`
`UNITED STATES PATENT AND TRADEMARK OFFICE
`_________________
`
`BEFORE THE PATENT TRIAL AND APPEAL BOARD
`_________________
`
`
`APPLE INC.,
`Petitioner
`
`v.
`
`RFCYBER CORP.,
`Patent Owner
`_________________
`
`
`Inter Partes Review Case No. IPR2022-00413
`U.S. Patent No. 9,240,009
`
`_________________
`
`
`PETITIONER’S REPLY TO PATENT OWNER’S RESPONSE
`
`
`
`
`
`
`
`
`Inter Partes Review No. IPR2022-00413
`U.S. Patent No. 9,240,009
`
`TABLE OF CONTENTS
`
`INTRODUCTION ............................................................................................. 1
`I.
`II. ARGUMENT ..................................................................................................... 2
`A. Person of Ordinary Skill in the Art ................................................................. 2
`B. Patent Owner’s Motivation to Combine Critiques Rehash Twice Rejected
`Arguments ............................................................................................................. 3
`C. Limitations [1b]/[14b]: The Combination Discloses a Secure Element ....... 12
`D. Limitations [1div]/[14div]: Dua’s WCM Prepares Data Necessary for the
`Application to Function ....................................................................................... 16
`E. Claim 16: The Combination Discloses that the Modules Displayed on the
`User Interface Can Show Another User Interface ............................................... 21
`III. CONCLUSION ............................................................................................ 25
`
`
`
`
`
`
`
`
`
`
`I.
`
`Inter Partes Review No. IPR2022-00413
`U.S. Patent No. 9,240,009
`
`INTRODUCTION
`The Challenged Claims relate to personalizing a secure element, such as a
`
`smart card, in a mobile device and provisioning an e-purse for m-commerce and e-
`
`commerce. A focus of the parties’ disputes is the claimed concept of personalizing
`
`the secure element with security keys. This key-based personalization process was
`
`well known in the prior art, having been standardized by GlobalPlatform. Indeed,
`
`even the ’009 Patent points to GlobalPlatform in support of the claimed security. Ex.
`
`1001, 15:39-41 (“a global platform to provide a security mechanism”), 18:19-20.
`
`The Petition’s base reference—Dua—teaches a smart card e-purse loaded on
`
`a mobile device. Dua acknowledges the importance of complying with then-
`
`governing smart card standards, but does not describe these standards in any detail.
`
`Nor does Dua describe basic smart card implementation details, focusing instead on
`
`smart card agnostic communication protocols. The Petition proposes that a POSITA
`
`would have looked to well-known smart card teachings to realize Dua’s goal of
`
`implementing its smart card-equipped mobile device in compliance with governing
`
`standards. Specifically, the Petition proposes that a POSITA would have looked to
`
`GlobalPlatform for its card architecture, security, life cycle models, and command
`
`teachings.
`
`Patent Owner’s (“PO”) Response (“POR”) focuses largely on the motivations
`
`underlying Petitioner’s proposal to supplement Dua’s limited smart card teachings
`
`1
`
`
`
`Inter Partes Review No. IPR2022-00413
`U.S. Patent No. 9,240,009
`with the then-dominant smart card standards. These arguments mirror those in PO’s
`
`Preliminary Response (“POPR”), which were correctly rejected at institution both
`
`in the now-terminated Samsung proceeding (IPR2021-00981, “Samsung IPR”) and
`
`the instant proceeding. Seeking a different outcome with its rehashed arguments, PO
`
`supplements the record with testimony of a declarant. But PO’s declarant not only
`
`lacks experience with smart card standards, he has no mobile commerce experience
`
`at all. Accordingly, his testimony should be accorded little to no weight.
`
`II. ARGUMENT
`A.
`Person of Ordinary Skill in the Art
`The Parties and the Board unanimously agree that the focus of the ’009 Patent
`
`is mobile payments. Petition, 1-2; POR, 1-5; ID, 4-8. Accordingly, the Board
`
`adopted Petitioner’s POSITA definition which it preliminarily held is “consistent
`
`with the ’009 patent and the asserted prior art[.]” That definition requires knowledge
`
`of “mobile payment methods and systems[,]” and at least “one year of professional
`
`experience relating to mobile payment technology.” ID, 12-13; Petition, 9.
