UNITED STATES PATENT AND TRADEMARK OFFICE
`____________________
`
`BEFORE THE PATENT TRIAL AND APPEAL BOARD
`____________________
`
`PAYPAL, INC.,
`PETITIONER,
`
`V.
`
`IOENGINE, LLC,
`PATENT OWNER.
`____________________
`
`IPR2019-00907
`
`PATENT 9,059,969
`____________________
`
`DECLARATION OF AVIEL D. RUBIN, PH.D.
`
`
`
`Exhibit 2003
`
`

`

`
`
`I.
`
`II.
`
`TABLE OF CONTENTS
`
`Introduction .......................................................................................................... 3
`
`Qualifications ....................................................................................................... 3
`
`A.
`
`B.
`
`Education & Career ................................................................................... 4
`
`Publications ............................................................................................... 7
`
`III.
`
`Person of Ordinary Skill in the Art ...................................................................... 8
`
`IV. Legal Framework ................................................................................................. 9
`
`A.
`
`B.
`
`C.
`
`Standard of Proof....................................................................................... 9
`
`Anticipation ............................................................................................. 10
`
`Obviousness ............................................................................................. 10
`
`V.
`
`The ’969 Patent .................................................................................................. 12
`
`VI. Asserted Grounds and References Relied On In Petitions ................................ 15
`
`A. DiGiorgio ................................................................................................. 15
`
`B.
`
`C.
`
`D.
`
`Burger ...................................................................................................... 16
`
`Shmueli .................................................................................................... 17
`
`Cannata .................................................................................................... 18
`
`VII. Claim Construction ............................................................................................ 19
`
`A.
`
`IUI ............................................................................................................ 19
`
`“facilitate communications . . . to a communications network node
`B.
`through the terminal [network] communication interface” and “facilitate
`communication[s] [to be transmitted] through . . . the terminal network
`interface to a communications network node” .................................................. 24
`
`C.
`
`“[first/second/third/fourth/fifth] program code” ..................................... 26
`
`“communication received by the portable device resulting from user
`D.
`interaction with the interactive user interface” .................................................. 27
`
`VIII. Detailed Analysis ............................................................................................... 29
`
`A. No Motivation to Combine DiGiorgio and Burger ................................. 29
`
`B.
`
`C.
`
`
`
`Elements Neither Disclosed Nor Obvious .............................................. 35
`
`Dependent Claims ................................................................................... 51
`
`PayPal Inc. v. IOENGINE, LLC
`IPR2019-00907 (US 9,059,969)
`Exhibit 2003
`
`2
`
`

`

`
`
`1.
`
`I, Aviel D. Rubin, make this declaration in connection with the
`
`proceedings identified above.
`
`I.
`
`INTRODUCTION
`
`2.
`
`I have been retained as an expert on behalf of IOENGINE, LLC
`
`(“IOENGINE”) in connection with the proceedings identified above. I submit this
`
`Declaration on behalf of IOENGINE in support of its Preliminary Response responding
`
`to the Petition for Inter Partes Review in Case IPR2019-00907 (the “’907 Petition”)
`
`filed by PayPal, Inc. (“PayPal” or “Petitioner”) challenging claims 1-22 and 24-29 (the
`
`“Challenged Claims”) of U.S. Patent No. 9,059,969 to McNulty (“the ’969 Patent”)
`
`(Ex. 1002).
`
`3.
`
`The opinions in this Declaration are based on my professional training and
`
`experience and my review of the exhibits discussed herein.
`
`4.
`
`I am being compensated for my services in connection with the
`
`proceedings identified above at my regular rate of $775 per hour (plus reimbursement
`
`for expenses). My compensation is in no way contingent on the outcome of the
`
`proceedings identified above or on any of the opinions I provide below.
`
`II. QUALIFICATIONS
`
`5.
`
`I have summarized in this section my educational background, career
`
`history, publications, and other relevant qualifications. My curriculum vitae is
`
`PayPal Inc. v. IOENGINE, LLC
`IPR2019-00907 (US 9,059,969)
`Exhibit 2003
`
`3
`
`

