`
`
`UNITED STATES PATENT AND TRADEMARK OFFICE
`
`______________________
`
`BEFORE THE PATENT TRIAL AND APPEAL BOARD
`______________________
`
`BANK OF AMERICA, N.A.; TRUIST BANK; BOKF, N.A.; WELLS FARGO
`BANK, N.A.; AND PNC BANK, N.A.,
`Petitioner,
`v.
`
`DYNAPASS IP HOLDINGS LLC,
`Patent Owner.
`
`______________________
`Case No. IPR2023-00367
`Patent No. 6,993,658
`______________________
`
`
`DECLARATION OF DR. PETER LAWRENCE REIHER
`
`
`
`
`
`
`PETITIONERS' EXHIBIT 1002
`
`Page 1 of 124
`
`
`
`Declaration of Dr. Peter Lawrence Reiher
`
`
`Patent No. 6,993,658
`
`
`
`Table of Contents
`
`Introduction ...................................................................................................... 1
`I.
`Qualifications ................................................................................................... 1
`II.
`III. Materials Considered ....................................................................................... 4
`IV. Relevant Legal Standards ................................................................................ 8
`A.
`Level of Ordinary Skill in the Art ....................................................... 11
`B.
`Claim Construction ............................................................................. 13
`V.
`The ’685 Patent .............................................................................................. 16
`A. Overview of the ’658 Patent ................................................................ 16
`B.
`Summary of the Prosecution History of the ’658 Patent .................... 18
`VI. Grounds of Unpatentability ........................................................................... 21
`VII. State of the Art ............................................................................................... 21
`A.
`Two-factor Authentication (2FA) was Well Known. .......................... 21
`B.
`Cell Phones and Cell Networks were Well Known. ............................ 23
`C.
`Use of Mobile Tokens was Well Known. ............................................ 27
`D.
`Known. ................................................................................................ 27
`VIII. Ground 1: Guthrie in Combination with Sormunen Renders Obvious
`Claims 1-3 and 5-7 ......................................................................................... 30
`A. Guthrie-Sormunen Combination ......................................................... 30
`1.
`Summary of the Guthrie-Sormunen Combination .................... 30
`2.
`Guthrie and Sormunen Are Analogous Art and Combinable ... 33
`3.
`
`A person of ordinary skill in the art Would Been Motivated
`to Implement Sormunen’s Mobile Station and Method for
`
`Contatenation of a Random Number and a Password was Well
`
`
`
`i
`
`Page 2 of 124
`
`
`
`Declaration of Dr. Peter Lawrence Reiher
`
`
`Patent No. 6,993,658
`
`Requesting and Obtaining Authentication Data at a Mobile
`
`Station in Guthrie to Improve Security ..................................... 36
`Independent Claims ............................................................................. 43
`Claim 1 ...................................................................................... 43
`1.
`Claim 5 ...................................................................................... 67
`2.
`Dependent Claims ............................................................................... 75
`1.
`passcode.” ................................................................................. 75
`2.
`communication device is a mobile phone.” .............................. 77
`3.
`
`Claim 2: “The method of claim 1, wherein the new
`password is generated by concatenating the token and the
`
`Claim 3: “The method of claim 1, wherein the personal
`
`B.
`C.
`
`B.
`
`Claim 6: “The system of claim 5, wherein the
`communication module is further configured to receive a
`request from the user for the token, and wherein the control
`module is further configured to create the new password in
`
`Claim 7: “The system of claim 6, wherein the request is
`transmitted by the user through the personal communication
`
`response to the request.” ........................................................... 77
`4.
`device.” ..................................................................................... 78
`IX. Ground 2: Kato in Combination with Guthrie Renders Obvious Claims 1-
`3 and 5-7 ........................................................................................................ 78
`A. Kato-Guthrie Combination .................................................................. 78
`1.
`Summary of the Kato-Guthrie Combination ............................ 78
`2.
`Kato and Guthrie are Analogous Art and Combinable ............. 79
`3.