`
`Although PO did not dispute this definition in its POPR, the POR quietly
`
`removes a requirement for mobile payment experience. POR, 7. The POR does not
`
`acknowledge this definition shift, nor does it provide any justification for removing
`
`this key requirement. PO’s strategy is transparent. It seeks to rely on an unqualified
`
`declarant who admitted he has no specific mobile payment technology experience,
`
`2
`
`
`
`Inter Partes Review No. IPR2022-00413
`U.S. Patent No. 9,240,009
`no experience with e-purses, no experience with the relevant protocols, and no
`
`educational experience to remedy his professional deficiencies. Ex. 1045 (Gomez
`
`Tr.), 8:11-19, 9:7-20:4, 37:8-39:9, 50:15-51:18. To do so, PO must redefine a
`
`POSITA’s qualifications. Yet PO makes no attempt to justify this significant shift.
`
`As the Board correctly found at institution and as Petitioner’s expert explains
`
`in a supplemental declaration, experience with mobile payments is required. Ex.
`
`1046 (Supp. Dec.), ¶¶4-10. Accordingly, the Board should make its preliminary
`
`findings on the requisite level of skill final and accord Mr. Gomez’s unqualified
`
`testimony little to no weight. Best Med. Int.’l, Inc. v. Elekta Inc., 46 F.4th 1346,
`
`1353-54 (Fed. Cir. 2022) (affirming Board’s decision to discount testimony where
`
`the declarant failed to satisfy POSITA definition).
`
`B.
`
`Patent Owner’s Motivation to Combine Critiques Rehash Twice
`Rejected Arguments
`PO advances the same motivation to combine critiques that the Board soundly
`
`rejected twice at institution. Namely, the POPR argued (1) that Dua’s security
`
`renders GlobalPlatform redundant, (2) that there is no flaw in Dua necessitating
`
`GlobalPlatform, and (3) that the combination would destroy Dua’s allegedly
`
`“important” SIP-based wireless device targeting. POPR, 12-17.
`
`Instituting the Samsung IPR, the Board first rejected [PO]’s redundancy
`
`arguments, finding “Petitioner has identified a concrete benefit from combining Dua
`
`with GlobalPlatform—namely, compatibility of Dua’s wallet application with the
`
`3
`
`
`
`Inter Partes Review No. IPR2022-00413
`U.S. Patent No. 9,240,009
`‘most important international specification’ for Smart Cards.” Samsung IPR ID, 23.
`
`The Board also disagreed “that the use of SIP is an essential aspect of Dua’s
`
`invention” such that replacing SIP would destroy some contrived central objective
`
`for server-side targeting of devices—a purported “objective” not found in the claims.
`
`Id., 22.
`
`Similarly, the Board here disagreed “that the use of SIP is ‘key’ to Dua’s
`
`invention[,]” finding that a plethora of express motivations in Dua’s disclosures
`
`motivate combination with GlobalPlatform and that Petitioner established a
`
`sufficient rationale for its combination by identifying a “concrete benefit” of
`
`improved interoperability. ID, 21-23. Here, the POR simply reasserts the same
`
`arguments (POR, 8-18), supplementing the record with the testimony of a declarant
`
`with no relevant mobile payment experience that would inform the motivation at
`
`issue (supra, Sec. II.A) who simply parrots the positions in PO’s brief. Xerox Corp.
`
`v. Bytemark, Inc., IPR2022-00624, Paper 9, *15 (PTAB Aug. 24, 2022)
`
`(precedential) (affording little weight to expert’s opinions which restate attorney
`
`arguments without additional supporting evidence or reasoning).
`
`At the outset, the law does not demand a “flaw” in a reference to make a
`
`combination. Petitioner must show only that “there is something in the prior art as a
`
`whole to suggest the desirability…of making the combination[.]” Intel Corp. v.
`
`Qualcomm Inc., No. 2020-2092, WL 880681, *4 (Fed. Cir. Mar. 24, 2022) (internal
`
`4
`
`
`
`Inter Partes Review No. IPR2022-00413
`U.S. Patent No. 9,240,009
`citations omitted); see also Realtime Data, LLC v. Iancu, 912 F.3d 1368, 1374 (Fed.