`

`
`
`submitted
`
`as
`
`Ex.
`
`2062,
`
`and
`
`can
`
`also
`
`be
`
`found
`
`at
`
`http://avirubin.com/Avi_Rubins_home_page/Vita.html.
`
`A. Education & Career
`
`6.
`
`I received my Ph.D. in Computer Science and Engineering from the
`
`University of Michigan, Ann Arbor, in 1994, with a specialty in computer security and
`
`cryptographic protocols. My thesis was titled “Nonmonotonic Cryptographic
`
`Protocols” and concerned authentication in long-running networking operations.
`
`7.
`
`I am currently employed as Professor of Computer Science at Johns
`
`Hopkins University, where I perform research, teach graduate courses in computer
`
`science and related subjects, and supervise the research of Ph.D. candidates and other
`
`students. Courses I have taught include Computer Network Fundamentals, Security
`
`and Privacy in Computing, Cryptography, and Advanced Topics in Computer Security.
`
`I am also the Technical Director of the Johns Hopkins University Information Security
`
`Institute, the University’s focal point for research and education in information
`
`security, assurance, and privacy. The University, through the Information Security
`
`Institute’s leadership, has been designated as a Center of Academic Excellence in
`
`Information Assurance by the National Security Agency and leading experts in the
`
`field. The focus of my work over my career has been computer security, and my current
`
`research concentrates on systems and networking security, with special attention to
`
`software and network security.
`
`PayPal Inc. v. IOENGINE, LLC
`IPR2019-00907 (US 9,059,969)
`Exhibit 2003
`
`4
`
`

`

`
`
`8.
`
`After receiving my Ph.D., I began working at Bellcore in its Cryptography
`
`and Network Security Research Group from 1994 to 1996. During this period, I
`
`focused my work on internet and computer security. While at Bellcore, I published an
`
`article titled “Blocking Java Applets at the Firewall” about the security challenges of
`
`dealing with Java applets and firewalls, and a system that we built to overcome those
`
`challenges.
`
`9.
`
`In 1997, I moved to AT&T Labs, Secure Systems Research Department,
`
`where I continued to focus on internet and computer security. From 1995 through
`
`1999, in addition to my work in industry, I served as Adjunct Professor at New York
`
`University, where I taught undergraduate classes on computer, network, and internet
`
`security issues.
`
`10.
`
`I stayed at AT&T until 2003, when I left to accept a full-time academic
`
`position at Johns Hopkins University. I was promoted to full professor with tenure in
`
`April, 2004.
`
`11.
`
`I serve, or have served, on a number of technical and editorial advisory
`
`boards. For example, I served on the Editorial and Advisory Board for the International
`
`Journal of Information and Computer Security. I also served on the Editorial Board
`
`for the Journal of Privacy Technology. I have been Associate Editor of IEEE Security
`
`and Privacy Magazine and have served as Associate Editor of ACM Transactions on
`
`Internet Technology.
`
` I am currently an Associate Editor of
`
`the
`
`journal
`
`PayPal Inc. v. IOENGINE, LLC
`IPR2019-00907 (US 9,059,969)
`Exhibit 2003
`
`5
`
`

