`
`UNITED STATES PATENT AND TRADEMARK OFFICE
`__________________
`
`BEFORE THE PATENT TRIAL AND APPEAL BOARD
`__________________________________________________________________
`
`
`APPLE INC.,
`
`Petitioner,
`
`v.
`
`RFCYBER CORP.,
`
`Patent Owner.
`
`
`Patent No. 9,240,009
`Filing Date: January 16, 2012
`Issue Date: January 19, 2016
`
`Inventors: Liang Seng Koh, Hsin Pan, and Xiangzhen Xie
`Title: MOBILE DEVICES FOR COMMERCE OVER
`UNSECURED NETWORKS
`
`__________________________________________________________________
`
`PATENT OWNER’S SUR-REPLY
`
`Case No. IPR2022-00413
`__________________________________________________________________
`
`
`
`
`
`
`
`
`
`TABLE OF CONTENTS
`
`IPR2022-00413
`PATENT NO. 9,240,009
`
`Page(s)
`
`B.
`
`C.
`
`INTRODUCTION ........................................................................................... 1
`ARGUMENT ................................................................................................... 2
`A.
`Patent Owner’s Proposal for the Ordinary Level of Skill is
`Correct, and Patent Owner’s Expert is Qualified .................................. 2
`A POSITA Would Not Combine Dua with GlobalPlatform
`and/or Philips ......................................................................................... 6
`Limitations of the Asserted References Do Not Disclose or
`Render Obvious a “secure element” (claims 1 and 14) ......................14
`The Asserted References Do Not Disclose or Render Obvious
`“wherein the server is configured to prepare data necessary for
`the [application/each of the modules] to function as designed on
`the mobile device” (claims 1 and 14) ..................................................16
`The Asserted References Do Not Disclose or Render Obvious
`“a display configured to display a user interface showing some
`of the modules that are still provisioned and active, each of the
`modules
`is configured
`to show another user
`interface
`particularly designed for the display of the mobile device when
`the each of the modules is activated by a user” (claim 16) .................19
`
`D.
`
`E.
`
`
`
`
`I.
`II.
`
`
`
`i
`
`
`
`
`
`TABLE OF AUTHORITIES
`
`IPR2022-00413
`PATENT NO. 9,240,009
`
` Page(s)
`
`Cases
`Belden Inc. v. Berk-Tek LLC,
`805 F.3d 1064 (Fed. Cir. 2015) .......................................................................... 14
`Chemours Co. FC, LLC v. Daikin Indus., Ltd.,
`4 F.4th 1370 (Fed. Cir. 2021) ............................................................................... 6
`Personal Web Techs., LLC v. Apple, Inc.,
`848 F.3d 987 (Fed. Cir. 2017) ............................................................................ 13
`Samsung Elecs. Am., Inc. v. RFCyber Corp.,
`IPR2021-00979, Paper 10 (P.T.A.B. Dec. 14, 2021) ......................................... 17
`Sandbox Logistics LLC v. Proppant Express Invs. LLC,
`813 Fed. Appx. 548 (Fed. Cir. 2020) .................................................................... 8
`Sanofi-Synthelabo v. Apotex, Inc.,
`550 F.3d 1075 (Fed. Cir. 2008) .......................................................................... 13
`Trivascular, Inc. v. Samuels,
`812 F.3d 1056 (Fed. Cir. 2016) ............................................................................ 6
`Statutes
`35 U.S.C. 324 ............................................................................................................. 4
`Other Authorities
`37 C.F.R. § 42.207 ..................................................................................................... 5
`
`
`
`
`
`ii
`
`
`
`
`I.
`
`INTRODUCTION
`Apple Inc. (“Petitioner” or “Apple”) has failed to show that claims 1-17
`
`IPR2022-00413
`PATENT NO. 9,240,009
`
`(“challenged claims”) of the ’009 Patent are invalid and, on Reply, fails to rebut
`
`Patent Owner’s arguments. The Board should issue a Final Written Decision finding
`
`all of the Challenged Claims not unpatentable for the reasons set forth below and in
`
`Patent Owner’s Response (the “POR”).
