Paper No. 6
`
`UNITED STATES PATENT AND TRADEMARK OFFICE
`________________
`
`BEFORE THE PATENT TRIAL AND APPEAL BOARD
`________________
`
`VISA INC. and VISA U.S.A. INC.,
`Petitioner,
`
`v.
`
`UNIVERSAL SECURE REGISTRY LLC,
`Patent Owner
`________________
`
`Case IPR2018-01351
`U.S. Patent No. 8,856,539
`________________
`
`PATENT OWNER’S PRELIMINARY RESPONSE
`PURSUANT TO 35 U.S.C. § 313 AND 37 C.F.R. § 42.107
`
`
`
`
`
`
`
`

`

`TABLE OF CONTENTS
`
`Case No. IPR2018-01351
`U.S. Patent No. 8,856,539
`
`Page
`
`I.
`
`II.
`
`INTRODUCTION ........................................................................................... 1
`
`OVERVIEW OF THE ’539 PATENT ............................................................ 5
`
`A.
`
`B.
`
`C.
`
`The ’539 Patent Specification ............................................................... 5
`
`The ’539 Patent Claims ....................................................................... 10
`
`Prosecution History of the ’539 Patent ............................................... 14
`
`III. OVERVIEW OF THE CITED ART ............................................................. 15
`
`A.
`
`B.
`
`Junda .................................................................................................... 15
`
`Brody ................................................................................................... 19
`
`IV. LEVEL OF ORDINARY SKILL IN THE ART ........................................... 21
`
`V.
`
`CLAIM CONSTRUCTION .......................................................................... 22
`
`A.
`
`B.
`
`C.
`
`D.
`
`“Entity” ................................................................................................ 22
`
`“Based at least in part on the indication of the provider and the
`time-varying multicharacter code of the transaction request” ............ 23
`
`“Provider” ............................................................................................ 26
`
`“Access restrictions for the provider” ................................................. 28
`
`VI. THE PETITION FAILS TO DEMONSTRATE A REASONABLE
`LIKELIHOOD THAT ANY CLAIM IS INVALID BASED ON
`JUNDA AND BRODY (GROUND 1) .......................................................... 30
`
`A.
`
`Brody Fails to Disclose a Time-varying Multicharacter Code. .......... 31
`
`1.
`
`2.
`
`“Dynamic Mappings” Refer to Mappings Between
`Anonymous Card Attributes and Real Card Attributes
`Performed Close in Time (i.e., Real Time) to Real Card
`Attribute Processing/Authorization. ......................................... 32
`
`Brody’s Anonymous Card Number and Attributes are
`Static. ......................................................................................... 37
`
`B.
`
`Junda Fails to Disclose Restriction Mechanisms are Executed to
`Determine Compliance with Any Access Restrictions for the
`Provider to Secure Data Stored at the Secure Registry for
`Completing the Transaction ................................................................ 40
`
`
`
`i
`
`

`

`Case No. IPR2018-01351
`U.S. Patent No. 8,856,539
`
`1.
`
`2.
`
`Junda’s Discussion That Real User Data is Provided to a
`Card Issuer While Proxy User Data is Provided to a
`Merchant Fails to Disclose Limitations 1.4, 22.3, and
`37.5. ........................................................................................... 43
`
`Petitioner’s Additional Arguments Also Fail to Disclose
`Limitations 1.4 and 22.3. .......................................................... 45
`
`(a)
`
`“Based at least in part on the indication of the
`provider and the time-varying multicharacter code
`of the transaction request” does not modify only
`“completing the transaction.” ......................................... 46
`
`(b) User preselection of the specific real data to obtain
`proxy data for, is not merchant-specific and is used
`and processed by Junda’s system the same way
`regardless of the merchant requesting the
`transaction. ...................................................................... 49
`
`(c) Restricted-use attributes setting an expiration
`parameter on proxy data is not merchant-specific
`and is used and processed by Junda’s system the
`same way regardless of the merchant requesting
`the transaction. ................................................................ 50
`
`(d) A merchant logging onto an authorization network
`to send authorization requests to a proxy agent
`does not establish that the proxy agent determines
`whether a provider is compliant with access
`restrictions specific to the provider based on an
`indication of the provider. .............................................. 51
`
`C.
`
`Junda Fails to Disclose Allowing or Not Allowing Access to
`Secure Data Associated with an Entity Including Information
`Required to Enable the Transaction Based on Determined
`Compliance with Access Restrictions for the Provider ...................... 54
`
`D.
`
`Petitioner Fails to Show that Junda Discloses “To Store an
`Appropriate Code With Each Such Portion of Secure Data” ............. 55
`
`VII. CONCLUSION .............................................................................................. 57
`
`
`
`
`
`
`
`ii
`
`