`

`
`
`Communications of the ACM. I was an Advisory Board Member of Springer’s
`
`Information Security and Cryptography Book Series. I have served in the past as a
`
`member of the DARPA Information Science and Technology Study Group, a member
`
`of the Government Infosec Science and Technology Study Group of Malicious Code,
`
`a member of the AT&T Intellectual Property Review Team, Associate Editor of
`
`Electronic Commerce Research Journal, Co-editor of the Electronic Newsletter of the
`
`IEEE Technical Committee on Security and Privacy, a member of the board of directors
`
`of the USENIX Association (the leading academic computing systems society), and a
`
`member of the editorial board of the Bellcore Security Update Newsletter.
`
`12.
`
`I have spoken on information security and electronic privacy issues at
`
`more than 50 seminars and symposia. For example, I presented keynote addresses on
`
`the topics “Security of Electronic Voting” at Computer Security 2004 Mexico in
`
`Mexico City in May 2004; “Electronic Voting” to the Secure Trusted Systems
`
`Consortium 5th Annual Symposium in Washington DC in December 2003; “Security
`
`Problems on the Web” to the AT&T EUA Customer conference in March 2000; and
`
`“Security on the Internet” to the AT&T Security Workshop in June 1997. I also
`
`presented a talk about hacking devices at the TEDx conference in October 2011 and
`
`another TEDx talk on the same topic in September 2015.
`
`13.
`
`I was founder and President of Independent Security Evaluators (ISE), a
`
`computer security consulting firm, from 2005–2011. In that capacity, I guided ISE
`
`PayPal Inc. v. IOENGINE, LLC
`IPR2019-00907 (US 9,059,969)
`Exhibit 2003
`
`6
`
`

`

`
`
`through the qualification as an independent testing lab for Consumer Union, which
`
`produces Consumer Reports magazine. As an independent testing lab for Consumer
`
`Union, I managed an annual project where we tested all of the popular anti-virus
`
`products. Our results were published in Consumer Reports each year for three
`
`consecutive years.
`
`14.
`
`I am currently the founder and managing partner of Harbor Labs, a
`
`software and networking consulting firm.
`
`B.
`
`Publications
`
`15.
`
`I am a named inventor on ten U.S. patents in the information security area.
`
`16.
`
`I have also testified before Congress regarding the security issues with
`
`electronic voting machines and in the U.S. Senate on the issue of censorship. I also
`
`testified in Congress on November 19, 2013 about security issues related to the
`
`government’s Healthcare.gov website.
`
`17.
`
`I am author or co-author of five books regarding information security
`
`issues: Brave New Ballot, Random House, 2006; Firewalls and Internet Security
`
`(second edition), Addison Wesley, 2003; White-Hat Security Arsenal, Addison
`
`Wesley, 2001; Peer-to-Peer, O’Reilly, 2001; and Web Security Sourcebook, John
`
`Wiley & Sons, 1997. I am also the author of numerous journal and conference
`
`publications, which are reflected in my CV.
`
`PayPal Inc. v. IOENGINE, LLC
`IPR2019-00907 (US 9,059,969)
`Exhibit 2003
`
`7
`
`

`

`
`
`III. PERSON OF ORDINARY SKILL IN THE ART
`
`18.
`
`In my opinion, a person of ordinary skill in the art (“POSITA”) would be
`
`a person with a Bachelor of Science degree in Computer Science, or related discipline,
`
`and two to three years of experience in developing, implementing, or deploying
`
`systems for the encryption of data on a portable device.
`
`19. Such a level of skill would encompass a knowledge of computer hardware,
`
`software development, operating systems, networking, portable or embedded devices,
`
`data encryption, data storage, and peripherals, which would be sufficient for
`
`understanding the technology of the ’969 Patent. Because the focus of the ’969 Patent
`
`is not merely on a portable device, but instead a portable device that tunnels data
`
`through a terminal to a remote networked device so as to provide a “solution to securely
`
`access, execute, and process data….,” ’969 Patent at 2:26-27, a POSITA would have
`
`had experience with encryption. Moreover, secure tunneling on the Internet is typically
`
`done via IPSec and sometimes SSL. IPSec and SSL are based on encryption
`
`algorithms. A POSITA would know how these tunneling protocols utilize encryption
`
`to protect information as it transits on the Internet.
`
`20. This definition of a POSITA characterizes the ordinary skill of persons
`
`involved with software research and development at AT&T Labs, where I worked in
`
`the Secure Systems Research Department from 1997 to 2003. It also characterizes the
`
`ordinary skill of persons within the Information Security Institute at Johns Hopkins
`
`PayPal Inc. v. IOENGINE, LLC
`IPR2019-00907 (US 9,059,969)
`Exhibit 2003
`
`8
`
`