`
`First, Apple fails to rebut that a POSITA would not have any reason or
`
`motivation to combine Dua with GlobalPlatform. Apple does not substantively
`
`address its own expert’s admissions that he does not have any expertise in network
`
`protocols, a central feature of his alleged motivation to combine, that the field of the
`
`invention was unpredictable, and that there were no obvious solutions. Nor does
`
`Apple identify any deficiencies in Dua, or any benefit that would supply a reason
`
`and/or motivation to replace or modify Dua’s SIP-based protocols with
`
`GlobalPlatform. Instead Apple introduces a supplemental declaration and raises
`
`wholesale new arguments alleging that it is (somehow) possible to add
`
`GlobalPlatform without entirely replacing SIP entirely. This is inconsistent with
`
`Apple’s own arguments in the Petition and, in any case, does not cure Apple’s failure
`
`to provide a justification defeating Dua’s aim of leveraging existing channels (such
`
`as SIP) by importing GlobalPlatform. Finally, Apple resorts to baseless mudslinging
`
`against the qualifications of Patent Owner’s expert, Mr. Gomez. But as discussed
`
`1
`
`
`
`
`below infra Section II.A., Apple’s arguments are premised on an unduly narrow
`
`IPR2022-00413
`PATENT NO. 9,240,009
`
`formulation of the level of ordinary skill in the art and, Mr. Gomez is qualified under
`
`both parties’ proposals. Apple’s combination fails on this basis.
`
`Second, despite raising a slew of new arguments, Apple fails to show that its
`
`combination discloses or renders obvious a “secure element,” any “server configured
`
`to prepare data necessary” for applications or modules to function, or any display
`
`with a user interface configured to show “another user interface . . . when each of
`
`the modules is activated by a user.” Apple’s arguments rely on the false premise that
`
`its own expert is credible (despite his admissions to the contrary), while the
`
`testimony of Patent Owner’s expert should be discounted entirely. But as set forth
`
`below infra Section II, Apple fails to show that any of these limitations are disclosed
`
`or rendered obvious, and the Board should further find that the challenged claims
`
`are not unpatentable on this basis.
`
`II. ARGUMENT
`Patent Owner’s Proposal for the Ordinary Level of Skill is
`A.
`Correct, and Patent Owner’s Expert is Qualified
`Patent Owner’s proposed level of ordinary skill in the art is correct, and its
`
`expert is qualified, irrespective of which proposed level of skill in the art is applied.
`
`Petitioner’s reply argues from the false premise that Patent Owner’s expert is
`
`somehow unqualified and repeatedly relies on this assertion. To reach this
`
`conclusion, Petitioner (1) wrongly suggests that a POSITA need have direct
`
`2
`
`
`
`
`experience with “payments” (without exception) and (2) wrongly asserts that
`
`IPR2022-00413
`PATENT NO. 9,240,009
`
`Mr. Gomez does not have relevant experience.
`
`First, Patent Owner’s proposed level of ordinary skill is correct. Patent Owner
`
`proposes that “[a] person of ordinary skill in the art would have a Bachelor’s degree
`
`in Computer Science, Computer Engineering, or Applied Mathematics, with 2 or
`
`more years of academic or industry experience in computer security, network
`
`security or mobile payment technology.” POR at 7. (emphasis added). Petitioner
`
`proposed that “a POSITA would have had at least a bachelor’s degree in computer
`
`science, computer engineering, electrical engineering or an equivalent, and about
`
`one year of professional experience relating to mobile payment technology.” Pet.
`
`at 9. (emphasis added). Patent Owner’s proposal, which has a greater experience
`
`requirement than Petitioner’s, addresses that the claimed arrangement of security
`
`features, such as “device information of a secure element” and “secured channel[s]
`
`between the secure element and the server using a key set installed on the secure
`
`element,” among others. The ’009 Patent also highlights the importance of
`
`“authentic and secured transactions” (Ex. 1001 at Abstract) and teaches that
`
`“[e]qually important to these entities or players, is the need for ongoing security and
`
`confidentiality of sensitive applications and data downloaded to and stored on an
`
`NFC enabled handset.” Id. at 6:26-32. Petitioner’s own expert acknowledges that
`
`education related to “secure communications, secure memory devices, and
`
`3
`
`
`
`
`potentially smart cards” is relevant to the level of ordinary skill. Ex. 1003, ¶ 28.
