`PATENT NO.9,218,009
`
`UNITED STATES PATENT AND TRADEMARK OFFICE
`
`
`BEFORE THE PATENT TRIAL AND APPEAL BOARD
`
`_teee2eeeS
`
`APPLEINC.,
`
`Petitioner,
`
`V.
`
`RFCYBER CORP.,
`
`Patent Owner.
`
`Patent No. 9,240,009
`Filing Date: January 16, 2012
`Issue Date: January 19, 2016
`
`Inventors: Liang Seng Koh, Hsin Pan, and Xiangzhen Xie
`Title: MOBILE DEVICES FOR COMMERCE OVER
`UNSECURED NETWORKS
`
`eS
`
`DECLARATION OF MIGUEL GOMEZ
`
`Case No. IPR2022-00413
`
`
`RFCyber's Exhibit No. 2007, IPR2022-00413
`Page 001
`
`RFCyber's Exhibit No. 2007, IPR2022-00413
`Page 001
`
`
`
`IPR2022-00413
`PATENT NO. 9,240,009
`
`I, Miguel Gomez, declare as follows:
`
`1.
`
`[have been asked by counsel for Patent Owner RFCyber Corp.
`
`(“RFCyber”or “Patent Owner”) to review U.S. Patent No. 9,240,009 (the “°009
`
`Patent”) entitled MOBILE DEVICES FOR COMMERCE OVER UNSECURED
`
`NETWORKS,and to provide mytechnical review, analysis, insights, and opinions
`
`regarding the ’009 Patentin view ofthepriorart cited by Petitioner Apple Inc.
`
`(“Apple”or “Petitioner”). I submit this declaration in support of Patent Owner’s
`
`Response in this IPR proceeding.I have personal knowledge ofthe matters stated
`
`herein and would be competenttotestify to them if required.
`
`2.
`
`Ihave beenretained on behalf ofRFCyber Corp. for the above-
`
`captioned interpartes review proceeding.
`
`I understand that the 009 Patentis
`
`currently assigned to RFCyber Corp.
`
`3.
`
`Iam over18 years of age.
`
`I have personal knowledgeofthe facts
`
`stated in this Declaration and could testify competently if asked to do so.
`
`I.
`
`INTRODUCTION
`
`A.
`
`4.
`
`Background and Qualifications
`
`I have reviewed and am familiar with the specification ofthe °009
`
`Patent. I understand that the ’009 Patent has been provided as Exhibit 1001.
`
`I will
`
`cite to the specification using the following format:
`
`’009 Patentat col.:line.
`
`1.
`
`Research and Professional Experience
`
`RFCyber's Exhibit No. 2007, IPR2022-00413
`Page 002
`
`RFCyber's Exhibit No. 2007, IPR2022-00413
`Page 002
`
`
`
`IPR2022-00413
`PATENT NO. 9,240,009
`
`5.
`
`6.
`
`My CVis being submitted simultaneously herewith as Exhibit 2008.
`
`I received a Bachelor of Science in Electrical Engineering degree
`
`from Yale University in 1983.
`
`I have over forty years of experience developing
`
`hardware and software technology used in computer systems, communications
`
`systems, networking, storage infrastructure, and database systems. My experience
`
`includes extensive knowledge of computer operating systems, computer protocols,
`
`and programming languages used in both fixed and mobile applications. I am also
`
`highly skilled in the use of microelectronics simulation software, ASIC and FPGA
`
`developmentand the languages thereof such as Verilog and VHDL. I’m also
`
`skilled at programming in C , C++ , and Python and C#.
`
`7.
`
`From August 2006 to March 2009, I was VP of engineering for
`
`ActSolar. ActSolar developed solar power conversion systemsthat included power
`
`efficiency and cost analysis tools.
`
`8.
`
`In 2006, ActSolar was sold to National Semiconductor. The transfer
`
`of technology included the wireless interface for data collection, the inverter and a
`
`variant ofthe power converter hardware that performed shading compensation.
`
`9.
`
`From September 2004 to August 2005, I was a consultant for
`
`BridgeWaveInc. Bridgewave was a microwave connection companyto wirelessly
`
`transmit Ethernet packets for long haul telephony networks. The equipment was
`
`RFCyber's Exhibit No. 2007, IPR2022-00413
`Page 003
`
`RFCyber's Exhibit No. 2007, IPR2022-00413
`Page 003
`
`
`
`IPR2022-00413
`PATENT NO.9,240,009
`
`mostly intended for international markets where copperwire installations is
`
`prohibitively expensive.
`
`10.
`
`From September 2003 to March 2004, I was a consultant for PA
`
`Consulting Group.
