`November 21, 2019
`
`Visa Inc., Visa U.S.A. Inc., and Apple Inc. v. Universal Secure Registry LLC
`Case No. IPR2018-01350
`
`
`
`Instituted Ground
`IPR2018-01350: Patent No. 8,856,539
`Ground
`Claims
`Basis
`Prior Art
`1
`1-4, 9, 16, 21-25, 31, 37, and 38
`103
`Brener, Desai, Weiss
`
`2
`
`Petitioners’ Oral Argument
`IPR2018-01350 | DEMONSTRATIVE EXHIBIT – NOT EVIDENCE
`
`
`
`Challenged Patent
` “[T]his invention relates, in one
`embodiment, to an universal
`identification system…used to
`selectively provide personal,
`financial or other information about
`a person to authorized users.”
` Ex-1001, 3:5-9; see also, e.g., Pet. at 2
`
`3
`
`Ex-1001, 3:5-9, Fig. 8;
`see also, e.g.., Pet. at 3
`Petitioners’ Oral Argument
`IPR2018-01350 | DEMONSTRATIVE EXHIBIT – NOT EVIDENCE
`
`
`
`
`
`Representative Claim: ’539 Patent
`
`
`
`4
`
`
`
`
`
`
`
`1. A secure registry system for providing information to a provider to enable transactions between the
`provider and entities with secure data stored in the secure registry system, the secure registry system
`comprising:
`a database including secure data for each entity, wherein each entity is associated with a time-varying
`multicharacter code for each entity having secure data in the secure registry system, respectively, each
`time-varying multicharacter code representing an identity of one of the respective entities; and
`a processor configured
`to receive a transaction request including at least the time-varying multicharacter code for the
`entity on whose behalf a transaction is to be performed and an indication of the provider requesting
`the transaction,
`to map the time-varying multicharacter code to the identity of the entity using the time-varying
`multicharacter code,
`to execute a restriction mechanism to determine compliance with any access restrictions for the
`provider to secure data of the entity for completing the transaction based at least in part on the
`indication of the provider and the time-varying multicharacter code of the transaction request, and
`to allow or not allow access to the secure data associated with the entity including information
`required to enable the transaction based on the determined compliance with any access restrictions
`for the provider, the information including account identifying information,
` wherein the account identifying information is not provided to the provider and the account identifying
`information is provided to a third party to enable or deny the transaction with the provider without
`providing the account identifying information to the provider.
`
`
`
`
`
`
`
`Petitioners’ Oral Argument
`IPR2018-01350 | DEMONSTRATIVE EXHIBIT – NOT EVIDENCE
`
`
`
`Prior Art: Brener
` “The method includes: (a)
`associating the identity and
`physical location of each
`customer with computer (100)
`linking information which is
`stored at a secure computer such
`as a secure provider computer
`(110) or banking computer (150).
`The customer computer (100)
`anonymously connects to the
`vendor web site (140) and orders
`goods without revealing his actual
`identity or physical location.”
` Ex-1005, 2:19-3:11; see also, e.g., Pet. at 24
`
` Ex-1005, Fig. 1; see also, e.g., Pet. at 24
`
`5
`
`Petitioners’ Oral Argument
`IPR2018-01350 | DEMONSTRATIVE EXHIBIT – NOT EVIDENCE
`
`
`
`Prior Art: Desai
` “The information exchange
`system 10 further includes
`facilities that allow the
`registered user 12 to
`selectively grant access to this
`stored profile data to one or
`more third parties 17a-c on an
`element-by-element basis.”
` Ex-1007, 9:10-14; see also, e.g., Pet. at 11
`
` Ex-1007, Tables 18 and 20 of Fig. 2;
`see also, e.g., Pet. at 33
`
`6
`
`Petitioners’ Oral Argument
`IPR2018-01350 | DEMONSTRATIVE EXHIBIT – NOT EVIDENCE
`
`
`
`Prior Art: Weiss
` Weiss is directed to “periodically generating identification
`codes by using fixed codes, variable data, and a
`predetermined algorithm which is unknown in advance
`and unknowable outside the administration of the
`security system even to authorized users of the apparatus
`utilizing the fixed secret code.”
