`
`UNITED STATES PATENT AND TRADEMARK OFFICE
`_________________
`
`BEFORE THE PATENT TRIAL AND APPEAL BOARD
`_________________
`
`
`APPLE INC.,
`Petitioner
`
`v.
`
`RFCYBER CORP.,
`Patent Owner
`_________________
`
`
`Inter Partes Review Case No. IPR2022-00413
`U.S. Patent No. 9,240,009
`
`_________________
`
`
`PETITIONER’S REPLY TO PATENT OWNER’S RESPONSE
`
`
`
`
`
`
`
`
`Inter Partes Review No. IPR2022-00413
`U.S. Patent No. 9,240,009
`
`TABLE OF CONTENTS
`
`INTRODUCTION ............................................................................................. 1
`I.
`II. ARGUMENT ..................................................................................................... 2
`A. Person of Ordinary Skill in the Art ................................................................. 2
`B. Patent Owner’s Motivation to Combine Critiques Rehash Twice Rejected
`Arguments ............................................................................................................. 3
`C. Limitations [1b]/[14b]: The Combination Discloses a Secure Element ....... 12
`D. Limitations [1div]/[14div]: Dua’s WCM Prepares Data Necessary for the
`Application to Function ....................................................................................... 16
`E. Claim 16: The Combination Discloses that the Modules Displayed on the
`User Interface Can Show Another User Interface ............................................... 21
`III. CONCLUSION ............................................................................................ 25
`
`
`
`
`
`
`
`
`
`
`I.
`
`Inter Partes Review No. IPR2022-00413
`U.S. Patent No. 9,240,009
`
`INTRODUCTION
`The Challenged Claims relate to personalizing a secure element, such as a
`
`smart card, in a mobile device and provisioning an e-purse for m-commerce and e-
`
`commerce. A focus of the parties’ disputes is the claimed concept of personalizing
`
`the secure element with security keys. This key-based personalization process was
`
`well known in the prior art, having been standardized by GlobalPlatform. Indeed,
`
`even the ’009 Patent points to GlobalPlatform in support of the claimed security. Ex.
`
`1001, 15:39-41 (“a global platform to provide a security mechanism”), 18:19-20.
`
`The Petition’s base reference—Dua—teaches a smart card e-purse loaded on
`
`a mobile device. Dua acknowledges the importance of complying with then-
`
`governing smart card standards, but does not describe these standards in any detail.
`
`Nor does Dua describe basic smart card implementation details, focusing instead on
`
`smart card agnostic communication protocols. The Petition proposes that a POSITA
`
`would have looked to well-known smart card teachings to realize Dua’s goal of
`
`implementing its smart card-equipped mobile device in compliance with governing
`
`standards. Specifically, the Petition proposes that a POSITA would have looked to
`
`GlobalPlatform for its card architecture, security, life cycle models, and command
`
`teachings.
`
`Patent Owner’s (“PO”) Response (“POR”) focuses largely on the motivations
`
`underlying Petitioner’s proposal to supplement Dua’s limited smart card teachings
`
`1
`
`
`
`Inter Partes Review No. IPR2022-00413
`U.S. Patent No. 9,240,009
`with the then-dominant smart card standards. These arguments mirror those in PO’s
`
`Preliminary Response (“POPR”), which were correctly rejected at institution both
`
`in the now-terminated Samsung proceeding (IPR2021-00981, “Samsung IPR”) and
`
`the instant proceeding. Seeking a different outcome with its rehashed arguments, PO
`
`supplements the record with testimony of a declarant. But PO’s declarant not only
`
`lacks experience with smart card standards, he has no mobile commerce experience
`
`at all. Accordingly, his testimony should be accorded little to no weight.
`
`II. ARGUMENT
`A.
`Person of Ordinary Skill in the Art
`The Parties and the Board unanimously agree that the focus of the ’009 Patent
`
`is mobile payments. Petition, 1-2; POR, 1-5; ID, 4-8. Accordingly, the Board
`
`adopted Petitioner’s POSITA definition which it preliminarily held is “consistent
`
`with the ’009 patent and the asserted prior art[.]” That definition requires knowledge
`
`of “mobile payment methods and systems[,]” and at least “one year of professional
`
`experience relating to mobile payment technology.” ID, 12-13; Petition, 9.