`
`IPR2022-00413
`PATENT NO. 9,240,009
`
`Patent Owner’s proposal acknowledging that a range of experience related to
`
`security computer and network security is relevant to the invention is therefore
`
`correct.
`
`Without identifying any support in the ’009 Patent, Petitioner seeks to limit
`
`the field of relevant experience exclusively to “mobile payment technology.” Reply
`
`at 2-3. This formulation is unduly narrow and ignores both the majority of the
`
`claimed limitations (which relate to computer or network security) and its own
`
`expert’s admissions, as noted above. The fact that the invention of the ’009 Patent is
`
`generally related to “commerce over networks” is not a basis for limiting the level
`
`of ordinary skill to “professional experience in mobile payments.” Ex. 1001 at 1:18-
`
`21. Indeed, Petitioner does not substantively address the ’009 Patent’s “technical
`
`field” or “description of the related art.” Instead, Petitioner wrongly asserts that
`
`“removed a requirement” and relies on the fact that Patent Owner did not dispute the
`
`level of ordinary skill of the art solely for purposes of its POPR, baselessly
`
`suggesting that Patent Owner is now required to provide justification for any
`
`departure from that formulation. Reply at 2-3. This boils down to an assertion that
`
`Patent Owner agreed to any argument not disputed in its POPR, which is contrary to
`
`the law. A patent owner’s preliminary response is “limited to setting forth the
`
`reasons why no post-grant review should be instituted under 35 U.S.C. 324” and
`
`4
`
`
`
`
`Patent Owner’s Response is not limited to the arguments presented in its preliminary
`
`IPR2022-00413
`PATENT NO. 9,240,009
`
`response, and a decision not to contest an argument solely for the purposes of a
`
`preliminary response is not an agreement. 37 C.F.R. § 42.207.
`
`Second, Mr. Gomez is well qualified under both proposed levels of ordinary
`
`skill. Petitioner does not dispute that Mr. Gomez has great experience in computer
`
`and network security. Instead, Petitioner conclusorily asserts that he lacks
`
`experience in “mobile payments,” by citing to deposition questions regarding
`
`whether he “worked on any e-purses specifically” and other similarly narrow
`
`questions. Reply at 2-3. To the contrary, Mr. Gomez has extensive experience with
`
`online and mobile commerce based on his professional experience developing
`
`hardware, software, and protocols used in online and mobile commerce. See e.g. Ex.
`
`1045 at 14:1-6 (“I’ve worked on all of the systems that the mobile commerce leans
`
`on in order to be able to communicate the -- you know, secure elements -- secure
`
`data across a network.”). As just one example, Mr. Gomez worked with Philips
`
`Semiconductors developing early smart cards. See id. at 14:7-24 (“I did have a period
`
`of time at Philips . . . where I did actually work on peripherals used for
`
`microprocessors. And those [] did include very early storage elements that some
`
`today would be considered to be smart cards.”) This, along with Mr. Gomez’s other
`
`work with communications protocols, is “professional experience relating to mobile
`
`payment technology.” Petitioner’s suggestion that Mr. Gomez needs direct
`
`5
`
`
`
`
`experience working on “financial transactions” or “specifically” working on an e-
`
`IPR2022-00413
`PATENT NO. 9,240,009
`
`purse in order to have experience with “mobile payments” is baseless.
`
`Patent Owner’s proposed level of ordinary skill in the art is correct, and
`
`Mr. Gomez is qualified under either party’s proposal.