`

`Case No. IPR2018-01351
`U.S. Patent No. 8,856,539
`
`TABLE OF AUTHORITIES
`
`Page
`
`CASES
`
`C&D Zodiac, Inc. v. B/E Aerospace, Inc.,
`Case No. IPR2014-00727 (P.T.A.B. October 29, 2014) ......................... 57-58
`
`Commvault Systems, Inc. v. Realtime Data LLC,
`Case No. IPR2017-02006 (P.T.A.B. March 29, 2018) .................................57
`
`Cuozzo Speed Techs., LLC v. Lee,
`136 S. Ct. 2131 (2016) ...................................................................................22
`
`Graham v. John Deere Co.,
` 383 U.S. 1, 148 USPQ 459 (1966) ......................................................... 30, 31
`
`Harmonic Inc. v. Avid Tech., Inc.,
` 815 F.3d 1356, 1363 (Fed. Cir. 2016) .......................................................... 55
`
`KSR International Co. v. Teleflex Inc.,
` 550 U.S. 398, 82 USPQ2d 1385 (2007) ....................................................... 30
`
`Pre-AIA 35 U.S.C. § 103 .....................................................................................1, 30
`
`STATUTES
`
`RULES
`
`37 C.F.R. § 42.24 .....................................................................................................59
`
`37 C.F.R. § 42.6(e) ...................................................................................................60
`
`37 C.F.R. § 42.100 ................................................................................................... 22
`
`
`
`
`
`
`
`
`iii
`
`

`

`Case No. IPR2018-01351
`U.S. Patent No. 8,856,539
`
`EXHIBIT TABLE
`
`
`
`Exhibit #
`2001
`
`2002
`
`2003
`
`Description
`Declaration of Markus Jakobsson
`in Support of Patent Owner’s Preliminary Response
`
`Curriculum Vitae of Markus Jakobsson
`
`Terminal Disclaimer Dated August 17, 2018
`
`
`
`
`
`
`
`
`
`
`
`
`
`iv
`
`

`

`Case No. IPR2018-01351
`U.S. Patent No. 8,856,539
`
`I.
`
`INTRODUCTION
`
`The present petition (Paper 2, IPR2018-01351, hereinafter “Petition”) is one
`
`of two petitions filed by VISA INC. and VISA U.S.A. INC. (hereinafter
`
`“Petitioner”) challenging various claims of U.S. Patent No. 8,856,539 (hereinafter
`
`“’539 patent”). See also IPR2018-01350. The Petition requests inter partes review
`
`of the ’539 patent and relies on a combination of two references in its attempt to
`
`invalidate the challenged claims. See Petition at 13-14. Specifically, the Petition
`
`asserts that claims 1-9, 16-31, 37, and 381 are obvious over WO 01/13275 A1
`
`(“Junda”) in view of U.S. Pub. No. 2001/0029485 A1 (“Brody”) under pre-AIA 35
`
`U.S.C. § 103(a) (collectively “the Challenged Claims”). Id. Patent Owner strongly
`
`disagrees that the Challenged Claims are invalid over the cited art, and submits this
`
`Preliminary Response to the Petition requesting that the Board deny institution of
`
`inter partes review.
`
`The ’539 patent, which issued on October 7, 2014 from U.S. application No.
`
`11/768,729 filed on June 26, 2007, was subject to a thorough and rigorous
`
`examination by Examiners Beemnet Dada and Thomas Gyorfi that lasted over four
`
`
`1 Claims 5-8, 17-20, and 26-30 are no longer at issue since Patent Owner
`
`disclaimed these claims on August 17, 2018 by filing a terminal disclaimer. See
`
`Ex. 2003.
`
`
`
`1
`
`