`
`Cir. 2019) (describing exemplary means to find motivation to combine). At
`
`institution, the Board correctly reasoned that Petitioner identified a “concrete
`
`benefit” from combining Dua with GlobalPlatform. ID, 22. As outlined in the
`
`Petition, while Dua discloses its wireless device includes “an embedded smart card”
`
`where its extensions reside (Dua, [0295]), “Dua does not describe conventional
`
`smart card implementation details.” Petition, 15; Ex. 2009 (Smith Tr., 45:10-11
`
`(“[Dua] was very light, almost non-existent on smart card detail”)); Ex. 1045
`
`(Gomez Tr.), 23:23-28:10, 64:21-65:7. To provide this implementation detail, a
`
`POSITA would look to GlobalPlatform—the dominant standard at the time. Petition,
`
`14-16; Realtime Data, LLC, 912 F.3d at 1374 (affirming motivation to look to well-
`
`known text to better understand or interpret base reference).
`
`Neither PO nor its expert rebut this framework. Instead, PO doubles down on
`
`its previously rejected position that incorporating GlobalPlatform into Dua would
`
`“destroy” the allegedly critical feature of using SIP to securely target a particular
`
`wireless device, creating an endpoint-to-endpoint connection. POR, 9-10, 12-13. But
`
`PO’s argument is premised on a critical misunderstanding of Petitioner’s
`
`combination—that Petitioner’s combination “discard[s]” SIP entirely. Id., 12-13.
`
`The claims of the ’009 Patent require establishing an initial connection between
`
`endpoints (e.g., between the smart card and a server) to (1) download the application
`
`5
`
`
`
`Inter Partes Review No. IPR2022-00413
`U.S. Patent No. 9,240,009
`and (2) send application identifying information to the server. Petition, limitations
`
`[1di] and [1dii]. The Petition expressly maps Dua’s “SIP session” to this initial
`
`connection such that GlobalPlatform’s processes occur over the established SIP
`
`session. Petition, 22 (describing GlobalPlatform’s receipts transmitted “via the
`
`wireless SIP session”), 23 (downloading extensions “during a SIP session”). In the
`
`combination, GlobalPlatform then establishes a secure channel within Dua’s SIP
`
`session to securely receive personalization data. Petition, 24-26, 28-29. The Petition,
`
`therefore, does not “discard” SIP but expressly retains Dua’s SIP functionality to
`
`establish endpoint connections, as the claims require.
`
`The POR does not argue that GlobalPlatform’s secure channel establishment
`
`is in any way incompatible with an established SIP session. POR, 8-18 (arguing only
`
`the SIP should not be wholly discarded—a mischaracterization of the proposed
`
`grounds). Nor is there any evidence on this record of such incompatibility. As
`
`Petitioner’s expert explains in detail, GlobalPlatform’s personalization techniques
`
`are entirely compatible with an initial SIP session. Ex. 1046 (Supp. Dec.), ¶¶11-27.
`
`In Dua, the WCM server uses SIP to create a “pipe” (i.e., connection) between
`
`endpoints. Ex. 1046 (Supp. Dec.), ¶¶13-16; Ex. 2009, 43:4-15, 46:2-47:17. In Dua’s
`
`native system, a secured channel can be established over this SIP “pipe” using TLS
`
`and S/MIME. But both TLS and S/MIME are generic encryption and security
`
`protocols. Ex. 1045 (Gomez Tr.), 31:5-32:14 (Mr. Gomez admits he has not seen
`
`6
`
`
`
`Inter Partes Review No. IPR2022-00413
`U.S. Patent No. 9,240,009
`SIP, TLS, or S/MIME used for financial transactions outside of Dua). The Petition
`
`established that a POSITA would be motivated to employ GlobalPlatform for an
`
`improved, smart card-specific, mechanism to secure the communications. Petition,
`
`14-16; Ex. 1046 (Supp. Dec.), ¶¶13-16. This smart card-specific security would be
`
`implemented over the SIP “pipe.” Ex. 1046 (Supp. Dec.), ¶¶13-16. As Dua expressly
`
`teaches, “all security mechanisms available for HTTP (RFC 2617) can also be
`
`applied to SIP sessions.” Ex. 1004 (Dua), [0201]. And it was well known that
`
`GlobalPlatform-secured transactions were compatible with HTTP communications
`
`sessions. Ex. 1046 (Supp. Dec.), ¶¶13-21. Tellingly, neither PO nor its declarant
`
`identify any evidence disputing that GlobalPlatform could be used to secure a
`
`transaction over Dua’s SIP “pipe.”
