UNITED STATES PATENT AND TRADEMARK OFFICE
`____________________
`
`BEFORE THE PATENT TRIAL AND APPEAL BOARD
`____________________
`
`PAYPAL INC.,
`PETITIONER,
`
`V.
`
`IOENGINE, LLC,
`PATENT OWNER.
`____________________
`
`IPR2019-00886
`IPR2019-00887
`
`PATENT 8,539,047
`____________________
`
`DECLARATION OF AVIEL D. RUBIN, PH.D.
`
`
`
`Exhibit 2003
`
`

`

`
`
`I.
`
`II.
`
`TABLE OF CONTENTS
`
`Introduction .......................................................................................................... 4
`
`Qualifications ....................................................................................................... 5
`
`A.
`
`B.
`
`Education & Career ................................................................................... 5
`
`Publications ............................................................................................... 8
`
`III.
`
`Person of Ordinary Skill in the Art ...................................................................... 9
`
`IV. Legal Framework ............................................................................................... 10
`
`A.
`
`B.
`
`C.
`
`Standard of Proof..................................................................................... 10
`
`Anticipation ............................................................................................. 11
`
`Obviousness ............................................................................................. 11
`
`V.
`
`The ’047 Patent .................................................................................................. 13
`
`VI. Asserted Grounds and References Relied On In Petitions ................................ 16
`
`A. DiGiorgio ................................................................................................. 16
`
`B.
`
`C.
`
`D.
`
`E.
`
`F.
`
`G.
`
`Burger ...................................................................................................... 17
`
`Brockmann (’886 Petition) ...................................................................... 18
`
`Shmueli (’886 Petition) ........................................................................... 18
`
`Atwater (’887 Petition) ............................................................................ 19
`
`Fung (’887 Petition) ................................................................................ 20
`
`Shima (’887 Petition) .............................................................................. 20
`
`VII. Claim Construction ............................................................................................ 21
`
`A.
`
`IUI ............................................................................................................ 21
`
`“communicate through the terminal network interface with the
`B.
`communications network node” // “cause a communication to be sent through
`the terminal network interface to a communications network node” ................ 27
`
`C.
`
`“[first/second/third] program code” ........................................................ 30
`
`“communication resulting from user interaction with the interactive user
`D.
`interface” ............................................................................................................ 31
`
`VIII. Detailed Analysis ............................................................................................... 33
`
`A. No Motivation to Combine DiGiorgio and Burger ................................. 33
`
`B.
`
`Elements Neither Disclosed Nor Obvious .............................................. 36
`
`2
`PayPal Inc. v. IOENGINE, LLC
`IPR2019-00886, IPR2019-00887 (US 8,539,047)
`Exhibit 2003
`
`

`

`
`
`
`
`C.
`
`Dependent Claims ................................................................................... 56
`
`3
`PayPal Inc. v. IOENGINE, LLC
`IPR2019-00886, IPR2019-00887 (US 8,539,047)
`Exhibit 2003
`
`

`

`
`
`1.
`
`I, Aviel D. Rubin, make this declaration in connection with the
`
`proceedings identified above.
`
`I.
`
`INTRODUCTION
`
`2.
`
`I have been retained as an expert on behalf of IOENGINE, LLC
`
`(“IOENGINE”) in connection with the proceedings identified above. I submit this
`
`Declaration on behalf of IOENGINE in support of its Preliminary Response responding
`
`to the Petition for Inter Partes Review in Case IPR2019-00886 (the “’886 Petition”)
`
`filed by PayPal Inc. (“PayPal” or “Petitioner”) challenging claims 1-4, 6-9, 12-16, and
`
`18-31 of U.S. Patent No. 8,539,047 to McNulty (“the ’047 Patent”) (Ex. 1001), and
`
`also in support of its Preliminary Response responding to the Petition for Inter Partes
`
`Review in Case IPR2019-00887 (the “’887 Petition”) filed by Petitioner challenging
`
`claims 1, 3, 5, 7, 9-11, 14, and 16-17, and focusing on claims 5, 10-11, and 17, of the
`
`’047 Patent (together with the claims challenged in the ’886 Petition, the “Challenged
`
`Claims”).
`
`3.
`
`The opinions in this Declaration are based on my professional training and
`
`experience and my review of the exhibits discussed herein.
`
`4.
`
`I am being compensated for my services in connection with the
`
`proceedings identified above at my regular rate of $775 per hour (plus reimbursement
`
`for expenses). My compensation is in no way contingent on the outcome of the
`
`proceedings identified above or on any of the opinions I provide below.
`
`4
`PayPal Inc. v. IOENGINE, LLC
`IPR2019-00886, IPR2019-00887 (US 8,539,047)
`Exhibit 2003
`
`