`Reasonable Expectation of Success in Doing So ..................... 82
`Independent Claims ............................................................................. 92
`
`A person of ordinary skill in the art Would Been Motivated
`to Add Guthrie’s Challenge-Response Process to Kato’s
`Three-Device Architecture and Would Have Had a
`
`
`
`ii
`
`Page 3 of 124
`
`
`
`Declaration of Dr. Peter Lawrence Reiher
`
`
`Patent No. 6,993,658
`
`Claim 1 ...................................................................................... 92
`1.
`Claim 5 ....................................................................................113
`2.
`Dependent Claims .............................................................................118
`1.
`passcode.” ...............................................................................118
`2.
`communication device is a mobile phone.” ............................118
`3.
`
`Claim 2: “The method of claim 1, wherein the new
`password is generated by concatenating the token and the
`
`Claim 3: “The method of claim 1, wherein the personal
`
`C.
`
`X.
`
`
`
`
`Claim 6: “The system of claim 5, wherein the
`communication module is further configured to receive a
`request from the user for the token, and wherein the control
`module is further configured to create the new password in
`response to the request.” Claim 7: “The system of claim 6,
`wherein the request is transmitted by the user through the
`
`personal communication device.” ...........................................118
`Conclusion ...................................................................................................119
`
`
`
`iii
`
`Page 4 of 124
`
`
`
`Declaration of Dr. Peter Lawrence Reiher
`
`I.
`
`INTRODUCTION
`I, Dr. Peter Lawrence Reiher, submit this declaration to state my
`1.
`
`Patent No. 6,993,658
`
`opinions on the matters described below.
`
`2.
`
`I have been retained on behalf of Petitioners as an independent expert
`
`for the above-identified inter partes review proceeding involving U.S. Patent No.
`
`6,993,658 (“the ’658 Patent”). Although I am being compensated for my time in
`
`connection with this IPR at my standard hourly consulting rate and reimbursed for
`
`reasonable out-of-pocket expenses, no part of my compensation depends on the
`
`outcome of this proceeding, and I have no other interest in this proceeding.
`
`3.
`
`I have been asked to provide my technical review, analysis, insights,
`
`and opinions regarding the ’658 Patent and the above-noted references that form
`
`the basis for the invalidity grounds set forth in the Petition for Inter Partes Review
`
`of the ’658 Patent.
`
`II. QUALIFICATIONS
`I believe that I am well qualified to serve as a technical expert in this
`4.
`
`matter based upon my educational and work experience.
`
`5.
`
`I received a BS in Electrical Engineering, specializing in computer
`
`science, from the University of Notre Dame in 1979. I received my MS in
`
`Computer Science from UCLA in 1983, and my Ph.D. in Computer Science from
`
`UCLA in 1987. After spending five years working on an operating systems project
`
`
`
`1
`
`Page 5 of 124
`
`
`
`Declaration of Dr. Peter Lawrence Reiher
`
`at the Jet Propulsion Laboratory, I returned to UCLA, where I served as a research
`
`Patent No. 6,993,658
`
`scientist and adjunct faculty member from 1992 until my retirement in 2021.
`
`6.
`
`During this time at UCLA, I obtained research grants from several
`
`sources to study topics in computer and network security, operating systems and
`
`file systems, mobile computing, and related topics. The sources for these grants
`
`included DARPA, the National Science Foundation, the Department of Homeland
`
`Security, the Department of Education, the Intel Corporation, Microsoft, Hewlett
`
`Packard, Lockheed Martin, and GTE. The total amount of research funding I
`
`received exceeded $10 million.
`
`7.
