IN THE UNITED STATES PATENT AND TRADEMARK OFFICE
`
`
`Gisela Meister, et al.
`In re Patent of:
`8,205,249 Attorney Docket No.: 39843-0131IP1
`U.S. Patent No.:
`June 19, 2012
`
`Issue Date:
`10/531,259
`
`Appl. Serial No.:
`Filing or 371(c) Date: April 24, 2006
`
`Title:
`METHOD FOR CARRYING OUT A SECURE ELECTRONIC
`TRANSACTION USING A PORTABLE DATA SUPPORT
`
`
`
`Mail Stop Patent Board
`Patent Trial and Appeal Board
`U.S. Patent and Trademark Office
`P.O. Box 1450
`Alexandria, VA 22313-1450
`
`
`PETITION FOR INTER PARTES REVIEW OF UNITED STATES PATENT
`NO. 8,205,249 PURSUANT TO 35 U.S.C. §§ 311–319, 37 C.F.R. § 42
`
`
`
`

`

`Attorney Docket No. 39843-0131IP1
`IPR of U.S. Patent No. 8,205,249
`TABLE OF CONTENTS
`
`I. 
`
`II. 
`
`REQUIREMENTS FOR IPR .......................................................................... 1 
`A.  Grounds for Standing ................................................................................ 1 
`B.  Challenge and Relief Requested ............................................................... 1 
`C.  Claim Construction ................................................................................... 2 
`SUMMARY OF THE ’249 PATENT ............................................................. 2 
`A.  Brief Description ....................................................................................... 2 
`B.  Summary of the Prosecution History ........................................................ 4 
`C.  Level of Ordinary Skill in the Art ............................................................. 5 
`III.  THE CHALLENGED CLAIMS ARE UNPATENTABLE ............................ 6 
`A.  [GROUND 1A] – Anticipation based on Wheeler (Claims 1-13) ........... 6 
`1.  Overview of Wheeler ...................................................................... 6 
`2.  Anticipation Analysis ...................................................................... 9 
`B.  [GROUND 1B] – Obviousness based on Wheeler (Claims 1-13) ......... 45 
`C.  [GROUND 1C] – Obviousness based on Wheeler in view of Smithies
`(Claims 9, 13) .......................................................................................... 48 
`1.  Overview of Smithies .................................................................... 48 
`2.  Obviousness Analysis ................................................................... 50 
`D.  [GROUND 2] – Obviousness based on Smithies in view of Yasukura
`(Claims 1-12) .......................................................................................... 53 
`1.  Overview of Yasukura .................................................................. 53 
`2. 
`Combination of Smithies and Yasukura ....................................... 54 
`3.  Obviousness Analysis ................................................................... 60 
`IV.  DISCRETIONARY CONSIDERATIONS ................................................... 84 
`A.  The Petition’s New Prior Art and Arguments, and Errors Made During
`Prosecution Warrant Institution—35 U.S.C. § 325(d) ........................... 84 
`1. 
`The Petition Presents New Prior Art and Arguments ................... 84 
`2. 
`The Examiner Erred By Failing to Cite Key Aspects of Wheeler-
`913 ................................................................................................. 86 
`B.  The Fintiv Factors Favor Institution ....................................................... 90 
`V.  MANDATORY NOTICES UNDER 37 C.F.R § 42.8(a)(1) ......................... 93 
`A.  Real Party-In-Interest Under 37 C.F.R. § 42.8(b)(1) .............................. 93 
`B.  Related Matters Under 37 C.F.R. § 42.8(b)(2) ....................................... 94 
`C.  Lead And Back-Up Counsel Under 37 C.F.R. § 42.8(b)(3) ................... 94 
`D.  Service Information ................................................................................ 94 
`VI.  FEES .............................................................................................................. 95 
`
`i
`
`

`

`Attorney Docket No. 39843-0131IP1
`IPR of U.S. Patent No. 8,205,249
`VII.  CONCLUSION .............................................................................................. 95 
`
`
`
`ii
`
`