`

`
`
`II. QUALIFICATIONS
`
`5.
`
`I have summarized in this section my educational background, career
`
`history, publications, and other relevant qualifications. My curriculum vitae is
`
`submitted
`
`as
`
`Ex.
`
`2062,
`
`and
`
`can
`
`also
`
`be
`
`found
`
`at
`
`http://avirubin.com/Avi_Rubins_home_page/Vita.html.
`
`A. Education & Career
`
`6.
`
`I received my Ph.D. in Computer Science and Engineering from the
`
`University of Michigan, Ann Arbor, in 1994, with a specialty in computer security and
`
`cryptographic protocols. My thesis was titled “Nonmonotonic Cryptographic
`
`Protocols” and concerned authentication in long-running networking operations.
`
`7.
`
`I am currently employed as Professor of Computer Science at Johns
`
`Hopkins University, where I perform research, teach graduate courses in computer
`
`science and related subjects, and supervise the research of Ph.D. candidates and other
`
`students. Courses I have taught include Computer Network Fundamentals, Security
`
`and Privacy in Computing, Cryptography, and Advanced Topics in Computer Security.
`
`I am also the Technical Director of the Johns Hopkins University Information Security
`
`Institute, the University’s focal point for research and education in information
`
`security, assurance, and privacy. The University, through the Information Security
`
`Institute’s leadership, has been designated as a Center of Academic Excellence in
`
`Information Assurance by the National Security Agency and leading experts in the
`
`5
`PayPal Inc. v. IOENGINE, LLC
`IPR2019-00886, IPR2019-00887 (US 8,539,047)
`Exhibit 2003
`
`

`

`
`
`field. The focus of my work over my career has been computer security, and my current
`
`research concentrates on systems and networking security, with special attention to
`
`software and network security.
`
`8.
`
`After receiving my Ph.D., I began working at Bellcore in its Cryptography
`
`and Network Security Research Group from 1994 to 1996. During this period, I
`
`focused my work on internet and computer security. While at Bellcore, I published an
`
`article titled “Blocking Java Applets at the Firewall” about the security challenges of
`
`dealing with Java applets and firewalls, and a system that we built to overcome those
`
`challenges.
`
`9.
`
`In 1997, I moved to AT&T Labs, Secure Systems Research Department,
`
`where I continued to focus on internet and computer security. From 1995 through
`
`1999, in addition to my work in industry, I served as Adjunct Professor at New York
`
`University, where I taught undergraduate classes on computer, network, and internet
`
`security issues.
`
`10.
`
`I stayed at AT&T until 2003, when I left to accept a full-time academic
`
`position at Johns Hopkins University. I was promoted to full professor with tenure in
`
`April, 2004.
`
`11.
`
`I serve, or have served, on a number of technical and editorial advisory
`
`boards. For example, I served on the Editorial and Advisory Board for the International
`
`Journal of Information and Computer Security. I also served on the Editorial Board
`
`6
`PayPal Inc. v. IOENGINE, LLC
`IPR2019-00886, IPR2019-00887 (US 8,539,047)
`Exhibit 2003
`
`