` Ex-1006, 1:55-62; see also, e.g., Pet. at 21
`
`7
`
`Petitioners’ Oral Argument
`IPR2018-01350 | DEMONSTRATIVE EXHIBIT – NOT EVIDENCE
`
`
`
`Brener teaches Limitation 1.6
`
` Brener teaches:
`“The bank computer 150 obtains or is
`
`already provided with the linking information
`to link the customer object with personal
`information about the customer, including
`customer account information. Once the
`bank computer 150 determines whether the
`customer object has sufficient funds to make
`the purchase, the bank computer 150 notifies
`the vendor computer 140 whether the
`customer has sufficient funds to make the
`purchase.”
` Ex-1005, 9:19-10:2; see also Pet. at 39-40;
`Reply at 11
`
`
`
`
`
`“Once the bank computer 150 has authorized
`the purchase, as shown in step 250, the bank
`computer 150 returns the vendor number, the
`transaction identifier and/or the customer
`object or public key, and the approval of the
`transaction back to the vendor computer 140 or
`to the secure provider computer 110, depending
`upon which computer transmitted information
`about the request for payment to bank
`computer 150. Upon approval of the transaction,
`the vendor readies the goods for anonymous
`shipment as explained below.”
` Ex-1005, 14:16-22; see also, e.g., Pet. at 29-30;
`Reply at 10
`“This linking information is stored in one
`embodiment, in a linking table stored in the
`database 130 of the secure provider computer
`110…. Using this linking table, the secure
`provider computer 110 or the bank computer
`150 can determine which customer a given
`customer object represents.”
` Ex-1005, 8:9-20; see also Pet. at 31-32; Reply at
`11
`
`8
`
`Petitioners’ Oral Argument
`IPR2018-01350 | DEMONSTRATIVE EXHIBIT – NOT EVIDENCE
`
`
`
`Brener teaches Limitation 1.6
` Brener teaches:
` Claim 25 of the ‘539 patent:
` “The customer information is
`then relayed by the secure
`provider computer 110 or bank
`computer 150 to the carrier
`computer 180 who can then
`ship the items directly to the
`customer now knowing the
`address of the customer. Thus,
`while the secure provider
`and/or the bank and the
`shipping company know who
`the customer is, advantageously,
`the customer's actual 10
`identity is shielded from the
`vendor.”
` Ex-1005, 14:28-15:10; see also Ex-1002,
`¶¶ 96-98; Pet. at 39-40; Reply at 8
`
`
`
`Ex-1001, 20:41-48; see also Reply at 8
`
` Dr. Jakobsson:
` “[T]here are descriptions in
`Brener of things that enable the
`transaction … when the shipper
`comes to pick up the package”
` Ex-1015, 69:9-71:7 (discussing Ex-
`1005, 10:7-12); see also Reply at 8
`
`9
`
`Petitioners’ Oral Argument
`IPR2018-01350 | DEMONSTRATIVE EXHIBIT – NOT EVIDENCE
`
`
`
`Combining Brener and Weiss
` “A person of ordinary skill would have found it beneficial
`to incorporate a time-varying aspect into Brener’s
`customer objects, resulting in a time-varying code that
`corresponds to the user’s identity via the linking
`information stored in the secure database.”
` Ex-1002, ¶63; see also, e.g., Pet. at 28, 57
`
`10
`
`Petitioners’ Oral Argument
`IPR2018-01350 | DEMONSTRATIVE EXHIBIT – NOT EVIDENCE
`
`
`
`Combining Brener and Weiss
` Dr. Jakobsson:
` Brener:
` “The ‘private key
` “[T]his [customer]
`authorization code’
`object may have both
`discussed in Brener is
`a public and private
`a digital signature.”
`segment to a digital
`certificate or key.”
