UNITED STATES PATENT AND TRADEMARK OFFICE
`_____________________________
`
`BEFORE THE PATENT TRIAL AND APPEAL BOARD
`_____________________________
`
`VISA INC. and VISA USA, INC.,
`Petitioners,
`
`v.
`
`UNIVERSAL SECURE REGISTRY LLC,
`Patent Owner.
`_____________________________
`
`Patent No. 8,856,539
`_____________________________
`
`DECLARATION OF JUSTIN DOUGLAS TYGAR, PH.D.
`
`APPLE 1002
`
`
`_____________________________
`
`BEFORE THE PATENT TRIAL AND APPEAL BOARD
`_____________________________
`
`VISA INC. and VISA USA, INC.,
`Petitioners,
`
`v.
`
`UNIVERSAL SECURE REGISTRY LLC,
`Patent Owner.
`_____________________________
`
`Patent No. 8,856,539
`_____________________________
`
`DECLARATION OF JUSTIN DOUGLAS TYGAR, PH.D.
`
`APPLE 1002
`
`
`
`
`
`TABLE OF CONTENTS
`
`QUALIFICATIONS ..................................................................................... 1
`I.
`SCOPE OF WORK ....................................................................................... 3
`II.
`III. OVERVIEW OF THE ’539 PATENT .......................................................... 4
`IV. LEGAL STANDARDS .............................................................................. 12
`V.
`SCOPE AND CONTENT OF THE PRIOR ART ....................................... 15
`VI. LEVEL OF ORDINARY SKILL AND RELEVANT TIME ...................... 20
`VII. CLAIM CONSTRUCTION ........................................................................ 22
`VIII. GROUNDS OF UNPATENTABILITY ...................................................... 26
`Ground 1: Claims 1-9, 16-31, 37, and 38 are obvious in view of
`Brener, Weiss, and Desai. ................................................................. 26
`IX. GROUNDS OF UNPATENTABILITY BASED ON JUNDA .................... 98
`Ground 2: Claims 1-9, 16-31, 37, and 38 are obvious in view of
`Junda and Brody. .............................................................................. 98
`CONCLUDING STATEMENTS .............................................................. 165
`X.
`XI. APPENDIX A – LIST OF EXHIBITS ...................................................... 167
`
`
`
`-i-
`
`
`
`
`
`I, Justin Douglas Tygar, declare as follows:
`
`I.
`
`QUALIFICATIONS
`
`1. My name is Justin Douglas Tygar.
`
`2.
`
`I am a tenured, full Professor at the University of California,
`
`Berkeley, with a joint appointment in two departments: the Department of
`
`Electrical Engineering and Computer Science (Computer Science Division) and the
`
`School of Information.
`
`3.
`
`Prior to joining UC Berkeley in 1998, I was a tenured professor in the
`
`Computer Science Department at Carnegie Mellon University. I have extensive
`
`research, teaching, and industry experience in the areas of computer security and
`
`electronic commerce, with a special research interest in digital rights management
`
`and privacy as it relates to those areas.
`
`4.
`
`In 1982 I earned an A.B. degree in Math/Computer Science from the
`
`University of California, Berkeley, and in 1986 I earned a Ph.D. in Computer
`
`Science from Harvard University.
`
`5.
`
`I have helped build a number of security and electronic commerce
`
`systems. Together with my colleague at Carnegie Mellon, Marvin Sirbu, I
`
`developed NetBill, a patented electronic payment system that was licensed to
`
`CyberCash. For the U.S. Postal Service, I designed the two dimensional
`
`“Information Based Indicia” postage indicia that have now become a widely used
`
`
`
`-1-
`
`
`
`
`
`standard. In addition, together with my graduate students, I designed the
`
`architecture and a foundational operating system used on a secure coprocessor,
`
`Dyad. Together with my graduate students, I designed Micro-Tesla, a light-weight
`
`cryptographic architecture that ultimately became a standard of the Internet
`
`Engineering Task Force (IETF) and is widely used in sensor webs.
`
`6.