`
`I provided hardware and software evaluation services for
`
`corporate mergers and acquisitions. These services included system reviewsin the
`
`following areas: (1) Analysis of system cost to performanceratios; (2) Review of
`
`the hardware and software code implementations, documentation and development
`
`strategies; (3) compilation processes, simulation, test coverage, bug tracking and
`
`source code control; (4) Tool chain managementanalysis; (5) Circuit board design
`
`and layout design rules for production environments; (6) Circuit board certification
`
`testing for FCC, UL, and Environmentaltests; (7) Review ofproduction line
`
`managementincluding assembly andtest processes; and (8) Review of hardware
`
`code for copyrightor license violations.
`
`11.
`
`From January 2003 to May 2003, I was a consultant for Santel
`
`Networks. Santle Networks wasa high speed fiber optics supplier to the telecom
`
`industry. Here I developed an optical duo-binary (ODB) encoderthat operatedat
`
`10.7 Giga bits per second (GBps), Several patents were applied for and the board
`
`was shown at the Optical Fiber Communication Conference & Exposition in
`
`March of 2003.
`
`RFCyber's Exhibit No. 2007, IPR2022-00413
`Page 004
`
`RFCyber's Exhibit No. 2007, IPR2022-00413
`Page 004
`
`
`
`IPR2022-00413
`PATENT NO. 9,240,009
`
`12.
`
`From March 2001 to December 2002, I was Director of Hardware,
`
`Content Networking Division for Extreme Networks, Inc.
`
`I managed a team of
`
`hardware and software engineers that developed and maintained a Layer 2-5
`
`Content Addressable Switch. The switch was capable of L2, L3, L4 switching as
`
`well as L5 switching based on packet content. Security was provided through
`
`Secure Sockets and DES encryptionlayers.
`
`13.
`
`From January 2000 to March 2001, I was Director of Hardware for
`
`Webstacks, Inc. (now Extreme Networks, Inc.). At Webstacks I assembled a team
`
`to build the Content Addressable Switch later sold to Extreme Networks. This
`
`switch provided L2-5 load balancing services for routing via MAC, IP and HTTP
`
`content based routing mechanisms. The system included firewall and security
`
`capabilities utilizing Secure Sockets Layers (SSL). My responsibilities were to
`
`design the initial system architecture as well as to hire and manage the hardware
`
`and software implementation teams. Product development time was 16 months
`
`after which we were acquired by Extreme Networks for $68MM cashandstock.
`
`14.
`
`From February 1997 to December 1999, as consultant for Philips
`
`Semiconductor I developed thecertification environment used by Microsoft to
`
`validate Windows CEonthe Philips' Poseidon handheld chipset.
`
`15.
`
`From September 1994 to January 1997, I was President and Founder
`
`ofMinden Group, Inc. The Minden Group developed andsold several types of
`
`RFCyber's Exhibit No. 2007, IPR2022-00413
`Page 005
`
`RFCyber's Exhibit No. 2007, IPR2022-00413
`Page 005
`
`
`
`IPR2022-00413
`PATENT NO. 9,240,009
`
`memory adapters and a video conferencing system. The memory adapters
`
`provideda cost effective memory expansionsolution for personal computerusers.
`
`Both the adapters and the video conferencing system weresold through retail
`
`stores throughout the United States and Canada. Over 350,000 memory adapters
`
`were sold at stores such as Fry's, CompUSA, Computer City and Future Shop.
`
`After developing these products, I organized and managed a team of 10 to 15
`
`employees focused on sales, marketing, finance and production.
`
`16.
`
`From August 1992 to September 1994, I was Senior Hardware
`
`Manager of RAID Product Development for MTI, Inc. In this capacity, I was
`
`responsible for architectural development of the next generation RAID 1-5 systems
`
`and for managing the product developmentgroup.
`
`17.
`
`From April 1989 to August 1992, I was Founder and President of
`
`Spectrum Analysis, Inc., a consulting services company. I founded and operated
`
`Spectrum Analysis, Inc. with three other partners. Spectrum Analysis,Inc.
`
`specialized in electrical circuit design with emphasis on FPGA and ASIC
`
`emulation and complex PCB level designs.
`
`18.
`
`From September 1988 to March 1989, I was Applications Manager
`
`for Quickturn Systems, Inc. Quickturn developed an ASIC emulator using Xilinx
`
`FPGAs.
`
`I developed the methodology of adapting ASIC designs to the emulator
`
`and implementing DRAM memory forstorage.
`
`RFCyber's Exhibit No. 2007, IPR2022-00413
`Page 006
`
`RFCyber's Exhibit No. 2007, IPR2022-00413
`Page 006
`
`
`
`IPR2022-00413
`PATENT NO. 9,240,009
`
`19.