`

`
`
`University involved in research relating to portable device security. Furthermore, in
`
`my role as Professor of Computer Science where I train students to become persons of
`
`ordinary skill in the area of computer security, an understanding of how to develop,
`
`implement, or deploy systems for encrypting data on a portable device would require
`
`building the knowledge and skills outlined above.
`
`IV. LEGAL FRAMEWORK
`
`21.
`
`I am not a legal expert and I offer no opinions on the law. However, I
`
`have been advised by counsel about some of the legal principles relevant to an analysis
`
`of patentability of claims in a United States patent, as summarized below. I have
`
`conducted my analysis in accordance with these principles.
`
`22.
`
`I understand that, for an invention claimed in a patent to be found
`
`patentable, or to be valid, it must be, among other things, new and not obvious in light
`
`of what came before it such as “prior art.”
`
`A.
`
`Standard of Proof
`
`23.
`
`I understand that, in these proceedings, the burden is on the party asserting
`
`unpatentability to prove it by a preponderance of the evidence. I understand that “a
`
`preponderance of the evidence” is evidence sufficient to show that something is more
`
`likely than not.
`
`PayPal Inc. v. IOENGINE, LLC
`IPR2019-00907 (US 9,059,969)
`Exhibit 2003
`
`9
`
`

`

`
`
`B. Anticipation
`
`24.
`
`I have been informed that a patent claim is invalid as anticipated only if
`
`each and every element and element of that claim is publicly disclosed, either explicitly
`
`or inherently, in a single prior art reference, already in practice in the industry in a
`
`single process or method, already in a single marketed product, or otherwise previously
`
`invented. I also understand that anticipation requires the presence in a single prior art
`
`disclosure of all elements of the claim arranged as in the claim. For a step or element
`
`to be inherent in a reference, I understand that the step or element must necessarily and
`
`inevitably occur or be present when one follows the teachings of the reference. I am
`
`informed that for a reference to be considered as anticipating, it must disclose the
`
`relevant technology in a manner such that a person of ordinary skill in the art would be
`
`able to carry out or utilize the technology that the reference describes without having
`
`to undertake considerable experimentation.
`
`C. Obviousness
`
`25.
`
`I have been informed that a patent claim is invalid as obvious only if it
`
`would have been obvious to a person of ordinary skill in the art at the time the patent
`
`was filed, in light of the prior art. The prior art may include one or more references
`
`that a person of ordinary skill in the art trying to solve the problem that the inventor
`
`addressed would likely have considered, as well as the body of knowledge that such a
`
`person would possess. As in the case of a single reference that anticipates a patent
`
`PayPal Inc. v. IOENGINE, LLC
`IPR2019-00907 (US 9,059,969)
`Exhibit 2003
`
`10
`
`

`

`
`
`claim, when one or more references make a patent claim obvious, the reference or
`
`combined references relied upon must disclose each and every element of the
`
`challenged claim. If the reference or combined references relied upon fail to disclose
`
`any element in the challenged claim, then it is not obvious.
`
`26.
`
`I have been informed that, although a challenger may rely on a
`
`combination of separate prior art references to support an obviousness challenge, a
`
`person of ordinary skill in the art at the time of filing must have had some motivation
`
`to combine the references. That motivation can come from the problem the invention
`
`purports to solve, from other references, from the teachings of those references
`
`showing the invention is obvious, from other references, or from the common-sense
`
`knowledge of a person of ordinary skill in the art. However, obviousness findings
`
`grounded in common sense must contain explicit and clear reasoning providing some
`
`rational underpinning why common sense compels a finding of obviousness.
`
`27.
`
`I have been informed that assessing which prior art references to combine
`
`and how they may be combined to match the asserted claim may not be based on
`
`hindsight reconstruction or ex-post reasoning. That is, one must view the prior art
`
`forward from the perspective of the person of ordinary skill in the art at the time of
`
`invention, not backwards from the current time through the lens of hindsight. It is my
`
`understanding that it is improper to use a patent claim as a template and pick and choose
`
`among the prior art to meet the elements of that claim to show obviousness.
`
`PayPal Inc. v. IOENGINE, LLC
`IPR2019-00907 (US 9,059,969)
`Exhibit 2003
`
`11
`
`