`
`I served as chair of the U.S. Department of Defense’s Information
`
`Science and Technology (ISAT) Study Group on Security with Privacy and was a
`
`founding board member of the Association for Computing Machinery’s Special
`
`Interest Group on Electronic Commerce.
`
`7.
`
`I helped create the U.S. National Science Foundation Science and
`
`Technology Center TRUST, which studies issues associated with networking and
`
`security. In addition, the U.S. State Department is funding my project at U.C.
`
`Berkeley to examine the security and networking issues for communication
`
`protocols and software to support Internet freedom and allow users to bypass
`
`national firewalls in countries such as China, Iran, and Syria.
`
`8.
`
`Among my awards are the National Science Foundation Presidential
`
`Young Investigator Award and the Kyoto Fellowship.
`
`9.
`
`I have also co-written four books that address networking technology
`
`and security for networking technology, and one of those books has been translated
`
`-2-
`
`
`
`
`
`into Japanese. My book Secure Broadcast Communication in Wired and Wireless
`
`Networks (with Adrian Perrig) has become a standard reference.
`
`10. A copy of my curriculum vitae (“CV”) is attached as Exhibit 1003.
`
`My CV includes a list of books, book chapters, papers and other publications that I
`
`have authored or co-authored. I am an expert in software engineering, computer
`
`networking, computer and network security, and cryptography. I have taught
`
`courses in software engineering, computer security, and cryptography at the
`
`undergraduate, masters, and Ph.D. levels, at both UC Berkeley and Carnegie
`
`Mellon University.
`
`II.
`
`SCOPE OF WORK
`
`11.
`
`I understand that a petition is being filed with the United States Patent
`
`and Trademark Office for Inter Partes Review of U.S. Patent No. 8,856,539 to
`
`Kenneth P. Weiss et al. (the “’539 patent,” attached as Ex. 1001).
`
`12.
`
`I have been retained by Visa Inc. and Visa USA, Inc. (together,
`
`“Visa”) to offer an expert opinion on the validity of certain claims of the ’539
`
`patent. Visa pays the consulting firm DOAR $700 per hour for my services. No
`
`part of my compensation is dependent on my opinions or on the outcome of this
`
`proceeding.
`
`13.
`
`I have been specifically asked to provide my opinions on claims 1-9,
`
`16-31, 37, and 38 of the ’539 patent. In connection with this analysis, I have
`
`-3-
`
`
`
`
`
`reviewed the ’539 patent and its prosecution history. I have also reviewed and
`
`considered various other documents in arriving at my opinions, and may cite to
`
`them in this declaration. For convenience, the information considered in arriving
`
`at my opinions is listed in Appendix A.
`
`III. OVERVIEW OF THE ’539 PATENT
`
`14. The ’539 patent is entitled “Universal Secure Registry.” Ex. 1001.
`
`15. The ’539 patent is generally directed to systems and methods for
`
`providing selective access to information stored on a database and a multicharacter
`
`code corresponding to a user with information stored in the database. Ex. 1001 at
`
`Abstract (“A secure registry system and method for the use thereof are provided
`
`which permits secure access to a database containing selected data on a plurality of
`
`entities, at least portions of which database has restricted access.”); see also, e.g.,
`
`id. at 3:5-9 (“Accordingly, this invention relates, in one embodiment, to an
`
`information system that may be used as a universal identification system and/or
`
`used to selectively provide personal, financial or other information about a person
`
`to authorized users.”), 3:31-32 (“Enabling anonymous identification facilitates
`
`multiple new forms of transactions.”); claim 22 (“A method for providing
`
`information to a provider to enable transactions between the provider and entities
`
`who have secure data stored in a secure registry in which each entity is identified
`
`by a time-varying multicharacter code, the method comprising…”). In particular,
`
`-4-
`
`
`
`
`
`claims 1-9, 16-31, 37, and 38 of the ’539 patent recite a “secure registry system”
`
`(or, in claim 22 and its dependent claims, a method of using a secure registry) for
`
`identifying or verifying a person “to selectively provide personal, financial or other
`
`information about a person to authorized users.” Id. at 3:5-9. As I discuss in
`
`greater detail below, transactions at the time conventionally required selective
`
`access to personal, financial, or other information to complete the transaction. In
`
`these transactions, allowing only authorized access was important to protect the
`
`consumer’s personal and account information to prevent fraud. Using time-
`
`varying codes or proxy data in place of the consumer’s identifying information was
`
`a logical approach for preventing fraud. Indeed, systems and methods for
`
`anonymous transactions using time-varying codes in place of the consumer’s real
`
`information were already well known and described in the prior art before the ʼ539
`
`patent.