`
`From July 1987 to August 1988, I was an Applications Engineer for
`
`Telestream Corporation and was responsible for demonstration system
`
`development, training and sales support for a software based communications
`
`protocol converter product.
`
`20.
`
`From June 1983 to March 1985, I was a Design Engineer for ROLM
`
`Corporation. I was responsible for the development of the bus management
`
`protocols used in the ROLM BUS295telephoneswitch.
`
`2.
`
`Education
`
`21. Yale University, 1983. Bachelor of Science, Electrical Engineering
`
`3.
`
`Patents
`
`22.
`
`lamanamedinventor on the following patents:
`
`a. US7,814,204 — Method and system for analyzing the content of
`
`resource requests.
`
`b. US8,412,838 — Method and system for analyzing the content of
`
`resource requests.
`
`c. US7,447,777 — Switching System
`
`d. US7,298,746- Method and system for reassembling and parsing
`
`packets in a network environment
`
`e. WO2009140548A2 — System and method for an array of
`
`intelligent inverters
`
`RFCyber's Exhibit No. 2007, IPR2022-00413
`Page 007
`
`RFCyber's Exhibit No. 2007, IPR2022-00413
`Page 007
`
`
`
`IPR2022-00413
`PATENT NO. 9,240,009
`
`II.
`
`COMPENSATION
`
`23.
`
`|My compensation for time worked onthis proceeding is not
`
`dependent on anyissuesrelated to the 009 Patent, the outcomeofthis proceeding,
`
`or the substance of my opinions. My compensation for time worked onthis
`
`proceeding is at my customary rate of $550/hour. I have no financialinterest in, or
`
`affiliation with, the Patent Ownerorany ofthe real parties in interest.
`
`Ill. MATERIALS CONSIDERED
`
`24.
`
`In providing my technical review, analysis, insights, and opinions,I
`
`have considered the ’009 Patent andits prosecution history.
`
`25.
`
`Ihave also considered the Petition filed by the Petitionerin this
`
`proceeding and the relevant exhibits relied on by Petitioner, including the expert
`
`declaration submitted by Gerald Smith.
`
`26.
`
`Ihave also considered my own experience and knowledge,as
`
`discussed above and described morefully in my CV,in the areas including
`
`software design, hardware design, computer security, and secure networks.
`
`IV. LEGAL PRINCIPLES
`
`27.
`
`Iunderstand that a patent claim is unpatentable as “obvious” if the
`
`subject matter of the claim as a whole would have been obvious to a person of
`
`ordinary skill in the art (POSA)as of the time of the invention at issue.
`
`RFCyber's Exhibit No. 2007, IPR2022-00413
`Page 008
`
`RFCyber's Exhibit No. 2007, IPR2022-00413
`Page 008
`
`
`
`IPR2022-00413
`PATENT NO. 9,240,009
`
`28.
`
`Lunderstandthat the use of “the person of ordinary skill”rubricis to
`
`prevent one from improperly, in the present day, using hindsight to decide whether
`
`a claim is obvious.
`
`29.
`
`understand thatthe following factors must be evaluated to determine
`
`whether the claimed subject matter is obvious: (1) the scope and content ofthe
`
`priorart; (2) the difference or differences,if any, between the scope ofthe patent
`
`claim and the scopeofthe prior art; and (3) the level of ordinary skill in the art at
`
`the time of the invention.
`
`30.
`
`Lunderstand that certain secondary considerations, such as
`
`commercialsuccess, skepticism of experts, surprise, and copying, may provide
`
`evidence of non-obviousness. I further understand that such considerations are
`
`often the most probative and determinative of obviousness or non-obviousness.
`
`31.
`
`lIunderstand that I must construe a claim in accordance with the
`
`ordinary and customary meaning of the language of such claim as understood by
`
`one ofordinary skill in the art and the prosecution history pertaining to the patent.
`
`A.
`
`Level of Skill In the Art
`
`32.
`
`I understand that I should perform myanalysis from the viewpoint of
`
`a person ofordinary skill in the art. I understand that this hypothetical person of
`
`ordinary skill in the art is considered to have the normal skills of a person in a
`
`RFCyber's Exhibit No. 2007, IPR2022-00413
`Page 009
`
`RFCyber's Exhibit No. 2007, IPR2022-00413
`Page 009
`
`
`
`IPR2022-00413
`PATENT NO.9,240,009
`certain technical field. I understandthat factors that may beconsideredin
`
`determining the level of ordinary skill in the art include: (1) the education level of
`
`the inventor; (2) the types ofproblems encounteredin the art; (3) the priorart
`solutions to those problems; (4) rapidity with which innovationsare made; (5) the
`
`sophistication ofthe technology; and (6) the education level of active workers in
`
`the field.