`

`
`
`for the Journal of Privacy Technology. I have been Associate Editor of IEEE Security
`
`and Privacy Magazine and have served as Associate Editor of ACM Transactions on
`
`Internet Technology.
`
` I am currently an Associate Editor of
`
`the
`
`journal
`
`Communications of the ACM. I was an Advisory Board Member of Springer’s
`
`Information Security and Cryptography Book Series. I have served in the past as a
`
`member of the DARPA Information Science and Technology Study Group, a member
`
`of the Government Infosec Science and Technology Study Group of Malicious Code,
`
`a member of the AT&T Intellectual Property Review Team, Associate Editor of
`
`Electronic Commerce Research Journal, Co-editor of the Electronic Newsletter of the
`
`IEEE Technical Committee on Security and Privacy, a member of the board of directors
`
`of the USENIX Association (the leading academic computing systems society), and a
`
`member of the editorial board of the Bellcore Security Update Newsletter.
`
`12.
`
`I have spoken on information security and electronic privacy issues at
`
`more than 50 seminars and symposia. For example, I presented keynote addresses on
`
`the topics “Security of Electronic Voting” at Computer Security 2004 Mexico in
`
`Mexico City in May 2004; “Electronic Voting” to the Secure Trusted Systems
`
`Consortium 5th Annual Symposium in Washington DC in December 2003; “Security
`
`Problems on the Web” to the AT&T EUA Customer conference in March 2000; and
`
`“Security on the Internet” to the AT&T Security Workshop in June 1997. I also
`
`7
`PayPal Inc. v. IOENGINE, LLC
`IPR2019-00886, IPR2019-00887 (US 8,539,047)
`Exhibit 2003
`
`

`

`
`
`presented a talk about hacking devices at the TEDx conference in October 2011 and
`
`another TEDx talk on the same topic in September 2015.
`
`13.
`
`I was founder and President of Independent Security Evaluators (ISE), a
`
`computer security consulting firm, from 2005–2011. In that capacity, I guided ISE
`
`through the qualification as an independent testing lab for Consumer Union, which
`
`produces Consumer Reports magazine. As an independent testing lab for Consumer
`
`Union, I managed an annual project where we tested all of the popular anti-virus
`
`products. Our results were published in Consumer Reports each year for three
`
`consecutive years.
`
`14.
`
`I am currently the founder and managing partner of Harbor Labs, a
`
`software and networking consulting firm.
`
`B.
`
`Publications
`
`15.
`
`I am a named inventor on ten U.S. patents in the information security area.
`
`16.
`
`I have also testified before Congress regarding the security issues with
`
`electronic voting machines and in the U.S. Senate on the issue of censorship. I also
`
`testified in Congress on November 19, 2013 about security issues related to the
`
`government’s Healthcare.gov website.
`
`17.
`
`I am author or co-author of five books regarding information security
`
`issues: Brave New Ballot, Random House, 2006; Firewalls and Internet Security
`
`(second edition), Addison Wesley, 2003; White-Hat Security Arsenal, Addison
`
`8
`PayPal Inc. v. IOENGINE, LLC
`IPR2019-00886, IPR2019-00887 (US 8,539,047)
`Exhibit 2003
`
`

`

`
`
`Wesley, 2001; Peer-to-Peer, O’Reilly, 2001; and Web Security Sourcebook, John
`
`Wiley & Sons, 1997. I am also the author of numerous journal and conference
`
`publications, which are reflected in my CV.
`
`III. PERSON OF ORDINARY SKILL IN THE ART
`
`18.
`
`In my opinion, a person of ordinary skill in the art (“POSITA”) would be
`
`a person with a Bachelor of Science degree in Computer Science, or related discipline,
`
`and two to three years of experience in developing, implementing, or deploying
`
`systems for the encryption of data on a portable device.
`
`19. Such a level of skill would encompass a knowledge of computer hardware,
`
`software development, operating systems, networking, portable or embedded devices,
`
`data encryption, data storage, and peripherals, which would be sufficient for
`
`understanding the technology of the ’047 Patent. Because the focus of the ’047 Patent
`
`is not merely on a portable device, but instead a portable device that tunnels data
`
`through a terminal to a remote networked device so as to provide a “solution to securely
`
`access, execute, and process data….,” Ex. 1001 at 2:26-27, a POSITA would have had
`
`experience with encryption. Moreover, secure tunneling on the Internet is typically
`
`done via IPSec and sometimes SSL IPSec and SSL are based on encryption algorithms.
`
`A POSITA would know how these tunneling protocols utilize encryption to protect
`
`information as it transits on the Internet.
`
`9
`PayPal Inc. v. IOENGINE, LLC
`IPR2019-00886, IPR2019-00887 (US 8,539,047)
`Exhibit 2003
`
`