`

`
`
`28.
`
`I have been informed that a reference qualifies as prior art for determining
`
`obviousness when it is analogous to the claimed invention. I understand that prior art
`
`may be considered analogous if it is from the same field of endeavor, regardless of the
`
`problem addressed, as the claimed invention. I also understand that prior art may be
`
`considered analogous if it is “reasonably pertinent” to the particular problem with
`
`which the inventor is involved. I have been informed that a reference is “reasonably
`
`pertinent” if it is one which, because of the matter with which it deals, logically would
`
`have commended itself to an inventor’s attention in considering the inventor’s problem.
`
`29.
`
`I have been informed that the factual elements of the obviousness
`
`inquiry—the scope and content of the prior art, the differences between the prior art
`
`and the claims, and the level of ordinary skill in the art at the time of the invention—
`
`are primary to performing a proper obviousness analysis and drawing the appropriate
`
`conclusions from that analysis.
`
`V. THE ’969 PATENT
`
`30. The ’969 Patent describes a tunneling client access point (“TCAP”) that
`
`communicates with an access terminal (e.g., a cellular telephone or computer), and also
`
`communicates with a remote network device (e.g., a server) by “tunneling” data
`
`through the terminal’s network interface. ’969 Patent Title, Abstract, 1:19−25,
`
`2:39−51, 3:41−4:30, 18:12−14, Figs. 1, 9−10. Specifically, the access terminal serves
`
`PayPal Inc. v. IOENGINE, LLC
`IPR2019-00907 (US 9,059,969)
`Exhibit 2003
`
`12
`
`

`

`
`
`as a “conduit” or “bridge” through which the TCAP communicates with the server or
`
`other network devices. Id. at 4:60–64, 28:54–57.
`
`31. To prevent the terminal from accessing information sent between the
`
`TCAP and the server, the TCAP secures the data such that “if data moving out of the
`
`TCAP and across the [terminal] were captured at the [terminal], such data would not
`
`be readable.” Id. at 12:67–13:4, 27:28–28:15, Fig. 10. For example, the TCAP
`
`preferably includes a Cryptographic Server Module, which can be used to “encrypt all
`
`data sent through the access terminal based on the TCAP’s unique ID and user’s
`
`authorization information.” Id. at 28:9−12. Thus, when the ’969 Patent claims refer
`
`to the portable device facilitating communications “through” the terminal’s network
`
`interface to a network device (as opposed to communicating “with” or “to” the
`
`terminal), it means that information is “tunneled” through the terminal in a secure
`
`manner, such that the terminal cannot access it.
`
`32. Users interact with an interactive user interface (“IUI”)—e.g., an
`
`interactive graphical user interface—presented by the terminal on the “output
`
`component.” ’969 Patent Abstract, 2:39–46, 3:57–60, 17:51–18:3, 30:60–66, 33:8–13,
`
`34:2–7. In order to allow the user to interact with the IUI presented on the terminal,
`
`the claims include an “input component” on the terminal. See, e.g., ’969 Patent 30:62,
`
`33:8, 34:2. The IUI on the terminal is thus able to accept user input (from the “input
`
`component”) as interaction with the presented interface elements, interpret the inputs,
`
`PayPal Inc. v. IOENGINE, LLC
`IPR2019-00907 (US 9,059,969)
`Exhibit 2003
`
`13
`
`