`
`Although PO did not dispute this definition in its POPR, the POR quietly
`
`removes a requirement for mobile payment experience. POR, 7. The POR does not
`
`acknowledge this definition shift, nor does it provide any justification for removing
`
`this key requirement. PO’s strategy is transparent. It seeks to rely on an unqualified
`
`declarant who admitted he has no specific mobile payment technology experience,
`
`2
`
`
`
`Inter Partes Review No. IPR2022-00413
`U.S. Patent No. 9,240,009
`no experience with e-purses, no experience with the relevant protocols, and no
`
`educational experience to remedy his professional deficiencies. Ex. 1045 (Gomez
`
`Tr.), 8:11-19, 9:7-20:4, 37:8-39:9, 50:15-51:18. To do so, PO must redefine a
`
`POSITA’s qualifications. Yet PO makes no attempt to justify this significant shift.
`
`As the Board correctly found at institution and as Petitioner’s expert explains
`
`in a supplemental declaration, experience with mobile payments is required. Ex.
`
`1046 (Supp. Dec.), ¶¶4-10. Accordingly, the Board should make its preliminary
`
`findings on the requisite level of skill final and accord Mr. Gomez’s unqualified
`
`testimony little to no weight. Best Med. Int.’l, Inc. v. Elekta Inc., 46 F.4th 1346,
`
`1353-54 (Fed. Cir. 2022) (affirming Board’s decision to discount testimony where
`
`the declarant failed to satisfy POSITA definition).
`
`B.
`
`Patent Owner’s Motivation to Combine Critiques Rehash Twice
`Rejected Arguments
`PO advances the same motivation to combine critiques that the Board soundly
`
`rejected twice at institution. Namely, the POPR argued (1) that Dua’s security
`
`renders GlobalPlatform redundant, (2) that there is no flaw in Dua necessitating
`
`GlobalPlatform, and (3) that the combination would destroy Dua’s allegedly
`
`“important” SIP-based wireless device targeting. POPR, 12-17.
`
`Instituting the Samsung IPR, the Board first rejected [PO]’s redundancy
`
`arguments, finding “Petitioner has identified a concrete benefit from combining Dua
`
`with GlobalPlatform—namely, compatibility of Dua’s wallet application with the
`
`3
`
`
`
`Inter Partes Review No. IPR2022-00413
`U.S. Patent No. 9,240,009
`‘most important international specification’ for Smart Cards.” Samsung IPR ID, 23.
`
`The Board also disagreed “that the use of SIP is an essential aspect of Dua’s
`
`invention” such that replacing SIP would destroy some contrived central objective
`
`for server-side targeting of devices—a purported “objective” not found in the claims.
`
`Id., 22.
`
`Similarly, the Board here disagreed “that the use of SIP is ‘key’ to Dua’s
`
`invention[,]” finding that a plethora of express motivations in Dua’s disclosures
`
`motivate combination with GlobalPlatform and that Petitioner established a
`
`sufficient rationale for its combination by identifying a “concrete benefit” of
`
`improved interoperability. ID, 21-23. Here, the POR simply reasserts the same
`
`arguments (POR, 8-18), supplementing the record with the testimony of a declarant
`
`with no relevant mobile payment experience that would inform the motivation at
`
`issue (supra, Sec. II.A) who simply parrots the positions in PO’s brief. Xerox Corp.
`
`v. Bytemark, Inc., IPR2022-00624, Paper 9, *15 (PTAB Aug. 24, 2022)
`
`(precedential) (affording little weight to expert’s opinions which restate attorney
`
`arguments without additional supporting evidence or reasoning).
`
`At the outset, the law does not demand a “flaw” in a reference to make a
`
`combination. Petitioner must show only that “there is something in the prior art as a
`
`whole to suggest the desirability…of making the combination[.]” Intel Corp. v.
`
`Qualcomm Inc., No. 2020-2092, WL 880681, *4 (Fed. Cir. Mar. 24, 2022) (internal
`
`4
`
`
`
`Inter Partes Review No. IPR2022-00413
`U.S. Patent No. 9,240,009
`citations omitted); see also Realtime Data, LLC v. Iancu, 912 F.3d 1368, 1374 (Fed.