`
`16. Embodiments of the invention disclosed by the ’539 patent involve
`
`anonymous online transactions. For example, online purchases where a customer’s
`
`credit card number is disclosed to an authorizing financial institution but not the
`
`online merchant. Id. at 3:44-50 (“In a financial context, providing anonymous
`
`identification of a person enables the person to purchase goods and/or services
`
`from a merchant without ever transmitting to the merchant information, such as the
`
`person’s credit card number, or even the person’s name, that could be intercepted
`
`-5-
`
`
`
`
`
`and/or usurped and used in subsequent or additional unauthorized transactions or
`
`for other undesired purposes.”), 12:47-50 (“In this embodiment, like the
`
`embodiment of FIG. 7, the user can use the USR system 10 to purchase goods or
`
`services from a merchant without providing the merchant with the user’s credit
`
`card number.”). In another embodiment, the customer’s address is revealed to a
`
`shipper but not the merchant. Id. at (“FIG. 10 illustrates a method of conducting a
`
`transaction with a merchant without requiring the user to provide to the merchant
`
`the user’s name, address, or other identifying information, while enabling the
`
`merchant to ship the goods to the user.”).
`
`17. As might be expected, the field of e-commerce had many disclosures
`
`of such systems prior to the March 2001 priority date. The ’539 patent’s
`
`requirement of a time-varying multicharacter code representing an identity of a
`
`user such as a customer does not convey a point of novelty. The use of such time-
`
`varying multicharacter codes to identify or authenticate a user was well-known, as
`
`demonstrated by the named inventor’s own prior art patent disclosures predating
`
`the ’539 patent by well over a decade as well as other prior art disclosing the use of
`
`such codes in an anonymous transaction context.
`
`18. As the Background section of the ’539 patent states, “there are times
`
`when the individual may wish to be identified or at least verified without providing
`
`personal information.” Id. at 2:17-19. The Background section goes on to
`
`-6-
`
`
`
`
`
`describe instances where such identification and authentication may occur. “For
`
`example, a person may wish to purchase goods and/or services without publicly
`
`providing his/her credit card information for fear that the credit card information
`
`may be stolen and used fraudulently.” Id. at 2:19-22. “Likewise, the person may
`
`wish to purchase goods or order goods to be delivered to an address without
`
`revealing the address to the vendor.” Id. at 22-27. The Summary of the Invention
`
`describes the invention as “an information system that may be used as a universal
`
`identification system and/or used to selectively provide personal, financial or other
`
`information about a person to authorized users.” Id. at 3:5-9.
`
`-7-
`
`
`
`
`
`19. The specification
`
`discloses “a system for facilitating
`
`purchases without providing financial
`
`information to the merchant as set
`
`forth in FIG.8.” Id. at 12:19-54. As
`
`seen here in Figure 8, a user
`
`(customer) initiates a purchase and
`
`provides a code to a merchant, without
`
`providing identifying information or a
`
`credit card number. Id. at 12:21-24.
`
`The merchant then sends the purchase
`
`request to the universal secure registry
`
`system (USR), which uses the secret
`
`code to determine the identity of the
`
`customer and access credit card information from a database, which it then
`
`forwards to a credit card company for purchase authorization. Id. at 12:24-39. The
`
`credit card company then processes the transaction by “checking the credit
`
`worthiness” of the user and notifies the USR system of the result of the transaction,
`
`which “in turn notifies the merchant of the result of the transaction.” Id. at 12:40-
`
`46. In this way, “the user can use the USR system to purchase goods or services
`
`-8-
`
`
`
`
`
`from a merchant without providing the merchant with the user’s credit card
`
`number.” Id. at 12:47-50.