`
`PO also criticizes Petitioner’s expert, arguing that Mr. Smith’s expertise
`
`purportedly “has nothing to do with networking.” POR, 11. But this case is not about
`
`networking. PO’s own expert, Mr. Gomez, characterizes the ’009 Patent as targeting
`
`methods and system for “provisioning an application such as an electronic purse
`
`configured for both electronic commerce (a.k.a., e-commerce) and mobile
`
`commerce (a.k.a., m-commerce)[,]” rather than generic networking. Ex. 2007, ¶34;
`
`Ex. 1045 (Gomez Tr.), 7:19-8:3. PO’s criticisms are a transparent attempt to
`
`misdirect the focus of this case from smart-card transactions to generic networking
`
`in an effort to distract from Mr. Gomez’s lack of relevant experience. Ex. 1045
`
`7
`
`
`
`Inter Partes Review No. IPR2022-00413
`U.S. Patent No. 9,240,009
`(Gomez Tr.), 9:7-20:4, 37:8-39:9, 50:15-51:18. This sleight of hand should be
`
`rejected.
`
`In stark contrast to PO’s declarant who has no relevant smart card experience,
`
`Petitioner’s expert, Mr. Smith, testified that he spent most of his life at the low level
`
`of contact and contactless smart cards and protocols and was even on the board of
`
`GlobalPlatform around the effective filing date of the ’009 patent. Compare Ex.
`
`1045 (Gomez Tr.), 9:7-20:4, 37:8-39:9, 50:15-51:18 with Ex. 2009, 43:20-24, 87:10-
`
`88:11; Ex. 1003 at ¶59 (Mr. Smith was “part of the GlobalPlatform organization
`
`during the relevant time-frame”). Thus, Mr. Smith is the only expert with relevant
`
`smart card and mobile payment technology expertise and his testimony supporting
`
`the proposed combination should be accorded significant weight.1
`
`
`1 PO also mischaracterizes Mr. Smith’s testimony to infer that “the field of the
`
`invention” was unpredictable and no solutions were obvious. POR, 11-12 (citing Ex.
`
`2009 at 93:8-23, 96:13-97:13). Read in context, Mr. Smith simply testified that, by
`
`2006, mobile payments in the United States were less developed than in Europe. Ex.
`
`2009, 91:13-97:13. This does not take away from the proposed combination, which
`
`relies on GlobalPlatform—the “most important international specification” for smart
`
`cards (Ex. 1003, ¶100)—and Philips—a “very popular smart card platform” (Ex.
`
`2009, 38:5-7). Both were well-settled during the relevant time-period.
`
`
`
`8
`
`
`
`Inter Partes Review No. IPR2022-00413
`U.S. Patent No. 9,240,009
`Finally, PO disputes that Dua expressly motivates a POSITA to implement
`
`known standards like GlobalPlatform. POR, 14-18. As detailed in the Petition, Dua
`
`expressly acknowledges the value of ensuring compatibility with card organization
`
`standards. Petition, 14-16 (citing Dua, [0525] (“[EMV-Compliant—The] wallet
`
`application should meet standards defined by card organizations”). As further
`
`detailed in the Petition, modifying Dua pursuant to GlobalPlatform and Philips
`
`furthers this goal, enabling Dua’s payment methods to comply with then governing
`
`standards. Petition, 14-16. None of PO’s arguments disputing this straightforward
`
`motivation have merit.
`
`Relying on its expert, an individual with no smart card or mobile payment
`
`technology experience, PO first argues that Dua does not motivate the combination
`
`because GlobalPlatform “is not a card organization” and even suggests that
`
`GlobalPlatform “is not payment-related” at all. POR, 16. PO and its expert are
`
`wrong. GlobalPlatform’s opening line explains that it is “an organization that has
`
`been established by leading companies from the payments and communications
`
`industries.” Ex. 1006, 16 (emphasis added). Indeed, GlobalPlatform traces its
`
`history to one of the most widely recognized card organizations, Visa, originally
`
`referred to as Visa Open Platform, then renamed Open Platform, and finally taking
`
`the name GlobalPlatform. Ex. 1003, ¶¶43-44, 82, 100, 103. Further, Petitioner’s
`
`declarant, Gerald Smith, served as a Board Member of the GlobalPlatform
`
`9
`
`
`
`Inter Partes Review No. IPR2022-00413
`U.S. Patent No. 9,240,009
`governance body from 2000-2002 on behalf of American Express—another of the
`
`world’s most widely recognized card organizations. GlobalPlatform also explains
`
`that its goal is interoperability across industries and card organizations. Ex. 1006, 16
`
`(explaining the “goal is to reduce barriers hindering the growth of cross-industry”
`
`smarts cards). Because GlobalPlatform is an organization established by card
`
`organizations with the specific mission of ensuring smart card interoperability, a
`
`POSITA would have understood GlobalPlatform precisely aligns with Dua’s express
`
`interoperability goal that its “wallet application should meet standards defined by
`
`card organizations.” Ex. 1046 (Supp. Dec.), ¶¶22-27; Ex. 1003, 100.