`

`Case No. IPR2018-01351
`U.S. Patent No. 8,856,539
`
`years and included seven substantive office actions. See Exs. 1005-1025. During
`
`prosecution, the Applicant and the Examiners discussed the application and prior
`
`art in detail, both through paper submissions and telephonic interviews. See Exs.
`
`1005-1024. Ultimately, Examiner Gyorfi allowed the claims of the ’539 patent
`
`(Ex. 1025 at 5; Ex. 1028 at 5.) over a large body of cited prior art. See Ex. 1001 at
`
`1-3.
`
`The Board should not institute inter partes review of the ’539 patent because
`
`the Petition fails to demonstrate that there is a reasonable likelihood that at least
`
`one of the Challenged Claims is unpatentable. Notwithstanding deficiencies in the
`
`Petition that are unique to the dependent claims, the Petition fails to establish that
`
`independent claims 1, 22, 37, and 38 are obvious over Junda in view of Brody.
`
`First, Petitioner admits that its primary reference, Junda, fails to disclose a
`
`“time-varying multicharacter code” that is recited in all four independent claims.
`
`Petitioner contends that Brody makes up for the deficiencies of Junda, and that the
`
`combination of Junda and Brody teach a time-varying multicharacter code. As
`
`explained in greater detail below, Brody simply parrots Junda’s discussion of using
`
`static proxy numbers in place of actual credit card numbers, and thus adds nothing
`
`relevant to time-varying multicharacter codes. In support of its position, Petitioner
`
`goes to great lengths to distort the context of the word “dynamic” used in Brody in
`
`its failed attempt to reengineer Brody’s static proxy numbers into time-varying
`
`
`
`2
`
`

`

`Case No. IPR2018-01351
`U.S. Patent No. 8,856,539
`
`ones. A close review of Brody reveals that, as in Junda, its proxy numbers—used
`
`in place of real credit card numbers—are fixed and merely expire after a
`
`predetermined period or number of uses. Thus, Junda in combination with Brody
`
`fails to disclose a “time-varying multicharacter value.” Since this limitation is
`
`found in all claims of the ’539 patent, Junda and Brody’s shortcomings are fatal to
`
`the Petition.
`
`Second, as to independent claims 1, 22, and 37, Petitioner fails to show that
`
`Junda, alone or in combination with Brody, discloses “execute a restriction
`
`mechanism to determine compliance with any access restrictions for the provider
`
`to at least one portion of secure data for completing the transaction.” Petitioner
`
`argues that Junda discloses this limitation because Junda’s proxy agent reveals real
`
`user data to a credit card issuer while only providing corresponding proxy user data
`
`to a merchant. This argument fails because the claims specifically require that
`
`compliance with access restrictions are determined “for the provider,” and
`
`Junda’s card issuer is not a provider as that term is properly construed. Moreover,
`
`Junda’s proxy agent enables access to sensitive information to the card issuer
`
`regardless of who the transaction requesting merchant is. So long as the proxy user
`
`data received at Junda’s proxy agent is valid and matches proxy user data stored at
`
`the proxy agent, the proxy agent releases the real user card number to the card
`
`issuer irrespective of the requesting merchant’s identity. Junda does not disclose
`
`
`
`3
`
`