`
`B. A POSITA Would Not Combine Dua with GlobalPlatform
`and/or Philips
`Apple’s petition does not identify any deficiencies in Dua that would motivate
`
`a POSITA to import GlobalPlatform. To the contrary, importing GlobalPlatform
`
`would defeat Dua’s aim to leverage an existing channel (such as SIP) to download
`
`SVCEs. See Trivascular, Inc. v. Samuels, 812 F.3d 1056, 1068 (Fed. Cir. 2016)
`
`(holding that it is not obvious to “destroy the basic objective” of the prior art
`
`reference); Chemours Co. FC, LLC v. Daikin Indus., Ltd., 4 F.4th 1370, 1376-77
`
`(Fed. Cir. 2021). On Reply, Apple fails to remedy these and other deficiencies.
`
`First, rather than address the substance of Patent Owner’s arguments now
`
`before the Board, Apple merely restates cherry-picked portions of the Board’s
`
`institution decision in the Samsung IPR based on which Apple filed a copy-cat
`
`Petition. Apple’s straw man argument miscasts both the record, and Patent Owner’s
`
`arguments, as identical to the preliminary record in the Samsung IPR. Apple ignores
`
`that those findings were based on the preliminary record before the Board in the
`
`Samsung IPR and based on (among other things) the then-uncontroverted testimony
`
`6
`
`
`
`
`of Mr. Smith. But Mr. Smith’s admissions, and Mr. Gomez’s considered opinions,
`
`IPR2022-00413
`PATENT NO. 9,240,009
`
`weigh against those findings, as do the totality of Dua and GlobalPlatform’s
`
`teachings.
`
`As set forth in the POR at length, Dua explains that “[t]he use of SIP for
`
`transmitting and managing credentials on wireless device 200 is preferred as mobile
`
`operators and fixed line operators are moving towards a SIP-based architecture for
`
`voice and other multimedia services. It is envisioned that the use of SIP for
`
`communication between a credential issuer and a wallet application resident on
`
`wireless device 200 could leverage the same SIP registrar, proxy, and presence
`
`servers used to deliver real-time interactive converged communication services
`
`within a mobile operator's network.” Ex. 1004, Dua, ¶ [0051]. Thus, “[t]he use of a
`
`SIP architecture to locate a mobile end-user and to establish direct communication
`
`between the end-points (WCM and wallet application) for the purpose of transferring
`
`confidential information (e.g. credentials) is an important aspect of the present
`
`invention.” Id., ¶ [0178] (emphasis added). Mr. Gomez explains at length that a
`
`POSITA would understand that Dua aims to leverage a SIP API framework to
`
`“allow[] for multiple SIP-based applications, such as the wallet application.” Ex.
`
`2007, Gomez Decl., ¶¶ 50-53 (citing Dua, [0042], [0050]-[0051], and [0178]. While
`
`Dua’s specification includes boilerplate language that different existing network
`
`protocols may be used to implement Dua’s invention, that is not a suggestion to
`
`7
`
`
`
`
`implement an entirely new system layered on Dua, as Apple argues. See Sandbox
`
`IPR2022-00413
`PATENT NO. 9,240,009
`
`Logistics LLC v. Proppant Express Invs. LLC, 813 Fed. Appx. 548, 553 n.8 (Fed.
`
`Cir. 2020) (non-precedential) (“[B]oilerplate language, without more, is not
`
`sufficient to overcome the explicit description of the ’present invention.’”).
`
`Moreover, Apple relies extensively on Mr. Smith’s declaration in arguing for
`
`the addition of GlobalPlatform to Dua’s network protocols. But Mr. Smith now
`
`admits his expertise has nothing to do with network protocols, and his declaration is
`
`not credible evidence to support Apple’s argument that Dua’s SIP-based S/MIME
`
`and TLS security could be supplanted with GlobalPlatform. Ex. 2009, Smith Dep.
`
`Tr. at 42:21-43:3 (“I am not a network protocol expert.”). Mr. Smith further admitted
`
`that he does “not have an appreciation for [SIP] other than [] I have an awareness.