`
`Cir. 2019) (describing exemplary means to find motivation to combine). At
`
`institution, the Board correctly reasoned that Petitioner identified a “concrete
`
`benefit” from combining Dua with GlobalPlatform. ID, 22. As outlined in the
`
`Petition, while Dua discloses its wireless device includes “an embedded smart card”
`
`where its extensions reside (Dua, [0295]), “Dua does not describe conventional
`
`smart card implementation details.” Petition, 15; Ex. 2009 (Smith Tr., 45:10-11
`
`(“[Dua] was very light, almost non-existent on smart card detail”)); Ex. 1045
`
`(Gomez Tr.), 23:23-28:10, 64:21-65:7. To provide this implementation detail, a
`
`POSITA would look to GlobalPlatform—the dominant standard at the time. Petition,
`
`14-16; Realtime Data, LLC, 912 F.3d at 1374 (affirming motivation to look to well-
`
`known text to better understand or interpret base reference).
`
`Neither PO nor its expert rebut this framework. Instead, PO doubles down on
`
`its previously rejected position that incorporating GlobalPlatform into Dua would
`
`“destroy” the allegedly critical feature of using SIP to securely target a particular
`
`wireless device, creating an endpoint-to-endpoint connection. POR, 9-10, 12-13. But
`
`PO’s argument is premised on a critical misunderstanding of Petitioner’s
`
`combination—that Petitioner’s combination “discard[s]” SIP entirely. Id., 12-13.
`
`The claims of the ’009 Patent require establishing an initial connection between
`
`endpoints (e.g., between the smart card and a server) to (1) download the application
`
`5
`
`
`
`Inter Partes Review No. IPR2022-00413
`U.S. Patent No. 9,240,009
`and (2) send application identifying information to the server. Petition, limitations
`
`[1di] and [1dii]. The Petition expressly maps Dua’s “SIP session” to this initial
`
`connection such that GlobalPlatform’s processes occur over the established SIP
`
`session. Petition, 22 (describing GlobalPlatform’s receipts transmitted “via the
`
`wireless SIP session”), 23 (downloading extensions “during a SIP session”). In the
`
`combination, GlobalPlatform then establishes a secure channel within Dua’s SIP
`
`session to securely receive personalization data. Petition, 24-26, 28-29. The Petition,
`
`therefore, does not “discard” SIP but expressly retains Dua’s SIP functionality to
`
`establish endpoint connections, as the claims require.
`
`The POR does not argue that GlobalPlatform’s secure channel establishment
`
`is in any way incompatible with an established SIP session. POR, 8-18 (arguing only
`
`the SIP should not be wholly discarded—a mischaracterization of the proposed
`
`grounds). Nor is there any evidence on this record of such incompatibility. As
`
`Petitioner’s expert explains in detail, GlobalPlatform’s personalization techniques
`
`are entirely compatible with an initial SIP session. Ex. 1046 (Supp. Dec.), ¶¶11-27.
`
`In Dua, the WCM server uses SIP to create a “pipe” (i.e., connection) between
`
`endpoints. Ex. 1046 (Supp. Dec.), ¶¶13-16; Ex. 2009, 43:4-15, 46:2-47:17. In Dua’s
`
`native system, a secured channel can be established over this SIP “pipe” using TLS
`
`and S/MIME. But both TLS and S/MIME are generic encryption and security
`
`protocols. Ex. 1045 (Gomez Tr.), 31:5-32:14 (Mr. Gomez admits he has not seen
`
`6
`
`
`
`Inter Partes Review No. IPR2022-00413
`U.S. Patent No. 9,240,009
`SIP, TLS, or S/MIME used for financial transactions outside of Dua). The Petition
`
`established that a POSITA would be motivated to employ GlobalPlatform for an
`
`improved, smart card-specific, mechanism to secure the communications. Petition,
`
`14-16; Ex. 1046 (Supp. Dec.), ¶¶13-16. This smart card-specific security would be
`
`implemented over the SIP “pipe.” Ex. 1046 (Supp. Dec.), ¶¶13-16. As Dua expressly
`
`teaches, “all security mechanisms available for HTTP (RFC 2617) can also be
`
`applied to SIP sessions.” Ex. 1004 (Dua), [0201]. And it was well known that
`
`GlobalPlatform-secured transactions were compatible with HTTP communications
`
`sessions. Ex. 1046 (Supp. Dec.), ¶¶13-21. Tellingly, neither PO nor its declarant
`
`identify any evidence disputing that GlobalPlatform could be used to secure a
`
`transaction over Dua’s SIP “pipe.”