`

`
`
`20. This definition of a POSITA characterizes the ordinary skill of persons
`
`involved with software research and development at AT&T Labs, where I worked in
`
`the Secure Systems Research Department from 1997 to 2003. It also characterizes the
`
`ordinary skill of persons within the Information Security Institute at Johns Hopkins
`
`University involved in research relating to portable device security. Furthermore, in
`
`my role as Professor of Computer Science where I train students to become persons of
`
`ordinary skill in the area of computer security, an understanding of how to develop,
`
`implement, or deploy systems for encrypting data on a portable device would require
`
`building the knowledge and skills outlined above.
`
`IV. LEGAL FRAMEWORK
`
`21.
`
`I am not a legal expert and I offer no opinions on the law. However, I
`
`have been advised by counsel about some of the legal principles relevant to an analysis
`
`of patentability of claims in a United States patent, as summarized below. I have
`
`conducted my analysis in accordance with these principles.
`
`22.
`
`I understand that, for an invention claimed in a patent to be found
`
`patentable, or to be valid, it must be, among other things, new and not obvious in light
`
`of what came before it such as “prior art.”
`
`A.
`
`Standard of Proof
`
`23.
`
`I understand that, in these proceedings, the burden is on the party asserting
`
`unpatentability to prove it by a preponderance of the evidence. I understand that “a
`
`10
`PayPal Inc. v. IOENGINE, LLC
`IPR2019-00886, IPR2019-00887 (US 8,539,047)
`Exhibit 2003
`
`

`

`
`
`preponderance of the evidence” is evidence sufficient to show that something is more
`
`likely than not.
`
`B. Anticipation
`
`24.
`
`I have been informed that a patent claim is invalid as anticipated only if
`
`each and every element and element of that claim is publicly disclosed, either explicitly
`
`or inherently, in a single prior art reference, already in practice in the industry in a
`
`single process or method, already in a single marketed product, or otherwise previously
`
`invented. I also understand that anticipation requires the presence in a single prior art
`
`disclosure of all elements of the claim arranged as in the claim. For a step or element
`
`to be inherent in a reference, I understand that the step or element must necessarily and
`
`inevitably occur or be present when one follows the teachings of the reference. I am
`
`informed that for a reference to be considered as anticipating, it must disclose the
`
`relevant technology in a manner such that a person of ordinary skill in the art would be
`
`able to carry out or utilize the technology that the reference describes without having
`
`to undertake considerable experimentation.
`
`C. Obviousness
`
`25.
`
`I have been informed that a patent claim is invalid as obvious only if it
`
`would have been obvious to a person of ordinary skill in the art at the time the patent
`
`was filed, in light of the prior art. The prior art may include one or more references
`
`that a person of ordinary skill in the art trying to solve the problem that the inventor
`
`11
`PayPal Inc. v. IOENGINE, LLC
`IPR2019-00886, IPR2019-00887 (US 8,539,047)
`Exhibit 2003
`
`

