`
`
`
`
`
`
`
`Filed on behalf of Unified Patents, LLC
`By:
`Jordan M. Rossen, Reg. No. 74,064
`
`Ashraf Fawzy, Reg. No. 67,914
`
`Unified Patents, LLC
`4445 Willard Ave., Suite 600
`Chevy Chase, MD, 20815
`Email: jordan@unifiedpatents.com
`
` afawzy@unifiedpatents.com
`
`
`
`
`UNITED STATES PATENT AND TRADEMARK OFFICE
`
`
`BEFORE THE PATENT TRIAL AND APPEAL BOARD
`
`
`
`UNIFIED PATENTS, LLC
`Petitioner
`
`v.
`
`DYNAPASS IP HOLDINGS LLC
`Patent Owner
`
`IPR2023-00425
`
`
`PETITION FOR INTER PARTES REVIEW OF
`U.S. PATENT 6,993,658
`
`
`
`
`
`
`

`

`U.S. Patent 6,993,658
`IPR2023-00425 – Petition for Inter Partes Review
`
`
`TABLE OF CONTENTS
`
`Introduction ......................................................................................................... 1
`I.
`II. Overview of Challenge and Relief Requested .................................................... 1
`A. Prior Art ........................................................................................................... 1
`B. Grounds for Challenge ..................................................................................... 1
`C. U.S. 6,993,658 ................................................................................................. 2
`D. Prosecution History ......................................................................................... 4
`E. Level of Ordinary Skill in the Art ................................................................... 5
`F. Claim Construction .......................................................................................... 5
`1. “a control module…configured
`to…”; “a communication module
`configured to…”; “an authentication module configured to…” ......................... 6
`2. “Cell phone network” ................................................................................... 9
`3. “Not known to the user” ............................................................................. 10
`III. Grounds of Unpatentability ............................................................................... 13
`A. Ground 1: Claim 5 Is Obvious over Veneklase in view of Jonsson .............. 13
`1. Overview of Veneklase............................................................................... 13
`2. Overview of Jonsson .................................................................................. 15
`3. Claim 5 ....................................................................................................... 17
`Motivations to Combine Veneklase and Jonsson.............................................. 31
`B. Ground 2: Claims 1, 3-6 Are Obvious over Kew in view of Sormunen ........ 46
`1. Overview of Kew ........................................................................................ 46
`2. Overview of Sormunen .............................................................................. 49
`3. Claim 5 ....................................................................................................... 50
`Motivations to Combine Kew and Sormunen ................................................... 58
`4. Claim 6 ....................................................................................................... 71
`5. Claim 1 ....................................................................................................... 72
`6. Claim 3 ....................................................................................................... 75
`7. Claim 4 ....................................................................................................... 77
`C. Analogous Art ................................................................................................ 78
`IV. Mandatory Notices ............................................................................................ 79
`A. Real Party-in-Interest ..................................................................................... 79
`B. Related Matters .............................................................................................. 79
`
`
`
`i
`
`

`

`U.S. Patent 6,993,658
`IPR2023-00425 – Petition for Inter Partes Review
`
`
`C. Petitioner is aware that the ’658 Patent has been challenged in IPR2023-
`00367 on January 3, 2022.Lead and Back-up Counsel ........................................ 81
`D. Service Information, Email, Hand Delivery, and Postal ............................... 81
`V. Certification of Grounds for Standing .............................................................. 81
`VI. Discretionary Institution ................................................................................... 81
`VII. Conclusion ......................................................................................................... 85
`
`
`
`
`
`
`
`
`ii
`
`