`
`PO also criticizes Petitioner’s expert, arguing that Mr. Smith’s expertise
`
`purportedly “has nothing to do with networking.” POR, 11. But this case is not about
`
`networking. PO’s own expert, Mr. Gomez, characterizes the ’009 Patent as targeting
`
`methods and system for “provisioning an application such as an electronic purse
`
`configured for both electronic commerce (a.k.a., e-commerce) and mobile
`
`commerce (a.k.a., m-commerce)[,]” rather than generic networking. Ex. 2007, ¶34;
`
`Ex. 1045 (Gomez Tr.), 7:19-8:3. PO’s criticisms are a transparent attempt to
`
`misdirect the focus of this case from smart-card transactions to generic networking
`
`in an effort to distract from Mr. Gomez’s lack of relevant experience. Ex. 1045
`
`7
`
`
`
`Inter Partes Review No. IPR2022-00413
`U.S. Patent No. 9,240,009
`(Gomez Tr.), 9:7-20:4, 37:8-39:9, 50:15-51:18. This sleight of hand should be
`
`rejected.
`
`In stark contrast to PO’s declarant who has no relevant smart card experience,
`
`Petitioner’s expert, Mr. Smith, testified that he spent most of his life at the low level
`
`of contact and contactless smart cards and protocols and was even on the board of
`
`GlobalPlatform around the effective filing date of the ’009 patent. Compare Ex.
`
`1045 (Gomez Tr.), 9:7-20:4, 37:8-39:9, 50:15-51:18 with Ex. 2009, 43:20-24, 87:10-
`
`88:11; Ex. 1003 at ¶59 (Mr. Smith was “part of the GlobalPlatform organization
`
`during the relevant time-frame”). Thus, Mr. Smith is the only expert with relevant
`
`smart card and mobile payment technology expertise and his testimony supporting
`
`the proposed combination should be accorded significant weight.1
`
`
`1 PO also mischaracterizes Mr. Smith’s testimony to infer that “the field of the
`
`invention” was unpredictable and no solutions were obvious. POR, 11-12 (citing Ex.
`
`2009 at 93:8-23, 96:13-97:13). Read in context, Mr. Smith simply testified that, by
`
`2006, mobile payments in the United States were less developed than in Europe. Ex.
`
`2009, 91:13-97:13. This does not take away from the proposed combination, which
`
`relies on GlobalPlatform—the “most important international specification” for smart
`
`cards (Ex. 1003, ¶100)—and Philips—a “very popular smart card platform” (Ex.
`
`2009, 38:5-7). Both were well-settled during the relevant time-period.
`
`
`
`8
`
`
`
`Inter Partes Review No. IPR2022-00413
`U.S. Patent No. 9,240,009
`Finally, PO disputes that Dua expressly motivates a POSITA to implement
`
`known standards like GlobalPlatform. POR, 14-18. As detailed in the Petition, Dua
`
`expressly acknowledges the value of ensuring compatibility with card organization
`
`standards. Petition, 14-16 (citing Dua, [0525] (“[EMV-Compliant—The] wallet
`
`application should meet standards defined by card organizations”). As further
`
`detailed in the Petition, modifying Dua pursuant to GlobalPlatform and Philips
`
`furthers this goal, enabling Dua’s payment methods to comply with then governing
`
`standards. Petition, 14-16. None of PO’s arguments disputing this straightforward
`
`motivation have merit.