`
`20. The specification explains that the user’s secret code can vary over
`
`time. Id. at 8:17-47. For example, the secret code can be derived using “a SecurID
`
`card available from RSA Security,” which mathematically combines “a secret user
`
`code and/or time varying value” and a secret personal identification code to
`
`“generate a one-time-nonpredictable code” used to verify a user. Id. at 8:17-35.
`
`Alternatively, the user’s computer may be programmed to execute an algorithm to
`
`generate a “non-predictable, single use codes, which may or may not be time
`
`varying.” Id. at 8:36-44.
`
`21. Claim 1 of the ’539 patent is representative of the claims at issue
`
`(additional line breaks for readability):
`
`A secure registry system for providing information to a provider to
`
`enable transactions between the provider and entities with secure
`
`data stored in the registry system, the secure registry system
`
`comprising:
`
`a database including secure data for each entity, wherein each entity is
`
`associated with a time-varying multicharacter code for each entity
`
`having secure data in the secure registry system, respectively, each
`
`time-varying multicharacter code representing an identity of one of
`
`the respective entities; and
`
`-9-
`
`
`
`
`
`a processor configured
`
`to receive a transaction request including at least the time-varying
`
`multicharacter code for the entity on whose behalf a transaction
`
`is to be performed and an indication of the provider requesting
`
`the transaction,
`
`to map the time-varying multicharacter code to the identity of the
`
`entity using the time-varying multicharacter code,
`
`to execute a restriction mechanism to determine compliance with
`
`any access restrictions for the provider to secure data of the
`
`entity for completing the transaction based at least in part on the
`
`indication of the provider and the time-varying multicharacter
`
`code of the transaction request,
`
`and to allow or not allow access to the secure data associated with
`
`the entity including information required to enable the
`
`transaction based on the determined compliance with any
`
`access restrictions for the provider, the information including
`
`account identifying information,
`
`wherein the account identifying information is not provided to the
`
`provider and the account identifying is provided to a third party
`
`to enable or deny the transaction with the provider without
`
`providing the account identifying information to the provider.
`
`22. The “receiv[ing] a transaction request” element of claim 1 relates to
`
`the central concept of the ’539 patent: receiving a transaction request with a
`
`multicharacter code corresponding to the entity on whose behalf the transaction is
`
`-10-
`
`
`
`
`
`to be performed. The secure registry’s processor then processes the transaction
`
`requested received from the provider by “map[ping] the time-varying
`
`multicharacter code to the identity of the entity using the time-varying
`
`multicharacter code” and “determin[ing] compliance with any access restrictions
`
`for the provider.” Ex. 1001, cl. 1. As I discuss in more detail below, both the
`
`mapping of the identity to the multicharacter code and determining compliance
`
`with access restrictions to maintain anonymity during a transaction as claimed by
`
`the ’539 patent were well-known concepts prior to the ’539 patent.
`
`23. Claim 22 of the ’539 patent recite substantively similar requirements
`
`as claim 1, with the primary difference being that claim 22 is a method claim while
`
`claim 1 is a system claim. Independent claims 37 and 38 and the remaining
`
`dependent claims recite other requirements that relate to minor variations or
`
`common feature of anonymous transaction systems. For example, claims 2-3, 15
`
`and 23-24 relate to securely transmitting information from the customer to the
`
`system. Claims 4-9, 16-18, and 25-31 specify the particular customer information
`
`that is anonymized. For example, claims 4 and 25 anonymize the user’s shipping
`
`address; claim 16 anonymizes the customer’s account number; claims 5-6, 17 and
`
`26-28 anonymize the customer’s credit card information; claims 7-8, 18 and 29-30
`
`anonymize the customer’s bank card information; and claims 9 and 31 anonymize
`
`the customer’s personal identification information.