`

`U.S. Patent 6,993,658
`IPR2023-00425 – Petition for Inter Partes Review
`
`
`TABLE OF EXHIBITS
`
`
`
`Exhibit No.
`
`Description
`
`1001
`
`U.S. Patent 6,993,658
`
`1002
`
`Prosecution History File of Application 09/519,829
`
`1003
`
`Declaration of Bruce McNair (¶¶1-168)
`
`1004
`
`Curriculum Vitae of Bruce McNair
`
`1005
`
`1006
`
`European Patent Application No. 084451
`(“Veneklase”)
`PCT Patent Publication No. WO 96/00485 to Jonsson (“Jonsson”)
`
`to Veneklase
`
`1007
`
`PCT Patent Publication No. WO 95/19593 to Kew (“Kew”)
`
`1008
`
`1009
`
`1010
`
`1011
`
`to Sormunen
`
`PCT Patent Publication No. WO 97/31306
`(“Sormunen”)
`Li Gong, “Optimal Authentication Protocols Resistant to Password
`Guessing Attacks," Proceedings The Eighth IEEE Computer
`Security Foundations Workshop, 1995, pp. 24-29, doi:
`10.1109/CSFW.1995.518549.
`U.S. Patent 3,938,091
`
`IETF RFC2289, “A One-Time Password System,” February 1989,
`available at https://www.rfc-editor.org/rfc/rfc2289.html
`
`
`
`iii
`
`

`

`U.S. Patent 6,993,658
`IPR2023-00425 – Petition for Inter Partes Review
`
`
`1012
`
`U.S. Patent 5,276,444
`
`1013
`
`1014
`
`1015
`
`1016
`
`1017
`
`S.A. Sherman, R. Skibo, R.S. Murray, “Secure Network Access
`Using Multiple Applications of AT&T’s Smart Card,” AT&T
`Technical Journal, September/October 1994
`Lt. Gen. Charles R. Myers, “Vietnam Studies: Division-Level
`Communications, 1962-1973”, US Department of the Army, 1982,
`Ch. 8, retrieved from https://history.army.mil/catalog/pubs/90/90-
`11.html December 13, 2022.
`Z. J. Haas and S. Paul, "Limited-lifetime shared-access in mobile
`systems," Proceedings
`IEEE
`International Conference on
`Communications ICC '95, 1995, pp. 1404-1408 vol.3, doi:
`10.1109/ICC.1995.524434
`Mobivity, A Brief History of Text Messaging, Sept. 27, 2012,
`available
`at https://www.mobivity.com/mobivity-blog/a-brief-
`history-of-text-messaging
`Declaration of Kevin Jakel (¶¶115)
`
`
`
`
`
`iv
`
`

`

`U.S. Patent 6,993,658
`IPR2023-00425 – Petition for Inter Partes Review
`
`
`INTRODUCTION
`
`Unified Patents, LLC (“Petitioner” or “Unified”) respectfully submits this
`
`I.
`
`
`
`Petition for Inter Partes Review (“IPR”) of claims 1, 3-6 (“Challenged Claims”) of
`
`U.S. Patent 6,993,658 (“the ’658 Patent”) (EX1001).
`
`II. OVERVIEW OF CHALLENGE AND RELIEF REQUESTED
`
`A.
`
`Prior Art
`
`The ’658 Patent was filed March 6, 2000.
`
`Veneklase (EX1005) was filed October 22, 1997 and published May 27, 1998.
`
`Therefore, Veneklase qualifies as prior art under at least 35 U.S.C. §§ 102(a) and
`
`(b).
`
`Jonsson (EX1006) was filed June 24, 1994 and published January 4, 1996.
`
`Therefore, Jonsson qualifies as prior art under at least 35 U.S.C. §§ 102(a) and (b).
`
`Kew (EX1007) was filed January 12, 1995 and published July 20, 1995.
`
`Therefore, Kew qualifies as prior art under at least 35 U.S.C. §§ 102(a) and (b).
`
`Sormunen (EX1008) was filed February 6, 1997 and published August 28,
`
`1997. Therefore, Sormunen qualifies as prior art under at least 35 U.S.C. §§ 102(a)
`
`and (b).
`
`B. Grounds for Challenge
`
`Petitioner requests IPR under 35 U.S.C. § 311 of the Challenged Claims. They
`
`are unpatentable under 35 U.S.C. § 103.
`
`
`
`1
`
`

