IPR2022-00413
`PATENT NO.9,218,009
`
`UNITED STATES PATENT AND TRADEMARK OFFICE
`
`
`BEFORE THE PATENT TRIAL AND APPEAL BOARD
`
`_teee2eeeS
`
`APPLEINC.,
`
`Petitioner,
`
`V.
`
`RFCYBER CORP.,
`
`Patent Owner.
`
`Patent No. 9,240,009
`Filing Date: January 16, 2012
`Issue Date: January 19, 2016
`
`Inventors: Liang Seng Koh, Hsin Pan, and Xiangzhen Xie
`Title: MOBILE DEVICES FOR COMMERCE OVER
`UNSECURED NETWORKS
`
`eS
`
`DECLARATION OF MIGUEL GOMEZ
`
`Case No. IPR2022-00413
`
`
`RFCyber's Exhibit No. 2007, IPR2022-00413
`Page 001
`
`RFCyber's Exhibit No. 2007, IPR2022-00413
`Page 001
`
`
`PATENT NO.9,218,009
`
`UNITED STATES PATENT AND TRADEMARK OFFICE
`
`
`BEFORE THE PATENT TRIAL AND APPEAL BOARD
`
`_teee2eeeS
`
`APPLEINC.,
`
`Petitioner,
`
`V.
`
`RFCYBER CORP.,
`
`Patent Owner.
`
`Patent No. 9,240,009
`Filing Date: January 16, 2012
`Issue Date: January 19, 2016
`
`Inventors: Liang Seng Koh, Hsin Pan, and Xiangzhen Xie
`Title: MOBILE DEVICES FOR COMMERCE OVER
`UNSECURED NETWORKS
`
`eS
`
`DECLARATION OF MIGUEL GOMEZ
`
`Case No. IPR2022-00413
`
`
`RFCyber's Exhibit No. 2007, IPR2022-00413
`Page 001
`
`RFCyber's Exhibit No. 2007, IPR2022-00413
`Page 001
`
`
`
`IPR2022-00413
`PATENT NO. 9,240,009
`
`I, Miguel Gomez, declare as follows:
`
`1.
`
`[have been asked by counsel for Patent Owner RFCyber Corp.
`
`(“RFCyber”or “Patent Owner”) to review U.S. Patent No. 9,240,009 (the “°009
`
`Patent”) entitled MOBILE DEVICES FOR COMMERCE OVER UNSECURED
`
`NETWORKS,and to provide mytechnical review, analysis, insights, and opinions
`
`regarding the ’009 Patentin view ofthepriorart cited by Petitioner Apple Inc.
`
`(“Apple”or “Petitioner”). I submit this declaration in support of Patent Owner’s
`
`Response in this IPR proceeding.I have personal knowledge ofthe matters stated
`
`herein and would be competenttotestify to them if required.
`
`2.
`
`Ihave beenretained on behalf ofRFCyber Corp. for the above-
`
`captioned interpartes review proceeding.
`
`I understand that the 009 Patentis
`
`currently assigned to RFCyber Corp.
`
`3.
`
`Iam over18 years of age.
`
`I have personal knowledgeofthe facts
`
`stated in this Declaration and could testify competently if asked to do so.
`
`I.
`
`INTRODUCTION
`
`A.
`
`4.
`
`Background and Qualifications
`
`I have reviewed and am familiar with the specification ofthe °009
`
`Patent. I understand that the ’009 Patent has been provided as Exhibit 1001.
`
`I will
`
`cite to the specification using the following format:
`
`’009 Patentat col.:line.
`
`1.
`
`Research and Professional Experience
`
`RFCyber's Exhibit No. 2007, IPR2022-00413
`Page 002
`
`RFCyber's Exhibit No. 2007, IPR2022-00413
`Page 002
`
`
`
`IPR2022-00413
`PATENT NO. 9,240,009
`
`5.
`
`6.
`
`My CVis being submitted simultaneously herewith as Exhibit 2008.
`
`I received a Bachelor of Science in Electrical Engineering degree
`
`from Yale University in 1983.
`
`I have over forty years of experience developing
`
`hardware and software technology used in computer systems, communications
`
`systems, networking, storage infrastructure, and database systems. My experience
`
`includes extensive knowledge of computer operating systems, computer protocols,
`
`and programming languages used in both fixed and mobile applications. I am also
`
`highly skilled in the use of microelectronics simulation software, ASIC and FPGA
`
`developmentand the languages thereof such as Verilog and VHDL. I’m also
`
`skilled at programming in C , C++ , and Python and C#.
`
`7.
`
`From August 2006 to March 2009, I was VP of engineering for
`
`ActSolar. ActSolar developed solar power conversion systemsthat included power
`
`efficiency and cost analysis tools.
`
`8.
`
`In 2006, ActSolar was sold to National Semiconductor. The transfer
`
`of technology included the wireless interface for data collection, the inverter and a
`
`variant ofthe power converter hardware that performed shading compensation.
