`PATENT NO.9,218,787
`
`UNITED STATES PATENT AND TRADEMARK OFFICE
`
`BEFORE THE PATENT TRIAL AND APPEAL BOARD
`
`APPLEINC.,
`
`Petitioner,
`
`V.
`
`RFCYBER CORP.,
`
`Patent Owner.
`
`Patent No. 9,189,787
`Filing Date: May 28, 2013
`Issue Date: November 17, 2015
`
`Inventors: Liang Seng Koh, Futong Cho, Hsin Pan, and Fuliang Cho
`Title: METHOD AND APPARATUS FOR CONDUCTING
`E-COMMENCE AND M-COMMENCE
`
`DECLARATION OF MIGUEL GOMEZ
`
`Case No. IPR2022-00412
`
`
`RFCyber's Exhibit No. 2007, IPR2022-00412
`Page 001
`
`RFCyber's Exhibit No. 2007, IPR2022-00412
`Page 001
`
`
`
`I, Miguel Gomez, declare as follows:
`
`IPR2022-00412
`PATENT NO. 9,189,787
`
`1.|[ have been asked by counsel for Patent Owner RFCyber Corp.
`
`(“RFCyber”or “Patent Owner”) to review U.S. Patent No. 9,189,787 (the “787
`
`Patent”) entitled PROCESSING WITH COMPACT ARITHMETIC
`
`PROCESSING ELEMENT,and to provide my technical review, analysis, insights,
`
`and opinions regarding the ’787 Patent in view ofthe prior art cited by Petitioner
`
`Apple Inc. (““Apple”or “Petitioner’”’).
`
`I submit this declaration in support of Patent
`
`Owner’s Responsein this IPR proceeding. I have personal knowledge ofthe
`
`matters stated herein and would be competentto testify to them if required.
`
`2.
`
`[have been retained on behalf of RFCyber Corp. for the above-
`
`captioned inter partes review proceeding. I understand that the ’787 Patentis
`
`currently assigned to RFCyber Corp.
`
`3.
`
`Lam over 18 years of age. I have personal knowledge of the facts
`
`stated in this Declaration and could testify competently if asked to do so.
`
`I.
`
`INTRODUCTION
`
`A.
`
`4.
`
`Background and Qualifications
`
`[have reviewed and am familiar with the specification of the *787
`
`Patent. I understand that the ’787 Patent has been provided as Exhibit 1001. I will
`
`cite to the specification using the following format: °787 Patentat col.:line.
`
`1.
`
`Research and Professional Experience
`
`RFCyber's Exhibit No. 2007, IPR2022-00412
`Page 002
`
`RFCyber's Exhibit No. 2007, IPR2022-00412
`Page 002
`
`
`
`IPR2022-00412
`PATENT NO.9,189,787
`5.|My CVisbeing submitted simultaneously herewith as Exhibit 2008.
`
`6.
`
`I received a Bachelor ofScience in Electrical Engineering degree
`
`from Yale University in 1983. I have overforty years of experience developing
`
`hardware and software technology used in computer systems, communications
`
`systems, networking, storage infrastructure, and database systems. My experience
`
`includes extensive knowledge of computer operating systems, computer protocols,
`
`and programming languagesusedin both fixed and mobile applications. I am also
`
`highly skilled in the use ofmicroelectronics simulation software, ASIC and FPGA
`
`development and the languages thereof such as Verilog and VHDL. I’m also
`
`skilled at programming in C , C++ , and Python and C#.
`
`7.
`
`From August 2006 to March 2009, I was VP of engineering for
`
`ActSolar. ActSolar developed solar power conversion systemsthat included power
`
`efficiency and cost analysis tools.
`
`8.
`
`In 2006, ActSolar was sold to National Semiconductor. The transfer
`
`oftechnology included the wireless interface for data collection, the inverter and a
`
`variant of the power converter hardware that performed shading compensation.
`
`9.
`
`From September 2004 to August 2005, I was a consultant for
`
`BridgeWave Inc. Bridgewave was a microwave connection companyto wirelessly
`
`transmit Ethernet packets for long haul telephony networks. The equipment was
`
`RFCyber's Exhibit No. 2007, IPR2022-00412
`Page 003
`
`RFCyber's Exhibit No. 2007, IPR2022-00412
`Page 003
`
`
`
`IPR2022-00412
`PATENT NO. 9,189,787
`
`mostly intended for international markets where copper wire installations is
`
`prohibitively expensive.
`
`10.
`
`From September 2003 to March 2004,I was a consultant for PA
`
`Consulting Group.