`
`-11-
`
`
`
`
`
`24. As I discuss in more detail below, anonymous transaction systems
`
`saw many developments in the years leading up to the ’539 patent, many of which
`
`were directed to limiting access to and transmission of customer information
`
`during a transaction. Using a secure remote database was a common aspect of
`
`anonymous transaction systems and methods that was well known to those in this
`
`field at the time. Additionally, it was also well known both in the specific field of
`
`remote data security as well as in the general field of computer security to
`
`anonymize user data with proxy codes and data.
`
`IV. LEGAL STANDARDS
`
`25.
`
`I have been informed by counsel for Visa that a claimed invention is
`
`not patentable under 35 U.S.C. § 103, for obviousness, if the differences between
`
`the invention and the prior art are such that the subject matter as a whole would
`
`have been obvious at the time the invention was made to a person having ordinary
`
`skill in the art to which the subject matter pertains.
`
`26.
`
`I have further been informed by counsel for Visa that a determination
`
`of obviousness requires inquiries into: (1) the scope and contents of the art when
`
`the invention was made; (2) the differences between the art and the claims at issue;
`
`(3) the level of ordinary skill in the pertinent art when the invention was made;
`
`and, to the extent they exist, (4) secondary indicia of obviousness.
`
`-12-
`
`
`
`
`
`27.
`
`I have been informed by counsel for Visa that a claim can be found to
`
`be obvious if all the claimed elements were known in the prior art and one skilled
`
`in the art could have combined the elements as claimed by known methods with no
`
`change in their respective functions, and the combination would have yielded
`
`nothing more than predictable results to one of ordinary skill in the art.
`
`28.
`
`I have been informed by counsel for Visa that hindsight must not be
`
`used when comparing the prior art to the invention for obviousness. Thus, a
`
`conclusion of obviousness must be firmly based on knowledge and skill of a
`
`person of ordinary skill in the art at the time the invention was made without the
`
`use of post-filing knowledge.
`
`29.
`
`I have been informed by counsel for Visa that in order for a claimed
`
`invention to be considered obvious, there must be some rational underpinning for
`
`combining cited references as proposed.
`
`30.
`
`I have been informed by counsel for Visa that obviousness may also
`
`be shown by demonstrating that it would have been obvious to modify what is
`
`taught in a single piece of prior art to create the patented invention. Obviousness
`
`may be shown by showing that it would have been obvious to combine the
`
`teachings of more than one item of prior art. In determining whether a piece of
`
`prior art could have been combined with other prior art or with other information
`
`-13-
`
`
`
`
`
`within the knowledge of one of ordinary skill in the art, the following are examples
`
`of approaches and rationales that may be considered:
`
`(a) Combining prior art elements according to known methods to yield
`
`predictable results;
`
`(b)
`
`Simple substitution of one known element for another to obtain
`
`predictable results;
`
`(c) Use of a known technique to improve similar devices (methods, or
`
`products) in the same way;
`
`(d) Applying a known technique to a known device (method, or product)
`
`ready for improvement to yield predictable results;
`
`(e) Applying a technique or approach that would have been “obvious to
`
`try” (choosing from a finite number of identified, predictable solutions, with
`
`a reasonable expectation of success);
`
`(f) Known work in one field of endeavor may prompt variations of it for
`
`use in either the same field or a different one based on design incentives or
`
`other market forces if the variations would have been predictable to one of
`
`ordinary skill in the art; or
`
`(g)
`
`Some teaching, suggestion, or motivation in the prior art that would
`
`have led one of ordinary skill to modify the prior art reference or to combine
`
`prior art reference teachings to arrive at the claimed invention.
`
`-14-
`
`
`
`
`
`V.
`
`SCOPE AND CONTENT OF THE PRIOR ART
`
`31.