`
`9.
`
`From September 2004 to August 2005, I was a consultant for
`
`BridgeWaveInc. Bridgewave was a microwave connection companyto wirelessly
`
`transmit Ethernet packets for long haul telephony networks. The equipment was
`
`RFCyber's Exhibit No. 2007, IPR2022-00413
`Page 003
`
`RFCyber's Exhibit No. 2007, IPR2022-00413
`Page 003
`
`
`
`IPR2022-00413
`PATENT NO.9,240,009
`
`mostly intended for international markets where copperwire installations is
`
`prohibitively expensive.
`
`10.
`
`From September 2003 to March 2004, I was a consultant for PA
`
`Consulting Group.
`
`I provided hardware and software evaluation services for
`
`corporate mergers and acquisitions. These services included system reviewsin the
`
`following areas: (1) Analysis of system cost to performanceratios; (2) Review of
`
`the hardware and software code implementations, documentation and development
`
`strategies; (3) compilation processes, simulation, test coverage, bug tracking and
`
`source code control; (4) Tool chain managementanalysis; (5) Circuit board design
`
`and layout design rules for production environments; (6) Circuit board certification
`
`testing for FCC, UL, and Environmentaltests; (7) Review ofproduction line
`
`managementincluding assembly andtest processes; and (8) Review of hardware
`
`code for copyrightor license violations.
`
`11.
`
`From January 2003 to May 2003, I was a consultant for Santel
`
`Networks. Santle Networks wasa high speed fiber optics supplier to the telecom
`
`industry. Here I developed an optical duo-binary (ODB) encoderthat operatedat
`
`10.7 Giga bits per second (GBps), Several patents were applied for and the board
`
`was shown at the Optical Fiber Communication Conference & Exposition in
`
`March of 2003.
`
`RFCyber's Exhibit No. 2007, IPR2022-00413
`Page 004
`
`RFCyber's Exhibit No. 2007, IPR2022-00413
`Page 004
`
`
`
`IPR2022-00413
`PATENT NO. 9,240,009
`
`12.
`
`From March 2001 to December 2002, I was Director of Hardware,
`
`Content Networking Division for Extreme Networks, Inc.
`
`I managed a team of
`
`hardware and software engineers that developed and maintained a Layer 2-5
`
`Content Addressable Switch. The switch was capable of L2, L3, L4 switching as
`
`well as L5 switching based on packet content. Security was provided through
`
`Secure Sockets and DES encryptionlayers.
`
`13.
`
`From January 2000 to March 2001, I was Director of Hardware for
`
`Webstacks, Inc. (now Extreme Networks, Inc.). At Webstacks I assembled a team
`
`to build the Content Addressable Switch later sold to Extreme Networks. This
`
`switch provided L2-5 load balancing services for routing via MAC, IP and HTTP
`
`content based routing mechanisms. The system included firewall and security
`
`capabilities utilizing Secure Sockets Layers (SSL). My responsibilities were to
`
`design the initial system architecture as well as to hire and manage the hardware
`
`and software implementation teams. Product development time was 16 months
`
`after which we were acquired by Extreme Networks for $68MM cashandstock.
`
`14.
`
`From February 1997 to December 1999, as consultant for Philips
`
`Semiconductor I developed thecertification environment used by Microsoft to
`
`validate Windows CEonthe Philips' Poseidon handheld chipset.
`
`15.
`
`From September 1994 to January 1997, I was President and Founder
`
`ofMinden Group, Inc. The Minden Group developed andsold several types of
`
`RFCyber's Exhibit No. 2007, IPR2022-00413
`Page 005
`
`RFCyber's Exhibit No. 2007, IPR2022-00413
`Page 005
`
`
`
`IPR2022-00413
`PATENT NO. 9,240,009
`
`memory adapters and a video conferencing system. The memory adapters
`
`provideda cost effective memory expansionsolution for personal computerusers.
`
`Both the adapters and the video conferencing system weresold through retail
`
`stores throughout the United States and Canada. Over 350,000 memory adapters
`
`were sold at stores such as Fry's, CompUSA, Computer City and Future Shop.
`
`After developing these products, I organized and managed a team of 10 to 15
`
`employees focused on sales, marketing, finance and production.
`
`16.
`
`From August 1992 to September 1994, I was Senior Hardware
`
`Manager of RAID Product Development for MTI, Inc. In this capacity, I was
`
`responsible for architectural development of the next generation RAID 1-5 systems
`
`and for managing the product developmentgroup.
`
`17.
`
`From April 1989 to August 1992, I was Founder and President of
`
`Spectrum Analysis, Inc., a consulting services company. I founded and operated
`
`Spectrum Analysis, Inc. with three other partners. Spectrum Analysis,Inc.
`
`specialized in electrical circuit design with emphasis on FPGA and ASIC
`
`emulation and complex PCB level designs.
`
`18.
`
`From September 1988 to March 1989, I was Applications Manager
`
`for Quickturn Systems, Inc. Quickturn developed an ASIC emulator using Xilinx
`
`FPGAs.