`

`
`
`addressed would likely have considered, as well as the body of knowledge that such a
`
`person would possess. As in the case of a single reference that anticipates a patent
`
`claim, when one or more references make a patent claim obvious, the reference or
`
`combined references relied upon must disclose each and every element of the
`
`challenged claim. If the reference or combined references relied upon fail to disclose
`
`any element in the challenged claim, then it is not obvious.
`
`26.
`
`I have been informed that, although a challenger may rely on a
`
`combination of separate prior art references to support an obviousness challenge, a
`
`person of ordinary skill in the art at the time of filing must have had some motivation
`
`to combine the references. That motivation can come from the problem the invention
`
`purports to solve, from other references, from the teachings of those references
`
`showing the invention is obvious, from other references, or from the common-sense
`
`knowledge of a person of ordinary skill in the art. However, obviousness findings
`
`grounded in common sense must contain explicit and clear reasoning providing some
`
`rational underpinning why common sense compels a finding of obviousness.
`
`27.
`
`I have been informed that assessing which prior art references to combine
`
`and how they may be combined to match the asserted claim may not be based on
`
`hindsight reconstruction or ex-post reasoning. That is, one must view the prior art
`
`forward from the perspective of the person of ordinary skill in the art at the time of
`
`invention, not backwards from the current time through the lens of hindsight. It is my
`
`12
`PayPal Inc. v. IOENGINE, LLC
`IPR2019-00886, IPR2019-00887 (US 8,539,047)
`Exhibit 2003
`
`

`

`
`
`understanding that it is improper to use a patent claim as a template and pick and choose
`
`among the prior art to meet the elements of that claim to show obviousness.
`
`28.
`
`I have been informed that a reference qualifies as prior art for determining
`
`obviousness when it is analogous to the claimed invention. I understand that prior art
`
`may be considered analogous if it is from the same field of endeavor, regardless of the
`
`problem addressed, as the claimed invention. I also understand that prior art may be
`
`considered analogous if it is “reasonably pertinent” to the particular problem with
`
`which the inventor is involved. I have been informed that a reference is “reasonably
`
`pertinent” if it is one which, because of the matter with which it deals, logically would
`
`have commended itself to an inventor’s attention in considering the inventor’s problem.
`
`29.
`
`I have been informed that the factual elements of the obviousness
`
`inquiry—the scope and content of the prior art, the differences between the prior art
`
`and the claims, and the level of ordinary skill in the art at the time of the invention—
`
`are primary to performing a proper obviousness analysis and drawing the appropriate
`
`conclusions from that analysis.
`
`V. THE ’047 PATENT
`
`30. The ’047 Patent describes a tunneling client access point (“TCAP”) that
`
`communicates with an access terminal (e.g., a cellular telephone, or computer), and
`
`communicates with a remote network device (e.g., a server) by “tunneling” data
`
`through the terminal’s network interface. Ex. 1001 Abstract, 1:19−25, 2:39−51,
`
`13
`PayPal Inc. v. IOENGINE, LLC
`IPR2019-00886, IPR2019-00887 (US 8,539,047)
`Exhibit 2003
`
`

`

`
`
`3:42−4:31, 18:12−14, Figs. 1, 9−10. Specifically, the access terminal serves as a
`
`“conduit” or “bridge” through which the TCAP communicates with the server or other
`
`network devices. Id. at 4:61−65, 9:6−8, 28:54−56.
`
`31. To prevent the terminal from accessing information sent between the
`
`TCAP and the server, the TCAP secures the data such that “if data moving out of the
`
`TCAP and across the [access terminal] were captured at the [access terminal], such
`
`data would not be readable.” Id. at 13:2−4, 27:28−28:15, Fig. 10. For example, the
`
`TCAP preferably includes a Cryptographic Server Module, which can be used to
`
`“encrypt all data sent through the access terminal based on the TCAP’s unique ID and
`
`user’s authorization information.” Id. at 28:9−15. This concept is reflected in the Title
`
`and Abstract of the ’047 Patent and is discussed throughout. See ’047 Patent title
`
`(“Apparatus, method and system for a tunneling client access point “), abstract (“The
`
`disclosure details the implementation of a tunneling client access point (TCAP) that is
`
`a highly secure, portable, power efficient storage and data processing device. The
`
`TCAP “tunnels” data through an access terminal’s (AT) input/output facilities.”),
`
`2:39-51, 3:42-4:31. Thus, as discussed below, when the ’047 Patent claims refer to the
`
`TCAP communicating “through” the terminal’s network interface with a network
`
`device (as opposed to communicating “with” the terminal), it means that
`
`communicated data or information is “tunneled” through the terminal in a secure
`
`manner, such that the terminal cannot access it.
`
`14
`PayPal Inc. v. IOENGINE, LLC
`IPR2019-00886, IPR2019-00887 (US 8,539,047)
`Exhibit 2003
`
`