`
`In my opinion, and as I explain in further detail below, the claims of
`
`the ’539 patent fail to identify anything new or significantly different from what
`
`was already known to individuals of skill in the field prior to the filing of the ’539
`
`patent, including prior to March 16, 2001. The anonymous transaction systems
`
`and methods recited in the ʼ539 patent claims, including the use of a database to
`
`map proxy information for use in place of real consumer information, as well as
`
`using time-varying multicharacter codes, were conventional aspects of secure
`
`network access control systems.
`
`32. With the rise of Internet-based e-commerce in the late 1990s, the
`
`years leading up to 2001 were an active period for developing secure transaction
`
`systems and resulted in a particular focus on earning consumer trust. Consumers
`
`wanted assurances that their personal information such as credit card numbers and
`
`addresses would not be misused. As a result, merchants and financial institutions
`
`invested in privacy and security measures that would, among other things, safely
`
`store and use credit card and other sensitive data for their online consumers
`
`without allowing such data to be intercepted or misused. This lead to numerous
`
`systems for anonymous online transactions developed and known prior to March
`
`2001, many of which involved storing a consumer’s secure data in a remote
`
`-15-
`
`
`
`
`
`database and selectively allowing access to complete a transaction based on a
`
`multicharacter code associated with the user.
`
`33. For example, International Application Number International PCT
`
`Application WO 00/14648 to Brener (“Brener,” submitted as Ex. 1005), entitled
`
`“Electronic Commerce with Anonymous Shopping and Anonymous Vendor
`
`Shipping,” discloses “[a] computer-implemented method delivers goods purchased
`
`from a vendor web site without revealing the customer’s identity or physical
`
`shipping address to the vendor computer (140).” Ex. 1005 at Abstract. As
`
`explained in Brener, “[t]he method includes associating the identity and physical
`
`location of each customer with computer (100) linking information which is stored
`
`at a secure computer such as a secure provider computer (110) or banking
`
`computer (150). The customer computer (100) anonymously connects to the
`
`vendor web site (140) and orders goods without revealing his actual identity or
`
`physical location.” Id.
`
`34. Another example of using a remote database for maintaining secure
`
`data and controlling access to personal information for anonymous shopping was
`
`seen in International PCT Application WO 01/13275 to Junda et al (“Junda,”
`
`submitted as Ex. 1008), entitled “Proxy System for Customer Confidentiality.”
`
`Junda discloses “a system and a method for enabling a customer (referred to herein
`
`as a "user") to make purchases and take delivery of goods or services while
`
`-16-
`
`
`
`
`
`keeping some or all of the user’s personal information confidential and secure
`
`throughout the purchase and delivery transactions.” Ex. 1008 at 3:27-31. The
`
`system and method described in Junda includes, for example, “generating proxy
`
`delivery data corresponding with the real delivery data [and] maintaining a
`
`database including the real delivery data and the corresponding proxy delivery data
`
`for use in translating the proxy delivery data into the corresponding real delivery
`
`data.” Id. at 7:11-14.
`
`35.
`
`It was also known to utilize a dynamic, time-varying code to control
`
`access to data, as evidenced by U.S. Patent No. 4,885,778 to Weiss (“Weiss,”
`
`submitted as Ex. 1006), entitled “Method and Apparatus for Synchronizing
`
`Generation of Separate, Free Running, Time Dependent Equipment.” Weiss is one
`
`of a number of patents directed to aspects of the well-known SecurID
`
`authentication scheme. See., e.g., id. at FIG. 2. The apparatus and method
`
`described in Weiss “eliminates the relatively easy access afforded to someone who
`
`copies or otherwise misappropriates a secret ‘fixed’ code by periodically
`
`generating identification codes by using fixed codes, variable data, and a
`
`predetermined algorithm which is unknown in advance and unknowable outside
`
`the administration of the security system even to authorized users of the apparatus
`
`utilizing the fixed secret code.” Ex. 1006 at 1:55-62. These dynamic, time-
`
`varying codes were used to replace “[t]ypical instances of fixed codes includ[ing]
`
`-17-
`
`
`
`
`
`card numbers, user numbers or passwords issued to customers of computer data
`
`retrieval services.” Id. at 1:36-40.
`
`36.