`
`I developed the methodology of adapting ASIC designs to the emulator
`
`and implementing DRAM memory forstorage.
`
`RFCyber's Exhibit No. 2007, IPR2022-00413
`Page 006
`
`RFCyber's Exhibit No. 2007, IPR2022-00413
`Page 006
`
`
`
`IPR2022-00413
`PATENT NO. 9,240,009
`
`19.
`
`From July 1987 to August 1988, I was an Applications Engineer for
`
`Telestream Corporation and was responsible for demonstration system
`
`development, training and sales support for a software based communications
`
`protocol converter product.
`
`20.
`
`From June 1983 to March 1985, I was a Design Engineer for ROLM
`
`Corporation. I was responsible for the development of the bus management
`
`protocols used in the ROLM BUS295telephoneswitch.
`
`2.
`
`Education
`
`21. Yale University, 1983. Bachelor of Science, Electrical Engineering
`
`3.
`
`Patents
`
`22.
`
`lamanamedinventor on the following patents:
`
`a. US7,814,204 — Method and system for analyzing the content of
`
`resource requests.
`
`b. US8,412,838 — Method and system for analyzing the content of
`
`resource requests.
`
`c. US7,447,777 — Switching System
`
`d. US7,298,746- Method and system for reassembling and parsing
`
`packets in a network environment
`
`e. WO2009140548A2 — System and method for an array of
`
`intelligent inverters
`
`RFCyber's Exhibit No. 2007, IPR2022-00413
`Page 007
`
`RFCyber's Exhibit No. 2007, IPR2022-00413
`Page 007
`
`
`
`IPR2022-00413
`PATENT NO. 9,240,009
`
`II.
`
`COMPENSATION
`
`23.
`
`|My compensation for time worked onthis proceeding is not
`
`dependent on anyissuesrelated to the 009 Patent, the outcomeofthis proceeding,
`
`or the substance of my opinions. My compensation for time worked onthis
`
`proceeding is at my customary rate of $550/hour. I have no financialinterest in, or
`
`affiliation with, the Patent Ownerorany ofthe real parties in interest.
`
`Ill. MATERIALS CONSIDERED
`
`24.
`
`In providing my technical review, analysis, insights, and opinions,I
`
`have considered the ’009 Patent andits prosecution history.
`
`25.
`
`Ihave also considered the Petition filed by the Petitionerin this
`
`proceeding and the relevant exhibits relied on by Petitioner, including the expert
`
`declaration submitted by Gerald Smith.
`
`26.
`
`Ihave also considered my own experience and knowledge,as
`
`discussed above and described morefully in my CV,in the areas including
`
`software design, hardware design, computer security, and secure networks.
`
`IV. LEGAL PRINCIPLES
`
`27.
`
`Iunderstand that a patent claim is unpatentable as “obvious” if the
`
`subject matter of the claim as a whole would have been obvious to a person of
`
`ordinary skill in the art (POSA)as of the time of the invention at issue.
`
`RFCyber's Exhibit No. 2007, IPR2022-00413
`Page 008
`
`RFCyber's Exhibit No. 2007, IPR2022-00413
`Page 008
`
`
`
`IPR2022-00413
`PATENT NO. 9,240,009
`
`28.
`
`Lunderstandthat the use of “the person of ordinary skill”rubricis to
`
`prevent one from improperly, in the present day, using hindsight to decide whether
`
`a claim is obvious.
`
`29.
`
`understand thatthe following factors must be evaluated to determine
`
`whether the claimed subject matter is obvious: (1) the scope and content ofthe
`
`priorart; (2) the difference or differences,if any, between the scope ofthe patent
`
`claim and the scopeofthe prior art; and (3) the level of ordinary skill in the art at
`
`the time of the invention.
`
`30.
`
`Lunderstand that certain secondary considerations, such as
`
`commercialsuccess, skepticism of experts, surprise, and copying, may provide
`
`evidence of non-obviousness. I further understand that such considerations are
`
`often the most probative and determinative of obviousness or non-obviousness.
`
`31.
`
`lIunderstand that I must construe a claim in accordance with the
`
`ordinary and customary meaning of the language of such claim as understood by
`
`one ofordinary skill in the art and the prosecution history pertaining to the patent.
`
`A.
`
`Level of Skill In the Art
`
`32.
`
`I understand that I should perform myanalysis from the viewpoint of
`
`a person ofordinary skill in the art. I understand that this hypothetical person of
`
`ordinary skill in the art is considered to have the normal skills of a person in a
`
`RFCyber's Exhibit No. 2007, IPR2022-00413
`Page 009
`
`RFCyber's Exhibit No. 2007, IPR2022-00413
`Page 009
`
`
`
`IPR2022-00413
`PATENT NO.9,240,009
`certain technical field. I understandthat factors that may beconsideredin
`
`determining the level of ordinary skill in the art include: (1) the education level of
`
`the inventor; (2) the types ofproblems encounteredin the art; (3) the priorart
`solutions to those problems; (4) rapidity with which innovationsare made; (5) the
`
`sophistication ofthe technology; and (6) the education level of active workers in
`
`the field.