`
`Relying on its expert, an individual with no smart card or mobile payment
`
`technology experience, PO first argues that Dua does not motivate the combination
`
`because GlobalPlatform “is not a card organization” and even suggests that
`
`GlobalPlatform “is not payment-related” at all. POR, 16. PO and its expert are
`
`wrong. GlobalPlatform’s opening line explains that it is “an organization that has
`
`been established by leading companies from the payments and communications
`
`industries.” Ex. 1006, 16 (emphasis added). Indeed, GlobalPlatform traces its
`
`history to one of the most widely recognized card organizations, Visa, originally
`
`referred to as Visa Open Platform, then renamed Open Platform, and finally taking
`
`the name GlobalPlatform. Ex. 1003, ¶¶43-44, 82, 100, 103. Further, Petitioner’s
`
`declarant, Gerald Smith, served as a Board Member of the GlobalPlatform
`
`9
`
`
`
`Inter Partes Review No. IPR2022-00413
`U.S. Patent No. 9,240,009
`governance body from 2000-2002 on behalf of American Express—another of the
`
`world’s most widely recognized card organizations. GlobalPlatform also explains
`
`that its goal is interoperability across industries and card organizations. Ex. 1006, 16
`
`(explaining the “goal is to reduce barriers hindering the growth of cross-industry”
`
`smarts cards). Because GlobalPlatform is an organization established by card
`
`organizations with the specific mission of ensuring smart card interoperability, a
`
`POSITA would have understood GlobalPlatform precisely aligns with Dua’s express
`
`interoperability goal that its “wallet application should meet standards defined by
`
`card organizations.” Ex. 1046 (Supp. Dec.), ¶¶22-27; Ex. 1003, 100.
`
`Second, PO argues paragraph [0525] in Dua should be read to narrowly
`
`suggest only that its “wallet application should meet the EMV standard,” and not
`
`more broadly to encourage interoperability with standards like GlobalPlatform.
`
`POR, 16. As an initial matter, PO relies entirely on the unqualified testimony of Mr.
`
`Gomez for this interpretation, which should be accorded little to no weight.
`
`However, even if Dua was specifically referencing EMV, PO fails to acknowledge
`
`that
`
`the EMV standard
`
`itself expressly
`
`recommends complying with
`
`GlobalPlatform. Ex. 2003, 16 (noting EMV “cannot be considered in isolation” and
`
`stressing
`
`the
`
`importance of “[a]lign[ing] with standards bodies such as
`
`GlobalPlatform”). This is not surprising. A POSITA would have been well aware
`
`10
`
`
`
`Inter Partes Review No. IPR2022-00413
`U.S. Patent No. 9,240,009
`that the smart card industry encouraged interoperability in many respects and across
`
`many complementary standards. Ex. 1046 (Supp. Dec.), ¶¶25-26.
`
`Relatedly, Dua encourages compatibility with the Java platform and Java
`
`applets—encouragement
`
`that would have motivated a POSITA
`
`to use
`
`GlobalPlatform for personalization because “GlobalPlatform ‘has primarily become
`
`the de facto standard for loading and managing Java-based applications[.]” Petition,
`
`15-16. PO suggests that Dua’s references to Java have nothing to do with Dua’s
`
`smart card and instead merely propose Java as an operating system for Dua’s mobile
`
`phone. POR, 17-18. Critically, PO does not identify what operating system would
`
`have run Dua’s smart card if not Java and does not identify any technical reason why
`
`Dua’s smart card would not implement Java Card. PO’s observation does not take
`
`away from the motivation to combine. Indeed, that Dua fails to describe the
`
`implementation details of its smart card is one of the fundamental premises
`
`underlying the proposed combination—because Dua does not describe how its smart
`
`card would be implemented, a POSITA would have been motivated to rely on then-
`
`governing smart card standards. Petition, 14-16. A POSITA would have known that
`
`Dua’s smart card requires an operating system and would have known Java Card
`
`was a dominant option at the time. Ex. 1046 (Supp. Dec.), ¶¶27. Given its silence on
`
`the smart card implementation specifics, a POSITA would have interpreted Dua’s
`
`11
`
`
`
`Inter Partes Review No. IPR2022-00413
`U.S. Patent No. 9,240,009
`repeated references to Java more broadly than PO contends, recognizing Dua would
`
`be compatible with a Java smart card. Ex. 1046 (Supp. Dec.), ¶¶27.
`
`Accordingly, none of PO’s rehashed arguments give the Board reason to
`
`modify its initial findings and the Board should make these findings final.