`
`The topics I researched with these grants include distributed file
`
`systems, encrypted file systems, mobile computing, active networking security,
`
`distributed denial of service attacks and defenses against them, IP spoofing,
`
`vehicular network security, operating system security, and other related topics,
`
`specifically those related to computer security. Some of these research projects
`
`involved various authentication methods, such as the Truffles project, which used
`
`authentication methods in conjunction with a secure distributed file system. In the
`
`Panoply ubiquitous computing project, we experimented with multi-factor
`
`authentication in which one factor was physical location of the subject. I published
`
`over 140 articles on these research topics in conferences, including Infocom,
`
`ICNP, the Usenix Security Symposium, Usenix FAST, the Usenix Annual
`
`
`
`2
`
`Page 6 of 124
`
`
`
`Declaration of Dr. Peter Lawrence Reiher
`
`Technical Conference, and ACSAC, and in journals, including IEEE Transactions
`
`Patent No. 6,993,658
`
`on Computing, ACM Transactions on Storage, IEEE Transactions on Dependable
`
`and Secure Computing, ACM Mobile Computing and Communications Review,
`
`Computer Networks, IEEE Communications Surveys and Tutorials, and the
`
`Journal of Distributed and Parallel Databases. I am also a co-author of a book on
`
`distributed denial of service attacks, and have contributed chapters to several other
`
`books. I have also contributed a chapter on operating system authentication to an
`
`online textbook used in operating system classes.
`
`8.
`
`During this time at UCLA, I served as the Ph.D. advisor for 18
`
`students, counting only those who have received their degree to date. My students
`
`serve in various academic and industry positions, including at the University of
`
`Oregon, Florida State University, Harvey Mudd College, the Intel Corporation,
`
`Google, IBM, Oracle, ISI, and the Aerospace Corporation. Most of these students
`
`worked on security research for their Ph.D. topics, and many continue to perform
`
`security research and development in their current positions.
`
`9.
`
`I have reviewed hundreds of papers for various computer science
`
`conferences, workshops, and journals, primarily papers on computer security
`
`issues. I have served as a co-editor of ACM Transactions on Internet Technology
`
`from 2007-2015. I have been a member of the program committee for dozens of
`
`conferences, and served as the program chair or general chair for half a dozen
`
`
`
`3
`
`Page 7 of 124
`
`
`
`Declaration of Dr. Peter Lawrence Reiher
`
`conferences. I was vice chair of the IEEE ComSoc Communications and
`
`Patent No. 6,993,658
`
`Information Security Technical Subcommittee from 2005-2007.
`
`10.
`
`I have taught dozens of graduate and undergraduate classes at UCLA
`
`in the Computer Science Department, primarily classes on computer security and
`
`operating systems, with total enrollments in the thousands of students. My
`
`computer security class includes lectures and readings on different authentication
`
`technologies for secure computer systems.
`
`11.
`
`I retired from the Department of Computer Science at the University
`
`of California, Los Angeles in 2021, but continue to teach classes in that department
`
`and advice Ph.D. students. I will be teaching an operating system course (for about
`
`250 students) in the winter quarter of 2023, and a computer security class in the
`
`spring quarter of that year.
`
`III. MATERIALS CONSIDERED
`In forming my opinions, I have reviewed the following documents
`12.
`
`and any other documents cited in this declaration:
`
`Exhibit
`
`Description
`
`Ex. 1001 U.S. Patent No. 6,993,658 B1 to Engberg. et al. (“the ’658 Patent”)
`
`Ex. 1004 Prosecution History of the ’658 Patent
`
`
`
`4
`
`Page 8 of 124
`
`
`
`Declaration of Dr. Peter Lawrence Reiher
`
`
`Patent No. 6,993,658
`
`Ex. 1005
`
`Japanese Patent Application Publication No. JP2000-10927 (Japanese
`language document) to Kato, filed June 25, 1998, published January
`14, 2000 (“Kato”)1
`
`Ex. 1006 English Translation of Japanese Patent Application Publication No.