` Ex-2001, ¶63; see also, e.g.,
`Ex-1005, 13:6-10; Ex-1015,
` Ex-1005, 10:27-28 (emphasis
`86:22-87:2, 87:16-88:11;
`added); see also Reply at 13
`Reply at 14
`
`11
`
`Petitioners’ Oral Argument
`IPR2018-01350 | DEMONSTRATIVE EXHIBIT – NOT EVIDENCE
`
`
`
`Combining Brener and Weiss
` Dr. Tygar testified:
` “In view of Weiss, a
`person of ordinary skill in
`the art would have
`modified Brener’s
`customer object private
`key authorization code to
`utilize a dynamic non-
`predictable, time-varying
`code generated using a
`predetermined algorithm.”
` Ex-1002, ¶63; see also Pet. at 57-58
`
`
`
`Ex-2005, 48:13-19; see also Reply at 15
`
`
`
`Ex-2005, 55:12-56:1; see also Reply at 14-15
`
`12
`
`Petitioners’ Oral Argument
`IPR2018-01350 | DEMONSTRATIVE EXHIBIT – NOT EVIDENCE
`
`
`
`Combining Brener and Desai
` “A person of ordinary skill in the art would have been
`motivated to provide restricted access to sensitive user
`information on a vendor-by-vendor basis as selected by
`the user—as taught by Desai—in addition to the role-
`based access restrictions disclosed in Brener. […] A
`person of ordinary skill in the art would have found this a
`natural extension of the access restrictions already
`present in Brener, and would further have understood
`such a modification to be consistent with the benefits of
`user security and anonymity as expressed by both Brener
`and Desai.”
`
` Ex-1002, ¶¶ 65-66; see also Pet. at 59.
`
`13
`
`Petitioners’ Oral Argument
`IPR2018-01350 | DEMONSTRATIVE EXHIBIT – NOT EVIDENCE
`
`
`
`Combining Brener and Desai
` Dr. Jakobsson testified:
`
` Ex-1015, 105:10-106:15; see also Reply at 20.
`
`14
`
`Petitioners’ Oral Argument
`IPR2018-01350 | DEMONSTRATIVE EXHIBIT – NOT EVIDENCE
`
`
`
`Dependent claims (3, 24)
` Dr. Tygar:
` Claim 3:
` “Brener discloses that the
` “The system of claim 1,
`customer object
`wherein the time-varying
`multicharacter code is
`multicharacter code is
`encrypted and transmitted to
`encrypted and transmitted to
`the secure provider system
`the system, and
`and then decrypted by the
` wherein the system is
`system with a public key of
`configured to decrypt the
`the entity. In particular,
`time-varying multicharacter
`code with a public key of the
`Brener teaches using RSA key
`entity.”
`technology as a digital
`signature system, where the
`Ex-1001, (cl. 3)18:64-67, (cl. 24) 20:36-40
`public key is used to decrypt
`the signature encrypted with
`the private key.”
` Ex 1002, ¶103; see also Ex-1005, 15:25-
`16:13; see also Pet. at 48
`
` Schneier:
` “Bob decrypts the document
`with Alice’s public key, thereby
`verifying the signature.”
` Ex-1016 at 37; see also Reply at 21
`
`
`
`15
`
`Petitioners’ Oral Argument
`IPR2018-01350 | DEMONSTRATIVE EXHIBIT – NOT EVIDENCE
`
`
`
`Secondary Considerations
`
` “[F]or commercial success to be probative evidence of
`nonobviousness, a nexus must be shown between the
`claimed invention and the evidence of commercial
`success.”