`
`33.
`
`In myopinion,a person ofordinary skill in the art would have a
`
`Bachelor’s degree in Computer Science, Computer Engineering, or Applied
`
`Mathematics, with 2 or more years of academic or industry experience in computer
`
`security, network security or mobile payment technology.
`
`B.
`
`34.
`
`The Claimed Invention Of The ’009 Patent
`
`The invention of the 009 Patent“is generally related to commerce
`
`over networks,” particularly “techniques for personalizing a secure element and
`
`provisioning an application suchas an electronic purse that can be advantageously
`
`used in portable devices configured for both electronic commerce (a.k.a., e-
`
`commerce) and mobile commerce (a.k.a., m-commerce). ’009 Patent at 1:18-24.
`
`The inventors of the ’009 Patent realized that “[o]ne ofthe concerns in the NFC
`
`mobile ecosystem is its security in an open network. Thus there is a need to
`
`provide techniques to personalize a secure element in a contactless smart card or an
`
`RFCyber's Exhibit No. 2007, IPR2022-00413
`Page 010
`
`RFCyber's Exhibit No. 2007, IPR2022-00413
`Page 010
`
`
`
`IPR2022-00413
`PATENT NO. 9,240,009
`
`NEFC-enabled mobile device so that such a device is so secured and personalized
`
`whenit comesto financial applications or secure transactions.”Id. at 2:9-14.
`
`35.
`
`To solve these problems,the inventors of the 009 Patent developed
`
`“techniquesfor personalizing secure elements in NFC devices to enable various
`
`secure transactions over a network.” 009 Patent at 2:31-34. For example, “security
`
`keys (either symmetric or asymmetric) are personalized so as to personalize an e-
`
`purse and perform a secured transaction with a paymentserver.” Id. at 2:53-56.
`
`“According to one embodimentofthe present invention, FIG.1Dillustrates data
`
`flows among a user for an NFC device (e.g., an NFC mobile phone), the NFC
`
`device itself, a TSM server, a corresponding SE manufacturer and an SEissuer.”
`
`Td. at 9:58-61.
`
`10
`
`RFCyber's Exhibit No. 2007, IPR2022-00413
`Page 011
`
`RFCyber's Exhibit No. 2007, IPR2022-00413
`Page 011
`
`
`
`IPR2022-00413
`PATENT NO. 9,240,009
`
`
` rhe
`
`140
`
`senceSEEBer fewseAspatepitapetachi
`SasabkqriagidGeeeeALANL tfoePohtsdenLeen
`
`
`spanasieiwparbungsbachendewnasbafoees
`
`CATELSEEPieSageneedtotesru
`
`FIG. 1D
`
`i iehi+=:+§¢
`
`°009 Patent, Fig. 1D.
`
`36.
`
`For example, the system makes use of an e-purse manager midlet that
`
`facilitates communication between securely stored applets and paymentservers
`
`over a wireless network:
`
`11
`
`RFCyber's Exhibit No. 2007, IPR2022-00413
`Page 012
`
`RFCyber's Exhibit No. 2007, IPR2022-00413
`Page 012
`
`
`
`IPR2022-00413
`PATENT NO. 9,240,009
`
`280
`
`
`
`Existing Hardware for
`
`Land-based Commerce
`(e.g., Stores or
`Transportation) in an
`Enclosed Environment
`
`n-commerce
`
`Smart Card
`Protocol
`}
`
`
`
`FIG. 2F
`
`°009 Patent, Fig. 2F (showing midlet (in yellow), and applet (in green)).
`
`RFCyber's Exhibit No. 2007, IPR2022-00413
`Page 013
`
`RFCyber's Exhibit No. 2007, IPR2022-00413
`Page 013
`
`
`
`IPR2022-00413
`PATENT NO.9,240,009
`
`320
`
`
`Newe-purse
`
`SAM
`
`Servers 324
`
`Oe
`
`306
` Network and
`311
` Emulator
`
`Card Manager
`
` 314
`
`°009 Patent, Fig. 3B (annotations added)
`
`37.
`
`For example, in a data flow amongthreeentities (e.g., a SAM,an e-
`
`FIG. 3B
`
`purse manager, andasingle function tag), an e-purse manager mayact as a
`
`gatekeeper “to ensure only secured and authorizeddata transactions could happen.”
`
`°009 Patent, 10:28-29,.”