`
`33.
`
`In myopinion,a person ofordinary skill in the art would have a
`
`Bachelor’s degree in Computer Science, Computer Engineering, or Applied
`
`Mathematics, with 2 or more years of academic or industry experience in computer
`
`security, network security or mobile payment technology.
`
`B.
`
`34.
`
`The Claimed Invention Of The ’009 Patent
`
`The invention of the 009 Patent“is generally related to commerce
`
`over networks,” particularly “techniques for personalizing a secure element and
`
`provisioning an application suchas an electronic purse that can be advantageously
`
`used in portable devices configured for both electronic commerce (a.k.a., e-
`
`commerce) and mobile commerce (a.k.a., m-commerce). ’009 Patent at 1:18-24.
`
`The inventors of the ’009 Patent realized that “[o]ne ofthe concerns in the NFC
`
`mobile ecosystem is its security in an open network. Thus there is a need to
`
`provide techniques to personalize a secure element in a contactless smart card or an
`
`RFCyber's Exhibit No. 2007, IPR2022-00413
`Page 010
`
`RFCyber's Exhibit No. 2007, IPR2022-00413
`Page 010
`
`
`
`IPR2022-00413
`PATENT NO. 9,240,009
`
`NEFC-enabled mobile device so that such a device is so secured and personalized
`
`whenit comesto financial applications or secure transactions.”Id. at 2:9-14.
`
`35.
`
`To solve these problems,the inventors of the 009 Patent developed
`
`“techniquesfor personalizing secure elements in NFC devices to enable various
`
`secure transactions over a network.” 009 Patent at 2:31-34. For example, “security
`
`keys (either symmetric or asymmetric) are personalized so as to personalize an e-
`
`purse and perform a secured transaction with a paymentserver.” Id. at 2:53-56.
`
`“According to one embodimentofthe present invention, FIG.1Dillustrates data
`
`flows among a user for an NFC device (e.g., an NFC mobile phone), the NFC
`
`device itself, a TSM server, a corresponding SE manufacturer and an SEissuer.”
`
`Td. at 9:58-61.
`
`10
`
`RFCyber's Exhibit No. 2007, IPR2022-00413
`Page 011
`
`RFCyber's Exhibit No. 2007, IPR2022-00413
`Page 011
`
`
`
`IPR2022-00413
`PATENT NO. 9,240,009
`
`
` rhe
`
`140
`
`senceSEEBer fewseAspatepitapetachi
`SasabkqriagidGeeeeALANL tfoePohtsdenLeen
`
`
`spanasieiwparbungsbachendewnasbafoees
`
`CATELSEEPieSageneedtotesru
`
`FIG. 1D
`
`i iehi+=:+§¢
`
`°009 Patent, Fig. 1D.
`
`36.
`
`For example, the system makes use of an e-purse manager midlet that
`
`facilitates communication between securely stored applets and paymentservers
`
`over a wireless network:
`
`11
`
`RFCyber's Exhibit No. 2007, IPR2022-00413
`Page 012
`
`RFCyber's Exhibit No. 2007, IPR2022-00413
`Page 012
`
`
`
`IPR2022-00413
`PATENT NO. 9,240,009
`
`280
`
`
`
`Existing Hardware for
`
`Land-based Commerce
`(e.g., Stores or
`Transportation) in an
`Enclosed Environment
`
`n-commerce
`
`Smart Card
`Protocol
`}
`
`
`
`FIG. 2F
`
`°009 Patent, Fig. 2F (showing midlet (in yellow), and applet (in green)).
`
`RFCyber's Exhibit No. 2007, IPR2022-00413
`Page 013
`
`RFCyber's Exhibit No. 2007, IPR2022-00413
`Page 013
`
`
`
`IPR2022-00413
`PATENT NO.9,240,009
`
`320
`
`
`Newe-purse
`
`SAM
`
`Servers 324
`
`Oe
`
`306
` Network and
`311
` Emulator
`
`Card Manager
`
` 314
`
`°009 Patent, Fig. 3B (annotations added)
`
`37.
`
`For example, in a data flow amongthreeentities (e.g., a SAM,an e-
`
`FIG. 3B
`
`purse manager, andasingle function tag), an e-purse manager mayact as a
`
`gatekeeper “to ensure only secured and authorizeddata transactions could happen.”
`
`°009 Patent, 10:28-29,.”
`
`13
`
`RFCyber's Exhibit No. 2007, IPR2022-00413
`Page 014
`
`RFCyber's Exhibit No. 2007, IPR2022-00413
`Page 014
`
`
`
`IPR2022-00413
`PATENT NO. 9,240,009
`
`150
`
`top-up, purchase
`
`Sequence of APDU
`Commands to
`Implement e-purse
`Operations such as
`
`Single
`Function
`Tags
`
`FIG. 1E
`
`V.