`
`I provided hardware and software evaluation services for
`
`corporate mergers and acquisitions. These services included system reviewsin the
`
`following areas: (1) Analysis of system cost to performanceratios; (2) Review of
`
`the hardware and software code implementations, documentation and development
`
`strategies; (3) compilation processes, simulation, test coverage, bug tracking and
`
`source code control; (4) Tool chain managementanalysis; (5) Circuit board design
`
`and layout design rules for production environments; (6) Circuit board certification
`
`testing for FCC, UL, and Environmentaltests; (7) Review of productionline
`
`managementincluding assembly andtest processes; and (8) Review of hardware
`
`code for copyrightor license violations.
`
`11.
`
`From January 2003 to May 2003, I was a consultant for Santel
`
`Networks. Santle Networks wasa high speed fiber optics supplier to the telecom
`
`industry. Here I developed an optical duo-binary (ODB) encoder that operated at
`
`10.7 Giga bits per second (GBps), Several patents were applied for and the board
`
`was shown at the Optical Fiber Communication Conference & Exposition in
`
`March of 2003.
`
`RFCyber's Exhibit No. 2007, IPR2022-00412
`Page 004
`
`RFCyber's Exhibit No. 2007, IPR2022-00412
`Page 004
`
`
`
`IPR2022-00412
`PATENT NO. 9,189,787
`
`12.
`
`From March 2001 to December 2002,I was Director of Hardware,
`
`Content Networking Division for Extreme Networks, Inc. I manageda team of
`
`hardware and software engineers that developed and maintained a Layer 2-5
`
`Content Addressable Switch. The switch was capable ofL2, L3, L4 switching as
`
`well as L5 switching based on packet content. Security was provided through
`
`Secure Sockets and DESencryptionlayers.
`
`13.
`
`From January 2000 to March 2001, I was Director of Hardware for
`
`Webstacks, Inc. (now Extreme Networks, Inc.). At Webstacks I assembled a team
`
`to build the Content Addressable Switch later sold to Extreme Networks. This
`
`switch provided L2-5 load balancing services for routing via MAC, IP and HTTP
`
`content based routing mechanisms. The system includedfirewall and security
`
`capabilities utilizing Secure Sockets Layers (SSL). My responsibilities were to
`
`design theinitial system architecture as well as to hire and manage the hardware
`
`and software implementation teams. Product development time was 16 months
`
`after which we were acquired by Extreme Networks for $68MM cash andstock.
`
`14.
`
`From February 1997 to December 1999, as consultant for Philips
`
`Semiconductor I developed thecertification environment used by Microsoft to
`
`validate Windows CE onthe Philips' Poseidon handheld chipset.
`
`15.
`
`From September 1994 to January 1997, I was President and Founder
`
`of Minden Group, Inc. The Minden Group developed andsold several types of
`
`RFCyber's Exhibit No. 2007, IPR2022-00412
`Page 005
`
`RFCyber's Exhibit No. 2007, IPR2022-00412
`Page 005
`
`
`
`IPR2022-00412
`PATENT NO. 9,189,787
`
`memory adapters and a video conferencing system. The memory adapters
`
`provided a cost effective memory expansion solution for personal computerusers.
`
`Both the adapters and the video conferencing system were sold through retail
`
`stores throughout the United States and Canada. Over 350,000 memory adapters
`
`were soldat stores such as Fry's, CompUSA, Computer City and Future Shop.
`
`After developing these products, I organized and managed a team of10 to 15
`
`employees focused on sales, marketing, finance and production.
`
`16.
`
`From August 1992 to September 1994, I was Senior Hardware
`
`Manager of RAID Product Development for MTI,Inc. In this capacity, I was
`
`responsible for architectural development of the next generation RAID 1-5 systems
`
`and for managing the product developmentgroup.
`
`17.
`
`From April 1989 to August 1992, I was Founder and President of
`
`Spectrum Analysis, Inc., a consulting services company. I founded and operated
`
`Spectrum Analysis, Inc. with three other partners. Spectrum Analysis, Inc.
`
`specialized in electrical circuit design with emphasis on FPGA and ASIC
`
`emulation and complex PCB level designs.
`
`18.
`
`From September 1988 to March 1989, I was Applications Manager
`
`for Quickturn Systems, Inc. Quickturn developed an ASIC emulator using Xilinx
`
`FPGAs. I developed the methodology of adapting ASIC designs to the emulator
`
`and implementing DRAM memory forstorage.
`
`RFCyber's Exhibit No. 2007, IPR2022-00412
`Page 006
`
`RFCyber's Exhibit No. 2007, IPR2022-00412
`Page 006
`
`
`
`IPR2022-00412
`PATENT NO. 9,189,787
`From July 1987 to August 1988, I was an Applications Engineer for
`
`19.