`

`Case No. IPR2018-01351
`U.S. Patent No. 8,856,539
`
`any embodiments where the proxy agent determines provider compliance with
`
`access restrictions specific to the provider.
`
`Third, as to independent claims 1 and 22, Petitioner fails to show that
`
`Junda, alone or in combination with Brody, discloses “allow or not allow access to
`
`the secure data associated with the entity including information required to enable
`
`the transaction based on the determined compliance with any access restrictions for
`
`the provider.” Petitioner argues that Junda teaches this limitation because the user
`
`in Junda can select the level of confidentiality for a transaction by choosing what
`
`real user data (e.g., name, card number, address, etc.) to obtain proxy user data for.
`
`However, such a teaching by Junda is irrelevant because claims 1 and 22 require
`
`that the secure registry determine the provider’s compliance with any access
`
`restrictions specific to the provider. Based on this provider-specific access
`
`restriction determination the secure registry allows or does not allow access to
`
`account identifying information. By contrast, in Junda it does not matter what real
`
`user data the user obtains proxy user data for—be it name, card number, address,
`
`etc.—because once that proxy user data is provided to the proxy agent, the proxy
`
`agent performs the same steps of mapping the proxy data to real data and providing
`
`the real user data to the card issuer. At no point does the proxy agent check to see
`
`who the requesting merchant is and whether the merchant complies with access
`
`
`
`4
`
`

`

`Case No. IPR2018-01351
`U.S. Patent No. 8,856,539
`
`restrictions specific to it before allowing or not allowing the release of secure data
`
`based on that determined compliance.
`
`Since the Petition has failed to show that Junda in combination with Brody
`
`renders obvious various limitations found in the claims, the Petition fails to
`
`demonstrate that there is a reasonable likelihood that at least one of the claims
`
`challenged in the Petition is unpatentable. As such, Patent Owner respectfully
`
`requests that the Board deny institution of inter partes review.
`
`II. OVERVIEW OF THE ’539 PATENT
`
`A. The ’539 Patent Specification
`
`The ’539 patent provides a unique and highly secure anonymous identification
`
`system that uses a time-varying multicharacter code for both verifying the identity
`
`of an entity and also enabling transactions between the entity and a provider without
`
`requiring the entity to share personal or otherwise sensitive information with the
`
`provider. See Ex. 1001 at 2:64-3:1, 3:24-27, 12:19-54; Ex. 2001, Jakobsson at ¶ 26.
`
`As one non-exclusive example, the system, referred to as a Universal Secure
`
`Registry (USR) system, allows a person to purchase goods from a brick and mortar
`
`or online merchant without publicly providing credit card information to the
`
`merchant for fear that the credit card information may be stolen or used fraudulently.
`
`See Ex. 1001 at 3:44-54; Ex. 2001, Jakobsson at ¶ 26. As another example, the USR
`
`system may be used by a patient to supply “insurance data, medical history data, and
`
`
`
`5
`
`

`

`Case No. IPR2018-01351
`U.S. Patent No. 8,856,539
`
`other appropriate medical information to a medical provider, once that medical
`
`provider has been established as an authorized recipient [of such data].” See Ex.
`
`1001 at 3:55-60; Ex. 2001, Jakobsson at ¶ 26.
`
`FIG. 1 depicts one possible embodiment of the USR system:
`
`
`
`
`
`The USR system’s main unit 12, which may be connected to a wide area network,
`
`
`
`6
`
`