`

`
`
`32. Users interact with the TCAP through an interactive user interface
`
`(“IUI”)—e.g., an interactive graphical user interface—presented by the terminal,
`
`making use of the terminal’s input/output components. Ex. 1001 Abstract, 2:39−46,
`
`3:58−61, 17:51−18:3, 30:65-66, 31:3-5. In order to allow the user to interact with the
`
`IUI presented on the terminal, the claims of the ’047 Patent include a “first input
`
`component” on the terminal. See, e.g., Ex. 1001 30:65, 31:9-19. The IUI presented on
`
`the terminal is thus able to accept user input (from the “first input component”) as
`
`interaction with the presented interface elements, interpret the inputs, and generate
`
`corresponding communications to the TCAP. Further, the user engages with “interface
`
`elements” of the IUI to cause program code to be executed by the TCAP. See, e.g., id.,
`
`10:33 (“Should the user engage a user interface element…”); 10:38 (“engaging the
`
`appropriate user interface element…”); 11:14-16 (“engaging a help facility user
`
`interface element”); 11:64-65 (“engaging an interface element to unfurl the interface”);
`
`1:52-56 (providing examples of “[c]omputer interaction interface elements such as
`
`check boxes, cursors, menus, scrollers, and windows (collectively and commonly
`
`referred to as widgets)…”), 8:20-22 (“The user might simply click on a button and gain
`
`secure access to such data that may be decrypted by the TCAP.”), 9:38-49 (user
`
`engages interface by clicking on a button to access TCAP facilities; the interface
`
`“unfurls” to present more buttons); 10:20-24 (engaging the interface by dragging and
`
`dropping files), 36-39, 10:65-11:5 (drag and drop), 11:14-32, 62-67 (unfurling
`
`15
`PayPal Inc. v. IOENGINE, LLC
`IPR2019-00886, IPR2019-00887 (US 8,539,047)
`Exhibit 2003
`
`

`

`
`
`interface by graphically opening can of soda), 26:7-27 (interface to access the TCAP
`
`functionality); Figs. 5-8 (showing user interface elements).
`
`33. Applications of the TCAP described in the ’047 Patent include, for
`
`example, improving the security of accessing remote data, encrypted communication,
`
`and secure purchasing, payment and billing. Ex. 1001 at Abstract, 2:49−51, 3:65−4:31,
`
`5:11−55, 7:10−8:44, 8:64−9:1, 10:47−62, 12:56−13:28, 19:38−20:24, 27:28−28:15,
`
`Figs. 2, 4, 9−10.
`
`VI. ASSERTED GROUNDS AND REFERENCES RELIED ON
`PETITIONS
`
`IN
`
`34.
`
`I understand that the ’886 Petition asserts three grounds for invalidity as
`
`summarized on page 10 of the ’886 Petition. I understand that the ’887 Petition asserts
`
`four grounds for invalidity as summarized on page 10 of the ’887 Petition. The art
`
`relied on in the ’886 and ’887 Petitions is described in the following sections.
`
`A. DiGiorgio
`
`35. DiGiorgio describes a system for using a secure token device 10 to access
`
`services provided by an Internet Service Provider (“ISP”). Ex. 1010, Title, Abstract,
`
`3:66-4:3, Figs. 1-4. The token device 10 can be, e.g., a smart card or an “ibutton.”. Id.
`
`3:66-4:3, 5:12-17, Figs. 2A-C, 3, 4.
`
`36. The token device 10 connects with a reader 12 that facilitates
`
`communications between a computer system 14 and the token device, Id. 5:26-33, Fig.
`
`16
`PayPal Inc. v. IOENGINE, LLC
`IPR2019-00886, IPR2019-00887 (US 8,539,047)
`Exhibit 2003
`
`