`
`It was known prior to March 2001 that such a time-varying
`
`multicharacter code could be applied in the context of an anonymous transaction
`
`system like the ones disclosed in Brener and Junda, as evidenced by U.S. Patent
`
`Application No. 09/786,719 to Brody et al. (“Brody,” submitted as Ex. 1009),
`
`entitled “Systems and Methods Enabling Anonymous Credit Transactions.”
`
`37. Brody discloses a system and method for anonymous merchant
`
`transactions by “creat[ing] dynamic mappings of the card numbers to account
`
`numbers or other card numbers, such as pseudo-random credit card numbers.” Ex.
`
`1009 at [0009]. The pseudo-random attributes are used by consumers in place of
`
`the consumer’s credit card. As explained by Brody, “Because pseudo-random
`
`attributes are transmitted to the merchant, the transaction between the consumer
`
`and merchant will be anonymous.” Id. The pseudo-random attributes correspond
`
`to the card number, name, billing zip code, expiration date, and purchase amount,
`
`each of which can be used by an authentication server to authenticate a transaction
`
`according to consumer preferences.” Id. The benefit of such systems and methods
`
`includes the fact that “fraud is prevented by the nature of dynamic mapping of
`
`credit card numbers to pseudo-random attributes….” Id. at [0010].
`
`-18-
`
`
`
`
`
`38. Finally, it was also known to the ’539 patent that a remote database
`
`could selectively grant access to personal information for online purchase
`
`transactions based on the identity of the consumer and the merchant. For example,
`
`Patent Application No. 6,820,204B1 to Desai et al. (“Desai”,” submitted as Ex.
`
`1007), entitled “System and Method for Selective Information Exchange,”
`
`discloses “a system and method for information exchange that provides control
`
`over the content of stored information, as well as control over the access to the
`
`stored information.” Id. at 3:34-37. The system and method described in Desai
`
`uses an “information exchange system … connected to one or more registered
`
`users through a communications network, such as the Internet, to allow each
`
`respective registered user to access, edit and manage the registered user's profile
`
`data through a network device.” Id. at 3:46-49. The information exchange system
`
`includes facilities that allow the registered user to selectively grant access to this
`
`stored profile data to one or more third parties on an element-by-element basis. Id.
`
`at 9:10-14. For example, a registered user can grant access to its telephone
`
`number, street address, and credit card number to an online vendor while only
`
`granting its telephone number to a mere business contact. Id. at 9:14-18. This is
`
`similar to Junda’s disclosure providing that “the user may select beforehand the
`
`real personal information that he or she desires to be concealed from the merchant
`
`when using the proxy credit or debit card.” Ex. 1008 at 4:28-33.
`
`-19-
`
`
`
`
`
`39. Other aspects and features as claimed by the ’539 patent, such as
`
`providing anonymous delivery, providing bank card or credit card authorization,
`
`and using secure transmission device and encryption were also known before the
`
`’539 patent. See, e.g., Ex. 1005 at 2:19-3:11 (describing anonymous shipping); Ex.
`
`1008 at 9:5-11 (describing providing bank or credit card authorization); Ex. 1005
`
`at 8:30-9:11 (using virtual personal network protocols); and Ex. 1005 at 15:25-16:6
`
`(using encryption).
`
`40. For these reasons, and as described in greater detail below, it is my
`
`opinion that the anonymous transaction systems as recited in claims 1-9, 16-31, 37,
`
`and 38 were well known in the field as of the filing of the ’539 patent, and prior to
`
`March 16, 2001.
`
`VI. LEVEL OF ORDINARY SKILL AND RELEVANT TIME
`
`41.
`
`I have been informed by counsel for Visa that the application that led
`
`to the ’539 patent was filed on June 26, 2007. I have been informed by counsel for
`
`Visa that the ’539 patent claims priority to U.S. Patent Application No.
`
`09/810,703, filed on March 16, 2001.
`
`42.