`
`Second, PO argues paragraph [0525] in Dua should be read to narrowly
`
`suggest only that its “wallet application should meet the EMV standard,” and not
`
`more broadly to encourage interoperability with standards like GlobalPlatform.
`
`POR, 16. As an initial matter, PO relies entirely on the unqualified testimony of Mr.
`
`Gomez for this interpretation, which should be accorded little to no weight.
`
`However, even if Dua was specifically referencing EMV, PO fails to acknowledge
`
`that
`
`the EMV standard
`
`itself expressly
`
`recommends complying with
`
`GlobalPlatform. Ex. 2003, 16 (noting EMV “cannot be considered in isolation” and
`
`stressing
`
`the
`
`importance of “[a]lign[ing] with standards bodies such as
`
`GlobalPlatform”). This is not surprising. A POSITA would have been well aware
`
`10
`
`
`
`Inter Partes Review No. IPR2022-00413
`U.S. Patent No. 9,240,009
`that the smart card industry encouraged interoperability in many respects and across
`
`many complementary standards. Ex. 1046 (Supp. Dec.), ¶¶25-26.
`
`Relatedly, Dua encourages compatibility with the Java platform and Java
`
`applets—encouragement
`
`that would have motivated a POSITA
`
`to use
`
`GlobalPlatform for personalization because “GlobalPlatform ‘has primarily become
`
`the de facto standard for loading and managing Java-based applications[.]” Petition,
`
`15-16. PO suggests that Dua’s references to Java have nothing to do with Dua’s
`
`smart card and instead merely propose Java as an operating system for Dua’s mobile
`
`phone. POR, 17-18. Critically, PO does not identify what operating system would
`
`have run Dua’s smart card if not Java and does not identify any technical reason why
`
`Dua’s smart card would not implement Java Card. PO’s observation does not take
`
`away from the motivation to combine. Indeed, that Dua fails to describe the
`
`implementation details of its smart card is one of the fundamental premises
`
`underlying the proposed combination—because Dua does not describe how its smart
`
`card would be implemented, a POSITA would have been motivated to rely on then-
`
`governing smart card standards. Petition, 14-16. A POSITA would have known that
`
`Dua’s smart card requires an operating system and would have known Java Card
`
`was a dominant option at the time. Ex. 1046 (Supp. Dec.), ¶¶27. Given its silence on
`
`the smart card implementation specifics, a POSITA would have interpreted Dua’s
`
`11
`
`
`
`Inter Partes Review No. IPR2022-00413
`U.S. Patent No. 9,240,009
`repeated references to Java more broadly than PO contends, recognizing Dua would
`
`be compatible with a Java smart card. Ex. 1046 (Supp. Dec.), ¶¶27.
`
`Accordingly, none of PO’s rehashed arguments give the Board reason to
`
`modify its initial findings and the Board should make these findings final.
`
`C. Limitations [1b]/[14b]: The Combination Discloses a Secure
`Element
`The POPR argued that neither Dua nor GlobalPlatform individually “make
`
`any mention of a ‘secure element’[,]” that Petitioner “makes no showing that all
`
`smart cards are ‘secure elements’[,]” and that Petitioner “cites no support—not even
`
`its expert’s declaration—for the proposition that a smart card with GlobalPlatform
`
`would be a secure element.” POPR, 11-12. The Board disagreed, “determin[ing] that
`
`Petitioner has adequately shown that the combination of Dua and GlobalPlatform
`
`accounts for limitation [1b].” ID, 20. Specifically, the Board found that the ’009
`
`Patent provides that “[t]he ‘secure element’ (SE) in the patent ‘may be in the form
`
`of a smart card’” and thus there “is support for Petitioner’s contentions that the smart
`
`cards described in Dua and GlobalPlatform account for this limitation.” ID, 20
`
`(citing Ex. 1001, 6:45, 6:58-62).
`
`To supplement its POPR arguments, the POR seeks to narrowly interpret
`
`“secure element” to excludes the proposed combination’s secure smart card. POR,
`
`18-20 (citing Ex. 2007, ¶¶72-75). Specifically, the POR proposes a “secure element”
`
`must “provide[] the necessary security, such as by being tamper-resistant.” Id.