`

`Case No. IPR2018-01351
`U.S. Patent No. 8,856,539
`
`includes a database 24 that stores data entries 30 related to different people or
`
`entities. Ex. 1001 at 7:11-13; 7:40-41; Ex. 2001, Jakobsson at ¶ 27. Each entry 30
`
`may contain different types of information such as, but not limited to, validation
`
`information, access
`
`information, publicly available
`
`information, address
`
`information, credit card information, medical information, job application
`
`information, and/or tax information. Ex. 1001 at 7:57-63; Ex. 2001, Jakobsson at ¶
`
`27. “The validation information [32] is information about the user of the database to
`
`whom the data pertains and is to be used by the USR software 18 to validate that the
`
`person attempting to access the information is the person to whom the data pertains
`
`or is otherwise authorized to receive it.” Ex. 1001 at 8:10-14; Ex. 2001, Jakobsson
`
`at ¶ 27. In particular, the validation information 32 contains information that enables
`
`the USR software 18 to validate a person that has presented the system with a one-
`
`time nonpredictable code uniquely associated with the user. See Ex. 1001 at 8:17-
`
`35; Ex. 2001, Jakobsson at ¶ 27. The access information 34 allows “different levels
`
`of security to attach to different types of information stored in the entry 30” so that
`
`the user can specify which particular individuals or companies can have access to
`
`what specific data such as credit card numbers, medical information, and tax
`
`information. See Ex. 1001 at 8:62-9:11; Ex. 2001, Jakobsson at ¶ 27.
`
`FIG. 8 depicts one possible embodiment of using the USR system “to
`
`purchase goods or services from a merchant without revealing to the merchant
`
`
`
`7
`
`

`

`account information relating to the person’s bank or credit card.” Ex. 1001 at 9:46-
`
`50; Ex. 2001, Jakobsson at ¶ 28.
`
`Case No. IPR2018-01351
`U.S. Patent No. 8,856,539
`
`A user desiring to make a purchase at a merchant without providing their financial
`
`
`
`
`
`8
`
`

`

`Case No. IPR2018-01351
`U.S. Patent No. 8,856,539
`
`information, such as a credit or debit card number, may enter a secret code into their
`
`electronic ID device (any type of electronic device that may be used to obtain access
`
`to the USR database (Ex. 1001 at 8:45-47)), which generates a one-time
`
`nonpredictable code that is provided to the merchant. Id. at 12:21-24; Ex. 2001,
`
`Jakobsson at ¶ 28. The merchant in turn may transmit the one-time nonpredictable
`
`code, a store number, and a purchase amount to the USR. Ex. 1001 at 12:24-26; Ex.
`
`2001, Jakobsson at ¶ 28. The USR may then determine whether the code received is
`
`valid, and if valid, accesses from the USR database the user’s actual credit card
`
`information. Ex. 1001 at 12:27-29; Ex. 2001, Jakobsson at ¶ 28. The USR next
`
`transmits to the credit card company the credit card number, the store number, and
`
`the purchase amount. Ex. 1001 at 12:29-31; Ex. 2001, Jakobsson at ¶ 28. The credit
`
`card company then processes the transaction, such as by checking the credit
`
`worthiness of the person, and either declines the card or debits the user’s account
`
`and transfers money to the merchant’s account. Ex. 1001 at 12:40-43; Ex. 2001,
`
`Jakobsson at ¶ 28. The credit card company notifies the USR the transaction result
`
`and the USR may in turn notify the merchant. Ex. 1001 at 12:43-46; Ex. 2001,
`
`Jakobsson at ¶ 28.
`
`Hence, the USR system provides a secure anonymous identification system
`
`that uses a time-varying multicharacter code for both verifying the identity of an
`
`entity and also enabling transactions between the entity and a provider, such as a
`
`
`
`9
`
`

`

`Case No. IPR2018-01351
`U.S. Patent No. 8,856,539
`
`merchant, without requiring the entity to share personal or otherwise sensitive
`
`information with the provider. Ex. 2001, Jakobsson at ¶ 29. In one case, this allows
`
`a user to purchase goods or services from a merchant without providing the
`
`merchant the user’s credit card number. Id. Advantageously, the USR system also
`
`allows such secure transactions to be transparent to the credit card company and
`
`thus requires no or minimal cooperation from the credit card company to
`
`implement. Id. As another example, a user may obtain medical treatment from a
`
`medical care provider without having to directly supply the medical care provider
`
`her medical history, which may not be with the patient herself. Id. at ¶ 30. In yet
`
`another example, the user may facilitate shipment of goods purchased from a
`
`merchant without having to provide the merchant their shipping address. Id.
`
`B.
`
`The ’539 Patent Claims
`
`The ’539 patent includes 38 claims, of which claims 1, 22, 37, and 38 are
`
`independent. The four independent claims of the ’539 patent are reproduced below:
`
`1.
`
`A secure registry system for providing information to a
`
`provider to enable transactions between the provider and entities with secure
`
`data stored in the secure registry system, the secure registry system
`
`comprising:
`
`a database including secure data for each entity, wherein each entity is
`
`associated with a time-varying multicharacter code for each entity having
`
`secure data in the secure registry system, respectively, each time-varying
`
`
`
`10
`
`