` Wm. Wrigley Jr. Co. v. Cadbury Adams USA LLC, 683 F.3d 1356,
`1363 (Fed. Cir. 2012); see also Reply at 23
`
`16
`
`Petitioners’ Oral Argument
`IPR2018-01350 | DEMONSTRATIVE EXHIBIT – NOT EVIDENCE
`
`
`
`Motion to Amend: Written Description
`
`Limitation
`Lack of communication between secure registry and entity
`
`Claims
`39, 48, 51, 52
`
`Entity have been verified using a biometric
`
`46, 52
`
`Mapping the time-varying multicharacter code to an identity
`of the entity using the time value
`
`40, 46
`
`Training process involving multiple entities
`
`51
`
` CMTA Opp. at 3-7
`
`17
`
`Petitioners’ Oral Argument
`IPR2018-01350 | DEMONSTRATIVE EXHIBIT – NOT EVIDENCE
`
`
`
`Motion to Amend: Obviousness
`IPR2018-01350: Patent No. 8,856,539
`Ground
`Claims
`Basis
`Prior Art
`1
`103
`Brener, Desai, Weiss
`2
`103
`Brener, Desai, Weiss, Pare
`3
`103
`Brener, Desai, Schneier, Pare
`
`51
`39, 41-45, 52
`39, 40, and 46-50
`
` CMTA Opp. at 8-21
`
`18
`
`Petitioners’ Oral Argument
`IPR2018-01350 | DEMONSTRATIVE EXHIBIT – NOT EVIDENCE
`
`
`
`Motion to Amend: Obviousness (39, 48, 51, 52)
`
` Ex-1023, 22:20-23:23; see also CMTA Surreply at 7
`
`19
`
`Petitioners’ Oral Argument
`IPR2018-01350 | DEMONSTRATIVE EXHIBIT – NOT EVIDENCE
`
`
`
`Motion to Amend:
`Obviousness (39, 47)
`
`
`
`Ex-1007 at 18:63-64; see
`also CMTA Opp. at 10
`
`20
`
`Ex-1007 FIG. 42; Surreply CMTA at 9
`Petitioners’ Oral Argument
`IPR2018-01350 | DEMONSTRATIVE EXHIBIT – NOT EVIDENCE
`
`
`
`
`
`
`
`
`
`
`
`Motion to Amend: Obviousness (Claims 40, 46)
` PO does not dispute Schneier’s teachings or
`“[D]igital signatures often include a
`Petition’s proffered motivation to combine.
`timestamp for the date and time of the
`signature. As explained in Schneier, once
` PO’s attempt to distinguish Brener fail:
`the recipient receives the signed message,
`Brener also discloses that the vendor can send
`
`the recipient can decrypt the signed
`the customer object to the secure provider.
`message using the public key. In doing so,
` Ex-1005, 2:19-3:11; see also CMTA Surreply at
`the timestamp would be a portion of the
`10
`decrypted information and therefore
`PO’s reliance on 16:14-26 as supporting PO’s
`extracted from the time-varying
`interpretation of 13:6-10 is misplaced.
`multicharacter code. …[W]hen combined
`See CMTA Surreply at 10
`with Brener these teachings of Schneier
`
`PO fails to address the anonymous shipping
`would result in the time value of the date
`disclosure of Brener.
`and time of the signature being extracted
`from the signed portion of the customer
`See, e.g., CMTA Opp. at 13, Ex-1005, 2:19-3:7,
`
`10:14-17 ; see also CMTA Surreply at 10
`object by decrypting that signed portion.”
`If the secure provider could ascertain the
`Ex-1021, ¶72; see also CMTA Opp. at 12
`
`identity of a customer from a transaction
`request merely because the customer is
`logged-in, Brener’s entire customer object
`linking scheme would be unnecessary.”
` Ex-1005, 16:1-6, 8:3-20 ; see also CMTA
`Surreply at 10-11
`
`
`
`21
`
`Petitioners’ Oral Argument
`IPR2018-01350 | DEMONSTRATIVE EXHIBIT – NOT EVIDENCE
`
`
`
`Motion to Amend: Obviousness
` Brener discloses:
` “The linking information is stored … in … secure provider
`computer 110 [and] matches up each customer object with
`the customer’s personal information [such as name and
`address].”
`
` Ex-1005 at 8:9-14.
` “[T]he linking information … link[s] the customer object with
`…customer account information.”
`
` Ex-1005 at 9:24-26.
`
` See also Ex-1005,10:28-11:2; 14:16-22; CMTA Opp at 14-15; CMTA
`Surreply at 12
`
`22
`
`Petitioners’ Oral Argument
`IPR2018-01350 | DEMONSTRATIVE EXHIBIT – NOT EVIDENCE
`
`