`
`12
`
`
`
`Inter Partes Review No. IPR2022-00413
`U.S. Patent No. 9,240,009
`(further contending a smart card may only be a secure element if it provides “the
`
`required level of security and features.” Id. Beyond these vague suggestions that
`
`some level of heightened security is required, tamper resistance is the sole example
`
`ever discussed.
`
`Tellingly, neither PO nor its declarant actually argues that the proposed
`
`combination fails to teach a “secure element.” Instead, they proffer a vague standard
`
`of heightened security and argue Apple has failed to show the prior art meets it. As
`
`set forth below, the proposed combination of Dua and GlobalPlatform provides the
`
`same level of security contemplated by the ’009 Patent—the ’009 Patent teaches that
`
`a secure element can be made tamper resistant by implementing a key-based security
`
`scheme, and the proposed combination includes precisely this type of security.
`
`Accordingly, even if the Board concludes the claims require a heightened level of
`
`security, the proposed combination satisfies that requirement.
`
`But the Board need not construe the claims so narrowly. Neither the POR’s
`
`intrinsic record citations nor its declarant’s support demand it. Beginning with the
`
`intrinsic record, the POR relies on vague statements that provide no guidance as to
`
`how one might assess the heightened level of security that PO insists is required of
`
`a “secure element.” POR, 19-20 (citing testimony of Mr. Gomez, ¶¶72-75 which
`
`simply parrots the POR arguments). At the outset, the claims do not recite a “tamper-
`
`resistant secure element.” The plain language provides no such qualifications,
`
`13
`
`
`
`Inter Partes Review No. IPR2022-00413
`U.S. Patent No. 9,240,009
`requiring only “an interface to receive a secure element” (claim 1b) or simply “a
`
`secure element” (claim 14). Nor do the intrinsic record citations provide any
`
`guidance. At p. 19, the POR cites a single passage to support its position, but that
`
`passage merely notes that an exemplary “secure element” is a tamper proof smart
`
`card:
`
`In one embodiment, the SE 102 is a tamper proof Smart Card chip
`capable to embed smart card-grade applications (e.g., payment,
`transport . . . ) with the required level of security and features.
`Ex. 1001, 6:61-64 (emphasis added). It does not provide any other examples of
`
`heightened security that might inform PO’s proposed interpretation. Similarly, the
`
`POR cites a single passage from the file history, which simply states that “a secure
`
`element is a tamper-resistant device.” POR, 19 (citing Ex. 1042, 238-239). This also
`
`provides no guidance as to what satisfies the heightened level of security beyond the
`
`possibility of tamper resistance.
`
`PO’s reliance on its declarant fares no better. His testimony is replete with
`
`ambiguity and contradictions. In his declaration, Mr. Gomez testified that “while
`
`some secure elements may be smart cards, not all smart cards are secure elements.”
`
`Yet, on cross examination, Mr. Gomez contradicted his direct testimony, claiming
`
`that smart cards and secure elements at the time of the ’009 Patent “were distinctly
`
`different.” Ex. 1045 (Gomez Tr.), 53:2-54:1 (confirming that these two components
`
`were “separate and unrelated”). Mr. Gomez doubled down on further questioning,
`
`14
`
`
`
`Inter Partes Review No. IPR2022-00413
`U.S. Patent No. 9,240,009
`explaining that the heightened level of security required of a “secure element” is
`
`assessed relative to a smart card, noting “the reason for the secure element was to
`
`distinguish it from [a] smart card.” Id., 54:2-55:8 (noting the testing of a secure
`
`element “was much higher than you would find on any smart card”). As the Board
`
`found at institution and as Mr. Gomez conceded in his declaration, smart cards with
`
`security features are “secure elements,” as claimed. Mr. Gomez’s contradictory
`
`testimony on cross examination should be rejected as inconsistent with his prior
`
`testimony and wholly unsupported by the record.
`
`Despite PO’s attempt to avoid ascribing concrete meaning to “secure
`
`element,” the record provides some guidance on the meaning of tamper resistance.