`

`U.S. Patent 6,993,658
`IPR2023-00425 – Petition for Inter Partes Review
`
`
`The grounds for challenge include:
`
`Ground References
`
`Challenged Claims
`
`Veneklase in view of Jonsson
`
`Kew in view of Sormunen
`
`5
`
`1, 3-6
`
`1
`
`2
`
`
`
`C. U.S. 6,993,658
`
`The ’658 Patent is directed to “the authentication of users of secure systems,
`
`and, more particularly, the invention relates to a system through which user tokens
`
`required for user authentication are supplied through personal communication
`
`devices such as mobile telephones and pagers.” EX1001, 1:7-11. Specifically, the
`
`’658 Patent describes an authentication system in which “access to the system is
`
`based upon: nonsecret information known to the user, such as the user ID; secret
`
`information known to the user, such as the passcode; and information provided to
`
`the user through an object possessed by the user, such as the token.” Id., 2:11-15.
`
`As shown in Figure 1, the ’658 Patent teaches that “the user token server 116
`
`generates a token,” and then creates the new password 158 based on the user’s
`
`passcode 154 and the newly generated token 156. Id., 6:59-63.
`
`
`
`2
`
`

`

`U.S. Patent 6,993,658
`IPR2023-00425 – Petition for Inter Partes Review
`
`
`
`
`Id., Fig. 1. “The token server 116 transmits the token 156 to the user’s personal
`
`communication device 106 via the token delivery communication link 105.”
`
`EX1001, 7:31-33. The ’658 Patent discloses that “[t]he communication module 118
`
`forwards tokens 156 to a text messaging service provider 104, which may be a pager
`
`or mobile phone service provider,” which “then forwards the token 156…to the
`
`personal communication device 106.” Id., 5:34-41.
`
`After receiving the token, “the user 108 logs into the secure system 110 using
`
`the user ID 152 and the password 158,” where the password either “combines the
`
`passcode 154 and the token 152” or they are “submitted separately.” Id., 7:40-45.
`
`
`
`3
`
`

`

`U.S. Patent 6,993,658
`IPR2023-00425 – Petition for Inter Partes Review
`
`Once this information is entered into the system by the user, “the secure system 110
`
`transmits login data 159 to the user authentication server 102 over the computer
`
`network 103 for authentication of the user 108” and “[i]n order to authenticate the
`
`user 108, the authentication server 102 preferably compares the login data to the
`
`password 158 (hashed or unhashed) or the passcode 154 and token 156 (hashed or
`
`unhashed) corresponding to the user ID 152 stored in the user database 114.” Id.,
`
`7:46-63. Finally, “[i]f the token has an expiry time, the token 156 expires,” and
`
`“upon expiration of the token 156, the control module 402 deactivates the user
`
`account in the user database 114.” Id., 9:60-64.
`
`The ’658 Patent has seven claims, including two independent claims. Claim
`
`5 is the broadest claim and will thus be considered first. It is generally directed to
`
`an authentication system involving sending a token over a cell phone network and
`
`receiving a password based on the token and a passcode over a second network.
`
`EX1001, 12:12:20-49. Claim 1 is a method claim with similar elements, which also
`
`requires that the system receive a request via a token over the cell phone network.
`
`Id., 11:43-12:13. EX1003, ¶¶52-59.
`
`D.
`
`Prosecution History
`
`The ’658 Patent was filed on March 6, 2000. On March 11, 2004, Applicant
`
`responded to a rejection by arguing that Menezes could not meet the claimed element
`
`“generating a new password based at least upon a token and a passcode” and
`
`
`
`4
`
`

`

`U.S. Patent 6,993,658
`IPR2023-00425 – Petition for Inter Partes Review
`
`“receiving the password from the user,” because Menezes’ system did not use a new
`
`token each time a login was requested and because the token was never sent to the
`
`user. EX1002, 109-124.
`
`On May 12, 2005, Applicant responded to a final rejection by filing an RCE
`
`and heavily amending the claims to require additional elements, including a cell
`
`phone network, activation in response to the password, and deactivation within a
`
`predetermined amount of time. EX1002, 59-64.
`
`On July 21, 2005, the Examiner issued a Notice of Allowance with an
`
`examiner’s amendment adding “a computer processor” and noting that “no art could
`
`be found wherein the transaction for determining the password in the setting up of a
`
`new calling-card-derived temporary network account is performed entirely over a
`
`connection other than that used by eventual network account. EX1002, 45-49.
`
`EX1003, ¶¶60-62.
`
`E.
`
`Level of Ordinary Skill in the Art
`
`A POSITA for the ’658 Patent would have had at least (1) an undergraduate
`
`degree in electrical and computer engineering or a closely related field; and (2) two
`
`or more years of experience in security. EX1001, generally; EX1003, ¶¶49-51.
`
`F. Claim Construction
`In post-grant proceedings, claims are construed under the same standard as
`
`they would be construed by Article III courts. See 37 C.F.R. § 42.100(b). At this
`
`
`
`5
`
`