`

`
`
`and generate corresponding communications to the TCAP. Further, the user engages
`
`with “interface elements” of the IUI to cause program code to be executed by the
`
`TCAP. See, e.g., id., 10:32 (“Should the user engage a user interface element…”);
`
`10:37-38 (“engaging the appropriate user interface element…”); 11:14-15 (“engaging
`
`a help facility user interface element”); 11:63-64 (“engaging an interface element to
`
`unfurl the interface”); 1:52-61 (providing examples of “[c]omputer interaction
`
`interface elements such as check boxes, cursors, menus, scrollers, and windows
`
`(collectively and commonly referred to as widgets)…”); 8:19-21 (“The user might
`
`simply click on a button and gain secure access to such data that may be decrypted by
`
`the TCAP.”), 9:32-48 (user engages interface by clicking on button to access TCAP
`
`facilities; the interface “unfurls” to present more buttons); 10:19-23 (engaging the
`
`interface by dragging and dropping files), 10:32-43 (drag-and-drop zone); 10:62-11:4
`
`(drag and drop), 11:13-31 (“engaging a help facility user interface element”); 11:61-64
`
`(unfurling interface by graphically opening can of soda); Figs. 5-8 (showing user
`
`interface elements).
`
`33. Applications of the TCAP include, e.g., securely accessing remote data,
`
`encrypted communication, and secure purchasing, payment and billing. ’969 Patent
`
`2:49–51, 8:63−9:1, 12:55−13:27, fig. 2.
`
`PayPal Inc. v. IOENGINE, LLC
`IPR2019-00907 (US 9,059,969)
`Exhibit 2003
`
`14
`
`

`

`
`
`VI. ASSERTED GROUNDS AND REFERENCES RELIED ON
`PETITIONS
`
`IN
`
`34.
`
`I understand that the ’907 Petition asserts three grounds for invalidity as
`
`summarized on page 9 of the ’907 Petition. The art relied on in the ’907 Petition is
`
`described in the following sections.
`
`A. DiGiorgio
`
`35. DiGiorgio describes a system for using a secure token device 10 to access
`
`services provided by an Internet Service Provider (“ISP”). Ex. 1010, Title, Abstract,
`
`3:66-4:3, Figs. 1-4. The token device 10 can be, e.g., a smart card or an “ibutton.”. Id.
`
`3:66-4:3, 5:12-17, Figs. 2A-C, 3, 4.
`
`36. The token device 10 connects with a reader 12 that facilitates
`
`communications between a computer system 14 and the token device, Id. 5:26-33, Fig.
`
`1, and may be integrated as part of the computer system. Id. 7:63-65. There is no
`
`indication in DiGiorgio that the reader is portable. The computer system 14 may
`
`communicate with a remote server 16 via a communication link 15. Id. 5:50-51, Fig.
`
`1. However, there is nothing in DiGiorgio to suggest that the computer does not have
`
`access to communications between the token and server.
`
`37. DiGiorgio’s computer has applications to communicate with the token, id.
`
`5:31-33, and has a separate network adapter for communicating with the server, id.
`
`PayPal Inc. v. IOENGINE, LLC
`IPR2019-00907 (US 9,059,969)
`Exhibit 2003
`
`15
`
`

`

`
`
`7:24-31, but contains no software that facilitates communications with both the token
`
`and the server.
`
`38. DiGiorgio says nothing about what kind of user interface, if any, is
`
`presented on the computer 14. In addition, there is nothing in DiGiorgio about program
`
`code that is configured (1) to be executed by the token or reader in response to a
`
`communication resulting from user interaction with an IUI, and (2) to cause a
`
`communication to be transmitted to the server, much less a communication that
`
`facilitates transmission of encrypted communications from the server to the computer
`
`14.
`
`39. DiGiorgio also does not describe verification of the token or the reader, or
`
`download of any program code from the server to the computer.
`
`B.
`
`Burger
`
`40. Burger describes a portable electronic authorization system and method
`
`based on an electronic device called a “Pocket Vault” 102 and an associated
`
`token 102a, also referred to as a “Chameleon Card.” Ex. 1011, Title, Abstract, [0086].
`
`The Pocket Vault 102 may be interfaced with an interface station 104, which can
`
`include an interface station computer 304 (e.g., a desktop personal computer (“PC”)),
`
`coupled to a pocket vault interface unit 302. Id. [0123]-[0124]. There is no indication
`
`in Burger that the interface unit is portable.
`
`PayPal Inc. v. IOENGINE, LLC
`IPR2019-00907 (US 9,059,969)
`Exhibit 2003
`
`16
`
`