`
`Telestream Corporation and was responsible for demonstration system
`
`development, training and sales support for a software based communications
`
`protocol converter product.
`
`20.
`
`From June 1983 to March 1985, I was a Design Engineer for ROLM
`
`Corporation. I was responsible for the developmentof the bus management
`
`protocols used in the ROLM BUS295telephone switch.
`
`2.
`
`Education
`
`21. Yale University, 1983. Bachelor of Science, Electrical Engineering
`
`i
`
`Patents
`
`22.
`
`[am anamedinventor on the following patents:
`
`a. US7,814,204 — Method and system for analyzing the content of
`
`resource requests
`
`b. US8,412,838 — Method and system for analyzing the content of
`
`resource requests
`
`c. US7,447,777 — Switching System
`
`d. US7,298,746 — Method and system for reassembling and parsing
`
`packets in a network environment
`
`RFCyber's Exhibit No. 2007, IPR2022-00412
`Page 007
`
`RFCyber's Exhibit No. 2007, IPR2022-00412
`Page 007
`
`
`
`e. W0O2009140548A2 — System and method for an array of
`
`IPR2022-00412
`PATENT NO.9,189,787
`
`intelligent inverters
`
`Il.
`
`COMPENSATION
`
`23. Mycompensation for time worked on this proceeding is not
`
`dependenton any issuesrelated to the ’787 Patent, the outcome ofthis proceeding,
`
`or the substance of my opinions. My compensation for time worked on this
`
`proceeding is at my customary rate of $550/hour. I have nofinancial interest in, or
`
`affiliation with, the Patent Owneror any ofthereal partiesin interest.
`
`Ill. MATERIALS CONSIDERED
`
`24.
`
`In providing my technical review, analysis, insights, and opinions,I
`
`have considered the ’787 Patent and its prosecutionhistory.
`
`25.
`
`Ihave also considered the Petition filed by the Petitionerin this
`
`proceeding andthe relevant exhibits relied on by Petitioner, including the expert
`
`declaration submitted by Gerald Smith.
`
`26.
`
`Ihave also considered my own experience and knowledge,as
`
`discussed above and described morefully in my CV,in the areas including
`
`software design, hardware design, computer security, and secure networks.
`
`RFCyber's Exhibit No. 2007, IPR2022-00412
`Page 008
`
`RFCyber's Exhibit No. 2007, IPR2022-00412
`Page 008
`
`
`
`IPR2022-00412
`PATENT NO. 9,189,787
`
`IV. LEGAL PRINCIPLES
`
`27.
`
`[understandthata patent claim is unpatentable as “obvious”if the
`
`subject matter ofthe claim as a whole would have been obviousto a person of
`
`ordinary skill in the art (POSA)as ofthe timeofthe inventionatissue.
`
`28.
`
`[understand that the use of“the person ofordinary skill” rubric is to
`
`prevent one from improperly, in the present day, using hindsight to decide whether
`
`a claim is obvious.
`
`29.
`
`Iunderstand that the following factors must be evaluated to determine
`
`whether the claimed subject matter is obvious: (1) the scope and contentofthe
`
`priorart; (2) the difference or differences, if any, between the scope ofthe patent
`
`claim and the scopeofthe prior art; and (3) the level of ordinary skill in the art at
`
`the time of the invention.
`
`30.
`
`understand that certain secondary considerations, such as
`
`commercial success, skepticism of experts, surprise, and copying, may provide
`
`evidence of non-obviousness.
`
`I further understand that such considerations are
`
`often the most probative and determinative of obviousness or non-obviousness.
`
`31.
`
`Iunderstand that I must construe a claim in accordance with the
`
`ordinary and customary meaning ofthe language of such claim as understood by
`
`one of ordinary skill in the art and the prosecution history pertaining to the patent.
`
`RFCyber's Exhibit No. 2007, IPR2022-00412
`Page 009
`
`RFCyber's Exhibit No. 2007, IPR2022-00412
`Page 009
`
`
`
`IPR2022-00412
`PATENT NO. 9,189,787
`
`A.
`
`32.
`
`Level of Skill In the Art
`
`Lunderstand that I should perform myanalysis from the viewpoint of
`
`a personofordinary skill in the art. I understand thatthis hypothetical person of
`
`ordinary skill in the art is considered to have the normal skills of a person in a
`
`certain technical field. I understand that factors that may be considered in
`
`determining the level of ordinary skill in the art include: (1) the education level of
`
`the inventor; (2) the types of problems encounteredin the art; (3) the prior art
`
`solutions to those problems; (4) rapidity with which innovations are made; (5) the
`
`sophistication ofthe technology; and (6) the education level of active workersin
`
`the field.