`JP2000-10927
`
`Ex. 1007 U.S. Patent No. 6,161,185 to Guthrie et al., filed March 6, 1998,
`published December 12, 2000 (“Guthrie”)
`
`Ex. 1008 U.S. Patent No. 5,060,263 to Bosen et al., filed March 9, 1988,
`published October 22, 1991 (“Bosen”)
`
`Ex. 1009 U.S. Patent No. 6,609,206 B1 to Veneklase, filed February 5, 1999,
`published August 19, 2003 (“Veneklase”)
`
`Ex. 1010 U.S. Patent No. 5,604,803 to Aziz, filed June 3, 1994, published
`February 18, 1997 (“Aziz”)
`
`Ex. 1011 U.S. Patent No. 6,078,908 to Schmitz, filed April 22, 1998, published
`June 20, 2000 (“Schmitz”)
`
`Ex. 1012
`
`International Patent Application Publication No. WO 95/19593 to
`Kew et al., filed January 12, 1995, published July 20, 1995 (“Kew”)
`
`Ex. 1013 U.S. Patent No. 5,153,919 to Reeds et al., filed September 13, 1991,
`published October 6, 1992 (“Reeds”)
`
`Ex. 1014 U.S. Patent No. 6,662,300 B1 to Peters, filed June 29, 1999, published
`December 9, 2003 (“Peters”)
`
`Ex. 1015 U.S. Patent No. 5,668,876 to Falk et al., filed June 24, 1994,
`published September 16, 1997 (“Falk”)
`
`Ex. 1016 U.S. Patent No. 5,491,752 to Kaufman et al., filed September 2, 1994,
`published February 13, 1996 (“Kaufman”)
`
`Ex. 1017 U.S. Patent No. 5,736,932 to Bulfer et al., filed July 3, 1996,
`published April 7, 1998 (“Bulfer”)
`
`
`1 All reference cites are based on the translation (Ex. 1006).
`
`
`
`5
`
`Page 9 of 124
`
`
`
`Declaration of Dr. Peter Lawrence Reiher
`
`
`Patent No. 6,993,658
`
`Ex. 1018 International Patent Application Publication No. WO 97/31306 to
`Sormunen et al., filed February 6, 1997, published August 28, 1997
`(“Sormunen”)
`
`Ex. 1019 U.S. Patent Application Publication No. 2001/0007817 to Odagiri et
`al., filed December 8, 2000, published July 12, 2001 (“Odagiri”)
`
`Ex. 1020
`
`International Patent Application Publication No. WO 01/16899 A2,
`filed August 17, 2000, published March 8, 2001 (“Shields”)
`
`Ex. 1021 U.S. Patent No. 6,430,407 B1 to Turtiainen, filed February 4, 1999,
`published August 6, 2002 (“Turtiainen”)
`
`Ex. 1022 U.S. Patent No. 6,731,731 B1 to Ueshima, filed March 29, 2001,
`published May 4, 2004 (“Ueshima”)
`
`Ex. 1023 U.S. Patent No. 6,259,909 B1 to Ratayczak et al., filed July 8, 1998,
`published July 10, 2001 (“Ratayczak”)
`
`Ex. 1024 U.S. Patent Application Publication No. 2003/0046083 A1 to
`Devinney et al., filed November 21, 1997, published March 6, 2003
`(“Devinney”)
`
`Ex. 1025 U.S. Patent No. 6,535,855 B1 to Cahill et al., filed March 31, 1998,
`published March 18, 2003 (“Cahill”)
`
`Ex. 1026 U.S. Patent No. 7,260,221 B1 to Atsmon, filed May 15, 2001, published
`August 21, 2007 (“Atsmon”)
`
`Ex. 1027 U.S. Patent No. 5,406,619 to Akhteruzzaman, filed March 31, 1994,
`published April 11, 1995 (“Akhteruzzaman”)
`
`Ex. 1028 U.S. Patent No. 6,338,140 B1 to Owens et al., filed November 24,
`1998, published January 8, 2002 (“Owens”)
`
`Ex. 1029 U.S. Patent No. 5,887,065 to Audebert, filed October 2, 1997,
`published March 23, 1999 (“Audebert”)
`
`Ex. 1030 U.S. Patent Application Publication No. 2002/0178370 A1 to
`Gurevich, filed December 29, 2000, published November 28, 2002
`(“Gurevich”)
`
`
`
`6
`
`Page 10 of 124
`
`
`
`Declaration of Dr. Peter Lawrence Reiher
`
`
`Patent No. 6,993,658
`
`Ex. 1031 U.S. Patent No. 6,983,308 B1 to Oberhaus et al., filed December 22,
`1998, published January 3, 2006 (“Oberhaus”)
`
`Ex. 1032 U.S. Patent No. 6,035,406 to Moussa et al., filed April 2, 1997,
`published March 7, 2000 (“Moussa”)