`

`
`
`41. Burger does not describe any program code stored on the Pocket Vault or
`
`the interface unit 302 which (1) when executed, causes the presentation of any kind of
`
`user interface, much less an IUI, on the computer 304, or (2) is executed by a processor
`
`in the Pocket Vault or the interface unit in response to a communication resulting from
`
`user interaction with an interactive user interface. In addition, there is no indication
`
`that either the Pocket Vault or the interface unit 302 receives any communication or
`
`causes any communication to be sent as a result of user interaction with an interface on
`
`the computer 304. In particular, neither the Pocket Vault nor the interface unit
`
`executes, in response to a communication resulting from user interaction with an IUI,
`
`any program code configured to cause a communication to be transmitted to the server,
`
`much less a communication that facilitates transmission of encrypted communications
`
`from the server to the computer.
`
`42. Burger’s computer can communicate with both the interface unit and a
`
`server, id. [0124], [0176], Fig. 3, but nothing in Burger suggests that the computer does
`
`not have access to communications between the interface unit and the server.
`
`43. Burger also does not describe verification of the Pocket Vault or the
`
`interface unit or download of any program code from the server to the computer.
`
`C.
`
`Shmueli
`
`44. Shmueli describes a portable memory device, or “key,” that interacts with
`
`a host computer to provide a customized configuration for a computing session. Ex.
`
`PayPal Inc. v. IOENGINE, LLC
`IPR2019-00907 (US 9,059,969)
`Exhibit 2003
`
`17
`
`

`

`
`
`1009, Abstract, [0024]. The key contains a variety of software functions called
`
`“keylets” which are provided to and executed on the host. Id. [0031], [0034]. The key
`
`has a memory to store software and data, but no processor. Id. [0025]-[0026], Fig. 1.
`
`Thus, it is cannot execute program code.
`
`45. When the key is first plugged into or otherwise connected to the host, the
`
`host runs an initial keylet from the key to authenticate the user. Id. [0028], [0033]-
`
`[0035], Fig. 3A. No security measures are taken before the host executes the user-
`
`authentication keylet. Id. [0034]-[0035], Fig. 3A (Step 106: “EXECUTE INITIAL
`
`KEYLET FROM KEY (UNSECURE)”).
`
`D. Cannata
`
`46. Cannata describes a system and method for providing Web-based
`
`groupware. Ex. 1052, Title, 1:9-12. The purpose of Cannata’s system is to allow
`
`workers in different locations to collaborate with each other on projects by sharing
`
`information via a web server. Id. 1:15-41, 3:28-62, 4:29-40, 6:35-60. The reference
`
`briefly mentions displaying a stock ticker on a webpage but says nothing further about
`
`it. Id. 9:13-22.
`
`PayPal Inc. v. IOENGINE, LLC
`IPR2019-00907 (US 9,059,969)
`Exhibit 2003
`
`18
`
`