`

`Attorney Docket No. 39843-0131IP1
`IPR of U.S. Patent No. 8,205,249
`
`
`
`EXHIBITS
`
`SAMSUNG-1001 U.S. Patent No. 8,205,249 to Gisela Meister, et al. (“the ’249
`patent”)
`
`SAMSUNG-1002 Excerpts from the Prosecution History of the ’249 patent (“the
`Prosecution History”)
`
`SAMSUNG-1003 Expert Declaration of Dr. Michael Shamos
`
`SAMSUNG-1004 Curriculum Vitae of Dr. Michael Shamos
`
`SAMSUNG-1005 PCT App. Pub. No. WO 02/13116 A1 (“Wheeler”)
`
`SAMSUNG-1006 U.S. Patent No. 6,091,835 (“Smithies”)
`
`SAMSUNG-1007 European Patent App. Pub. No. EP 1085424 A1 (“Yasukura”)
`
`SAMSUNG-1008 U.S. Patent App. No. 2002/0016913 (“Wheeler-913”)
`
`SAMSUNG-1009 U.S. Patent No. 5,721,781 (“Deo”)
`
`SAMSUNG-1010 U.S. Patent No. 6,256,737 (“Bianco”)
`
`SAMSUNG-1011 U.S. Patent No. 7,260,724 (“Dickinson”)
`
`SAMSUNG-1012 U.S. Patent App. Pub. 2002/0095389 (“Gaines”)
`
`SAMSUNG-1013 U.S. Patent App. Pub. 2004/0039909 (“Cheng”)
`
`SAMSUNG-1014 U.S. Patent No. 5,694,471 (“Chen”)
`
`SAMSUNG-1015 U.S. Patent No. 7,451,116 (“Parmelee”)
`
`SAMSUNG-1016 U.S. Patent No. 5,889,863 (“Weber”)
`
`iii
`
`

`

`Attorney Docket No. 39843-0131IP1
`IPR of U.S. Patent No. 8,205,249
`SAMSUNG-1017 U.S. Patent No. 7,512,548 (“Bezos”)
`
`SAMSUNG-1018—1099 [RESERVED]
`
`SAMSUNG-1100 Complaint for Patent Infringement, Aire Tech. Ltd. v. Samsung
`Electronics Co., Ltd. et al., Case No. 6:21-cv-00955 (Septem-
`ber 15, 2021)
`
`SAMSUNG-1101 Amended Scheduling Order, Aire Tech. Ltd. v. Samsung Elec-
`tronics Co., Ltd. et al., Case No. 6:21-cv-00955 (February 11,
`2022)
`
`
`
`
`
`iv
`
`

`

`Attorney Docket No. 39843-0131IP1
`IPR of U.S. Patent No. 8,205,249
`CLAIM LISTING
`
`Claim Language
`Element
`[1pre-1] A method for effecting a secure electronic transaction on a terminal
`using a portable data carrier arranged to perform different quality
`user authentication methods,
`
`[1pre-2] wherein the portable data carrier performs a user authentication using
`one of said different user authentication methods,
`
`[1pre-3]
`
`the portable data carrier confirms the proof of authentication to the
`terminal, and
`
`[1pre-4]
`
`the portable data carrier then performs a security-establishing opera-
`tion within the electronic transaction, comprising the steps of
`
`[1a]
`
`[1b]
`
`[1c]
`
`[2]
`
`[3]
`
`[4]
`
`[5]
`
`creating authentication quality information by the portable data car-
`rier about said user authentication method used and
`
`attaching said authentication quality information to the result of the
`security-establishing operation,
`
`wherein the difference in quality of said user authentication methods
`varies between an inherently relatively lower quality and an inher-
`ently relatively higher quality from a security perspective.
`
`The method according to claim 1, wherein the security-establishing
`operation performed by the portable data carrier comprises creating a
`digital signature.
`
`The method according to claim 1, wherein the authentication of the
`user is performed by presentation of a biometric feature.
`
`The method according to claim 3, wherein the authentication of the
`user is performed by presentation of a physiological or behavior-
`based feature characteristic of a user.
`
`The method according to claim 1, wherein the authentication of the
`user is performed by proof of knowledge of a secret.
`
`v
`
`

`

`Element
`[6]
`
`Attorney Docket No. 39843-0131IP1
`IPR of U.S. Patent No. 8,205,249
`Claim Language
`The method according to claim 1, wherein at least two different au-
`thentication methods of different quality are offered for authentica-
`tion of the user.
`
`[7]
`
`[8]
`
`[9]
`
`The method according to claim 6, wherein the particular authentica-
`tion methods not used are disabled.
`
`The method according to claim 6, wherein no quality information is
`produced for an authentication method.
`
`The method according to claim 1, wherein a user is asked to select an
`authentication method.
`
`[10pre-1] A portable data carrier for performing a security-establishing opera-
`tion within a secure electronic transaction and arranged to perform
`different quality user authentication methods,
`
`[10pre-2] wherein the difference in quality of said user authentication methods
`varies between an inherently relatively lower quality and an inher-
`ently relatively higher quality from a security perspective, compris-
`ing:
`
`[10a]
`
`[10b]
`
`[10c]
`
`[11]
`
`[12]
`
`the portable data carrier is arranged to perform a user authentication
`using one of said implemented user authentication methods and
`
`the portable data carrier is arranged to confirm the authentication to a
`terminal, and
`
`wherein the data carrier is arranged to create quality information
`about said user authentication method used and to attach such quality
`information to the result of the security establishing operation.
`
`The data carrier according to claim 10, wherein the portable data car-
`rier is set up to create a digital signature.
`
`The data carrier according to claim 10, wherein the data carrier sup-
`ports at least two qualitatively different authentication methods.
`
`[13pre] A terminal for use in connection with a portable data carrier,
`
`vi
`
`