`
`The ’009 Patent explains that, to be “tamper-resistant,” SE 102 can be “installed with
`
`a set of default keys (e.g., an Issuer Security Domain (ISD) key set by the SE
`
`manufacturer)” and that “the SE 102 may be in the form of a smart card.” Ex. 1001,
`
`6:55-64. PO’s expert, Mr. Gomez, confirmed the same when questioned on his
`
`interpretation of “secure element.” Ex. 1045 (Gomez Tr.), 57:7-11 (confirming
`
`“heightened security…through software such as a key-based encryption scheme”
`
`can satisfy “the claimed secure element”), 57:20-58:2. Under this meaning, in which
`
`a smart card is a secure element if equipped with encryption key-based security, the
`
`proposed combination
`
`includes
`
`such a
`
`secure element. Petition, 24
`
`(“GlobalPlatform’s Issuer Security Domain” “key set” installed on the smart card
`
`15
`
`
`
`Inter Partes Review No. IPR2022-00413
`U.S. Patent No. 9,240,009
`for secure channel establishment); Ex. 1046 (Supp. Dec.), ¶¶29-35. Indeed, the
`
`Petition relied on GlobalPlatform’s “security architecture” that “protects the
`
`‘structure and function of cards within the GlobalPlatform system’ for the life of the
`
`card—thus providing a ‘secure element’ as claimed.” Id., 15 (citing Ex. 1006, 16,
`
`32); see also id., 17 (citing Ex. 1003, ¶¶113-115, further explaining that “it would
`
`have been obvious to implement Dua’s smart card as a ‘secure element’ using
`
`GlobalPlatform to secure the ‘embedded smart card.’”), 19 (noting in the
`
`combination, Dua implements a “GlobalPlatform-compliant smart card, and this a
`
`secure element”). Thus, a GlobalPlatform-compliant smart card in the proposed
`
`combination
`
`is secured with key-based encryption, satisfying even PO’s
`
`interpretation of this limitation. Ex. 1046 (Supp. Dec.), ¶¶28-37.
`
`D. Limitations [1div]/[14div]: Dua’s WCM Prepares Data Necessary
`for the Application to Function
`PO argues generally that Dua’s WCM server does not “‘prepare data
`
`necessary for’ the application or modules to function as designed.” POR, 20-24
`
`(arguing that merely forwarding data is not “preparing” that data within the meaning
`
`of this limitation). PO is wrong. Both “Dua alone” and Dua “in view of
`
`GlobalPlatform render this limitation obvious.” Petition, 26.
`
`Starting with Dua’s teachings, the Petition explains that “Dua’s WCM
`
`prepares personalization data [i.e., Personalization File] for transmission in SIP
`
`payloads” including the “credentials” and “encryption keys” in Dua which are
`
`16
`
`
`
`Inter Partes Review No. IPR2022-00413
`U.S. Patent No. 9,240,009
`needed before conducting a transaction. Id. (citing Dua, [0026], [0057]-[0058],
`
`[0215], [0297]; Ex. 1003, ¶147). PO argues here (as it did against Samsung) that this
`
`personalization data is not “prepared by” the WCM and that “the WCM merely
`
`receives the [data] and forwards it to the user’s device.” POR, 20. The Board rejected
`
`these arguments in the Samsung IPR, finding that “Petitioner’s contention that Dua’s
`
`WCM ‘prepares’ that data, as that term would be ordinarily understood by person of
`
`ordinary skill, is supported by its declarant Mr. Smith” and that “to the extent that
`
`Patent Owner argues that merely forwarding data is somehow outside the scope of
`
`‘prepare,’ we note that Dua’s WCM is not limited to merely forwarding data, but
`
`‘may also have the ability to make edits [to the Personalization File] in order to
`
`ensure proper formatting.’ Ex. 1004 ¶63.” Samsung IPR ID, 20.
`
`Given the Board’s correct conclusion that Dua’s WCM may edit the file
`
`before transmitting, the POR newly proposes “prepared by” more narrowly
`
`“requir[es] an active role in generating or obtaining the application keys.” POR, 21
`
`(citing Ex. 1001, 13:25-34; Ex. 2007, ¶¶80-83); see also Ex. 1045 (Gomez Tr.),
`
`60:17-63:4 (confirming that the alleged key concept underlying the claimed concept
`
`of preparing data is that the data is actually generated by the server). As an initial
`
`matter, PO fails to identify a single instance in which the ’009 Patent defines, or
`
`even uses, the term “prepared by” outside the claim language. PO instead points to
`
`two exemplary means for preparing data discussed in the ’009 Patent. POR, 21. But
`
`17
`
`
`
`Inter Partes Review No. IPR2022-00413
`U.S. Patent No. 9,240,009
`even these two examples fail to support PO’s attempt to import a data “generation”
`
`requirement in the claimed data preparation. Indeed, the POR’s description of a “first
`
`mode” unambiguously describes a TSM server (the claimed server) with no ability
`
`to generate its own application keys, forcing it to request keys from a separate
`
`component that is capable of generating them. POR, 21. PO does not wrestle with
`
`this inconsistency. Put simply, if one of two examples in the ’009 describes a server
`
`that cannot generate keys, it is wholly improper to import into the claims a
`
`requirement that the server generate its own keys.