`DIAL-IN SECURITY -- Passwords Aren’t Enough, Lenny Liebmann
`VARbusiness: 143. The Channel Company (July 1, 1995)
`(“Liebmann”)
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`Desperate Times Call For Desperate Measures, David Willis,
`Network Computing: 72. Informa. (March 1, 1996) (“Willis”)
`
`Smart token gestures of protection; Southern New England Telephone
`relies on smart-card token technology to secure their network, Ziff
`Davis Media Inc., PC Week: N03 (January 22, 1996)
`
`Bull Adds Support for Security Dynamics Authentication Tools Under
`ISM AccessMaster Enterprise Security Management Software,
`Business Wire: 05061173 (May 6, 1997)
`
`World’s Largest Wholesale Distributor to Market ActivCard Strong
`Authentication Solutions, PR Newswire (July 27, 1999)
`
`InfoExpress and ActivCard Team to Provide Hardware
`Authentication for Virtual Private Networks Over the Internet,
`Business Wire: 5200016 (May 20, 1996)
`
`Securing the World Wide Web: smart tokens and their
`implementation, Jones et al., Fourth International World Wide Web
`Conference (December 1995)
`
`Authentication Techniques for Smart Cards, R. A. Nelson, CardTech
`SecurTech ’94 (February 1994)
`
`Disclosure of Asserted Claims and Infringement Contentions,
`Dynapass IP Holdings LLC v. JPMorgan Chase & Co. et al., Case
`No. 2:22-cv-00212 (Lead Case) (E.D. Tex. Sept. 8, 2022)
`
`Alfred Menzies, Paul van Oorshot, and Scott Vanstone, Handbook of
`Applied Cryptography, CRC Press, 1997, page 390
`
`7
`
`Page 11 of 124
`
`
`
`Declaration of Dr. Peter Lawrence Reiher
`
`
`Patent No. 6,993,658
`
`Bruce Schneier, Applied Cryptography, O'Reilly, 1996, page 194
`
`Robert Morris and Ken Thompson, Password Security: A Case
`History, Communications of the ACM, Vol. 22, No. 11, November
`1979
`
`Peter Denning, The Science of Computing: Passwords, American
`Scientist, Vol. 80, No. 2, March-April 1992
`
`M. Luby and C. Rackoff, A Study of Password Security, J. Cryptology
`(1989) 1:151-158
`
`David Feldmeier and Philip Karn, Unix Password Security: Ten Years
`Later, Crypto'89, 1989
`
`Michael Jackson, Linux Shadow Password HOWTO, Linux
`Documentation Project, April 3, 1996
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`IV. RELEVANT LEGAL STANDARDS
`In preparing this declaration and forming my opinions, I am relying
`13.
`
`on certain legal principles that counsel explained to me. My understanding of these
`
`concepts is summarized below.
`
`14.
`
`I have been asked to provide my opinions regarding whether claims
`
`1–3, 5-7 (“the Challenged Claims”) of the ’658 Patent are unpatentable, because
`
`they would have been obvious to a person having ordinary skill in the art at the
`
`time of the alleged invention, in light of the prior art. I have been advised and
`
`understand that prior art includes all analogous art, and that two separate tests
`
`define the scope of analogous prior art: (1) whether the art is from the same field of
`
`endeavor, regardless of the problem addressed and, (2) if the reference is not
`
`
`
`8
`
`Page 12 of 124
`
`
`
`Declaration of Dr. Peter Lawrence Reiher
`
`within the field of the inventor’s endeavor, whether the reference still is reasonably
`
`Patent No. 6,993,658
`
`pertinent to the particular problem with which the inventor is involved. It is my
`
`opinion that the Challenged Claims would have been obvious to a person having
`
`ordinary skill in the art at the time of the ’658 Patent invention.
`
`15.