`
`°009 PATENT,FIG. 1ETHE ALLEGED PRIOR ART
`
`A.
`
`38.
`
`Dua(U.S. Patent App. Pub. No. 2006/0165060)
`
`Ihave reviewed U.S.Pat. Publ. 2006/0165060 (Ex. 1004,“Dua”).
`
`Dua is directed to a system for “managing credentials through a wireless
`
`network.”! Dua was filed on January 21, 2005 andpublished on July 27, 2006.”
`
`Duasoughtto solve difficulties with inputting credentials into a wireless device.?
`
`Dua contemplates a system “through which credential issuers can securely and
`
`rapidly target specific wireless devicesfor the distribution of the appropriate
`
`credentials.’*
`
`1 Dua at Title, Abstract.
`2 Dua.
`3 Dua at [0019].
`4 Dua at [0020], [0024].
`
`14
`
`RFCyber's Exhibit No. 2007, IPR2022-00413
`Page 015
`
`RFCyber's Exhibit No. 2007, IPR2022-00413
`Page 015
`
`
`
`IPR2022-00413
`PATENT NO. 9,240,009
`39. Dua contemplates a communications scheme using the Session
`Initiation Protocol (SIP).5 Each devicein the Dua system, such as a portable
`
`phone,contains a wallet application.® The device furtheris assigned an “E.164
`
`phone number, Uniform Resource Identifier (URI) or other type of unique address
`
`that can be resolved overthe Internet” for use with SIP.” Dua’s system also makes
`
`use of a Wireless Credential Manager (WCM)that“maintains, controls and
`
`distributes credentials.”* Credentials are provided to the wireless device when a
`
`card issuer sendsa personalization file to the WCM,along with the device’s phone
`
`numberorother uniqueidentifier.? Using the identifier, such as a phone number,
`
`the WCMconnects to the specified device using SIP.'° If security is desired, the
`
`communication may be encrypted using SIPS/TLS or another method.!! The
`
`WCMthen forwards the credentials to the wireless device.!* Using SIP to
`
`“establish direct communication” between the WCMandthe deviceis “an
`
`important aspect of’ Dua.'? “The direct connection between the end-points using
`
`5 Dua at [0042].
`® Id.
`7 Id.
`8 fd, at [0043].
`9 Id. at [0057].
`10 fq, at [0061]-[0062], [0128]-[0182].
`41 Ig, at [0131], [0180].
`12 Iq, at [0180].
`13 fd, at (0178).
`
`15
`
`RFCyber's Exhibit No. 2007, IPR2022-00413
`Page 016
`
`RFCyber's Exhibit No. 2007, IPR2022-00413
`Page 016
`
`
`
`IPR2022-00413
`PATENT NO. 9,240,009
`
`SIP offers a secure method, withoutintermediary servers, by which to transmit
`
`confidential information.”"
`
`40.
`
`Dua’s system makesuse ofa wallet application, including a
`
`walletshell, that runs on the phone’s primary processor.'* The wallet applicationis
`
`augmented with “extensions” that perform specific functions, where these
`
`extensions ofthe wallet application run within the wallet application on the
`
`phone’s primary processor.'© Dua’s extensions are intended to “‘extend’ the
`
`capability of the wallet platform by enabling a new set of features defined by the
`
`credential issuer.”!7 Extensions are either preloaded or provided via the secure SIP
`
`provisioning process for credentials. '®
`
`41.
`
`Dua further discusses an embodiment where a smart card is
`
`used on the phone, but this smart card is used for storage and contactless
`
`communication;it is not used to run the wallet application, the wallet shell, or the
`
`extensions. !”
`
`42. Dua doesnotteach an e-purse applet on a smart card. Rather, Dua
`
`teaches a system based onadifferent architecture. In Dua’s system,there is a
`
`44 Id.
`
`15 id, at [0041], [0288-89], [0294], [0311].
`16 id, at [0293].
`17 id, at [0289].
`18 i, at [0295], [0296].
`9 Id, at [0295].
`
`16
`
`RFCyber's Exhibit No. 2007, IPR2022-00413
`Page 017
`
`RFCyber's Exhibit No. 2007, IPR2022-00413
`Page 017
`
`
`
`IPR2022-00413
`PATENT NO.9,240,009
`wallet application, including a wallet shell, that runs on the phone’s primary
`processor, not on a smart card. In Dua’s system,the wallet application is
`
`augmented with “extensions” that perform specific functions, where these
`
`extensions ofthe wallet application run within the wallet application on the
`
`phone’s primary processor. Dua teaches an embodiment where a smart card is
`
`used on the phone,butthis smart card is used for storage and contactless
`
`communication; it is not used to run the wallet application, the wallet shell, or the
`
`extensions. Dua’s system teaches a SIP based, secure communication scheme that
`
`is used in multiple aspects of Dua’s system. Dua’s choice anduse ofSIP is not
`
`merely a case of making one design choice among many; Dua provides an
`
`extensive description of the advantages of SIP as well as details ofits use of SIP;
`
`for example, Duaindicates an advantage due to SIP’s use in telephony to use
`
`phone numbers(aka E.164) as a means of addressing the mobile phonesthat are
`
`the focus of Dua. Dua’s architecture is designed to leverage the same SIP-based
`
`architecture used for telephony. Dua teachesthat SIP is particularly appropriate
`
`for the wallet application. Further details of Dua are addressed below.