`

`Element
`[13a]
`
`[13b]
`
`Attorney Docket No. 39843-0131IP1
`IPR of U.S. Patent No. 8,205,249
`Claim Language
`said terminal including a device arranged to cause a user to select
`one of at least two possible different quality authentication methods,
`
`wherein the portable data carrier is arranged to perform a user au-
`thentication using one of the at least two possible different quality
`authentication methods and to confirm the authentication to the ter-
`minal, and
`
`[13c]
`
`[13d]
`
`the data carrier is arranged to create quality information about the au-
`thentication method used and to attach such quality information to
`the result of a security establishing operation,
`
`the difference in quality of said authentication methods varies be-
`tween an inherently relatively lower quality and an inherently rela-
`tively higher quality from a security perspective.
`
`
`
`
`
`vii
`
`

`

`Attorney Docket No. 39843-0131IP1
`IPR of U.S. Patent No. 8,205,249
`
`Samsung Electronics Co., Ltd. (“Petitioner” or “Samsung”) petitions for in-
`
`ter partes review of claims 1-13 (“Challenged Claims”) of U.S. Patent No.
`
`8,205,249 (“the ’249 patent”).
`
`I.
`
`REQUIREMENTS FOR IPR
`A. Grounds for Standing
`Petitioner certifies that the ’249 patent is available for IPR. This petition is
`
`being filed within one year of service of a complaint against Samsung. SAM-
`
`SUNG-1100. Samsung is not barred or estopped from requesting review of the
`
`Challenged Claims on the below-identified grounds.
`
`B. Challenge and Relief Requested
`Petitioner requests IPR of the Challenged Claims on the grounds set forth in
`
`the table shown below. Additional explanation and support for each ground is set
`
`forth in the expert declaration of Dr. Michael Shamos (SAMSUNG-1003), refer-
`
`enced throughout this Petition.
`
`Ground
`1A
`1B
`1C
`2
`
`Claims
`1-13
`1-13
`9, 13
`1-12
`
`Basis for Rejection
`§102: Anticipated by Wheeler
`§103: Obvious based on Wheeler
`§103: Obvious based on Wheeler and Smithies
`§103: Obvious based on Smithies and Yasukura
`
`The ’249 patent claims priority to an application filed in Germany on Octo-
`
`ber 24, 2002, which Petitioner treats as the earliest effective filing date (“Critical
`
`1
`
`

`

`Attorney Docket No. 39843-0131IP1
`IPR of U.S. Patent No. 8,205,249
`Date”) of the Challenged Claims for purposes of this IPR. Each of the prior art ref-
`
`erences applied in Grounds 1-2 qualifies as prior art to the ’249 patent on at least
`
`the bases shown below:
`
`Reference
`
`Filed
`
`Published
`
`Wheeler
`Smithies
`Yasukura
`
`Feb. 14, 2002
`Aug. 6, 2001
`Jul. 18, 2000
`Feb. 17, 1998
`Mar. 19, 1999 Mar. 21, 2001
`
`Pre-AIA
`Prior Art Basis
`§102(a)-(b), (e)
`§102(a)-(b), (e)
`§102(a)-(b)
`
`
`
`C. Claim Construction
`All claim terms should be construed according to the Phillips standard.
`
`Phillips v. AWH Corp., 415 F.3d 1303 (Fed. Cir. 2005); 37 C.F.R. §42.100. Based
`
`on the prior art’s description of the claimed elements being similar to that of the
`
`’249 patent specification, no formal claim constructions are presently necessary
`
`since “claim terms need only be construed to the extent necessary to resolve the
`
`controversy.” Wellman, Inc. v. Eastman Chem. Co., 642 F.3d 1355, 1361 (Fed.
`
`Cir. 2011); SAMSUNG-1003, [25]-[26].
`
`II.
`
`SUMMARY OF THE ’249 PATENT
`A. Brief Description
`The ’249 patent describes technology for facilitating an electronic transac-
`
`tion using a portable data carrier. SAMSUNG-1001, 2:17-18; SAMSUNG-1003,
`
`[43]-[50].
`
`2
`
`