`
`C. Limitations [1b]/[14b]: The Combination Discloses a Secure
`Element
`The POPR argued that neither Dua nor GlobalPlatform individually “make
`
`any mention of a ‘secure element’[,]” that Petitioner “makes no showing that all
`
`smart cards are ‘secure elements’[,]” and that Petitioner “cites no support—not even
`
`its expert’s declaration—for the proposition that a smart card with GlobalPlatform
`
`would be a secure element.” POPR, 11-12. The Board disagreed, “determin[ing] that
`
`Petitioner has adequately shown that the combination of Dua and GlobalPlatform
`
`accounts for limitation [1b].” ID, 20. Specifically, the Board found that the ’009
`
`Patent provides that “[t]he ‘secure element’ (SE) in the patent ‘may be in the form
`
`of a smart card’” and thus there “is support for Petitioner’s contentions that the smart
`
`cards described in Dua and GlobalPlatform account for this limitation.” ID, 20
`
`(citing Ex. 1001, 6:45, 6:58-62).
`
`To supplement its POPR arguments, the POR seeks to narrowly interpret
`
`“secure element” to excludes the proposed combination’s secure smart card. POR,
`
`18-20 (citing Ex. 2007, ¶¶72-75). Specifically, the POR proposes a “secure element”
`
`must “provide[] the necessary security, such as by being tamper-resistant.” Id.
`
`12
`
`
`
`Inter Partes Review No. IPR2022-00413
`U.S. Patent No. 9,240,009
`(further contending a smart card may only be a secure element if it provides “the
`
`required level of security and features.” Id. Beyond these vague suggestions that
`
`some level of heightened security is required, tamper resistance is the sole example
`
`ever discussed.
`
`Tellingly, neither PO nor its declarant actually argues that the proposed
`
`combination fails to teach a “secure element.” Instead, they proffer a vague standard
`
`of heightened security and argue Apple has failed to show the prior art meets it. As
`
`set forth below, the proposed combination of Dua and GlobalPlatform provides the
`
`same level of security contemplated by the ’009 Patent—the ’009 Patent teaches that
`
`a secure element can be made tamper resistant by implementing a key-based security
`
`scheme, and the proposed combination includes precisely this type of security.
`
`Accordingly, even if the Board concludes the claims require a heightened level of
`
`security, the proposed combination satisfies that requirement.
`
`But the Board need not construe the claims so narrowly. Neither the POR’s
`
`intrinsic record citations nor its declarant’s support demand it. Beginning with the
`
`intrinsic record, the POR relies on vague statements that provide no guidance as to
`
`how one might assess the heightened level of security that PO insists is required of
`
`a “secure element.” POR, 19-20 (citing testimony of Mr. Gomez, ¶¶72-75 which
`
`simply parrots the POR arguments). At the outset, the claims do not recite a “tamper-
`
`resistant secure element.” The plain language provides no such qualifications,
`
`13
`
`
`
`Inter Partes Review No. IPR2022-00413
`U.S. Patent No. 9,240,009
`requiring only “an interface to receive a secure element” (claim 1b) or simply “a
`
`secure element” (claim 14). Nor do the intrinsic record citations provide any
`
`guidance. At p. 19, the POR cites a single passage to support its position, but that
`
`passage merely notes that an exemplary “secure element” is a tamper proof smart
`
`card:
`
`In one embodiment, the SE 102 is a tamper proof Smart Card chip
`capable to embed smart card-grade applications (e.g., payment,
`transport . . . ) with the required level of security and features.
`Ex. 1001, 6:61-64 (emphasis added). It does not provide any other examples of
`
`heightened security that might inform PO’s proposed interpretation. Similarly, the
`
`POR cites a single passage from the file history, which simply states that “a secure
`
`element is a tamper-resistant device.” POR, 19 (citing Ex. 1042, 238-239). This also
`
`provides no guidance as to what satisfies the heightened level of security beyond the
`
`possibility of tamper resistance.
`
`PO’s reliance on its declarant fares no better. His testimony is replete with
`
`ambiguity and contradictions. In his declaration, Mr. Gomez testified that “while
`
`some secure elements may be smart cards, not all smart cards are secure elements.”