`
`To me, it’s a way of making a pipe . . . between . . . the network and handset.” Id. at
`
`43:4-15; see also 43:25-44:13 (“Q: In terms of making a pipe, so to speak, in 3G or
`
`4G over the internet for some kind of communication, that’s not [] your main area
`
`of expertise, right? A: That’s correct, Vincent.”). Mr. Smith also admitted that the
`
`field at the time of the invention was extremely unpredictable and that no solutions
`
`were obvious. Id. at 93:8-23 (“But yeah [] the summary is the handsets were
`
`maturing, smart card technology which was always considered a European-founded
`
`technology, the French claimed it, although the Japanese claimed it also at the same
`
`time . . . I wouldn’t say that we didn’t have the expertise [] but it wasn’t tempered
`
`8
`
`
`
`
`by the experience needed to really stand up robust saleable solutions. That’s my
`
`IPR2022-00413
`PATENT NO. 9,240,009
`
`experience from let’s say the late ‘90s up into 2006.”) (emphasis added). Apple’s
`
`cherry-picked citations to the Samsung IPR (before Mr. Smith’s admissions entered
`
`the record) do nothing to address this evidence.
`
`Second, Apple fails to substantively address that a POSITA would not see any
`
`advantage in adding GlobalPlatform to Dua. Rather than address these arguments,
`
`Apple attempts to mischaracterize them as solely demanding a “flaw” in Dua. Reply
`
`at 5. But as Mr. Gomez explains, “a POSITA would not be motivated to combine
`
`GlobalPlatform with Dua because Dua already provides security through its use of
`
`SIP, TLS, and S/MIME. In my opinion, a POSITA would not seek to include
`
`GlobalPlatform’s functionality that would duplicate that already in Dua.” Ex. 2007,
`
`¶ 58. Apple bears the burden to identify some reason or motivation for a POSITA to
`
`overlay GlobalPlatform onto Dua, which would involve the wholesale replacement
`
`of many network protocols in Dua. It cannot.
`
`Apple also raises new arguments wrongly suggesting that its combination
`
`replacing Dua’s SIP-based network protocol with GlobalPlatform would somehow
`
`not involve discarding SIP. Reply at 5. Apple relies on a supplemental declaration
`
`from Mr. Smith, who is admittedly not an expert in this area, to suggest that
`
`GlobalPlatform’s personalization techniques would somehow not replace the
`
`entirety of the SIP network protocol contemplated in Dua. Reply at 6. As an initial
`
`9
`
`
`
`
`matter, Apple does not even dispute that the combination would involve replacing
`
`IPR2022-00413
`PATENT NO. 9,240,009
`
`the entirety of the SIP-based personalization contemplated in Dua with that of
`
`GlobalPlatform, instead pointing to ancillary portions of Dua’s SIP sessions which
`
`it says would remain. Id. The remainder of Apple’s argument does nothing more
`
`than pay lip service to Dua’s SIP-based connections based on phone numbers (which
`
`Apple now refers to as “pipes”), ignoring that its own petition already relied on
`
`distinct and incompatible GlobalPlatform security domains to form those
`
`connections. See Pet. at 21 (relying on GlobalPlatform “application provider security
`
`domain” to “establish a secure channel, for installing an application”); id. at 22
`
`(relying on GlobalPlatform Issuer Security Domain to install an application in Dua’s
`
`smart card as modified); id. at 24-25 (relying on “GlobalPlatform’s Issuer Security
`
`Domain and a key set installed on the secure element” for limitation requiring
`
`“establishing a secured channel. . .” limitation). Apple cannot have it both ways; a
`
`channel is either established with a GlobalPlatform security domain and key set, or
`
`Dua’s SIP sessions based on a user’s phone number. Apple’s attorney argument that
`
`a GlobalPlatform receipt may (somehow) be transmitted “via the wireless SIP
`
`session” does nothing to remedy this incompatibility, nor to identify any manner in
`
`which a POSITA would understand that they could both be used simultaneously.
`
`Fourth, Apple’s reliance on Dua’s statement that “MasterCard and Visa have
`
`also been working jointly over the last few years to develop specifications that define
`
`10
`
`
`
`
`a set of requirements for security and interoperability between chip cards and
`
`IPR2022-00413
`PATENT NO. 9,240,009
`
`terminals on a global basis, regardless of the manufacturer, the financial institution,
`
`or where the card is used,” remains misplaced. The specifications referred to are the
`
`EMV Chip Specifications which, as EMVco explains, are “global payment industry
`
`specifications that describe the requirements for interoperability between chip-
`
`based payment applications and acceptance terminals to enable payment.” Ex.