`

`U.S. Patent 6,993,658
`IPR2023-00425 – Petition for Inter Partes Review
`
`time, Petitioner submits that the claims are obvious under any reasonable
`
`construction, but submits that all terms should be given their plain meaning.
`
`EX1003, ¶¶22-24. Petitioner addresses certain limitations below.
`
`1.
`“a control module…configured to…”; “a communication
`module configured to…”; “an authentication module configured to…”
`Some limitations recite a specific module that is “configured to” perform
`
`certain functions, such as create a new password based on certain factors, transmit a
`
`token, or receive a password and activate access to an account. Since “means” is not
`
`used, there is a rebuttable presumption against applying 35 U.S.C. § 112 ¶6
`
`(“Paragraph 6”) to these limitations. Williamson v. Citrix Online, LLC, 792 F.3d
`
`1339, 1346 (Fed. Cir. 2015) (en banc). Given the absence of evidence showing that
`
`the claims lack sufficient structure, Paragraph 6 should not apply. Dyfan, LLC v.
`
`Target Corp., 28 F.4th 1360 (Fed. Cir. 2022).
`
`The Board may reach obviousness whether Paragraph 6 applies and even if
`
`the claims are indefinite. Intel Corp. v. Qualcomm Inc., 21 F.4th 801, 813-14 (Fed.
`
`Cir. 2021) (obviousness determination of indefinite means-plus-function claims
`
`possible, as indefiniteness precludes a patentability finding “only when the
`
`indefiniteness renders it logically impossible” to assess obviousness); see also
`
`Huawei Techs. Co. v. WSOU Invs., LLC, IPR2021-00226, Paper 10, 22 (P.T.A.B.,
`
`June 10, 2021) (construction of potential means-plus-function terms unnecessary at
`
`
`
`6
`
`

`

`U.S. Patent 6,993,658
`IPR2023-00425 – Petition for Inter Partes Review
`
`the institution stage).1 And Paragraph 6 is inapplicable if the limitations have
`
`sufficient structure. Here, the claims recite algorithms that comprise receiving data,
`
`sending data, and storing data—all features of generic computers. See In re Katz
`
`Interactive Call Processing Patent Litig., 639 F.3d 1303, 1316 (Fed. Cir. 2011)
`
`(algorithms unnecessary for functions like receiving, storing, and processing). In
`
`addition, the claimed modules “describe[] adequate structure for transmitting that
`
`motion data through conventional software and hardware.” Blast Motion v. Zepp
`
`Labs, 2017 WL 476428, *17 (Fed. Cir. 2017) (finding communications module not
`
`governed by 112(f)).
`
`To the extent that it is determined that the module terms are means-plus-
`
`function, they should be given the following constructions:
`
`a.
`“a control module…configured to”
`The ’658 Patent claims “a control module executed on the computer processor
`
`configured to” perform the following function: “create a new password based at least
`
`upon a token and a passcode” and “set a password associated with the user to be the
`
`
`1 Here, the prior art teachings are consistent with the specification’s disclosure for
`
`these claims, and the general public has an interest in the determination of
`
`patentability of the method claims, to which Paragraph 6 does not apply. Therefore,
`
`Petitioner requests IPR even if some claims are indefinite.
`
`
`
`7
`
`

`

`U.S. Patent 6,993,658
`IPR2023-00425 – Petition for Inter Partes Review
`
`new password.” EX1001, 12:27-33. The specification provides the corresponding
`
`structure for the claimed function to be software executed on a “server” that performs
`
`the following algorithm: (1) associates user ID with passcode and phone number of
`
`user’s personal communication device, (2) generates a new password, and (3) sets
`
`or rests the password associated with the user ID. See, e.g., EX1001, 2:32-48, 8:2-
`
`8, 8:53-9:44, Figs. 1, 4, 5; see also WMS Gaming v. International Game Technology,
`
`184 F.3d 1339, 1349 (Fed. Cir. 1999). EX1003, ¶¶29-30.
`
`b.
`“a communication module configured to”
`The ’658 Patent claims “a communication module configured to” perform the
`
`following function: “transmit the token to the personal communication device
`
`through the cell phone network.” EX1001, 12:34-36. The specification provides
`
`the corresponding structure for the claimed function to be one of: (1) a mobile device
`
`with messaging capabilities, (2) a phone dialer, or (3) a connection card connected
`
`to a messaging service provider. See, e.g., EX1001, 2:39-42, 5:66-6:1, 6:18-20,
`
`10:14-41, Fig. 1. EX1003, ¶31.
`
`c.
`“an authentication module configured to”
`The ’658 Patent claims “an authentication module configured to” perform the
`
`following function: “receive the password from the user through a secure computer
`
`network” and “activate[] access to the account in response to the password and
`
`deactivates the account within a predetermined amount of time after activating the
`
`
`
`8
`
`