`

`Attorney Docket No. 39843-0131IP1
`IPR of U.S. Patent No. 8,205,249
`For example, a user can enter a PIN or a biometric input at a terminal 14,
`
`and a portable data carrier (“PDC”) 20 (e.g., a chip card) can be inserted into an in-
`
`terface of terminal 14. SAMSUNG-1001, 3:42-4:39, FIG.2; see also id., 4:40-
`
`5:30, FIG. 3. Terminal 14 provides the user’s authentication data to PDC 20 to au-
`
`thenticate the user by comparing the inputted data to pre-stored data on PDC 20.
`
`Id. If the user is authenticated, PDC 20 confirms proof of the authentication to ter-
`
`minal 14, and in response, terminal 14 provides a data record 40 to the PDC 20,
`
`which is then digitally signed by PDC 20. Id.
`
`PDC 20 returns the digital signature 20 to the terminal 14, along with infor-
`
`mation that purportedly indicates the “quality” of the method that was used to au-
`
`thenticate the user. Id., 5:15-38 (discussing “quality information”). According to
`
`the specification, “[t]he biometric method inherently constitutes [a] higher-quality”
`
`authentication method than a knowledge-based method such as a secret PIN “since
`
`[the biometric method] presupposes the personal presence of the user 30” and “this
`
`is not ensured in the knowledge-based method since the knowledge can have been
`
`acquired by an unauthorized user.” Id., 3:29-33, 3:58-62.
`
`3
`
`

`

`Attorney Docket No. 39843-0131IP1
`IPR of U.S. Patent No. 8,205,249
`
`
`
`SAMSUNG-1001, FIG. 1 (annotated); SAMSUNG-1003, [43]-[50].
`
`B.
`Summary of the Prosecution History
`Much of the prosecution history focuses on Elements [1a]-[1b] (and corre-
`
`sponding limitations in claims 10 and 13), which relate to creating and attaching
`
`“authentication quality information … about said user authentication method
`
`used.” SAMSUNG-1003, [51]-[59]. The applicant stated during prosecution that
`
`“authentication quality information” indicates “by what kind of authentication
`
`method the user has been authenticated,” and that “the quality information of claim
`
`4
`
`

`

`Attorney Docket No. 39843-0131IP1
`IPR of U.S. Patent No. 8,205,249
`1 is independent of the concrete input data since the quality information exclu-
`
`sively depends on the authentication method used.” SAMSUNG-1002, 307, 429-
`
`438; SAMSUNG-1003, [54]-[57]. Although the Examiner eventually relented and
`
`allowed the application after at least six rejection/response cycles, neither the Ex-
`
`aminer nor the applicant focused on the cited art’s more pertinent disclosures for
`
`these limitations, as will be addressed further below. Infra, Section IV.A.
`
`As discussed below (Section IV.A), the Examiner overlooked critical teach-
`
`ings in the Wheeler-913 reference (SAMSUNG-1008) pertaining to the “authenti-
`
`cation quality information” features. If these Wheeler-913 teachings had been rec-
`
`ognized during original examination, the ’249 patent should not have been al-
`
`lowed. SAMSUNG-1003, [59].
`
`C. Level of Ordinary Skill in the Art
`A person of ordinary skill as of the Critical Date of the ’249 patent
`
`(“POSITA”) would have had (1) a bachelor’s degree in computer science, com-
`
`puter engineering, electrical engineering, or a related field, and (2) one to two
`
`years of experience with digital authentication techniques, such as, for example, bi-
`
`ometrics, digital signatures, passwords, and/or PIN numbers. SAMSUNG-1003,
`
`[19]-[23]. Graduate education could substitute for professional experience, or sig-
`
`nificant experience in the field could substitute for formal education. Id.
`
`5
`
`