`
`B.
`
`GlobalPlatform
`
`43.
`
`Ihave reviewed GlobalPlatform Card Specification Version 2.1.1 (Ex.
`
`1006, “GlobalPlatform”).
`
`17
`
`RFCyber's Exhibit No. 2007, IPR2022-00413
`Page 018
`
`RFCyber's Exhibit No. 2007, IPR2022-00413
`Page 018
`
`
`
`IPR2022-00413
`PATENT NO. 9,240,009
`
`44. GlobalPlatform describes a security architecture and commands for
`
`usein installing and developing applications for use on GlobalPlatform cards.”°
`
`45.
`
`“The GlobalPlatform card architecture is comprised of a number of
`
`componentsthat ensure hardware and vendor-neutral interfaces to Applications
`
`221
`
`and off-card management systems.
`
`GlobalPlatform at 28.
`
`CG
`
`Smart Card Handbook
`
`
`
`20 GlobalPlatform at 65-67, 88-90.
`21 GlobalPlatform at 28.
`
`RFCyber's Exhibit No. 2007, IPR2022-00413
`Page 019
`
`RFCyber's Exhibit No. 2007, IPR2022-00413
`Page 019
`
`
`
`IPR2022-00413
`PATENT NO.9,240,009
`Ihave reviewed the Smart Card Handbook(Ex. 1008). The Smart
`
`46.
`
`Card Handbookpurports to have been published in 2003. It describes a range of
`
`Smart Card technology.
`
`D.
`
`Thibadeau
`
`47.
`
`Thibadeau (Ex. 1041, U.S. Patent Pub. No. 2006/0174352) is directed
`
`to a “data storage device including a plurality of virtual smart cards.” Ex. 1041 at
`
`Abstract. Thibadeau further discusses a “controller including a card operating
`
`system for controlling access to the smart cards.” Jd.
`
`VI. CLAIM CONSTRUCTION
`
`48.
`
`In myopinion, claim construction is not required to resolve any issues
`
`in this proceeding.
`
`VII. A POSITA WOULD NOT BE MOTIVATED TO COMBINE
`DUA AND GLOBALPLATFORM
`
`49.
`
`[understand that Petitioner’s obviousness arguments require
`
`combining Dua with GlobalPlatform. In my opinion, a POSITA would not be
`
`motivated to make such a combination for the reasonsset forth below.
`
`50. Dua explainsthat its aim to leverage the use of existing channels to
`
`provide the capability “through which credential issuers can securely and rapidly
`
`target specific wireless devices for the distribution of the appropriate credentials
`
`over public and private networks.” Dua, { [0020]. Accordingly, “wireless
`
`device 200 also has a Session Initiation Protocol (SIP) Application Programming
`
`19
`
`RFCyber's Exhibit No. 2007, IPR2022-00413
`Page 020
`
`RFCyber's Exhibit No. 2007, IPR2022-00413
`Page 020
`
`
`
`IPR2022-00413
`PATENT NO. 9,240,009
`
`Interface (API) framework embedded in or running on top of a resident operating
`
`system, which allows for multiple SIP-based applications, such as the wallet
`
`application discussed herein, to function.” Dua, { [0042]. At the time of the 009
`
`Patent’s invention, SIP was the predominant method oftransmitting data to a mobile
`
`device, such as a cellular phone. Thus, a POSITA would understand that the use of
`
`SIP would leverage a device’s already-existing functionality.
`
`51.
`
`Indeed, Dua explains that “The use of SIP for transmitting and
`
`managing credentials on wireless device 200 is preferred as mobile operators and
`
`fixed line operators are moving towards a SIP-based architecture for voice and other
`
`multimediaservices. It is envisioned that the use of SIP for communication between
`
`a credential issuer and a wallet application resident on wireless device 200 could
`
`leverage the same SIP registrar, proxy, and presence servers used to deliverreal-
`
`time interactive converged communication services within a mobile operator's
`
`network.” Dua, § [0051].