`
`2003 at 5 (emphasis added and footnote omitted). Dua refers to such EMVco
`
`specifications
`
`repeatedly. Moreover, a POSITA would understand
`
`that
`
`GlobalPlatform purports to provide a card management architecture. Pet. at 11
`
`(quoting Ex. 1006, p. 16). It does not relate to interoperability between chip cards
`
`and terminals, or even to payments, at all. Ex. 2007, ¶¶ 59-65.
`
`Apple fails to identify any disclosure within GlobalPlatform related to
`
`payments, or interoperability between chip cards and terminals; it cannot, because
`
`none exists. Instead, Apple argues that GlobalPlatform is somehow a “payments
`
`organization” based on the fact that its founders are companies within the payments
`
`space. But whether or not GlobalPlatform was founded by payments companies is
`
`irrelevant to the scope of the standard and does not somehow render that standard
`
`relevant to “security and interoperability between chip cards and terminals.” Apple
`
`notably fails to identify any content of GlobalPlatform relevant to interoperability
`
`between chip cards and terminals, or to payments at all.
`
`11
`
`
`
`Apple also relies on Dua’s statement that a “wallet application should meet
`
`IPR2022-00413
`PATENT NO. 9,240,009
`
`
`
`standards defined by card organizations.” Pet., 15 (quoting Dua, ¶ [0525]). Apple
`
`does not substantively address that it selectively quoted this sentence out of context,
`
`as the full statement is “EMV-Compliant—The wallet application should meet
`
`standards defined by card organizations.” Dua, ¶ [0525] (emphasis added). Apple
`
`instead takes issue with the statement that GlobalPlatform is not a “card
`
`organization,” while ignoring the distinction that GlobalPlatform provides a security
`
`architecture for smart card management, unlike EMV which describes requirements
`
`for chip cards themselves. A POSITA, reading Dua, would not look to
`
`GlobalPlatform based on Dua’s general reference to “card organizations,” when Dua
`
`specifies that it means EMV. Ex. 2007, ¶¶ 59-65.
`
`Finally, Apple resorts to mudslinging against Patent Owner’s expert in an
`
`apparent attempt to compensate for Mr. Smith’s admissions that he does not have
`
`any expertise in network protocols. Reply at 7-9. But as discussed supra Section
`
`II.A, Mr. Gomez is well qualified under either party’s proposed level of skill in the
`
`art. Apple also attempts to explain away Mr. Smith’s clear testimony that (1) he is
`
`“not a network protocol expert,” does “not have an appreciation for [SIP] other than
`
`[] I have an awareness. To me, it’s a way of making a pipe . . . between . . . the
`
`network and handset,” and that “[a]gain, this is my -- this is an area that was a little
`
`on the edge for me, as I don't know network protocols real well but I do know
`
`12
`
`
`
`
`components and that sort of thing,” (Ex. 2009 at 42:24-25, 43:4-15, 65:2-10); and
`
`IPR2022-00413
`PATENT NO. 9,240,009
`
`(2) that the relevant field at the time of the invention was extremely unpredictable
`
`and that no solutions were obvious (Id. at 93:8-23, “But yeah [] the summary is the
`
`handsets were maturing, smart card technology which was always considered a
`
`European-founded technology, the French claimed it, although the Japanese claimed
`
`it also at the same time . . . I wouldn’t say that we didn’t have the expertise [] but it
`
`wasn’t tempered by the experience needed to really stand up robust saleable
`
`solutions. That’s my experience from let’s say the late ‘90s up into 2006.” (emphasis
`
`added); see also id. at 96:13-97:13, “Q: At least as of the 2006 timeframe [] things
`
`weren’t set in stone for how to do mobile payments just yet, right, in the United
`
`States? A: I would have to say that’s true…” (emphasis added)). Apple cannot
`
`plausibly dispute that a POSITA’s expertise in network protocols is relevant to
`
`whether they would attempt to replace or modify one protocol (such as SIP) with
`
`another (such as GlobalPlatform). Nor can Apple plausibly dispute that Mr. Smith’s
`
`testimony establishes that the field was unsettled and unpredictable, weighing
`
`against obviousness. Sanofi-Synthelabo v. Apotex, Inc., 550 F.3d 1075, 1088, 1090
`
`(Fed. Cir. 2008).