`

`Attorney Docket No. 39843-0131IP1
`IPR of U.S. Patent No. 8,205,249
`III. THE CHALLENGED CLAIMS ARE UNPATENTABLE1
`A.
`[GROUND 1A] – Anticipation based on Wheeler (Claims 1-
`13)
`1. Overview of Wheeler2
`Wheeler describes techniques for using a “digital signature” to “‘authenti-
`
`cate’ a message contained within [an] [electronic communication (EC)].” SAM-
`
`SUNG-1005, 2:5-6; see also id., 1:24-28; SAMSUNG-1003, [80]-[86]. In this con-
`
`text, Wheeler describes three categories of authentication methods: “Factor A En-
`
`tity Authentication” (“based on what the sender ‘has’”), “Factor B Entity Authenti-
`
`cation” (“based on what the user or sender ‘knows’”), and “Factor C Entity Au-
`
`thentication” (“based on what the user or sender ‘is’”). SAMSUNG-1005, 2:18-
`
`27, 3:27-36, 4:1-6; SAMSUNG-1003, [87]. Factor A authentication can be con-
`
`firmed from a digital signature insofar as the digital signature is generated with a
`
`“private key”—i.e., “based on what the sender ‘has.’” Id., 2:18-22.
`
`To address perceived deficiencies in other solutions reviewed in Wheeler
`
`(see 4:7-14, 5:22-30), Wheeler proposed a portable data carrier (e.g., device 1640)
`
`to perform Factor A and Factors B and/or C authentication without requiring the
`
`
`1 Dr. Shamos discusses background technology at SAMSUNG-1003, [60]-[79].
`
`2 Descriptions of the references and combinations thereof are incorporated into
`
`each mapping that includes citations to these references.
`
`6
`
`

`

`Attorney Docket No. 39843-0131IP1
`IPR of U.S. Patent No. 8,205,249
`recipient “to safeguard either a Secret or a biometric value” or requiring the recipi-
`
`ent to be “privy to the authentication information.” SAMSUNG-1005, 4:7-14,
`
`5:22-30; SAMSUNG-1003, [89]-[90].
`
`
`
`SAMSUNG-1005, FIG. 16a (annotated); see also pp. 50-55, FIGS. 16b, 16c, 17;
`
`SAMSUNG-1003, [91].
`
`As shown above, Wheeler’s “device 1640,” which can be “portable and of a
`
`handheld form factor,” receives an input representing “first verification data (VD1)
`
`1651” or “second verification data (VD2) 1653” at a device interface 1652. SAM-
`
`SUNG-1005, 16:4-7, 50:19-21; SAMSUNG-1003, [92]. The first verification data
`
`1651 is compared to first prestored data 1642, and the second verification data
`
`1653 is compared to second prestored data 1644. Id. The first prestored data 1642
`
`7
`
`

`

`Attorney Docket No. 39843-0131IP1
`IPR of U.S. Patent No. 8,205,249
`and the second prestored data 1644 can each correspond to a respective “Secret or
`
`a biometric characteristic” of the user 1620 such as a secret PIN value or features
`
`derived from the user’s fingerprint(s), handprint(s), or iris scans. SAMSUNG-
`
`1005, Abstract, FIG. 20c.
`
`Based on a result of the “comparison of the first verification data 1651 with
`
`the first prestored data 1642 and the second verification data 1653 with the second
`
`prestored data 1644,” the device 1640 “assign[s] a value to an identification marker
`
`(IM) 1672 stored in memory 1674.” SAMSUNG-1005, 50:28-32; SAMSUNG-
`
`1003, [93]. For example, “a first identification marker comprising a Secret verifi-
`
`cation result (RS1) 2502 is in cardinal number format” representing “1” for entry of
`
`a correct PIN and “2” for entry of an incorrect PIN. SAMSUNG-1005, 63:33-37,
`
`FIG. 25a. For biometric-based verification data, the IM includes “a possible per-
`
`centage of match … between the verification data and prestored data.” SAM-
`
`SUNG-1005, 52:19-23, FIG. 26.
`
`8
`
`

`

`Attorney Docket No. 39843-0131IP1
`IPR of U.S. Patent No. 8,205,249
`
`
`
`SAMSUNG-1005, FIG. 25a (top), FIG. 26 (bottom); SAMSUNG-1003, [94].
`
`In addition to the Rs/Rb match values, Wheeler’s identification marker can
`
`further include, for each verification type, (1) an indication whether the device
`
`1640 has output a verification status since the user last provided verification data
`
`or since a digital signature was last generated and (2) a verification type identifier
`
`2004 that identifies the specific verification/authentication type. SAMSUNG-
`
`1005, 67:15-68:10, 68:24-70:15, 67:31-68:33, 66:1-7, 84:26-29, FIG. 20c; SAM-
`
`SUNG-1003, [95]-[98].
`
`2.
`Anticipation Analysis
`As described in detail below, Wheeler anticipates claims 1-13 of the ’249
`
`patent. SAMSUNG-1003, [107].
`
`9
`
`