`
`52. Accordingly, a POSITA would read Dua’s statement that “The use ofa
`
`SIP architecture to locate a mobile end-user andto establish direct communication
`
`between the end-points (WCMandwallet application) for the purposeoftransferring
`
`confidential information (e.g. credentials) is an important aspect of the present
`
`invention” (Dua, § [0178] (emphasis added)) to understand that the SIP-based
`
`architecture, even if implemented using a different protocol, is necessary to use
`
`20
`
`RFCyber's Exhibit No. 2007, IPR2022-00413
`Page 021
`
`RFCyber's Exhibit No. 2007, IPR2022-00413
`Page 021
`
`
`
`IPR2022-00413
`PATENT NO.9,240,009
`Dua’s invention. All secure communications within Dua, including downloading
`
`and installing its extensions, are done by making a SIP connection between the
`
`WCM andthe mobile device. Jd., J] [0296], [0311], Figs. 1, 3, 8.
`
`53. Dua briefly mentions “While the use of SIP for such purposes is
`
`preferred, alternative application protocols may be used in lieu of SIP whilestill
`
`remaining within the spirit and scope of the present invention.” Dua, [0050]. A
`
`POSITA would not understand this statement to encourage layering another system
`
`such as GlobalPlatform onto Dua.
`
`54.
`
`In myopinion, a POSITAreading Duaat [0050] would understand
`
`that while SIP was becoming the predominant standard for mobile communications
`
`at the time, older equipment possessed similar functionality. A POSITA would
`
`thus understand that while SIP-like functionality was key to the invention, other
`
`protocols that provided similar functionality were acceptable. For example, other
`
`prior examples are H.323, MGCP, MEGACo whichis also H248.
`
`55. Dua’s disclosure makethis further clear. All communications within
`
`DUAare accomplished through SIP. E.g., Dua, J [0042], [0051], [00178],
`
`[0296], [0311]; Figs. 1, 3, 8. And the only security disclosed within Duais using
`
`SIP with S/MIME and TLS.See generally Dua.
`
`56. Dua’s use ofSIP allowsfor specific targeting of a particular device
`
`and secure end-to-end communication, muchlike being able to call a particular
`
`21
`
`RFCyber's Exhibit No. 2007, IPR2022-00413
`Page 022
`
`RFCyber's Exhibit No. 2007, IPR2022-00413
`Page 022
`
`
`
`SeeEnna
`
`IPR2022-00413
`PATENT NO. 9,240,009
`
`phone. Jd., [0020]. I disagree that a POSITA would have been motivated to
`discard Dua’s use of SIP andto instead import GlobalPlatform. GlobalPlatform
`
`does not allow for targeting and server-sideinitiation of communications to
`
`specific devices by looking up that device’s phone number, as Dua teaches. Dua,
`
`[0131].
`
`57.
`
`I note that Apple doesnot explain any method under GlobalPlatform
`
`where a card issuer or application provider could proactively target and contact a
`
`particular device (or even a smart card). Thisis logical, as the device containing
`
`the smart card would haveto create a connection to a remote server before the
`
`smart card could communicate with that server.
`
`58.
`
`Finally, a POSITA would not be motivated to combine
`
`GlobalPlatform with Dua because Duaalready provides security through its use of
`
`SIP, TLS, and S/MIME. In myopinion, a POSITA would not seek to include
`
`GlobalPlatform’s functionality that would duplicate that already in Dua.
`
`59. Apple and Mr. Smith states that a POSITA would combine Dua with
`
`GlobalPlatform and Philips because Duastates that “MasterCard and Visa have
`
`also been working jointly over the last few years to develop specifications that
`
`define a set of requirements for security and interoperability between chip cards
`
`andterminals on a global basis, regardless ofthe manufacturer, the financial
`
`22
`
`RFCyber's Exhibit No. 2007, IPR2022-00413
`Page 023
`
`RFCyber's Exhibit No. 2007, IPR2022-00413
`Page 023
`
`
`
`IPR2022-00413
`PATENT NO.9,240,009
`institution, or where the card is used.” Pet, at 15 (quoting Duaat [0013])
`(emphasis added).”? I disagree.
`
`60. A POSITA would understand that the specificationsreferred to are the
`
`EMV ChipSpecifications.?? As EMVCo.explains, “The EMV Chip Specifications
`
`... are global paymentindustry specifications that describe the requirements for
`
`interoperability between chip-basedpayment applications and acceptance
`
`terminals to enable payment.” Ex. 2003 at 5 (emphasis added). Indeed, Duarefers
`
`numeroustimes to EMV for paymentapplications. E.g., Dua, at [001 3]
`
`(“American Express, MasterCard, and Visa have agreed on a single contactless
`
`payment standard in the United States, ISO/IEC 14443, and are implementing a
`
`contactless payment approachthat leverages the existing payments
`
`infrastructure.”);”4 [0398] (“Presently, with various bank card transactions, PINs
`
`are verified either online with a bank host computer system,orverified offline
`
`against security data onboard the card as in EMV ‘chip & PIN’transactions.”);
`
`[0525] (“EMV-Compliant—Thewallet application should meet standards defined
`
`by card organizations.”). Based on these statements, a POSITA would understand
`
`*2 The Petition cites to Dua, [0014], but that paragraph relates to smart cards
`becoming the “dominant technology for conducting financial transactions. Dua,
`[0014]. It does not discuss “credit card organizations ‘working jointly.’”