`

`U.S. Patent 6,993,658
`IPR2023-00425 – Petition for Inter Partes Review
`
`account.” EX1001, 12:37-45. The specification provides the corresponding
`
`structure for the claimed function to be software similar to that provided with
`
`operating systems executed on a “server” that performs the following algorithm: (1)
`
`receive a submitted password in response to a request for authentication and (2) grant
`
`access to the user if the submitted password matches the valid password. See, e.g.,
`
`EX001, 3:4-25, 5:3-10. Fig. 1. EX1003, ¶32.
`
`2.
`“Cell phone network”
`Claims 1 and 5 of the ’658 Patent require that the personal communication
`
`device communicates over a cell phone network. The ’658 Patent does not use the
`
`term cell phone network in the specification, but it does disclose that “[t]he
`
`communication module 118 forwards tokens 156 to a text messaging service
`
`provider 104, which may be a pager or mobile phone service provider.” EX1001,
`
`5:32-40; see also 9:45-54, 4:13-17, 3:1-3, 2:28-31, 2:6-8, 1:7-11. Indeed, the ’658
`
`Patent discloses an embodiment in which “the communication module 118 is a
`
`phone dialer 622, the personal communication device 106 is a pager 624, and the
`
`text messaging service provider is a paging service 626.” EX1001, 10:31-34.
`
`Furthermore, Claim 1 requires a personal communication device be
`
`in
`
`communication over a “cell phone network” and dependent claims 3 and 4 require
`
`that the personal communication device be a “mobile phone” and a “pager,”
`
`respectively. EX1001, 11:47-50, 12:16-19. Thus, a POSITA would have
`
`
`
`9
`
`

`

`U.S. Patent 6,993,658
`IPR2023-00425 – Petition for Inter Partes Review
`
`understood that the cell phone network, as claimed by the ’658 Patent, must at least
`
`include mobile device and pager service provider communication networks.
`
`EX1003, ¶25.
`
`3.
`“Not known to the user”
`Claims 1 and 5 of the ’658 Patent require that the token is not known to the
`
`user. While the specification never explicitly discusses this limitation, it is clear
`
`from the embodiments disclosed in the ’658 Patent that this term must mean “not
`
`known to the user before being sent to the user as part of the authentication process.”
`
`EX1003, ¶¶26-28. This is because the ’658 Patent distinguishes between “secret
`
`information known to the user, such as the passcode” and “information provided to
`
`the user through an object possessed by the user, such as the token.” EX1005, 2:11-
`
`15. The ’658 Patent further discloses that “token 156 is preferably provided only to
`
`the user 108 by the user authentication server 102 through the user’s personal
`
`communication device 106 on an as needed basis,” and in certain embodiments, “the
`
`user 108 combines the token 156 with the passcode 154 to form a password 158.”
`
`EX1005, 4:41-44, 4:52-53. Furthermore, the claims require the user to receive the
`
`token and input the password, which is based on the token and passcode. Therefore,
`
`a POSITA would have understood that the token would eventually need to be known
`
`to the user. EX1003, ¶¶26-28). Indeed, Figures 2A-D of the ’658 Patent disclose
`
`“login screens that can be used in conjunction with various embodiments of the
`10
`
`
`
`

`

`U.S. Patent 6,993,658
`IPR2023-00425 – Petition for Inter Partes Review
`
`invention,” and all three of the embodiments require the user to eventually be
`
`provided the token in order to input it into the computer, either by itself (e.g., Figs.
`
`B and C-D) or combined with the passcode (e.g., Fig. A). EX1005, Figs. 2A-D.
`
`
`
`11
`
`