`
`33.
`
`In myopinion, a person of ordinary skill in the art would have a
`
`Bachelor’s degree in Computer Science, Computer Engineering, or Applied
`
`Mathematics, with 2 or more years of academic or industry experience in computer
`
`security, network security or mobile payment technology.
`
`B.
`
`The Claimed Invention Of The ’787 Patent
`
`34.
`
`The ’787 Patent claims methods and systems for providing electronic
`
`purses (e-purses) for use in electronic and mobile commerce. °787 Patent at 1:17-
`
`21. The inventors of the ’787 Patent realized that existing contactless cards were
`
`not effective for use in electronic or mobile commerce “because stored values and
`
`transaction information are stored in data storage of each tag that is protected by a
`
`RFCyber's Exhibit No. 2007, IPR2022-00412
`Page 010
`
`RFCyber's Exhibit No. 2007, IPR2022-00412
`Page 010
`
`
`
`IPR2022-00412
`PATENT NO.9,189,787
`set of keys.” Jd. at 1:33-37. Those keys “need to be delivered to the card for
`
`authentication before data can be accessed during a transaction.” Jd. at 1:37-39.
`
`“This constraint makes systemsusing such technologydifficult to be expandedto
`
`an open environment suchas the Internet for e-commerce and cellular networks for
`
`m-commerceas the key delivery over a public domain network causes security
`
`concerns.” Jd. at 1:39-43.
`
`35.
`
`To solve these problems, the inventors of the °787 Patent developed a
`
`system for personalizing a card stored in a portable device. The system makes use
`
`of a midletthat facilitates communication between the securely stored applets and
`
`paymentservers over a wireless network:
`
`10
`
`RFCyber's Exhibit No. 2007, IPR2022-00412
`Page 011
`
`RFCyber's Exhibit No. 2007, IPR2022-00412
`Page 011
`
`
`
`IPR2022-00412
`PATENT NO.9,189,787
`
`Existing hardware for
`land-based commerce
`(¢.g., Stores or
`
`transportation)in FIG. 2
`
`Cell phone with
`smart card
`module
`
`202
`
`°787 Patent, Fig. 2 (showing midlet (in yellow), and applet (in green)).
`
`11
`
`RFCyber's Exhibit No. 2007, IPR2022-00412
`Page 012
`
`RFCyber's Exhibit No. 2007, IPR2022-00412
`Page 012
`
`
`
`IPR2022-00412
`PATENT NO. 9,189,787
`
`
`
`FIG. 3B
`
`°787 Patent, Fig. 3B (annotations added).
`
`36.
`
`The midlet facilitates this communication, for example, while the card
`
`is being personalized. The entire process is protected by a three-tier security
`
`12
`
`RFCyber's Exhibit No. 2007, IPR2022-00412
`Page 013
`
`RFCyber's Exhibit No. 2007, IPR2022-00412
`Page 013
`
`
`
`model:
`
`IPR2022-00412
`PATENT NO. 9,189,787
`
`100
`
`Card Managersecurity
`
`106
`
`102
`
`E-Purse security
`
`104
`
`Physical security
`
`*787 Patent, Fig. 1A
`
`37:
`
`“The three-tier security model 100 includes physical security
`
`102, e-purse security 104 and card managersecurity 106.” °787 Patent at 3:58-60.
`
`The physical security “refers to a security mechanism providedbya single
`
`functional card to protect data stored on the card. The card may be hardware
`
`implemented or software emulated running on a type of media.” Jd. at 3:61-64. E-
`
`purse security “defines a set of protocols that enable micro paymenttransactions to
`
`RFCyber's Exhibit No. 2007, IPR2022-00412
`Page 014
`
`RFCyber's Exhibit No. 2007, IPR2022-00412
`Page 014
`
`
`
`IPR2022-00412
`PATENT NO.9,189,787
`be carried out in both wired and wireless environments.” Jd. at 4:4-6. “During a
`
`transaction, the purse usesa set of respective keys for encryption and MAC
`
`computation in order to secure the message channel betweenthe purse andthe
`
`SAM or backendservers.” Jd. at 4:9-13. “Card Manager Security 106, referring to
`
`a general security frameworkofa preload operating system in a Smart card,
`
`providesa platform for PIN managementand security channels (security domains)
`
`for card personalization. This platform via a card manager can be used to
`
`personalize a purse in one embodiment.” Jd. at 4:19-24.