`
`13
`
`RFCyber's Exhibit No. 2007, IPR2022-00413
`Page 014
`
`RFCyber's Exhibit No. 2007, IPR2022-00413
`Page 014
`
`
`
`IPR2022-00413
`PATENT NO. 9,240,009
`
`150
`
`top-up, purchase
`
`Sequence of APDU
`Commands to
`Implement e-purse
`Operations such as
`
`Single
`Function
`Tags
`
`FIG. 1E
`
`V.
`
`°009 PATENT,FIG. 1ETHE ALLEGED PRIOR ART
`
`A.
`
`38.
`
`Dua(U.S. Patent App. Pub. No. 2006/0165060)
`
`Ihave reviewed U.S.Pat. Publ. 2006/0165060 (Ex. 1004,“Dua”).
`
`Dua is directed to a system for “managing credentials through a wireless
`
`network.”! Dua was filed on January 21, 2005 andpublished on July 27, 2006.”
`
`Duasoughtto solve difficulties with inputting credentials into a wireless device.?
`
`Dua contemplates a system “through which credential issuers can securely and
`
`rapidly target specific wireless devicesfor the distribution of the appropriate
`
`credentials.’*
`
`1 Dua at Title, Abstract.
`2 Dua.
`3 Dua at [0019].
`4 Dua at [0020], [0024].
`
`14
`
`RFCyber's Exhibit No. 2007, IPR2022-00413
`Page 015
`
`RFCyber's Exhibit No. 2007, IPR2022-00413
`Page 015
`
`
`
`IPR2022-00413
`PATENT NO. 9,240,009
`39. Dua contemplates a communications scheme using the Session
`Initiation Protocol (SIP).5 Each devicein the Dua system, such as a portable
`
`phone,contains a wallet application.® The device furtheris assigned an “E.164
`
`phone number, Uniform Resource Identifier (URI) or other type of unique address
`
`that can be resolved overthe Internet” for use with SIP.” Dua’s system also makes
`
`use of a Wireless Credential Manager (WCM)that“maintains, controls and
`
`distributes credentials.”* Credentials are provided to the wireless device when a
`
`card issuer sendsa personalization file to the WCM,along with the device’s phone
`
`numberorother uniqueidentifier.? Using the identifier, such as a phone number,
`
`the WCMconnects to the specified device using SIP.'° If security is desired, the
`
`communication may be encrypted using SIPS/TLS or another method.!! The
`
`WCMthen forwards the credentials to the wireless device.!* Using SIP to
`
`“establish direct communication” between the WCMandthe deviceis “an
`
`important aspect of’ Dua.'? “The direct connection between the end-points using
`
`5 Dua at [0042].
`® Id.
`7 Id.
`8 fd, at [0043].
`9 Id. at [0057].
`10 fq, at [0061]-[0062], [0128]-[0182].
`41 Ig, at [0131], [0180].
`12 Iq, at [0180].
`13 fd, at (0178).
`
`15
`
`RFCyber's Exhibit No. 2007, IPR2022-00413
`Page 016
`
`RFCyber's Exhibit No. 2007, IPR2022-00413
`Page 016
`
`
`
`IPR2022-00413
`PATENT NO. 9,240,009
`
`SIP offers a secure method, withoutintermediary servers, by which to transmit
`
`confidential information.”"
`
`40.
`
`Dua’s system makesuse ofa wallet application, including a
`
`walletshell, that runs on the phone’s primary processor.'* The wallet applicationis
`
`augmented with “extensions” that perform specific functions, where these
`
`extensions ofthe wallet application run within the wallet application on the
`
`phone’s primary processor.'© Dua’s extensions are intended to “‘extend’ the
`
`capability of the wallet platform by enabling a new set of features defined by the
`
`credential issuer.”!7 Extensions are either preloaded or provided via the secure SIP
`
`provisioning process for credentials. '®
`
`41.
`
`Dua further discusses an embodiment where a smart card is
`
`used on the phone, but this smart card is used for storage and contactless
`
`communication;it is not used to run the wallet application, the wallet shell, or the
`
`extensions. !”
`
`42. Dua doesnotteach an e-purse applet on a smart card. Rather, Dua
`
`teaches a system based onadifferent architecture. In Dua’s system,there is a
`
`44 Id.
`
`15 id, at [0041], [0288-89], [0294], [0311].
`16 id, at [0293].
`17 id, at [0289].
`18 i, at [0295], [0296].
`9 Id, at [0295].