`

`
`
`VII. CLAIM CONSTRUCTION
`
`A.
`
`IUI
`
`47. As used in the claims, “an interactive user interface” means “a
`
`presentation containing interface elements with which a user may interact to result in
`
`the terminal taking action responsively by modifying what is presented.”
`
`48. An example of the commonly used definition of an interactive user
`
`interface comes from an influential paper published at the 1992 ACM Conference on
`
`Human Factors in Computing Systems. Dennis J. M. J. de Baar et al., Coupling
`
`Application Design and User Interface Design, Published in CHI ’92 Proceedings of
`
`the SIGCHI Conference on Human Factors in Computing Systems, ACM, New York,
`
`NY, USA (1992), available at https://dl.acm.org/citation.cfm?id=142806, Ex. 2004. In
`
`this paper, de Baar et al. write that “[b]uilding an interactive application involves the
`
`design of both a data model and a graphical user interface (GUI) to present that model
`
`to the user.” Id. at p. 1 (Abstract). Furthermore, “[e]xternal attributes and methods are
`
`represented in the user interface as standard interaction objects such as buttons,
`
`settings, or sliders (hereafter referred to as “controls”) or as data manipulated directly
`
`by the user.” Id. at p. 1 (Introduction). Therefore, it would have been understood that
`
`an interactive user interface for such an interactive application would have user
`
`interface elements represented within the user interface.
`
`PayPal Inc. v. IOENGINE, LLC
`IPR2019-00907 (US 9,059,969)
`Exhibit 2003
`
`19
`
`

`

`
`
`49.
`
`de Baar et al. further explain that “[i]nteraction objects are controls such
`
`as buttons, sliders, or menus that can be manipulated directly by the user.” By reference
`
`to Figures 1 and 2, which appear below, de Baar et al. further explain that “[e]very
`
`interaction object in the user interface is associated with an action or attribute in the
`
`application data model (Figure 1). In Figure 2, for example, the attribute ‘volume
`
`Input’ in the application data model is linked to a slider that can be used to change its
`
`value.” Id. at p. 2; Figs. 1-2. These interaction objects are presented within the user
`
`interface and are responsive to user interaction.
`
`
`
`PayPal Inc. v. IOENGINE, LLC
`IPR2019-00907 (US 9,059,969)
`Exhibit 2003
`
`20
`
`

`

`
`
`
`
`50. The types of interactive user interfaces described in de Baar serve as
`
`baseline points of reference when considering the interactive user interface (“IUI”)
`
`described in the ’969 Patent. To begin with, the IUI is presented on the access terminal.
`
`’969 Patent abstract, figs. 5−8, 4:39–64, 30:65–66 (“first program code which, when
`
`executed…, is configured to present an interactive user interface on the terminal output
`
`component”). Furthermore, the IUI is “interactive” in the sense that the user may
`
`manipulate the IUI such that the device on which the IUI resides—the terminal—acts
`
`responsively to the user’s input by modifying what is presented. Id. 9:37–48 (when
`
`user clicks button, interface “further unfurl[s]” to present options to access facilities
`
`and services, including a login button which takes user to a login screen), 10:19–23
`
`(engaging the interface by dragging and dropping files), 10:35–38, 10:64–11:4 (drag
`
`and drop), 11:13–31, 11:61–66 (unfurling interface by graphically opening can of
`PayPal Inc. v. IOENGINE, LLC
`21
`IPR2019-00907 (US 9,059,969)
`Exhibit 2003
`
`

`

`
`
`soda), Figs. 5−8. In contrast, if the user’s input were simply passed along to a different
`
`device, such that the device presenting the interface behaves no differently regardless
`
`of the user’s input, then a POSITA would not consider the user to be interacting with
`
`the interactive user interface.
`
`51. Furthermore, similar to the “interaction objects” of de Baar, the ’969
`
`Patent explains that user interaction takes place by way of “computer interaction
`
`interface elements such as check boxes, cursors, menus, scrollers, and windows….”
`
`’969 Patent 1:52–61; see also id. figs. 5−8 (showing various interaction interface
`
`elements of an IUI). The interaction interface elements are not simply examples or
`
`suggestions. It is these interaction interface elements that “allow for the display,
`
`execution, interaction, manipulation, and/or operation of program modules and/or
`
`system facilities through textual and/or graphical facilities,” and “provide[] a facility
`
`through which users may affect, interact, and/or operate a computer system.” Id. at
`
`17:58–63; see also id. at 10:32–46 (engaging an interface element to manipulate data),
`
`11:13–17 (accessing help facilities by “engaging a help facility user interface
`
`element”).
`
`52.
`
`Indeed, a central purpose of the invention of th