`
`In forming my opinions expressed below, in addition to my
`
`knowledge and experience based upon my work in the fields of computer
`
`networks, computer and network security, mobile computing, and user
`
`authentication technologies for secure computer and network systems, I have
`
`considered the documents listed in the Table in Section III above.
`
`16.
`
`I have been advised and understand that a dependent claim is a patent
`
`claim that refers back to another patent claim. I have been informed and
`
`understand that a dependent claim includes all of the limitations of the claim to
`
`which it refers.
`
`17.
`
`I have been advised and understand that there are two ways in which
`
`prior art may render a patent claim unpatentable. First, the prior art can
`
`“anticipate” the claim. Second, the prior art can make the claim “obvious” to a
`
`person of ordinary skill in the art. I understand that for an invention claimed in a
`
`patent to be patentable, it must not be anticipated and must not be obvious based
`
`on what was known before the invention was made.
`
`
`
`9
`
`Page 13 of 124
`
`
`
`Declaration of Dr. Peter Lawrence Reiher
`
`
`Patent No. 6,993,658
`
`18.
`
`I have been advised and understand that a patent claim is unpatentable
`
`as anticipated under 35 U.S.C. § 102 if each element of that claim is present either
`
`explicitly or inherently in a single prior art reference. I have also been advised and
`
`understand that, to be an inherent disclosure, the prior art reference must
`
`necessarily disclose the limitation. The fact that the reference might practice or
`
`contain a claimed limitation is insufficient to establish that the reference inherently
`
`teaches the limitation.
`
`19.
`
`I have been advised and understand that a claimed invention is
`
`unpatentable under 35 U.S.C. § 103 if the differences between the claimed subject
`
`matter and the prior art are such that the subject matter as a whole would have been
`
`obvious at the time the invention was made to a person having ordinary skill in the
`
`art to which the subject matter pertains. I have also been advised and understand
`
`that the obviousness analysis takes into account factual inquiries, including the
`
`level of ordinary skill in the art, the scope and content of the prior art, and the
`
`differences between the prior art and the claimed subject matter.
`
`20.
`
`I have further been advised and understand that the Supreme Court
`
`has recognized several rationales for combining references or modifying a
`
`reference to show obviousness of claimed subject matter. Some of these rationales
`
`include the following: (a) combining prior art elements according to known
`
`methods to yield predictable results; (b) simple substitution of one known element
`
`
`
`10
`
`Page 14 of 124
`
`
`
`Declaration of Dr. Peter Lawrence Reiher
`
`for another to obtain predictable results; (c) use of a known technique to improve a
`
`Patent No. 6,993,658
`
`similar device (method, or product) in the same way; (d) applying a known
`
`technique to a known device (method, or product) ready for improvement to yield
`
`predictable results; (e) choosing from a finite number of identified, predictable
`
`solutions, with a reasonable expectation of success; and (f) some teaching,
`
`suggestion, or motivation in the prior art that would have led one of ordinary skill
`
`to modify the prior art reference or to combine prior art reference teachings to
`
`arrive at the claimed invention.
`
`21. When considering the issue of obviousness, I have been advised and
`
`understand that I should consider (1) the scope and content of the prior art; (2) the
`
`differences between the prior art and the claims at issue; (3) the level of ordinary
`
`skill in the art; and (4) evidence of secondary indicia of nonobviousness. I have
`
`been informed that secondary indicia of nonobviousness include (i) “long-felt
`
`need” for the claimed invention, (ii) commercial success attributable to the claimed
`
`invention, (iii) unexpected results of the claimed invention, and (iv) “copying” of
`
`the claimed invention by others.
`
`A. Level of Ordinary Skill in the Art
`In rendering the opinions set forth in this declaration, I have been
`22.
`
`asked to consider the ’658 Patent’s claims and the prior art through the eyes of a
`
`person of ordinary skill in the art. I understand that a person of ordinary skill in the
`
`
`
`11
`
`Page 15 of 124
`
`
`
`Declaration of Dr. Peter Lawrence Reiher
`
`art is determined by considering (1) the type of problems encountered in the art, (2)
`
`Patent No. 6,993,658
`
`prior art solutions to those problems, (3) the rapidity with which innovations are
`
`made, (4) the sophistication of the technology, and (5) the educational level and
`
`years of experience level of those working in the pertinent field.