`3 EMV stands for Europay, Mastercard and Visa (Ex. 2003at 5.)
`*4 GlobalPlatform makes noreference to ISO/IEC 144433. See generally Ex. 1006.
`
`23
`
`RFCyber's Exhibit No. 2007, IPR2022-00413
`Page 024
`
`RFCyber's Exhibit No. 2007, IPR2022-00413
`Page 024
`
`
`
`IPR2022-00413
`PATENT NO.9,240,009
`
`that Dua is referring to specifications relating to “interoperability between chip-
`
`based paymentapplications and acceptance terminals.”
`
`61. A POSITA would understand that GlobalPlatform is not related to
`
`interoperability between chip cards and terminals. Instead, it aims to provide a
`
`“card managementarchitecture.” Ex. 1006, p. 16. A POSITA would recognizethat
`
`card managementis internal to the smart carditself, and does not relate to
`
`interoperability between chip cards and terminals.
`
`62. GlobalPlatform similarly states that it provides a “card management
`
`specification.” Ex. 1006, p. 16. A POSITA would not understand the card
`
`managementspecification to relate to interoperability either. Instead, even to the
`
`extentit has to do with security, it relates to the security of internal components of
`
`the smart card. Ex. 1006, p. 32. (“The primary goal of the GlobalPlatform is to
`
`ensure the security and integrity of the card's componentsforthe life of the card.”’).
`
`See also id. (“These components are the runtime environment, the OPEN,the
`
`Issuer Security Domain, the Security Domains, the Applications.”); see also id.,
`
`pp. 29-30.
`
`63.
`
`I further disagree that a POSITA would have been motivated by Dua’s
`
`statement
`
`that a “wallet application should meet standards defined by card
`
`organizations.” Dua, { [0525]. As I note above, the full statement is “EMV-
`
`Compliant—The wallet application should meet standards defined by card
`
`24
`
`RFCyber's Exhibit No. 2007, IPR2022-00413
`Page 025
`
`RFCyber's Exhibit No. 2007, IPR2022-00413
`Page 025
`
`
`
`IPR2022-00413
`PATENT NO.9,240,009
`organizations.” Dua, § [0525]. In other words, a POSITA would recognize that the
`
`wallet application should meet the EMV standard.
`
`64. A POSITA would not understand GlobalPlatform to be a “card
`
`organization.” GlobalPlatform is not a card organization;
`
`instead it
`
`is “an
`
`organization that has been established by leading companies from the payments and
`
`communications industries, the government sector and the vendor community, and
`
`is the first to promote a global infrastructure for smart card implementation across
`
`multiple industries.” Ex. 1006, p. 16. GlobalPlatform therefore is not payment-
`
`related,
`
`it
`
`is
`
`instead designed to provide multi-application smart cards.
`
`Id.
`
`(“[GlobalPlatform’s] goal
`
`is to reduce barriers hindering the growth of cross-
`
`industry, multiple Application smart cards.”); see alsoid.(listing “to securely access
`
`a PC”as one goal of GlobalPlatform).
`
`65. A POSITA, reading Dua, would not look to GlobalPlatform based on
`
`Dua’s references to standards and specifications. Instead, they would look to EMV,
`
`whichis a card organization.
`
`66. Apple also suggests that Dua’s discussion of Java and Java applets is a
`
`reference to JavaCard and would separately motivate a POSITA to combine Dua
`
`with GlobalPlatform.Pet., 15-16. I disagree. Dua never mentions “JavaCard.” Dua
`
`merely states that Java, for e
Accessing this document will incur an additional charge of $.
After purchase, you can access this document again without charge.
Accept $ Charge
Still Working On It
This document is taking longer than usual to download. This can happen if we need to contact the court directly to obtain the document and their servers are running slowly.
Give it another minute or two to complete, and then try the refresh button.
A few More Minutes ... Still Working
It can take up to 5 minutes for us to download a document if the court servers are running slowly.
Thank you for your continued patience.
This document could not be displayed.
We could not find this document within its docket. Please go back to the docket page and check the link. If that does not work, go back to the docket and refresh it to pull the newest information.
Your account does not support viewing this document.
You need a Paid Account to view this document. Click here to change your account type.
Your account does not support viewing this document.
Set your membership
status to view this document.
With a Docket Alarm membership, you'll
get a whole lot more, including:
- Up-to-date information for this case.
- Email alerts whenever there is an update.
- Full text search for other cases.
- Get email alerts whenever a new case matches your search.
One Moment Please
The filing “” is large (MB) and is being downloaded.
Please refresh this page in a few minutes to see if the filing has been downloaded. The filing will also be emailed to you when the download completes.
Your document is on its way!
If you do not receive the document in five minutes, contact support at support@docketalarm.com.
Sealed Document
We are unable to display this document, it may be under a court ordered seal.
If you have proper credentials to access the file, you may proceed directly to the court's system using your government issued username and password.
Access Government Site