`

`U.S. Patent 6,993,658
`IPR2023-00425 – Petition for Inter Partes Review
`
`
`
`
`12
`
`
`
`

`

`U.S. Patent 6,993,658
`IPR2023-00425 – Petition for Inter Partes Review
`
`Thus, a POSITA would have understood that not known to the user, as claimed
`
`by the ’658 Patent, must include information that is not known to the user at the start
`
`of the process, but is eventually provided to the user. EX1003, ¶¶26-28.
`
`III. GROUNDS OF UNPATENTABILITY
`
`Pursuant to Rule 42.104(b)(4)-(5), the following sections (supported by Bruce
`
`McNair’s Declaration, EX1003, ¶¶1-168) explain the grounds of unpatentability, the
`
`limitations of the Challenged Claims, and how these claims were obvious.
`
`A. Ground 1: Claim 5 Is Obvious over Veneklase in view of Jonsson
`1. Overview of Veneklase
`Veneklase discloses a computer authentication system which is “adapted to
`
`grant an authorized individual access to a secured domain, such as a computer or
`
`data stream.” EX1005, Abstract. In particular, Veneklase discloses that a user
`
`contacts the host computer 402 and it “checks the received identification code and
`
`cross references the received password code against a pager phone number list
`
`resident within the user table 414.” EX1005, 8:1-5, Fig. 6.
`
`
`
`13
`
`

`

`U.S. Patent 6,993,658
`IPR2023-00425 – Petition for Inter Partes Review
`
`
`
`
`If a match is made, it “causes the ‘code generator’ software subroutine 415
`
`resident within computer 402, to generate a pseudo-random number code and passes
`
`the received code along with the authorized user’s pager number to the commercially
`
`available and conventional automatic dialer 41B,” which telephones a “pager 420
`
`by means of conventional and commercially available communication channel 422
`
`(e.g., voice line) and transmits the code to the user’s pager.” Id. 8:5-15. This
`
`communication and the initial sending of the random code to the personal device
`
`
`
`14
`
`

`

`U.S. Patent 6,993,658
`IPR2023-00425 – Petition for Inter Partes Review
`
`
`“utilize[] two distinct communication channels.” EX1006, 7:11-28; see also 3:50-
`
`4:3. The user 404 “now enters the code he or she has received from the pager
`
`420…and sends this password or pseudo-random code back to computer 402, where
`
`it is compared with the software subroutine module denoted as ‘code compare’ 416.”
`
`Id., 8:18-24. “If the comparison yields a match, the user 404 is allowed access to
`
`computer 402 and/or a portion of computer 402.” Id., 8:24-27. EX1003, ¶¶65-66.
`
`2. Overview of Jonsson
`Jonsson discloses a system for providing “[a]uthorization for a user to use a
`
`service” via “a modified pager which calculates a unique response code to a
`
`transmitted challenge code based on the challenge code, an input personal
`
`identification number, and an internal key.” EX1006, Abstract. As shown in Figure
`
`3, “a user initiates communication to a service node 26 via the service access network
`
`24,” e.g., by dialing an appropriate telephone number stored in their personal unit.
`
`EX1007, 10:13-18, Fig. 3.
`
`
`
`15
`
`

`

`U.S. Patent 6,993,658
`IPR2023-00425 – Petition for Inter Partes Review
`
`
`
`
`In response to this request, the system “requests authentication via an
`
`authentication challenge network 28 by sending a challenge code…to the user’s
`
`personal unit 20.” Id., 10:23-27. Then the user is prompted “to input, for example,
`
`a security code, such as a PIN,” and once entered, “the algorithm unit 21b of the
`
`personal unit 20 calculates and sends a response code…to the display.” Id., 10:29-
`
`
`
`16
`
`