`

`Attorney Docket No. 39843-0131IP1
`IPR of U.S. Patent No. 8,205,249
`
`Element [1pre-1]3
`As discussed above, Wheeler describes a user “device” (portable data car-
`
`rier), e.g., device 1640 or IC card 95, arranged to perform “different quality user
`
`authentication methods.” Supra, Section III.A.1; SAMSUNG-1003, [108]. The
`
`user device is arranged to perform “Factor A” authentication by signing data with
`
`the user’s private key (something that the user “has”), and is further arranged to
`
`
`3
`Petitioner provides mappings for each preamble element of the Challenged
`
`Claims to the extent they are deemed to be limiting.
`
`Additionally, Petitioner labels the first four elements of claim 1 as [1pre-1]
`
`through [1pre-4] and the first two elements of claim 10 as [10pre-1] and [10pre-2]
`
`to the extent they are all deemed part of the preambles, to be consistent with Aire’s
`
`infringement contentions, which identified the language in each of these elements
`
`as part of the preambles. Nonetheless, the grounds presented in this Petition dis-
`
`close or render obvious each of these elements regardless of whether [1pre-2]-
`
`[1pre-4] or [10pre-2] are part of either the preamble or the body of their respective
`
`claims. Petitioner reserves all rights to contend that these elements are part of the
`
`body of the claim in an appropriate forum, but it is not necessary to reach that issue
`
`here since it does not give rise to a controversy that bears on the grounds of un-
`
`patentability in this Petition. Wellman, 642 F.3d at 1361.
`
`10
`
`

`

`Attorney Docket No. 39843-0131IP1
`IPR of U.S. Patent No. 8,205,249
`perform “Factor B” authentication by comparing a user-entered secret (e.g., a PIN)
`
`with a pre-stored secret and “Factor C” authentication by comparing biometric ver-
`
`ification data from the user with pre-stored biometric data. SAMSUNG-1005,
`
`50:15-25, 57:15-16, 57:24-25, 68:24-25, FIGS. 16a, 17, 20c, 33; see also id., 5:24-
`
`28 (“using either or both of Factor B Entity Authentication and Factor C Entity
`
`Authentication”), 65:34-36. SAMSUNG-1003, [115]; also see id., [109]-[114].
`
`According to the specification of the ’249 patent, secret-based (e.g., PIN or
`
`other Factor B inputs) and biometric-based (e.g., Factor C inputs) authentication
`
`methods provide different qualities of user authentication. Cf. SAMSUNG-1001,
`
`3:29-33 (“The biometric method inherently constitutes [] higher-quality …, since it
`
`presupposes the personal presence of the user 30; this is not ensured in the
`
`knowledge-based method since the knowledge can have been acquired by an unau-
`
`thorized user.”); Infra, Footnotes 6-7; SAMSUNG-1003, [116].
`
`11
`
`

`

`Attorney Docket No. 39843-0131IP1
`IPR of U.S. Patent No. 8,205,249
`
`
`
`SAMSUNG-1005, FIG. 20C (annotated).
`
`Wheeler confirms that the user device, e.g., device 1640 or chip card 95, can
`
`be a “portable” data carrier that carries pre-stored verification data, e.g., PD1 1642
`
`and/or PD2 1644. SAMSUNG-1005, 16:4-7 (“portable and of a handheld form
`
`factor” and may be “a cell phone, a PDA, … an integrated circuit card (IC Card)
`
`… .”), 70:20-28, FIGS. 16a, 28, 33; SAMSUNG-1003, [117].
`
`Wheeler further discloses that the user device (portable data carrier), e.g.,
`
`device 1640 or chip card 95, is used in a method for effecting a secure electronic
`
`transaction on a terminal. SAMSUNG-1003, [118]. Wheeler contemplates a range
`
`of possible secure electronic transactions, including a “financial transaction, such
`
`12
`
`

`

`Attorney Docket No. 39843-0131IP1
`IPR of U.S. Patent No. 8,205,249
`as an instruction to a bank to transfer funds,” a commercial transaction for the sale
`
`of goods, or a transaction involved in a “legal action.” SAMSUNG-1005, 3:24-28;
`
`see also id., 84:7-14 (“merchant ‘rings up’ the item on the merchant cash regis-
`
`ter/terminal 3302”), 83:2 (“purchase of stock”); generally id., 82:25-86:9; SAM-
`
`SUNG-1003, [118].
`
`Wheeler’s local device (portable data carrier) communicates with a remote
`
`apparatus, e.g., recipient 1630 or banking authority 3320, via an I/O support ele-
`
`ment (terminal), e.g., I/O support element 1662 or card reader 3308, to effect a
`
`transaction. SAMSUNG-1003, [119]. This configuration is illustrated, for in-
`
`stance, in Figure 16c:
`
`
`
`13
`
`