`
`16
`
`RFCyber's Exhibit No. 2007, IPR2022-00413
`Page 017
`
`RFCyber's Exhibit No. 2007, IPR2022-00413
`Page 017
`
`
`
`IPR2022-00413
`PATENT NO.9,240,009
`wallet application, including a wallet shell, that runs on the phone’s primary
`processor, not on a smart card. In Dua’s system,the wallet application is
`
`augmented with “extensions” that perform specific functions, where these
`
`extensions ofthe wallet application run within the wallet application on the
`
`phone’s primary processor. Dua teaches an embodiment where a smart card is
`
`used on the phone,butthis smart card is used for storage and contactless
`
`communication; it is not used to run the wallet application, the wallet shell, or the
`
`extensions. Dua’s system teaches a SIP based, secure communication scheme that
`
`is used in multiple aspects of Dua’s system. Dua’s choice anduse ofSIP is not
`
`merely a case of making one design choice among many; Dua provides an
`
`extensive description of the advantages of SIP as well as details ofits use of SIP;
`
`for example, Duaindicates an advantage due to SIP’s use in telephony to use
`
`phone numbers(aka E.164) as a means of addressing the mobile phonesthat are
`
`the focus of Dua. Dua’s architecture is designed to leverage the same SIP-based
`
`architecture used for telephony. Dua teachesthat SIP is particularly appropriate
`
`for the wallet application. Further details of Dua are addressed below.
`
`B.
`
`GlobalPlatform
`
`43.
`
`Ihave reviewed GlobalPlatform Card Specification Version 2.1.1 (Ex.
`
`1006, “GlobalPlatform”).
`
`17
`
`RFCyber's Exhibit No. 2007, IPR2022-00413
`Page 018
`
`RFCyber's Exhibit No. 2007, IPR2022-00413
`Page 018
`
`
`
`IPR2022-00413
`PATENT NO. 9,240,009
`
`44. GlobalPlatform describes a security architecture and commands for
`
`usein installing and developing applications for use on GlobalPlatform cards.”°
`
`45.
`
`“The GlobalPlatform card architecture is comprised of a number of
`
`componentsthat ensure hardware and vendor-neutral interfaces to Applications
`
`221
`
`and off-card management systems.
`
`GlobalPlatform at 28.
`
`CG
`
`Smart Card Handbook
`
`
`
`20 GlobalPlatform at 65-67, 88-90.
`21 GlobalPlatform at 28.
`
`RFCyber's Exhibit No. 2007, IPR2022-00413
`Page 019
`
`RFCyber's Exhibit No. 2007, IPR2022-00413
`Page 019
`
`
`
`IPR2022-00413
`PATENT NO.9,240,009
`Ihave reviewed the Smart Card Handbook(Ex. 1008). The Smart
`
`46.
`
`Card Handbookpurports to have been published in 2003. It describes a range of
`
`Smart Card technology.
`
`D.
`
`Thibadeau
`
`47.
`
`Thibadeau (Ex. 1041, U.S. Patent Pub. No. 2006/0174352) is directed
`
`to a “data storage device including a plurality of virtual smart cards.” Ex. 1041 at
`
`Abstract. Thibadeau further discusses a “controller including a card operating
`
`system for controlling access to the smart cards.” Jd.
`
`VI. CLAIM CONSTRUCTION
`
`48.
`
`In myopinion, claim construction is not required to resolve any issues
`
`in this proceeding.
`
`VII. A POSITA WOULD NOT BE MOTIVATED TO COMBINE
`DUA AND GLOBALPLATFORM
`
`49.
`
`[understand that Petitioner’s obviousness arguments require
`
`combining Dua with GlobalPlatform. In my opinion, a POSITA would not be
`
`motivated to make such a combination for the reasonsset forth below.
`
`50. Dua explainsthat its aim to leverage the use of existing channels to
`
`provide the capability “through which credential issuers can securely and rapidly
`
`target specific wireless devices for the distribution of the appropriate credentials
`
`over public and private networks.” Dua, { [0020]. Accordingly, “wireless
`
`device 200 also has a Session Initiation Protocol (SIP) Application Programming
`
`19
`
`RFCyber's Exhibit No. 2007, IPR2022-00413
`Page 020
`
`RFCyber's Exhibit No. 2007, IPR2022-00413
`Page 020
`
`
`
`IPR2022-00413
`PATENT NO. 9,240,009
`
`Interface (API) framework embedded in or running on top of a resident operating
`
`system, which allows for multiple SIP-based applications, such as the wallet
`
`application discussed herein, to function.” Dua, { [0042]. At the time of the 009
`
`Patent’s invention, SIP was the predominant method oftransmitting data to a mobile
`
`device, such as a cellular phone. Thus, a POSITA would understand that the use of
`
`SIP would leverage a device’s already-existing functionality.
`
`51.
