identifying information, and configured to provide the account
`
`
`
`15
`
`
`
`Case No. IPR2018-01350
`U.S. Patent No. 8,856,539
`
`identifying information to a third party to enable or deny the transaction
`
`without providing the account identifying information to the provider, and
`
`wherein enabling or denying the transaction without providing account
`
`identifying information to the provider includes limiting transaction
`
`information provided by the secure registry system to the provider to
`
`transaction approval information.
`
`Id. at 22:14-22:40.
`
`C.
`
`Prosecution History of the ’539 Patent
`
`The ’539 patent issued on October 7, 2014 from U.S. Application
`
`No. 11/768,729 (“’729 Application”) filed on June 26, 2007. The ’729 Application
`
`is a continuation application of U.S. Application No. 09/810,703 filed on March
`
`16, 2001, now U.S. Patent No. 7,237,117.
`
`The ’539 patent was subject to a thorough examination by Examiners
`
`Beemnet Dada and Thomas Gyorfi. See Ex. 1004. During prosecution, the
`
`Applicant and the Examiners discussed the application and prior art in detail, both
`
`through paper submissions and telephonic interviews. See id. Claim amendments
`
`were made to further distinguish the invention from the prior art. Ultimately,
`
`Examiner Gyorfi allowed the claims of the ’539 patent over a large body of cited
`
`prior art. See Ex. 1001 at 1-3.
`
`Of particular relevance to this Petition (and as admitted by the Petition at
`
`page 7) the Weiss reference raised by Petitioners was disclosed to the Patent Office
`
`
`
`16
`
`
`
`Case No. IPR2018-01350
`U.S. Patent No. 8,856,539
`
`during prosecution. See Ex. 2001, Jakobsson at ¶ 32. Moreover, a related patent,
`
`U.S. Patent No. 5,657,388 (“’388 patent”) claiming priority to Weiss, was the
`
`basis of a rejection. See Ex. 1004 at 0669 (“Claims 1, 3-5, 9-16, 19-21, 24-30, 32-
`
`39 and 41-48 are rejected as being unpatentable over Gioradano [sic] et al. US
`
`7,571,139 B1 (hereinafter Gioradano [sic]) in view of Weiss US 5,657,388.”); Ex.
`
`2001, Jakobsson at ¶ 32.
`
`Notably, the Patent Office relied upon the ’388 patent for the identical
`
`reason as Petitioner relies upon Weiss—to supplement a primary reference’s
`
`deficiency in teaching that a multicharacter code could be “time-varying.” Ex.
`
`1004 at 0670 (“Gioradano [sic] does not explicitly teach a time-varying code. In
`
`the same field of endeavor, [the ’388 patent] teaches a time varying multi character
`
`code” . . . “It would have been obvious to one having ordinary skill in the art at the
`
`time of applicant’s invention to employ the teachings of [the ’388 patent] within
`
`the system of Gioradano [sic].”); Ex. 2001, Jakobsson at ¶ 33.
`
`In response to this rejection, Patent Owner amended the claims to add the
`
`limitation of “access restrictions” and argued that the prior art of record (Giordano
`
`in combination with the ’388 patent) did not disclose this feature. Ex. 1004 at
`
`0679 to 0691. See id. at 0688 (“Claim 1, as amended, now recites ‘a restriction
`
`mechanism configured to determine compliance with any access restrictions for the
`
`first party,’ which is not taught or suggested by Giordano or [the ’388 patent]”);
`
`
`
`17
`
`
`
`Case No. IPR2018-01350
`U.S. Patent No. 8,856,539
`
`Ex. 2001, Jakobsson at ¶ 34. The Examiner found the amendments and arguments
`
`to be persuasive and subsequently dropped its reliance on the ’388 patent as
`
`teaching “time-varying.” Ex. 1004 at 0698 (“Examiner agreed the proposed
`
`amendment is not taught by the prior art”); Ex. 2001, Jakobsson at ¶ 34.
`
`III. OVERVIEW OF THE CITED ART
`
`A. Brener (Ex. 1005)
`
`Brener is directed to a centralized system that generates and distributes static
`
`codes to a vendor that allow for anonymous shopping. Ex. 2001, Jakobsson at ¶
`
`35. Brener emphasizes that an obje