`
`38.
`
`A device that has been personalized using the three-tier security
`
`as above can then perform e-commerce and m-commerce using an emulator, and
`
`NFCinterface for e-commerce, and a secondinterface for m-commerce. Jd. at
`
`2:36-52, 5:1-15, Fig.2.
`
`Vv.
`
`THE ALLEGED PRIOR ART
`
`A.
`
`39.
`
`Dua (U.S. Patent App. Pub. No. 2006/0165060)
`
`Ihave reviewed U.S. Pat. Publ. 2006/0165060 (Ex. 1004, “Dua”).
`
`Duais directed to a system for “managing credentials through a wireless
`
`network.”! Duawas filed on January 21, 2005 and published on July 27, 2006.”
`
`Dua sought to solve difficulties with inputting credentials into a wireless device.?
`
`! Dua atTitle, Abstract.
`? Dua.
`3 Dua at [0019].
`
`14
`
`RFCyber's Exhibit No. 2007, IPR2022-00412
`Page 015
`
`RFCyber's Exhibit No. 2007, IPR2022-00412
`Page 015
`
`
`
`IPR2022-00412
`PATENT NO.9,189,787
`
`Dua contemplates a system “through which credential issuers can securely and
`
`rapidly target specific wireless devices for the distribution ofthe appropriate
`
`credentials.”*
`
`40. Duacontemplates a communications scheme using the Session
`
`Initiation Protocol (SIP).*> Each device in the Dua system, such as a portable
`
`phone, contains a wallet application.® The device further is assigned an “E.164
`
`phone number, Uniform Resource Identifier (URI) or other type of unique address
`
`that can be resolved overthe Internet” for use with SIP.’ Dua’s system also makes
`
`use of a Wireless Credential Manager (WCM)that “maintains, controls and
`
`distributes credentials.”® Credentials are provided to the wireless device when a
`
`card issuer sends a personalization file to the WCM,along with the device’s phone
`
`numberor other uniqueidentifier.” Using the identifier, such as a phone number,
`
`the WCM connects to the specified device using SIP.!° If security is desired, the
`
`communication may be encrypted using SIPS/TLSor another method.'! The
`
`WCMthen forwardsthe credentials to the wireless device.” Using SIP to
`
`* Dua at [0020], [0024].
`> Dua at [0042].
`6 Id.
`7 Id.
`8 Id. at [0043].
`9 Id. at [0057].
`10 fq, at [0061]-[0062], [0128]-[0182].
`11 fq, at [0131], [0180].
`12 fq, at [0180].
`
`15
`
`RFCyber's Exhibit No. 2007, IPR2022-00412
`Page 016
`
`RFCyber's Exhibit No. 2007, IPR2022-00412
`Page 016
`
`
`
`IPR2022-00412
`PATENTNO. 9,189,787
`“establish direct communication” between the WCM andthe deviceis “an
`
`important aspect of’ Dua.!* “Thedirect connection betweenthe end-points using
`
`SIP offers a secure method, withoutintermediary servers, by whichto transmit
`
`confidential information.”!4
`
`41.
`
`Dua’s system makesuseof a wallet application, including a
`
`wallet shell, that runs on the phone’s primary processor.'> The wallet application is
`
`augmented with “extensions”that perform specific functions, where these
`
`extensionsofthe wallet application run within the wallet application on the
`
`phone’s primary processor.'!® Dua’s extensions are intended to “‘extend’ the
`
`capability of the wallet platform by enabling a newset offeatures defined by the
`
`credential issuer.”'’ Extensionsare either preloaded or provided via the secure SIP
`
`provisioning process for credentials. '*
`
`42.
`
`Dua further discusses an embodiment where a smart card is
`
`used on the phone,but this smart card is used for storage and contactless
`
`13 fd, at [0178].
`Wid.
`
`15 {d. at [0041], [0288-89], [0294], [0311].
`16 id, at [0293].
`17 Id, at [0289].
`18 fd. at [0295], [0296].
`
`16
`
`RFCyber's Exhibit No. 2007, IPR2022-00412
`Page 017
`
`RFCyber's Exhibit No. 2007, IPR2022-00412
`Page 017
`
`
`
`IPR2022-00412
`PATENT NO. 9,189,787
`
`communication;it is not used to run the wallet application,the wallet shell, or the
`
`extensions.!?