`

`Attorney Docket No. 39843-0131IP1
`IPR of U.S. Patent No. 8,205,249
`SAMSUNG-1005, FIG. 16c (annotated); see also id., 51:33-52:9, 53:11-54:4,
`
`83:33-86:9, FIG. 33.
`
`As shown in FIG. 16c, the I/O support element 1662 (terminal) “receives
`
`the indicator 1660 and digital signature 1699 output from the device 1640” and “in
`
`turn, transmits the indicator 1660 and the digital signature 1699 to the electronic
`
`apparatus 1630.” Id., 53:13-16. Similar to the terminal 14 in the ’249 patent speci-
`
`fication, Wheeler’s I/O support element 1662 “includes a user interface 1658 from
`
`which input from the sender 1620 is received and an I/O interface 1659” for com-
`
`municating with the remote apparatus 1630. Id., 53:4-10; cf. SAMSUNG-1001,
`
`2:46-52, FIG. 1; SAMSUNG-1003, [120]. In some implementations, as shown in
`
`FIG. 33, the I/O support element 1662 is a card reader, e.g., card reader 3308:
`
`
`
`14
`
`

`

`Attorney Docket No. 39843-0131IP1
`IPR of U.S. Patent No. 8,205,249
`SAMSUNG-1005, FIG. 33 (annotated); see also id., 10:20-21, 83:33-84:1, 84:6-
`
`85:14.
`
`By providing a user interface 1658 for the receipt of user inputs, facilitating
`
`the provision of messages to the user device (e.g., IC card 95 or device 1640) for
`
`digital signature, and mediating interactions between the user device and remote
`
`system (e.g., 1640, 3320), the I/O support element (e.g., 1662, 3308) effects the
`
`“secure electronic transaction” at least to the extent of terminal 14 in the ’249 pa-
`
`tent. Cf., SAMSUNG-1001, 3:36-4:48, FIGS. 2-3; SAMSUNG-1003, [121].
`
`Wheeler thus discloses [1pre-1].
`
`Element [1pre-2]
`Wheeler describes that the user device (portable data carrier), e.g., device
`
`1640 or IC card 95, performs a user authentication using one of said different user
`
`authentication methods (e.g., secret-based “Factor B” authentication or biometric-
`
`based “Factor C” authentication). SAMSUNG-1003, [122]; supra, Section III.A.1,
`
`Element [1pre-1].
`
`For example, Wheeler’s user device allows a user to enter verification data
`
`for any of multiple types of verification or authentication methods. In the case that
`
`the portable data carrier performs “Factor B” authentication, verification data VD1
`
`or VD2 is a secret such as a PIN. SAMSUNG-1005, 52:10-18, FIGS. 16a, 16c,
`
`FIG. 27; SAMSUNG-1003, [123].
`
`15
`
`

`

`Attorney Docket No. 39843-0131IP1
`IPR of U.S. Patent No. 8,205,249
`In the case that the portable data carrier performs “Factor C” authentication,
`
`verification data VD1 or VD2 is representative of biometric features of the user
`
`1620. Id., 52:19-27, FIGS. 16a, 16c, 20c, 27; see also id., 62:1-6; SAMSUNG-
`
`1003, [124].
`
`
`
`SAMSUNG-1005, FIG. 16c (annotated); generally id., 50:15-53:3.
`
`Even when the user device supports multiple authentication methods and
`
`corresponding types of verification data, Wheeler confirms that the user device still
`
`permits user authentication using just one of the available authentication methods.
`
`SAMSUNG-1003, [125]. As explained in Wheeler, the user device maintains the
`
`current verification status for each of the available authentication methods regard-
`
`less of whether the user has submitted verification data for none, one, some, or all
`
`16
`
`