`
`In sum, Petitioner has not shown a motivation to combine Dua with
`
`GlobalPlatform. At most, Petitioner has shown that GlobalPlatform existed at the
`
`time; but the mere existence of a reference is not a motivation to combine. Personal
`
`13
`
`
`
`
`Web Techs., LLC v. Apple, Inc., 848 F.3d 987, 993-94 (Fed. Cir. 2017) (holding that
`
`IPR2022-00413
`PATENT NO. 9,240,009
`
`testimony that references could be combined was “not enough: it does not imply a
`
`motivation to pick out those two references and combine them to arrive at the
`
`claimed invention”); Belden Inc. v. Berk-Tek LLC, 805 F.3d 1064, 1073 (Fed. Cir.
`
`2015) (“[O]bviousness concerns whether a skilled artisan not only could have made
`
`but would have been motivated to make the combinations or modifications of prior
`
`art to arrive at the claimed invention.”).
`
`C. Limitations of the Asserted References Do Not Disclose or
`Render Obvious a “secure element” (claims 1 and 14)
`None of the asserted references, alone or in combination, disclose a secure
`
`element. While a secure element may be a smart card, not all smart cards are secure
`
`elements. Ex. 2007, ¶ 71. In its Petition, Apple relied on Dua’s discussion of smart
`
`cards, and argued that “it would have been obvious to implement Dua’s smart card
`
`as a ‘secure element’ using GlobalPlatform to secure the ‘embedded smart card.’”
`
`Pet. at 17. But Apple made no showing that all smart cards are “secure elements,”
`
`nor did Apple cite any support for the proposition that a smart card with
`
`GlobalPlatform somehow becomes a secure element. See id. A POSITA would
`
`understand that a smart card may be a secure element only if it provides the necessary
`
`security, such as by being tamper resistant. Ex. 2007, ¶¶ 72-75.
`
`14
`
`
`
`On Reply, Apple raises the new argument that every “GlobalPlatform-
`
`IPR2022-00413
`PATENT NO. 9,240,009
`
`
`
`compliant smart card” is a secure element, on the basis that it would be “secured
`
`with key-based encryption.” Reply at 16. But Apple fails to show how any smart
`
`card that includes a key set has the necessary security, such as by being tamper-
`
`resistant, that a POSITA would recognize it to be a secure element – they would not.
`
`As Mr. Gomez noted, a “secure element is a security device that has a very high
`
`degree of security. And it has a heightened level of security over most other devices
`
`out there, such as smart cards . . . both technologies have progressed and, as often
`
`happens, converged. But at the time, they were distinctly different” Ex. 1045 at
`
`52:21-53:22. Mr. Gomez further noted that a POSITA would have been aware of
`
`differences in the costs of secure elements and smart cards (Id. at 54:2-15), and that
`
`smart cards and secure elements were both terms of arts that were marketed
`
`differently. Id. at 65:8-66:22. Apple’s suggestion that a smart card can become a
`
`secure element merely with the addition of a key set does not address how that would
`
`make the chip itself more secure or tamper resistant and does not address that a
`
`POSITA would recognize a secure element to refer to a different class of chip that
`
`offers more security than a smart card (at a greater price).
`
`Apple’s new argument is also at odds with the claim language itself. The
`
`independent claims of the ’009 Patent distinctly recite “a key set installed on the
`
`secure element.” Apple’s argument would render the recitation of “the secure
`
`15
`
`
`
`
`element” in this context superfluous, as (under Apple’s reasoning) any chip with a
`
`IPR2022-00413
`PATENT NO. 9,240,009
`
`key set becomes tamper-resistant such that it is a secure element. This was clearly
`
`not the intent of the patentee in claiming a secure element. Apple also fails to address
`
`the patentee’s decision to claim a secure element, rather than the “smart card.”