`
`43. Dua doesnot teach an e-purse applet on a smart card. Rather, Dua
`
`teaches a system based ona different architecture. In Dua’s system,there isa
`
`wallet application, including a wallet shell, that runs on the phone’s primary
`
`processor, not on a smart card. In Dua’s system,the wallet applicationis
`
`augmented with “extensions”that perform specific functions, where these
`
`extensionsof the wallet application run within the wallet application on the
`
`phone’s primary processor. Dua teaches an embodiment where a smart card is
`
`used on the phone,but this smart card is used for storage and contactless
`
`communication; it is not used to run the wallet application, the wallet shell, or the
`
`extensions. Dua’s system teaches a SIP based, secure communication schemethat
`
`is used in multiple aspects of Dua’s system. Dua’s choice and useofSIP is not
`
`merely a case of making one design choice among many; Dua provides an
`
`extensive description of the advantages of SIP as well as details of its use of SIP;
`
`for example, Duaindicates an advantage due to SIP’s use in telephony to use
`
`phone numbers (aka E.164) as a means of addressing the mobile phonesthat are
`
`the focus of Dua. Dua’s architecture is designed to leverage the same SIP-based
`
`19 Id. at [0295].
`
`Li
`
`RFCyber's Exhibit No. 2007, IPR2022-00412
`Page 018
`
`RFCyber's Exhibit No. 2007, IPR2022-00412
`Page 018
`
`
`
`IPR2022-00412
`PATENT NO, 9,189,787
`architecture used for telephony. Dua teachesthat SIP is particularly appropriate
`
`for the wallet application. Further details of Dua are addressed below.
`
`B.
`
`GlobalPlatform
`
`44.
`
`Ihave reviewed GlobalPlatform Card Specification Version 2.1.1 (Ex.
`
`1006, “GlobalPlatform”).
`
`45. GlobalPlatform describes a security architecture and commandsfor
`
`use in installing and developing applications for use on GlobalPlatform cards.”°
`
`46.
`
`“The GlobalPlatform card architecture is comprised of a number of
`
`components that ensure hardware and vendor-neutral interfaces to Applications
`
`and off-card management systems.”?!
`
`20 GlobalPlatform at 65-67, 88-90.
`21 GlobalPlatform at 28.
`
`18
`
`RFCyber's Exhibit No. 2007, IPR2022-00412
`Page 019
`
`RFCyber's Exhibit No. 2007, IPR2022-00412
`Page 019
`
`
`
`IPR2022-00412
`
`PATENT NO. 9,189,787
`
`GlobalPlatform at 28.
`
`C.
`
`Philips
`
`47.
`
`Ihave reviewed Philips (Ex. 1012). Philips has a revision date of
`
`October 2004 and describe a Philips Semiconductor P5CT072 Secure Dual
`
`Interface PKI Smart Card Controller.
`
`48.
`
`In my experience, a datasheetlike Philips would normally only be
`
`distributed under an NDA. Philips contains numerousproprietary details, such as a
`
`detailed block diagram (Ex. 1012 at 9), mapping of contacts and pinouts (id.) and
`
`other details that are not normally made public.
`
`19
`
`RFCyber's Exhibit No. 2007, IPR2022-00412
`Page 020
`
`RFCyber's Exhibit No. 2007, IPR2022-00412
`Page 020
`
`
`
`IPR2022-00412
`PATENT NO.9,189,787
`
`VI. CLAIM CONSTRUCTION
`
`49.
`
`In my opinion, claim construction is not required to resolve any issues
`
`in this proceeding.
`
`VII. GROUND1: CLAIMS1-19 ARE NOT OBVIOUS OVER DUA
`IN VIEW OF GLOBALPLATFORM AND PHILIPS
`
`50.
`
`In my opinion, the combination ofDua, GlobalPlatform, and Philips
`
`does not render any of claims 1-19 obvious.
`
`A.
`
`A POSITA Would Not Be Motivated to Combine Dua
`With GlobalPlatform and Philips
`
`51.
`
`[understand that Petitioner’s obviousness arguments require
`
`combining Dua with GlobalPlatform and Philips. In my opinion, a POSITA would
`
`not be motivated to make such a combination for the reasons set forth below.
`
`52. Dua explains that its aim to leverage the use of existing channels to
`
`provide the capability “through which credential issuers can securely and rapidly
`
`target specific wireless devices for the distribution of the appropriate credentials
`
`over public and private networks.” Dua, § [0020]. Accordingly, “wireless
`
`device 200 also has a Session Initiation Protocol (SIP) Application Programming
`
`Interface (API) framework embedded in or running on top of a resident operating
`
`system, which allows for multiple SIP-based applications, such as the wallet
`
`application discussed herein, to function.” Dua, J [0042]. At the time of the ’787
`
`Patent’s invention, SIP was the predominant method oftransmitting data to a mobile
`
`20
`
`RFCyber's Exhibit No. 2007, IPR2022-00412
`Page 021
`
`RFCyber's Exhibit No. 2007, IPR2022-00412
`Page 021
`
`
`
`IPR2022-00412
`PATENT NO. 9,189,787
`
`device, such as a cellular phone. Thus, a POSITA would understand that the use of
`
`SIP would leverage a device’s already-existing functionality.