`

`Attorney Docket No. 39843-0131IP1
`IPR of U.S. Patent No. 8,205,249
`of the available methods. Id. The verification status indicator (e.g., 1660) includes
`
`the verification status for all of the available methods or all of the methods for
`
`which the user has provided an input (which can be just one method). SAM-
`
`SUNG-1005, 65:34-66:33. Wheeler leaves responsibility to the recipient/remote
`
`apparatus (e.g., 1630, 3320) to determine according to “business logic” whether the
`
`overall verification status of the user based on the one or more performed authenti-
`
`cation methods is sufficient to authorize a particular request or effect a particular
`
`electronic transaction. See, e.g., SAMSUNG-1005, 85:32-86:2, 66:17-33 (“even
`
`though an input is not provided for every single type of verification data”), 65-34-
`
`66:16, FIG. 24 & 65:7-67:14; SAMSUNG-1003, [125].
`
`To illustrate the point that a user may not provide input for all verification
`
`methods, Wheeler describes “NO PIN INPUT” as a verification status when no
`
`PIN-based verification data has been received by the device. SAMSUNG-1005,
`
`63:25-30, FIGS. 25a-b; SAMSUNG-1003, [126]. Analogously, when “no bio-
`
`metric verification data has been received,” the verification status is “NO BIO IN-
`
`PUT.” Id., 64:5-7, FIG. 26.
`
`17
`
`

`

`Attorney Docket No. 39843-0131IP1
`IPR of U.S. Patent No. 8,205,249
`
`
`
`SAMSUNG-1005, FIGS. 25a, 25b, 26 (all annotations added).
`
`Further to this point, Figure 27 depicts an exemplary sequence of actions at a
`
`user device (e.g., device 1640 or card 95) (portable data carrier). Id., 69:3-70:15,
`
`FIG. 27. The device authenticates the user using a single PIN-based authentication
`
`method in Step 3 (“CORRECT PIN”), which causes the value of Rs to be updated
`
`to “01” corresponding to “MATCH, FIRST OUTPUT SINCE INPUT REPRE-
`
`18
`
`

`

`Attorney Docket No. 39843-0131IP1
`IPR of U.S. Patent No. 8,205,249
`SENTING VERIFICATION DATA RECEIVED” as shown in FIG. 25b. SAM-
`
`SUNG-1003, [127].
`
`
`
`SAMSUNG-1005, FIG. 27 (annotated).
`
`Wheeler also discloses the user device performing a user authentication ac-
`
`cording to one authentication method by “comparing the first verification data
`
`(VD1) with the first data (PD1) prestored in the memory of the device” at Step
`
`1716 or “comparing the second verification data (VD2) with the second data (PD2)
`
`prestored in the memory of the device” at Step 1720 in FIG. 17. SAMSUNG-
`
`1005, 54:7-11, FIGS. 16a, 16c, 17; SAMSUNG-1003, [128].
`
`19
`
`

`

`Attorney Docket No. 39843-0131IP1
`IPR of U.S. Patent No. 8,205,249
`
`
`SAMSUNG-1005, FIG. 17 (annotated); 65:1-6 (“the device itself could be pre-pro-
`
`grammed or pre-hardwired to determine within the device whether the biometric
`
`verification data qualifies as a ‘match’ or ‘no match’ with the prestored data rela-
`
`tive to an arbitrarily determined threshold”); SAMSUNG-1003, [128].
`
`Wheeler thus discloses [1pre-2].
`
`20
`
`

`

`Attorney Docket No. 39843-0131IP1
`IPR of U.S. Patent No. 8,205,249
`
`Element [1pre-3]
`Wheeler describes that the user device (portable data carrier), e.g., device
`
`1640 or card 95, confirms the proof of authentication to the I/O support element
`
`(terminal).4 SAMSUNG-1003, [129]; supra, Section III.A.1, Elements [1pre-1],
`
`[1pre-2].
`
`In particular, Wheeler teaches that an identification marker (e.g., IVS 1660)
`
`is output from the user device (portable data carrier) each time the user generates
`
`a digital signature. SAMSUNG-1005, 51:15-19 (“The digital signature 1699 then
`
`is output from the device 1640 together with the value of the identification marker
`
`1672 as the indicator 1660 of the verification status (IVS) of the device 1640 for
`
`transmitting to the recipient. The digital signature 1699 and the indicator 1660
`
`then are transmitted to the recipient in association with the EC 1610, whereby the
`
`recipient is able to identify the indicator 1660 as pertaining to the EC 1610.”),
`
`
`4 Wheeler confirms proof of authentication to the terminal upon authenticating a
`
`user and digitally signing a first message, where signing the first message precedes
`
`the signing of a subsequent message that corresponds to the claimed “security-es-
`
`tablishing operation.” See infra, [1pre-4]. The user need not re-authenticate be-
`
`tween the signing of each message, and the outputting of the signature and IVS.
`
`SAMSUNG-1005, 67:16-23, 52:10-18.
`
`21
`
`

`

`Attorney Doc