`
`Turning next to the Petition’s theory based on Dua in view of GlobalPlatform,
`
`the Petition explains that when Dua’s embedded smart card is a GlobalPlatform-
`
`compliant smart card, Dua’s WCM prepares an INSTALL command to install the
`
`application, “which is data necessary for the application to function as designed on
`
`a GlobalPlatform smart card.” Petition, 27. PO does not dispute that, in the
`
`combination, Dua’s WCM prepares this INSTALL command, but the POR argues
`
`that “GlobalPlatform’s command is not preparing data.” POR, 22. In support, PO
`
`cherry picks disparate passages in the ’009 Patent’s specification to manufacture a
`
`purported distinction between preparing commands and preparing data. Id.
`
`(comparing Ex. 1001, 13:10-21 and 9:11-14). PO also proffers the unsupported
`
`testimony of Mr. Gomez, which improperly parrots the arguments in PO’s brief and
`
`should be rejected. Id. (Ex. 2007, ¶85); Xerox Corp., IPR2022-00624, Paper 9, *15.
`
`18
`
`
`
`Inter Partes Review No. IPR2022-00413
`U.S. Patent No. 9,240,009
`The Petition establishes that Dua’s INSTALL command is data necessary to
`
`load and install the application on the GlobalPlatform smart card and that this
`
`command is sent from the WCM. Petition, 27. That is all that is required from the
`
`plain language of the claims and PO’s single paragraph of unsupported expert
`
`testimony echoing its brief does not change the analysis. POR, 22 (citing Ex. 2007,
`
`¶85); Xerox Corp., IPR2022-00624, Paper 9, *15. On the other hand, Petitioner’s
`
`expert unequivocally opined, with support, that preparing the INSTALL command
`
`is “data necessary for the application to function.” Ex. 1003, ¶148 (citing Ex. 1004,
`
`[0215]; Ex. 1006, 44, 65-66, 88, 102).
`
`Finally, the Petition advances an additional example where the WCM prepares
`
`data for the application to function—Dua’s WCM prepares personalization data
`
`(e.g., keys and cardholder-specific data), which facilitates “the proper functioning
`
`of the application with the smart card[.]” Petition, 27. PO again erroneously surmises
`
`that this data is not prepared by the WCM and argues that Apple’s interpretation of
`
`the references is “counter to GlobalPlatform’s disclosure.” POR, 22-24. Both are
`
`incorrect.
`
`First, Dua’s WCM does in fact prepare this personalization data. The Petition
`
`establishes that the “personalization data and keys” are received “through an
`
`INSTALL [for personalization] command” a
Accessing this document will incur an additional charge of $.
After purchase, you can access this document again without charge.
Accept $ Charge
Still Working On It
This document is taking longer than usual to download. This can happen if we need to contact the court directly to obtain the document and their servers are running slowly.
Give it another minute or two to complete, and then try the refresh button.
A few More Minutes ... Still Working
It can take up to 5 minutes for us to download a document if the court servers are running slowly.
Thank you for your continued patience.
This document could not be displayed.
We could not find this document within its docket. Please go back to the docket page and check the link. If that does not work, go back to the docket and refresh it to pull the newest information.
Your account does not support viewing this document.
You need a Paid Account to view this document. Click here to change your account type.
Your account does not support viewing this document.
Set your membership
status to view this document.
With a Docket Alarm membership, you'll
get a whole lot more, including:
- Up-to-date information for this case.
- Email alerts whenever there is an update.
- Full text search for other cases.
- Get email alerts whenever a new case matches your search.
One Moment Please
The filing “” is large (MB) and is being downloaded.
Please refresh this page in a few minutes to see if the filing has been downloaded. The filing will also be emailed to you when the download completes.
Your document is on its way!
If you do not receive the document in five minutes, contact support at support@docketalarm.com.
Sealed Document
We are unable to display this document, it may be under a court ordered seal.
If you have proper credentials to access the file, you may proceed directly to the court's system using your government issued username and password.
Access Government Site