`
`53.
`
`Indeed, Dua explains that “The use of SIP for transmitting and
`
`managing credentials on wireless device 200 is preferred as mobile operators and
`
`fixed line operators are moving towards a SIP-basedarchitecture for voice and other
`
`multimedia services. It is envisioned that the use of SIP for communication between
`
`a credential issuer and a wallet application resident on wireless device 200 could
`
`leverage the same SIP registrar, proxy, and presence servers used to deliverreal-
`
`time interactive converged communication services within a mobile operator's
`
`network.” Dua, § [0051].
`
`54. Accordingly, a POSITA would read Dua’s statement that “The use of a
`
`SIP architecture to locate a mobile end-user and to establish direct communication
`
`between the end-points (WCMandwallet application) for the purpose oftransferring
`
`confidential information (e.g. credentials) is an important aspect of the present
`
`invention”( Dua, { [0178] (emphasis added)) to understand that the SIP-based
`
`architecture, even if implemented using a different protocol, is necessary to use
`
`Dua’s invention. All secure communications within Dua, including downloading
`
`and installing its extensions, are done by making a SIP connection between the
`
`WCM and the mobile device. Jd., F¥ [0296], [0311], Figs. 1, 3, 8.
`
`21
`
`RFCyber's Exhibit No. 2007, IPR2022-00412
`Page 022
`
`RFCyber's Exhibit No. 2007, IPR2022-00412
`Page 022
`
`
`
`IPR2022-00412
`PATENT NO.9,189,787
`55. Dua briefly mentions “While the use of SIP for such purposes is
`
`preferred, alternative application protocols may be usedin lieu of SIP whilestill
`
`remaining within the spirit and scope of the present invention.” Dua, [0050]. A
`
`POSITAwould notunderstand this statement to encourage layering another system
`
`such as GlobalPlatform onto Dua.
`
`56.
`
`In my opinion, a POSITA reading Duaat [0050] would understand
`
`that while SIP was becoming the predominantstandard for mobile communications
`
`at the time, older equipment possessed similar functionality. A POSITA would
`
`thus understand that while SIP-like functionality was keyto the invention, other
`
`protocols that provided similar functionality were acceptable. For example,other
`
`prior examples are H.323, MGCP, MEGACo whichis also H248.
`
`57. Dua’s disclosure make this further clear. All communications within
`
`DUAare accomplished through SIP. E.g., Dua, J¥ [0042], [0051], [00178],
`
`[0296], [0311]; Figs. 1, 3, 8. And the only security disclosed within Duais using
`
`SIP with S/MIME and TLS. See generally Dua.
`
`58. Dua’s use of SIP allowsfor specific targeting of a particular device
`
`and secure end-to-end communication, much like being able to call a particular
`
`phone. Jd., [0020]. I disagree that a POSITA would have been motivated to
`
`discard Dua’s use of SIP and to instead import GlobalPlatform. GlobalPlatform
`
`doesnot allow for targeting and server-side initiation of communications to
`
`22
`
`RFCyber's Exhibit No. 2007, IPR2022-00412
`Page 023
`
`RFCyber's Exhibit No. 2007, IPR2022-00412
`Page 023
`
`
`
`IPR2022-00412
`PATENT NO.9,189,787
`
`specific devices by looking up that device’s phone number, as Dua teaches. Dua,
`
`[0131].
`
`59.
`
`I note that Apple does not explain any method under GlobalPlatform
`
`where a card issueror application provider could proactively target and contact a
`
`particular device (or even a smart card). This is logical, as the device containing
`
`the smart card would haveto create a connection to a remote server before the
`
`smart card could communicate with that server.
`
`60.
`
`Finally, a POSITA would not be motivated to combine
`
`GlobalPlatform with Dua because Duaalready provides security through its use of
`
`SIP, TLS, and S/MIME.In my opinion, a POSITA would not seek to include
`
`GlobalPlatform’s functionality that would duplicate that already in Dua.