`
`23.
`
`I understand that I must evaluate the ’658 Patent from the perspective
`
`of a person of ordinary skill in the art. That is, the ’658 Patent must be evaluated
`
`through the eyes of a person with ordinary skill in the relevant art at the time of the
`
`invention of this patent as of its earliest priority date. It is my opinion that such a
`
`person of ordinary skill in the art as related to the ’658 Patent would have at least a
`
`bachelor’s degree in Electrical Engineering, Computer Science, Computer
`
`Engineering, or equivalent, and at least two years of prior experience with user
`
`authentication technologies for computer systems at the time of the ’658 Patent
`
`invention, that is as of the earliest priority date of the ’658 Patent—March 6, 2000.
`
`If a person did not have a bachelor’s degree, sufficiently greater relevant and
`
`practical experience with computer and network security and user authentication
`
`could provide an acceptable substitute. Likewise, further education beyond a
`
`bachelor’s degree could compensate for a deficiency in practical experience.
`
`24. Based on my educational background and experience, such as my
`
`experience with computer and network security and user authentication
`
`technologies (see paragraphs 5-11), I am qualified as at least a person of ordinary
`
`
`
`12
`
`Page 16 of 124
`
`
`
`Declaration of Dr. Peter Lawrence Reiher
`
`skill in the art with respect to the ’658 Patent. Thus, I am familiar with the
`
`Patent No. 6,993,658
`
`knowledge of the person of ordinary skill in the art at the time of the ’658 Patent
`
`invention. I am able to opine on how a person of ordinary skill in the art would
`
`have understood the disclosure and claims of the ’658 Patent, the disclosures of the
`
`prior art, the motivation to combine the prior art, and what combinations would
`
`have been obvious and not have been obvious to one of ordinary skill in the art.
`
`B. Claim Construction
`I have been informed that in an inter partes review proceeding, claim
`25.
`
`terms should be construed under the same standard applied in federal district court
`
`cases. Under this standard, I have been informed that claim terms are generally
`
`given their ordinary and customary meaning as understood by one of ordinary skill
`
`in the art in light of the specification and the prosecution history pertaining to the
`
`patent. I understand, however, that claim terms are generally not limited by the
`
`embodiments described in the specification.
`
`26.
`
`I understand that in addition to the claims, specification, and
`
`prosecution history, other evidence may be considered to ascertain the meaning of
`
`claim terms, including textbooks, encyclopedias, articles, and dictionaries. I have
`
`been informed that this additional evidence is often less significant and less
`
`reliable than the claims, specification, and prosecution history.
`
`
`
`13
`
`Page 17 of 124
`
`
`
`Declaration of Dr. Peter Lawrence Reiher
`
`
`Patent No. 6,993,658
`
`27.
`
`I have also been informed that claims should only be construed to the
`
`extent necessary to resolve any controversy.
`
`28.
`
`I also have been informed of a special rule applied to claim limitations
`
`drafted in what is referred to as “means-plus-function” limitations. I understand
`
`that a “means-plus-function” limitation recites a structural component solely in
`
`terms of the function it performs. In other words, a patent claim may recite a
`
`structural element that is essentially a placeholder word (for example, the word
`
`“means”) presented in terms of the function it performs (e.g., a claim reciting a
`
`“means for [function]”). I understand that the special rule for construing means-
`
`plus-function limitations involves two steps: (1) identifying the claimed function,
`
`and (2) determining what structure, if any, disclosed in the specification
`
`corresponds to that claimed function.
`
`29. Based on my review of these materials and my personal knowledge
`
`and experience, I have considered the plain and ordinary meaning of each term of
`
`the ’658 Patent as it would have been understood by one skilled in the art at the
`
`time of the ’658 Patent invention. I apply the plain and ordinary meaning of each
`
`claim term throughout this declaration.
`
`30.