`
`Indeed, Dua explains that “The use of SIP for transmitting and
`
`managing credentials on wireless device 200 is preferred as mobile operators and
`
`fixed line operators are moving towards a SIP-based architecture for voice and other
`
`multimediaservices. It is envisioned that the use of SIP for communication between
`
`a credential issuer and a wallet application resident on wireless device 200 could
`
`leverage the same SIP registrar, proxy, and presence servers used to deliverreal-
`
`time interactive converged communication services within a mobile operator's
`
`network.” Dua, § [0051].
`
`52. Accordingly, a POSITA would read Dua’s statement that “The use ofa
`
`SIP architecture to locate a mobile end-user andto establish direct communication
`
`between the end-points (WCMandwallet application) for the purposeoftransferring
`
`confidential information (e.g. credentials) is an important aspect of the present
`
`invention” (Dua, § [0178] (emphasis added)) to understand that the SIP-based
`
`architecture, even if implemented using a different protocol, is necessary to use
`
`20
`
`RFCyber's Exhibit No. 2007, IPR2022-00413
`Page 021
`
`RFCyber's Exhibit No. 2007, IPR2022-00413
`Page 021
`
`
`
`IPR2022-00413
`PATENT NO.9,240,009
`Dua’s invention. All secure communications within Dua, including downloading
`
`and installing its extensions, are done by making a SIP connection between the
`
`WCM andthe mobile device. Jd., J] [0296], [0311], Figs. 1, 3, 8.
`
`53. Dua briefly mentions “While the use of SIP for such purposes is
`
`preferred, alternative application protocols may be used in lieu of SIP whilestill
`
`remaining within the spirit and scope of the present invention.” Dua, [0050]. A
`
`POSITA would not understand this statement to encourage layering another system
`
`such as GlobalPlatform onto Dua.
`
`54.
`
`In myopinion, a POSITAreading Duaat [0050] would understand
`
`that while SIP was becoming the predominant standard for mobile communications
`
`at the time, older equipment possessed similar functionality. A POSITA would
`
`thus understand that while SIP-like functionality was key to the invention, other
`
`protocols that provided similar functionality were acceptable. For example, other
`
`prior examples are H.323, MGCP, MEGACo whichis also H248.
`
`55. Dua’s disclosure makethis further clear. All communications within
`
`DUAare accomplished through SIP. E.g., Dua, J [0042], [0051], [00178],
`
`[0296], [0311]; Figs. 1, 3, 8. And the only security disclosed within Duais using
`
`SIP with S/MIME and TLS.See generally Dua.
`
`56. Dua’s use ofSIP allowsfor specific targeting of a particular device
`
`and secure end-to-end communication, muchlike being able to call a particular
`
`21
`
`RFCyber's Exhibit No. 2007, IPR2022-00413
`Page 022
`
`RFCyber's Exhibit No. 2007, IPR2022-00413
`Page 022
`
`
`
`SeeEnna
`
`IPR2022-00413
`PATENT NO. 9,240,009
`
`phone. Jd., [0020]. I disagree that a POSITA would have been motivated to
`discard Dua’s use of SIP andto instead import GlobalPlatform. GlobalPlatform
`
`does not allow for targeting and server-sideinitiation of communications to
`
`specific devices by looking up that device’s phone number, as Dua teaches. Dua,
`
`[0131].
`
`57.
`
`I note that Apple doesnot explain any method under GlobalPlatform
`
`where a card issuer or application provider could proactively target and contact a
`
`particular device (or even a smart card). Thisis logical, as the device containing
`
`the smart card would haveto create a connection to a remote server before the
`
`smart card could communicate with that server.
`
`58.
`
`Finally, a POSITA would not be motivated to combine
`
`GlobalPlatform with Dua because Duaalready provides security through its use of
`
`SIP, TLS, and S/MIME. In myopinion, a POSITA would not seek to include
`
`GlobalPlatform’s functionality that would duplicate that already in Dua.
`
`59. Apple and Mr. Smith states that a POSITA would combine Dua with
`
`GlobalPlatform and Philips because Duastates that “MasterCard and Visa have
`
`also been working jointly over the last few years to develop specifications that
`
`define a set of requirements for security and interoperability between chip cards
`
`andterminals on a global basis, regardless ofthe manufacturer, the financial
`
`22
`
`RFCyber's Exhibit No. 2007, IPR2022-00413
`Page 023
`
`RFCyber's Exhibit No. 2007, IPR2022-00413
`Page 023
`
`
`
`IPR2022-00413
`PATENT NO.9,240,009
`institution, or where the card is used.” Pet, at 15 (quoting Duaat [0013])
`(emphasis added).”? I disagree.