`
`61. Apple and Mr. Smith states that a POSITA would combine Dua with
`
`GlobalPlatform and Philips because Dua states that “MasterCard and Visa have
`
`also been working jointly over the last few years to develop specifications that
`
`define a set of requirements for security and interoperability between chip cards
`
`andterminals on a globalbasis, regardless of the manufacturer, the financial
`
`23
`
`RFCyber's Exhibit No. 2007, IPR2022-00412
`Page 024
`
`RFCyber's Exhibit No. 2007, IPR2022-00412
`Page 024
`
`
`
`IPR2022-00412
`PATENT NO.9,189,787
`institution, or where the card is used.” Pet. at 16 (quoting Duaat [0013])
`
`(emphasis added).”* I disagree.
`
`62. A POSITA would understandthat the specifications referred to are the
`
`EMV Chip Specifications.**7 As EMVCo.explains, “The EMV Chip Specifications
`
`... are global paymentindustry specifications that describe the requirements for
`
`interoperability between chip-based paymentapplications and acceptance
`
`terminals to enable payment.” Ex. 2003 at 5 (emphasis added). Indeed, Dua refers
`
`numerous times to EMV for payment applications. E.g., Dua, at [0013]
`
`(“American Express, MasterCard, and Visa have agreed onasingle contactless
`
`paymentstandard in the United States, ISO/IEC 14443, and are implementing a
`
`contactless payment approach that leverages the existing payments
`
`infrastructure.”);”* [0398] (Presently, with various bank card transactions, PINs
`
`are verified either online with a bank host computer system,or verified offline
`
`against security data onboard the card as in EMV ‘chip & PIN’transactions.”);
`
`[0525] (“EMV-Compliant—Thewallet application should meet standards defined
`
`by card organizations.”). Based on these statements, a POSITA would understand
`
`*2 The Petition cites to Dua, [0014], but that paragraph relates to smart cards
`becoming the “dominant technology for conducting financial transactions. Dua,
`[0014]. It does not discuss “credit card organizations ‘workingjointly.’”
`?3 EMV stands for Europay, Mastercard and Visa (Ex. 2003 at 5.)
`*4 GlobalPlatform makes no reference to ISO/IEC 144433. See generally Ex. 1006.
`
`24
`
`RFCyber's Exhibit No. 2007, IPR2022-00412
`Page 025
`
`RFCyber's Exhibit No. 2007, IPR2022-00412
`Page 025
`
`
`
`IPR2022-00412
`PATENT NO.9,189,787
`
`that Duais referring to specifications relating to “interoperability between chip-
`
`based paymentapplications and acceptanceterminals.”
`
`63. A POSITA would understand that GlobalPlatform is not related to
`
`interoperability between chip cards and terminals.Instead,it aims to provide a
`
`“card managementarchitecture.” Ex. 1006, p. 16. A POSITA would recognizethat
`
`card managementis internal to the smart card itself, and does not relate to
`
`interoperability between chip cards and terminals.
`
`64. GlobalPlatform similarly states that it provides a “card management
`
`specification.” Ex. 1006, p. 16. A POSITA would not understand the card
`
`managementspecification to relate to interoperability either. Instead, even to the
`
`extent it has to do with security, it relates to the security of internal components of
`
`the smart card. Ex. 1006, p. 32. (“The primary goal of the GlobalPlatform is to
`
`ensure the security and integrity ofthe card's componentsfor thelife of the card.”).
`
`See also id. (“These componentsare the runtime environment, the OPEN,the
`
`Issuer Security Domain, the Security Domains, the Applications.”); see also id.,
`
`pp. 29-30.
`
`65.
`
`I further disagree that a POSITA would have been motivated by Dua’s
`
`statement
`
`that a “wallet application should meet standards defined by card
`
`organizations.” Dua, J [0525]. As I note above,
`
`the full statement
`
`is “EMV-
`
`Compliant—The wallet application should meet standards defined by card
`
`25
`
`RFCyber's Exhibit No. 2007, IPR2022-00412
`Page 026
`
`RFCyber's Exhibit No. 2007, IPR2022-00412
`Page 026
`
`
`
`IPR2022-00412
`PATENT NO.9,189,787
`organizations.” Dua, § [0525]. In other words, a POSITA would recognize that the
`
`wallet application should meet the EMV standard.
`
`66. A POSITA would not understand GlobalPlatform to be a “card
`
`organization.” GlobalPlatform is not a card organization;
`
`instead it
`
`is “an
`
`organization that has beenestablished by leading companies from the payments and
`
`communicationsindustries, the government sector and the vendor community, and
`
`is the first to promote a global infrastructure for smart card implementation across
`
`multiple industries.” Ex. 1006, p. 16. GlobalPlatform therefore is not payment-
`
`related,
`
`it
`
`is
`
`inste