`
`I have been informed that the claim terms “control module” and
`
`“authentication module” may be considered as means-plus-function limitations.
`
`For the purpose of this declaration, I have been asked to consider the function and
`
`
`
`14
`
`Page 18 of 124
`
`
`
`Declaration of Dr. Peter Lawrence Reiher
`
`the structure for the function as disclosed in the specification of the ’658 Patent for
`
`Patent No. 6,993,658
`
`each of these claim terms as they would have been understood by a person of
`
`ordinary skill in the art.
`
`31. The claimed functions of the “control module” are “to create a new
`
`password based at least upon a token and a passcode, wherein the token is not
`
`known to the user and wherein the passcode is known to the user” and “to set a
`
`password associated with the user to be the new password,” as recited in claim 5,
`
`and additionally “to create the new password in response to the request,” as further
`
`recited in claim 6. A person of ordinary skill in the art would have understood that
`
`the corresponding structure for performing these claimed functions in the
`
`specification of the ’658 Patent is a software module executed on the computer
`
`processor of the token server. Ex. 1001, FIG. 4, 8:7-10.
`
`32. The claimed functions of the “authentication module” are “to receive
`
`the password from the user through a secure computer network, said secure
`
`computer network being different from the cell phone network, wherein the user
`
`has an account on the secure computer network” and to “activate[] access to the
`
`account in response to the password and deactivate[] the account within a
`
`predetermined amount of time after activating the account, such that said account
`
`is not accessible through any password via the secure computer network.” A
`
`person of ordinary skill in the art would have understood that the corresponding
`
`
`
`15
`
`Page 19 of 124
`
`
`
`Declaration of Dr. Peter Lawrence Reiher
`
`structure for performing these claimed functions in the specification of the ’658
`
`Patent No. 6,993,658
`
`Patent is a software module executed on the computer processor of the user
`
`authentication server. Ex. 1001, FIG. 1, 5:1-21.
`
`33. As discussed below, Guthrie discloses the same functions and
`
`structures of these claim terms as these constructions require and also reasonable
`
`equivalents.
`
`V. THE ’685 PATENT
`A. Overview of the ’658 Patent
`I understand that the ’658 Patent issued from U.S. Patent Application
`34.
`
`No. 09/519,829 on March 6, 2000. Ex. 1001, 1. I have also been informed that the
`
`filing date—March 6, 2000—is the earliest priority date of the ’658 Patent.
`
`35. The ’658 Patent discloses a user authentication system and method of
`
`authenticating a user to gain access to a secure system based on a password.
`
`Ex. 1001, Abstract. A user authentication server authenticates the user by receiving
`
`a password from the user via a secure computer network and comparing the
`
`received password with a password associated with the user in a user database. Id.,
`
`Abstract, 3:8-14; 7:11-18, 7:40-67.
`
`
`
`16
`
`Page 20 of 124
`
`
`
`Declaration of Dr. Peter Lawrence Reiher
`
`
`Patent No. 6,993,658
`
`
`
`Ex. 1001, FIG. 1.2
`
`36. To obtain the password, the user sends a request for a token to a token
`
`server of the user authentication server over a cell phone network via a personable
`
`communication device. Id., 5:22-31, 6:1-12, 6:26-40, 7:46-63, 9:3-10. The user
`
`authentication server identifies the request with the user, generates a token in
`
`response to the request, and transmits the token to the personal communication
`
`device. Id., 1:63-2:15, 5:22-56, 6:4-12, 6:35-67, 7:31-39, 9:28-54, 10:59-62. The
`
`
`2 All color or bold emphases and annotations in this petition have been added
`
`unless noted otherwise.
`
`
`
`17
`
`Page 21 of 124
`
`
`
`Declaration of Dr. Peter Lawrence Reiher
`
`personal communication device can be a mobile phone or pager, the token request
`
`Patent No. 6,993,658
`
`can be a phone call or SMS message, and the token can be transmitted in an SMS
`
`message or page data. Id., 5:41-56, 9:47-54, 7:33-39, 10:14-20, 10:42-59, 11:9-20.
`
`The token server also generates a new password