`
`Yet, on cross examination, Mr. Gomez contradicted his direct testimony, claiming
`
`that smart cards and secure elements at the time of the ’009 Patent “were distinctly
`
`different.” Ex. 1045 (Gomez Tr.), 53:2-54:1 (confirming that these two components
`
`were “separate and unrelated”). Mr. Gomez doubled down on further questioning,
`
`14
`
`
`
`Inter Partes Review No. IPR2022-00413
`U.S. Patent No. 9,240,009
`explaining that the heightened level of security required of a “secure element” is
`
`assessed relative to a smart card, noting “the reason for the secure element was to
`
`distinguish it from [a] smart card.” Id., 54:2-55:8 (noting the testing of a secure
`
`element “was much higher than you would find on any smart card”). As the Board
`
`found at institution and as Mr. Gomez conceded in his declaration, smart cards with
`
`security features are “secure elements,” as claimed. Mr. Gomez’s contradictory
`
`testimony on cross examination should be rejected as inconsistent with his prior
`
`testimony and wholly unsupported by the record.
`
`Despite PO’s attempt to avoid ascribing concrete meaning to “secure
`
`element,” the record provides some guidance on the meaning of tamper resistance.
`
`The ’009 Patent explains that, to be “tamper-resistant,” SE 102 can be “installed with
`
`a set of default keys (e.g., an Issuer Security Domain (ISD) key set by the SE
`
`manufacturer)” and that “the SE 102 may be in the form of a smart card.” Ex. 1001,
`
`6:55-64. PO’s expert, Mr. Gomez, confirmed the same when questioned on his
`
`interpretation of “secure element.” Ex. 1045 (Gomez Tr.), 57:7-11 (confirming
`
`“heightened security…through software such as a key-based encryption scheme”
`
`can satisfy “the claimed secure element”), 57:20-58:2. Under this meaning, in which
`
`a smart card is a secure element if equipped with encryption key-based security, the
`
`proposed combination
`
`includes
`
`such a
`
`secure element. Petition, 24
`
`(“GlobalPlatform’s Issuer Security Domain” “key set” installed on the smart card
`
`15
`
`
`
`Inter Partes Review No. IPR2022-00413
`U.S. Patent No. 9,240,009
`for secure channel establishment); Ex. 1046 (Supp. Dec.), ¶¶29-35. Indeed, the
`
`Petition relied on GlobalPlatform’s “security architecture” that “protects the
`
`‘structure and function of cards within the GlobalPlatform system’ for the life of the
`
`card—thus providing a ‘secure element’ as claimed.” Id., 15 (citing Ex. 1006, 16,
`
`32); see also id., 17 (citing Ex. 1003, ¶¶113-115, further explaining that “it would
`
`have been obvious to implement Dua’s smart card as a ‘secure element’ using
`
`GlobalPlatform to secure the ‘embedded smart card.’”), 19 (noting in the
`
`combination, Dua implements a “GlobalPlatform-compliant smart card, and this a
`
`secure element”). Thus, a GlobalPlatform-compliant smart card in the proposed
`
`combination
`
`is secured with key-based encryption, satisfying even PO’s
`
`interpretation of this limitation. Ex. 1046 (Supp. Dec.), ¶¶28-37.
`
`D. Limitations [1div]/[14div]: Dua’s WCM Prepares Data Necessary
`for the Application to Function
`PO argues generally that Dua’s WCM server does not “‘prepare data
`
`necessary for’ the application or modules to function as designed.” POR, 20-24
`
`(arguing that merely forwarding data is not “preparing” that data within the meaning
`
`of this limitation). PO is wrong. Both “Dua alone” and Dua “in view of
`
`GlobalPlatform render this limitation obvious.” Petition, 26.
`
`Starting with Dua’s teachings, the Petition explains that “Dua’s WCM
`
`prepares personalization data [i.e., Personalization File] for transmission in SIP
`
`payloads” including the “credentials” and “encryption keys” in Dua which are
`
`16
`
`
`
`Inter Partes Review No. IPR2022-00413
`U.S. Patent No. 9,240,009
`needed before conducting a transaction. Id. (citing Dua, [0026], [0057]-[0058],
`
`[0215], [0297]; Ex. 1003, ¶147). PO argues here (as it did against Samsung) that this
`
`personalization data is not “prepared by” the WCM and that “the WCM merely
`
`receives the [data] and forwards it to the user’s device.” POR, 20. The Board rejected
`
`these arguments in the Samsung IPR, finding that “Petitioner’s contention that Dua’s
`
`WCM ‘prepares’ that data, as that term would be ordinarily understood by person of
`
`ordinary skill, is supported by its declarant Mr. Smith” and that “to the extent that
`
`Patent Owner argues that merely forwarding data is somehow outside the scope of
`
`‘prepare,’ we note that Dua’s WCM is not limited to merely forwarding data, but
`
`‘may also have the ability to make edits [to the Personalization File] in order to
`
`ensure proper formatting.’ Ex. 1004 ¶63.” Samsung IPR ID, 20.