`
`I have been further advised that “a person of ordinary skill in the
`
`relevant field” is a hypothetical person to whom one could assign a routine task
`
`with reasonable confidence that the task would be successfully carried out. I have
`
`been advised that the relevant timeframe is prior to March 16, 2001.
`
`-20-
`
`
`
`
`
`43. By virtue of my education, experience, and training, I am familiar
`
`with the level of skill in the art of the ’539 patent prior to March 16, 2001. As I
`
`have explained above (see ¶¶1-3) and as demonstrated by my curriculum vitae
`
`(“CV” submitted as Ex. 1003), I have been teaching computer science since at least
`
`1986. I regularly teach classes to undergraduate, masters, and post doctorate
`
`students in computer science including in the late 90s and early 2000s.
`
`44.
`
`In my opinion, a person of ordinary skill in the relevant field prior to
`
`March 16, 2001, would be someone who had, through education or practical
`
`experience, the equivalent of a bachelor’s degree in computer science or computer
`
`engineering or a related field and at least an additional two years of work in the
`
`computer science field including, for example, network security systems, database
`
`management, and secure transaction systems.
`
`45. A person of ordinary skill in the relevant field would have been aware
`
`of developments in the field of secure transaction systems and would have been
`
`working with trends from the mid- to late-1990s, including trends toward
`
`increasing the security, privacy and ease of operation of such systems. Such a
`
`person would also have been familiar with known techniques for authentication as
`
`well as access controls, such as those described above in Section V.
`
`-21-
`
`
`
`
`
`46.
`
`I have been informed by counsel for Visa that the person of ordinary
`
`skill in the art is presumed to be aware of the pertinent art. I discuss some of the
`
`most relevant art in Section V above.
`
`VII. CLAIM CONSTRUCTION
`
`47.
`
`I have been advised that, absent some reason to the contrary, claim
`
`terms are typically given their ordinary and accustomed meaning as would be
`
`understood by one of ordinary skill in the art. I discuss some terms below and
`
`what I understand as constructions of these terms.
`
`
`
`“entity”
`
`Claim Term
`
`“based at least in part on the
`
`indication of the provider and the
`time-varying multicharacter code of
`
`the transaction request”
`
`Construction
`“purchasing party to a transaction who
`
`has data stored in the secure registry”
`
`This term should be construed to modify
`
`the term immediately preceding it:
`
`“completing the transaction” rather than
`
`modifying the term “access restrictions
`
`for the provider.”
`
`48.
`
`“entity”: Each of the independent claims of the ’539 patent require
`
`that entities who have secure data stored in a secure registry in which each entity is
`
`identified by a time-varying multicharacter code . Ex. 1001, claims 1, 22, 37, 38.
`
`49.
`
`It is my
Accessing this document will incur an additional charge of $.
After purchase, you can access this document again without charge.
Accept $ Charge
Still Working On It
This document is taking longer than usual to download. This can happen if we need to contact the court directly to obtain the document and their servers are running slowly.
Give it another minute or two to complete, and then try the refresh button.
A few More Minutes ... Still Working
It can take up to 5 minutes for us to download a document if the court servers are running slowly.
Thank you for your continued patience.
This document could not be displayed.
We could not find this document within its docket. Please go back to the docket page and check the link. If that does not work, go back to the docket and refresh it to pull the newest information.
Your account does not support viewing this document.
You need a Paid Account to view this document. Click here to change your account type.
Your account does not support viewing this document.
Set your membership
status to view this document.
With a Docket Alarm membership, you'll
get a whole lot more, including:
- Up-to-date information for this case.
- Email alerts whenever there is an update.
- Full text search for other cases.
- Get email alerts whenever a new case matches your search.
One Moment Please
The filing “” is large (MB) and is being downloaded.
Please refresh this page in a few minutes to see if the filing has been downloaded. The filing will also be emailed to you when the download completes.
Your document is on its way!
If you do not receive the document in five minutes, contact support at support@docketalarm.com.
Sealed Document
We are unable to display this document, it may be under a court ordered seal.
If you have proper credentials to access the file, you may proceed directly to the court's system using your government issued username and password.
Access Government Site