`

`
`
`1, and may be integrated as part of the computer system. Id. 7:63-65. The computer
`
`system 14 may communicate with a remote server 16 via a communication link 15. Id.
`
`5:50-51, Fig. 1.
`
`37. DiGiorgio does not say what kind of user interface, if any, is presented on
`
`the computer system 14. DiGiorgio also does not describe any program code stored in
`
`the memory of or executed by the token that (1) has any involvement in causing an IUI
`
`or any other kind of interface to be presented on the computer 14 or any other device;
`
`or (2) has any effect on what is displayed on the computer 14.
`
`B.
`
`Burger
`
`38. Burger describes a portable electronic authorization system and method
`
`based on an electronic device called a “Pocket Vault” 102 and an associated
`
`token 102a, also referred to as a “Chameleon Card.” Ex. 1011, Title, Abstract, [0086].
`
`The Pocket Vault 102 may be interfaced with an interface station 104, which can
`
`include an interface station computer 304 (e.g., a desktop personal computer (“PC”)),
`
`coupled to a pocket vault interface unit 302. Id. [0123]-[0124]. The token 102a can
`
`be retained in a cavity or slot of the Pocket Vault 102 to engage in a transaction. Id.
`
`[0120].
`
`39. Burger does not describe any program code stored on the Pocket Vault or
`
`the interface unit 302 which (1) when executed, causes the presentation of any kind of
`
`user interface, much less an IUI, on the computer 304, or (2) is executed by a processor
`
`17
`PayPal Inc. v. IOENGINE, LLC
`IPR2019-00886, IPR2019-00887 (US 8,539,047)
`Exhibit 2003
`
`

`

`
`
`in the Pocket Vault or the interface unit in response to a communication resulting from
`
`user interaction with an interactive user interface. In addition, there is no indication
`
`that either the Pocket Vault or the interface unit 302 receives any communication or
`
`causes any communication to be sent as a result of user interaction with an interface on
`
`the computer 304, including an IUI.
`
`40. Furthermore, Burger contains no indication that the Pocket Vault or the
`
`interface unit 302 effects the display on any interface presented on the computer of
`
`processing activity of program code.
`
`C. Brockmann (’886 Petition)
`
`41. Brockmann describes a data communication network for exchange of data
`
`between computers, which comprises at least one substantially wireless local area
`
`network (LAN). Ex. 1039, Title, Abstract.
`
`42. There is no discussion in Brockmann about secure transactions, secure
`
`access to ISP services, IUIs or any other kinds of user interface, or communicating
`
`through a terminal network interface with a communications network node.
`
`D.
`
`Shmueli (’886 Petition)
`
`43. Shmueli describes a portable memory device, or “key,” that interacts with
`
`a host computer to provide a customized configuration for a computing session. Ex.
`
`1009, Abstract, [0024]. The key contains a variety of software functions called
`
`“keylets” which are provided to and executed on the host. Id. [0031], [0034]. The key
`
`18
`PayPal Inc. v. IOENGINE, LLC
`IPR2019-00886, IPR2019-00887 (US 8,539,047)
`Exhibit 2003
`
`

`

`
`
`has a memory to store software and data, but no processor. Id. [0025]-[0026], Fig. 1.
`
`Thus, it is incapable of executing any software.
`
`44. When the key is first plugged into or otherwise connected to the host, the
`
`host runs an initial keylet from the key to authenticate the user. Id. [0028], [0033]-
`
`[0035], Fig. 3A. No security measures are taken before the host executes the user-
`
`authentication keylet. Id. [0034]-[0035], Fig. 3A (Step 106: “EXECUTE INITIAL
`
`KEYLET FROM KEY (UNSECURE)”).
`
`45. There is no discussion in Shmueli about communicating through a
`
`terminal network interface with a communications network node.
`
`E. Atwater (’887 Petition)
`
`46. Awater describes an interoperability device which integrates an IEEE
`
`802.11 transceiver and a Bluetooth transceiver. Ex. 1049, Title, Abstract, Figs. 1, 2.
`
`The two separate transceivers have different purposes in that they are not used in the
`
`same manner and do not connect to the same external device. Specifically, the
`
`Bluetooth transceiver is used when the user is at home and wants to connect to a
`
`telephone for dial-up Internet access, whereas the IEEE 802.11 transceiver is used
`
`when the user in the office and wants to connect to the office LAN. Id. [0051].
`
`47. There is no discussion in Awater about secure transactions, secure access
`
`to ISP services, IUIs, or communicating through a terminal network interface with a
`
`communications network node.
`
`19
`PayPal Inc. v. IOENGINE, LLC
`IPR2019-00886, IPR2019-00887 (US 8,539,047)
`Exhibit 2003
`
`