`

`Case No. IPR2018-01351
`U.S. Patent No. 8,856,539
`
`multicharacter code representing an identity of one of the respective entities;
`
`and
`
`a processor configured to receive a transaction request including at
`
`least the time-varying multicharacter code for the entity on whose behalf a
`
`transaction is to be performed and an indication of the provider requesting
`
`the transaction, to map the time-varying multicharacter code to the identity
`
`of the entity using the time-varying multicharacter code, to execute a
`
`restriction mechanism to determine compliance with any access restrictions
`
`for the provider to secure data of the entity for completing the transaction
`
`based at least in part on the indication of the provider and the time-varying
`
`multicharacter code of the transaction request, and to allow or not allow
`
`access to the secure data associated with the entity including information
`
`required to enable the transaction based on the determined compliance with
`
`any access restrictions for the provider, the information including account
`
`identifying information, wherein the account identifying information is not
`
`provided to the provider and the account identifying information is provided
`
`to a third party to enable or deny the transaction with the provider without
`
`providing the account identifying information to the provider.
`
`Ex. 1001 at 18:29-60.
`
`
`22. A method for providing information to a provider to enable
`
`transactions between the provider and entities who have secure data stored in
`
`a secure registry in which each entity is identified by a time-varying
`
`multicharacter code, the method comprising:
`
`receiving a transaction request including at least the time-varying
`
`multicharacter code for an entity on whose behalf a transaction is to take
`
`place and an indication of the provider requesting the transaction;
`
`
`
`11
`
`

`

`Case No. IPR2018-01351
`U.S. Patent No. 8,856,539
`
`mapping the time-varying multicharacter code to an identity of the
`
`entity using the time-varying multicharacter code;
`
`determining compliance with any access restrictions for the provider
`
`to secure data of the entity for completing the transaction based at least in
`
`part on the indication of the provider and the time-varying multicharacter
`
`code of the transaction request;
`
`accessing information of the entity required to perform the transaction
`
`based on the determined compliance with any access restrictions for the
`
`provider, the information including account identifying information;
`
`providing the account identifying information to a third party without
`
`providing the account identifying information to the provider to enable or
`
`deny the transaction; and
`
`enabling or denying the provider to perform the transaction without
`
`the provider's knowledge of the account identifying information.
`
`Id. at 20:4-31.
`
`37. A secure registry system for providing information to a
`
`provider to enable transactions between the provider and entities with secure
`
`data stored in the secure registry system, the secure registry system
`
`comprising:
`
`a database including secure data for each entity, wherein each entity is
`
`associated with a time-varying multicharacter code for each entity having
`
`secure data in the secure registry system, respectively, each time-varying
`
`multicharacter code representing an identity of one of the respective entities,
`
`wherein the database is configured to permit or deny access to information
`
`on the respective entity using the time-varying multicharacter code; and
`
`
`
`12
`
`