`
`Apple has failed to show that its combination, discloses or renders obvious
`
`“an interface to receive a secure element” or “a secure element.”
`
`D. The Asserted References Do Not Disclose or Render
`Obvious “wherein the server is configured to prepare data
`necessary for the [application/each of the modules] to
`function as designed on the mobile device” (claims 1 and
`14)
`Apple’s Petition identifies Dua’s WCM as the “server” of the claims. But the
`
`WCM does not, even in Apple’s combination, “prepare data necessary for”
`
`applications or modules to function. Dua is clear that its WCM merely receives a
`
`personalization file from a separate ICMS or personalization server and forwards it
`
`to a user device. Dua at [0057]. Even if modified with a GlobalPlatform INSTALL
`
`command, according to Apple’s combination, Dua’s WCM merely transmits or
`
`forwards data – it does not generate the data itself. But Mr. Gomez explains that a
`
`POSITA would recognize that the claimed preparation of data requires generation,
`
`rather than mere transmission. Ex. 2007, ¶ 77. This is consistent with the
`
`specification of the ’009 Patent, which describes “data preparation” as requiring an
`
`16
`
`
`
`
`active role in generating or obtaining the application keys. ’009 Patent, 13:25-34;
`
`IPR2022-00413
`PATENT NO. 9,240,009
`
`see also id. POR at 21-23.
`
`Apple’s combination of Dua’s WCM with GlobalPlatform also remains
`
`internally inconsistent. Apple’s Petition cites to no evidence that keys or Cardholder-
`
`specific data would be prepared by the WCM, even under its combination, and that
`
`interpretation is counter to GlobalPlatform’s “delegated installation process” in
`
`which an Application Provider, not the Card Issuer establishes a secure channel. See
`
`POR at 22-23. Apple relies on Dua’s WCM for a GlobalPlatform Card Issuer and
`
`shows no reason or motivation to further modify Dua’s WCM to stand in for an
`
`Application Provider. See e.g. Pet. at 27. In the absence of even an asserted reason
`
`or motivation to combine, Apple cannot modify Dua’s WCM with the functionality
`
`of a GlobalPlatform Card Issuer; the Board has rejected similar attempts to relocate
`
`functionality of other servers to Dua’s WCM in Petitions against related patents. See
`
`Samsung Elecs. Am., Inc. v. RFCyber Corp., IPR2021-00979, Paper 10 at 15
`
`(P.T.A.B. Dec. 14, 2021) (“Furthermore, neither the Petition nor Mr. Smith explains
`
`sufficiently how either of these passages would have caused one of ordinary skill in
`
`the art to reconfigure Dua to relocate the download functionality from the WCM to
`
`the ICMS and also consider establishing communication between Dua’s ICMS and
`
`the smart card while Dua’s extension was being downloaded for the purpose of
`
`verifying installation.”)
`
`17
`
`
`
`On Reply, Apple raises the new argument that Dua’s WCM “would have been
`
`IPR2022-00413
`PATENT NO. 9,240,009
`
`
`
`considered a ‘Host,’ which is an off-card entity that performs functions like ‘Post-
`
`Issuance application code and data downloading.” Reply at 20 (citing Pet. at 19).
`
`While Apple wrongly suggests that it presented this argument on page 19 of the
`
`Petition, the cited portion of the Petition only generally refers to a “host” in relation
`
`to Dua’s smart card – it does not attempt to identify Dua’s WCM server as a host, or
`
`even refer to the WCM server at all. Pet. at 19. In any case, this new argument
`
`amounts to an assertion that a POSITA would find it obvious to add functionality
`
`from another distinct GlobalPlatform entity to Dua’s WCM. In addition to the
`
`deficiencies already discussed, Apple fails to advance any evidence that a POSITA
`
`would have any reason or motivation to further modify GlobalPlatform by collapsing
`
`functionality from distinct entities (an Application Provider and a Host) onto Dua’s
`
`WCM server.
`
`Apple also raises a new argument that Dua’s WCM can “prepare” data based
`
`on Dua’s statement that the WCM “can perform basic formatting on phone numbers
`
`