`

`
`
`F.
`
`Fung (’887 Petition)
`
`48. Fung describes a system, architecture, and method for managing power
`
`consumption, workload, and heat in a computer system and data and information
`
`servers. Ex. 1013, Title, Abstract, [0037], [0041], [0077]-[0081], [0122], [0147],
`
`[0154]. The disclosed methods are for operating computer systems in a compact, high-
`
`performance, low-power-consumption manner, for example, by (1) providing a
`
`plurality of functional modules or nodes, and (2) adjusting the power consumption of
`
`each node based on load and/or quality-of-service (“QOS”) requirements. Id. [0041],
`
`[0045], [0046], [0050]-[0056], Figs. 4-6. In one implementation, Redundant Array of
`
`Independent Disc (“RAID”) data storage is provided for server modules. Id. [0114].
`
`However, the primary focus of Fung is power and temperature management. See, e.g.,
`
`id. [0041], [0077]-[0081], [0122], [0147], [0154].
`
`49. There is no discussion in Fung about secure transactions, secure access to
`
`ISP services, or communicating through a terminal network interface with a
`
`communications network node.
`
`G.
`
`Shima (’887 Petition)
`
`50. Shima describes a system and method for network printing. Ex. 1048,
`
`Title, 1:6-10. The system includes a network printer which receives and prints print
`
`jobs from a plurality of host computers connected to a network. Id. 1:15-17. The
`
`purpose of the Shima system is to allow a user to print information such as Web pages,
`
`20
`PayPal Inc. v. IOENGINE, LLC
`IPR2019-00886, IPR2019-00887 (US 8,539,047)
`Exhibit 2003
`
`

`

`
`
`which are updated periodically, without downloading and printing unnecessary
`
`information. Id. 1:36-55. The system accomplishes this by receiving and printing only
`
`predetermined information. Id. 1:59-2:2.
`
`51. There is no discussion in Shima of authenticating users or devices,
`
`conducting secure transactions, locating a printer near a device used for transactions,
`
`IUIs or any other kinds of user interface, or communicating through a terminal network
`
`interface with a communications network node.
`
`VII. CLAIM CONSTRUCTION
`
`A.
`
`IUI
`
`52. As used in the claims, “an interactive user interface” means “a
`
`presentation containing interface elements with which a user may interact to result in
`
`the terminal taking action responsively by modifying what is presented.”
`
`53. An example of the commonly used definition of an interactive user
`
`interface comes from an influential paper published at the 1992 ACM Conference on
`
`Human Factors in Computing Systems. Dennis J. M. J. de Baar et al., Coupling
`
`Application Design and User Interface Design, Published in CHI ’92 Proceedings of
`
`the SIGCHI Conference on Human Factors in Computing Systems, ACM, New York,
`
`NY, USA (1992), available at https://dl.acm.org/citation.cfm?id=142806, Ex. 2004. In
`
`this paper, de Baar et al. write that “[b]uilding an interactive application involves the
`
`design of both a data model and a graphical user interface (GUI) to present that model
`
`21
`PayPal Inc. v. IOENGINE, LLC
`IPR2019-00886, IPR2019-00887 (US 8,539,047)
`Exhibit 2003
`
`

`

`
`
`to the user.” Id. at p. 1 (Abstract). Fur