`

`Case No. IPR2018-01351
`U.S. Patent No. 8,856,539
`
`a processor configured to receive the time-varying multicharacter
`
`code for the entity on whose behalf a transaction is to be performed,
`
`configured to map the time-varying multicharacter code to the identity of the
`
`entity to identify the entity, configured to execute a restriction mechanism to
`
`determine compliance with any access restrictions for the provider to at least
`
`one portion of secure data for completing the transaction and to store an
`
`appropriate code with each such portion of secure data, configured to obtain
`
`from the database the secure data associated with the entity including
`
`information required to enable the transaction, the information including
`
`account identifying information, and configured to provide the account
`
`identifying information to a third party to enable or deny the transaction
`
`without providing the account identifying information to the provider.
`
`Id. at 21:25-22:13.
`
`38. A secure registry system for providing information to a
`
`provider to enable transactions between the provider and entities with secure
`
`data stored in the secure registry system, the secure registry system
`
`comprising:
`
`a database including secure data for each entity, wherein each entity is
`
`associated with a time-varying multicharacter code for each entity having
`
`secure data in the secure registry system, respectively, each time-varying
`
`multicharacter code representing an identity of one of the respective entities;
`
`and
`
`a processor configured to receive the time-varying multicharacter
`
`code for the entity on whose behalf a transaction is to be performed,
`
`configured to map the time-varying multicharacter code to the identity of the
`
`entity without requiring further information to identify the entity, configured
`
`
`
`13
`
`

`

`Case No. IPR2018-01351
`U.S. Patent No. 8,856,539
`
`to access from the database secure data associated with the entity including
`
`information required to enable the transaction, the information including
`
`account identifying information, and configured to provide the account
`
`identifying information to a third party to enable or deny the transaction
`
`without providing the account identifying information to the provider, and
`
`wherein enabling or denying the transaction without providing account
`
`identifying information to the provider includes limiting transaction
`
`information provided by the secure registry system to the provider to
`
`transaction approval information.
`
`Id. at 22:14-22:40.
`
`C.
`
`Prosecution History of the ’539 Patent
`
`The ’539 patent issued on October 7, 2014 from U.S. Application
`
`No. 11/768,729 (“’729 Application”) filed on June 26, 2007. The ’729 Application
`
`is a continuation application of U.S. Application No. 09/810,703 filed on March
`
`16, 2001, now U.S. Patent No. 7,237,117.
`
`The ’539 patent was subject to a thorough examination by Examiners
`
`Beemnet Dada and Thomas Gyorfi. See Exs. 1005-1025. During prosecution, the
`
`Applicant and the Examiners discussed the application and prior art in detail, both
`
`through paper submissions and telephonic interviews. See Exs. 1005-1024. Claim
`
`amendments were made to further distinguish the invention from the prior art.
`
`Ultimately, Examiner Gyorfi allowed the claims of the ’539 patent (Ex. 1025 at 5;
`
`Ex. 1028 at 5.) over a large body of cited prior art. See Ex. 1001 at 1-3.
`
`
`
`14
`
`

`

`Case No. IPR2018-01351
`U.S. Patent No. 8,856,539
`
`III. OVERVIEW OF THE CITED ART
`
`A.
`
`Junda
`
`Junda discusses “a system and a method for enabling a customer… to make
`
`purchases and take delivery of goods or services while keeping some or all of the
`
`user’s personal information confidential and secure throughout the purchase and
`
`delivery transactions.” Ex. 1008, Junda at 3:27-31. FIG. 1 of Junda shown below is
`
`instructive of this method and system. Ex. 2001, Jakobsson at ¶ 32.
`
`
`
`15
`
`

`

`Case No. IPR2018-01351
`U.S. Patent No. 8,856,539
`
`
`
`Referring to FIG. 1 of Junda above, the process begins when “a user 120
`
`registers with the proxy agent 140 for obtaining proxy user data that he or she can
`
`use when making purchases and taking delivery of goods or services.” Ex. 1008,
`
`Junda at 11:11-13. Specifically, the user may have “a credit or debit card for which
`
`he or she requests proxy user data.” Id. at 11:26-27. The user may fill out an
`
`electronic form to provide the proxy agent 140 its real name, shipping address, and
`
`
`
`16
`
`