`
`60. A POSITA would understand that the specificationsreferred to are the
`
`EMV ChipSpecifications.?? As EMVCo.explains, “The EMV Chip Specifications
`
`... are global paymentindustry specifications that describe the requirements for
`
`interoperability between chip-basedpayment applications and acceptance
`
`terminals to enable payment.” Ex. 2003 at 5 (emphasis added). Indeed, Duarefers
`
`numeroustimes to EMV for paymentapplications. E.g., Dua, at [001 3]
`
`(“American Express, MasterCard, and Visa have agreed on a single contactless
`
`payment standard in the United States, ISO/IEC 14443, and are implementing a
`
`contactless payment approachthat leverages the existing payments
`
`infrastructure.”);”4 [0398] (“Presently, with various bank card transactions, PINs
`
`are verified either online with a bank host computer system,orverified offline
`
`against security data onboard the card as in EMV ‘chip & PIN’transactions.”);
`
`[0525] (“EMV-Compliant—Thewallet application should meet standards defined
`
`by card organizations.”). Based on these statements, a POSITA would understand
`
`*2 The Petition cites to Dua, [0014], but that paragraph relates to smart cards
`becoming the “dominant technology for conducting financial transactions. Dua,
`[0014]. It does not discuss “credit card organizations ‘working jointly.’”
`3 EMV stands for Europay, Mastercard and Visa (Ex. 2003at 5.)
`*4 GlobalPlatform makes noreference to ISO/IEC 144433. See generally Ex. 1006.
`
`23
`
`RFCyber's Exhibit No. 2007, IPR2022-00413
`Page 024
`
`RFCyber's Exhibit No. 2007, IPR2022-00413
`Page 024
`
`
`
`IPR2022-00413
`PATENT NO.9,240,009
`
`that Dua is referring to specifications relating to “interoperability between chip-
`
`based paymentapplications and acceptance terminals.”
`
`61. A POSITA would understand that GlobalPlatform is not related to
`
`interoperability between chip cards and terminals. Instead, it aims to provide a
`
`“card managementarchitecture.” Ex. 1006, p. 16. A POSITA would recognizethat
`
`card managementis internal to the smart carditself, and does not relate to
`
`interoperability between chip cards and terminals.
`
`62. GlobalPlatform similarly states that it provides a “card management
`
`specification.” Ex. 1006, p. 16. A POSITA would not understand the card
`
`managementspecification to relate to interoperability either. Instead, even to the
`
`extentit has to do with security, it relates to the security of internal components of
`
`the smart card. Ex. 1006, p. 32. (“The primary goal of the GlobalPlatform is to
`
`ensure the security and integrity of the card's componentsforthe life of the card.”’).
`
`See also id. (“These components are the runtime environment, the OPEN,the
`
`Issuer Security Domain, the Security Domains, the Applications.”); see also id.,
`
`pp. 29-30.
`
`63.
`
`I further disagree that a POSITA would have been motivated by Dua’s
`
`statement
`
`that a “wallet application should meet standards defined by card
`
`organizations.” Dua, { [0525]. As I note above, the full statement is “EMV-
`
`Compliant—The wallet application should meet standards defined by card
`
`24
`
`RFCyber's Exhibit No. 2007, IPR2022-00413
`Page 025
`
`RFCyber's Exhibit No. 2007, IPR2022-00413
`Page 025
`
`
`
`IPR2022-00413
`PATENT NO.9,240,009
`organizations.” Dua, § [0525]. In other words, a POSITA would recognize that the
`
`wallet application should meet the EMV standard.
`
`64. A POSITA would not understand GlobalPlatform to be a “card
`
`organization.” GlobalPlatform is not a card organization;
`
`instead it
`
`is “an
`
`organization that has been established by leading companies from the payments and
`
`communications industries, the government sector and the vendor community, and
`
`is the first to promote a global infrastructure for smart card implementation across
`
`multiple industries.” Ex. 1006, p. 16. GlobalPlatform therefore is not payment-
`
`related,
`
`it
`
`is
`
`instead designed to provide multi-application smart cards.
`
`Id.
`
`(“[GlobalPlatform’s] goal
`
`is to reduce barriers hindering the growth of cross-
`
`industry, multiple Application smart cards.”); see alsoid.(listing “to securely access
`
`a PC”as one goal of GlobalPlatform).
`
`65. A POSITA, reading Dua, would not look to GlobalPlatform based on
`
`Dua’s references to standards and specifications. Instead, they would look to EMV,
`
`whichis a card organization.
`
`66. Apple also suggests that Dua’s discussion of Java and Java applets is a
`
`reference to JavaCard and would separately motivate a POSITA to combine Dua
`
`with GlobalPlatform.Pet., 15-16. I disagree. Dua never mentions “JavaCard.” Dua
`
`merely states that Java, for e