`
`Given the Board’s correct conclusion that Dua’s WCM may edit the file
`
`before transmitting, the POR newly proposes “prepared by” more narrowly
`
`“requir[es] an active role in generating or obtaining the application keys.” POR, 21
`
`(citing Ex. 1001, 13:25-34; Ex. 2007, ¶¶80-83); see also Ex. 1045 (Gomez Tr.),
`
`60:17-63:4 (confirming that the alleged key concept underlying the claimed concept
`
`of preparing data is that the data is actually generated by the server). As an initial
`
`matter, PO fails to identify a single instance in which the ’009 Patent defines, or
`
`even uses, the term “prepared by” outside the claim language. PO instead points to
`
`two exemplary means for preparing data discussed in the ’009 Patent. POR, 21. But
`
`17
`
`
`
`Inter Partes Review No. IPR2022-00413
`U.S. Patent No. 9,240,009
`even these two examples fail to support PO’s attempt to import a data “generation”
`
`requirement in the claimed data preparation. Indeed, the POR’s description of a “first
`
`mode” unambiguously describes a TSM server (the claimed server) with no ability
`
`to generate its own application keys, forcing it to request keys from a separate
`
`component that is capable of generating them. POR, 21. PO does not wrestle with
`
`this inconsistency. Put simply, if one of two examples in the ’009 describes a server
`
`that cannot generate keys, it is wholly improper to import into the claims a
`
`requirement that the server generate its own keys.
`
`Turning next to the Petition’s theory based on Dua in view of GlobalPlatform,
`
`the Petition explains that when Dua’s embedded smart card is a GlobalPlatform-
`
`compliant smart card, Dua’s WCM prepares an INSTALL command to install the
`
`application, “which is data necessary for the application to function as designed on
`
`a GlobalPlatform smart card.” Petition, 27. PO does not dispute that, in the
`
`combination, Dua’s WCM prepares this INSTALL command, but the POR argues
`
`that “GlobalPlatform’s command is not preparing data.” POR, 22. In support, PO
`
`cherry picks disparate passages in the ’009 Patent’s specification to manufacture a
`
`purported distinction between preparing commands and preparing data. Id.
`
`(comparing Ex. 1001, 13:10-21 and 9:11-14). PO also proffers the unsupported
`
`testimony of Mr. Gomez, which improperly parrots the arguments in PO’s brief and
`
`should be rejected. Id. (Ex. 2007, ¶85); Xerox Corp., IPR2022-00624, Paper 9, *15.
`
`18
`
`
`
`Inter Partes Review No. IPR2022-00413
`U.S. Patent No. 9,240,009
`The Petition establishes that Dua’s INSTALL command is data necessary to
`
`load and install the application on the GlobalPlatform smart card and that this
`
`command is sent from the WCM. Petition, 27. That is all that is required from the
`
`plain language of the claims and PO’s single paragraph of unsupported expert
`
`testimony echoing its brief does not change the analysis. POR, 22 (citing Ex. 2007,
`
`¶85); Xerox Corp., IPR2022-00624, Paper 9, *15. On the other hand, Petitioner’s
`
`expert unequivocally opined, with support, that preparing the INSTALL command
`
`is “data necessary for the application to function.” Ex. 1003, ¶148 (citing Ex. 1004,
`
`[0215]; Ex. 1006, 44, 65-66, 88, 102).
`
`Finally, the Petition advances an additional example where the WCM prepares
`
`data for the application to function—Dua’s WCM prepares personalization data
`
`(e.g., keys and cardholder-specific data), which facilitates “the proper functioning
`
`of the application with the smart card[.]” Petition, 27. PO again erroneously surmises
`
`that this data is not prepared by the WCM and argues that Apple’s interpretation of
`
`the references is “counter to GlobalPlatform’s disclosure.” POR, 22-24. Both are
`
`incorrect.
`
`First, Dua’s WCM does in fact prepare this personalization data. The Petition
`
`establishes that the “personalization data and keys” are received “through an
`
`INSTALL [for personalization] command” a