`

`Case No. IPR2018-01351
`U.S. Patent No. 8,856,539
`
`email address. Id. at 11:29-33. In the case where the proxy agent 140 was not the
`
`entity that issued the user 120 its credit or debit card account, the user 120 would
`
`also provide the proxy agent 140 its real credit or debit card number. Id. at 12:33-
`
`36. The proxy agent 140 generates proxy user data corresponding to this data and
`
`stores all of this information in its user database 144. See id. at 13:9-33. The proxy
`
`agent 140 may then provide the generated proxy user data to the user 120 for
`
`subsequent use by the user 120 with, for example, a merchant 130. Id. at 13:35-
`
`14:2. To reduce the risk that such proxy user data may be intercepted and used by
`
`an “unscrupulous individual,” Junda discusses that the proxy user data may be
`
`“valid for only a limited number of purchases or requiring the user to make a
`
`purchase only within a limited period of time.” Id. at 14:30-33; Ex. 2001,
`
`Jakobsson at ¶ 33.
`
`The user 120 may then take the proxy user data and present it to an online
`
`merchant 130 instead of the real data (e.g., real credit card number) when desiring
`
`to make a purchase. Id. at 15:27-35. The merchant 130 then logs onto an
`
`authorization network 112 to request authorization to charge the user’s credit/debit
`
`card account for the selected purchase. Id. at 16:1-3. The proxy agent 140 receives
`
`the proxy user data, such as the proxy credit/debit card number, from the merchant
`
`130 and—in the case the proxy agent 140 did not issue the underlying credit/debit
`
`card account—translates the proxy number to the real credit/debit account number
`
`
`
`17
`
`

`

`Case No. IPR2018-01351
`U.S. Patent No. 8,856,539
`
`and forwards the real account number to the card issuer 170 that issued the real
`
`account number. See id. at 16:3-23; Ex. 2001, Jakobsson at ¶ 34.
`
`The card issuer 170 sends an authorization response authorizing or denying
`
`the transaction to the authorization proxy agent 140 over the authorization network
`
`112. Id. at 16:25-26. The proxy agent 140 then substitutes out the real account
`
`numbers with the proxy numbers before sending the authorization information
`
`back to the merchant 130. Id. at 16:26-31. The merchant 130 lets the user 120
`
`know the outcome (approval/denial) of the transaction. See id. at 16:31-37. In this
`
`fashion, “the user 120 is not required to send any real user data to the merchant
`
`130” and “the proxy agent 140 does not reveal any of the real user data stored in
`
`the user database 144 to the merchant 130.” Id. at 17:1-6; Ex. 2001, Jakobsson at ¶
`
`35.
`
`Junda’s system and method also includes delivery of goods using proxy user
`
`data. For example, not knowing the user’s shipping address, the merchant 130
`
`sends the goods to a delivery provider 150 that in turn ships the goods to the user
`
`120. Id. at 18:14-24. Next, the delivery provider visits the proxy agent site 142 and
`
`requests the real user data (e.g., shipping address) corresponding to the proxy user
`
`data provided. Id. at 18:26-28. The proxy agent 140 looks up the user’s real
`
`shipping address based on the proxy data and provides the real shipping address to
`
`the delivery provider 150. Id. at 18:28-32; Ex. 2001, Jakobsson at ¶ 36.
`
`
`
`18
`
`

`

`Case No. IPR2018-01351
`U.S. Patent No. 8,856,539
`
`Notably, Junda makes no disclosure that the proxy user data provided to the
`
`user is time-varying or that a restriction mechanism is executed to determine
`
`compliance with any access restrictions for the merchant or delivery provider to
`
`secure data. Ex. 2001, Jakobsson at ¶ 37.
`
`B.
`
`Brody
`
`Brody discusses an anonymous transaction server (ATS) that generates
`
`pseudo-random credit card attributes, such as a pseudo-random credit card number,
`
`name, billing zip code, or expiration date, which are provided to consumers for
`
`subsequent use with merchants to purchases goods and services anonymously. See
`
`Ex. 1009, Brody at [0009]-[0011]. FIG. 1 of Brody shown below is instructive of
`
`this method and system. Ex. 2001, Jakobsson at ¶ 38.
`
`