`

`U.S. Patent 6,993,658
`IPR2023-00425 – Petition for Inter Partes Review
`
`33. Jonsson discloses that the algorithm “calculates a response code based on the
`
`received challenge code, the user input (e.g., PIN), and optionally the secret key.”
`
`EX1006, 8:12-14; see also 7:5-10, 9:23-25. Finally, the user “manually inputs the
`
`displayed response code to the terminal 22,” and it is transmitted via the service
`
`access network 24 to the service node 26, where “the authentication center 30
`
`performs the comparison of the received response code to the expected response
`
`code.” Id., 11:4-20. EX1003, ¶¶67-68.
`
`3.
`
`Claim 5
`[5.0] A user authentication system comprising
`To the extent the preamble is deemed limiting,2 Veneklase teaches it; any
`
`alleged differences would have been obvious. EX1003, ¶¶71-72. Veneklase
`
`discloses that “[s]everal embodiments of computer security systems are described
`
`and which are adapted to grant an authorized individual access to a secured domain,
`
`such as a computer or data stream.” EX1005, Abstract, Fig. 6.
`
`
`2 Pacing Techs., LLC v. Garmin Intern., Inc., 778 F. 3d 1021, 1023–1024 (Fed. Cir.
`
`2015) (preambles stating purpose or intended not normally limiting).
`
`
`
`17
`
`

`

`U.S. Patent 6,993,658
`IPR2023-00425 – Petition for Inter Partes Review
`
`
`
`Thus, Veneklase teaches user authentication system (e.g., system adapted to
`
`grant an authorized individual access). EX1003, ¶¶71-72.
`
`[5.1] a computer processor;
`Veneklase teaches this limitation; any alleged differences would have been
`
`obvious. EX1003, ¶¶73-76. Specifically, Veneklase discloses that analyzing means
`
`12 may comprise a microprocessor and/or similar type of computer.” EX1005,
`
`5:35-37, Fig. 1.
`
`
`
`18
`
`

`

`U.S. Patent 6,993,658
`IPR2023-00425 – Petition for Inter Partes Review
`
`
`
`
`
`
`19
`
`

`

`U.S. Patent 6,993,658
`IPR2023-00425 – Petition for Inter Partes Review
`
`Veneklase also discloses that the operations of its authentication system occur
`
`in host computer 402. See, e.g., EX1005, 7:29-8:27, Fig. 6.
`
`
`
`A POSITA would have understood that a computer capable of all of these actions,
`
`including checking codes against a database and generating random numbers would
`
`necessarily contain a computer processor. EX1003, ¶¶73-76.
`
`Thus, Veneklase teaches a computer processor (e.g., microprocessor). Id.
`
`[5.2] a user database configured to associate a user with a
`personal communication device possessed by the user, said
`20
`
`
`
`

`

`U.S. Patent 6,993,658
`IPR2023-00425 – Petition for Inter Partes Review
`
`personal communication device configured to communicate
`over a cell phone network with the user authentication
`system;
`Veneklase teaches this limitation; any alleged differences would have been
`
`obvious. EX1003, ¶¶77-82. Veneklase discloses that “host computer 402 checks
`
`the received identification code and cross references the received password code
`
`against a pager phone number list resident within the user table 414 which is
`
`stored within computer 402.” EX1005, 8:1-5, Fig. 6; see also 6:15-26 (“each
`
`authorized password 202, contained in this master password list 200, has a unique
`
`first entry 204 associated with it and which identifies the name of the authorized
`
`user who has been assigned that corresponding password and at least one
`
`telephone number 206 and/or network address associated with the identified
`
`user”), Fig. 5 (showing the telephone number 206 associated with the user
`
`identification 204).
`
`
`
`
`
`21
`
`

`

`U.S. Patent 6,993,658
`IPR2023-00425 – Petition for Inter Partes Review
`
`Furthermore, Veneklase discloses that the telephone number associated with
`
`the user identification is associated with a personal communication device, such as
`
`pager. EX1005, 8:1-5. This type of associating the user identification with a
`
`telephone number is exactly what is disclosed in the’658 Patent. See, e.g., EX1001,
`
`2:17-18 (“[t]he method includes associating a user ID with a phone number of a
`
`personal communication device”). Upon determining that the received identification
`
`code is matched with a pager phone number, “[t]he automatic dialer 418 telephones
`
`the conventional and commercially available pager 420 by means of conventional
`
`and commercially available communication channel 422 (e.g. voice line).”
`
`EX1005, 8:5-14.
`
`Veneklase additionally teaches a personal communication device configured
`
`to communicate over a cell phone network with the user authentication system. For
`
`example, communication channel 422 allows the personal communication device
`
`(e.g., pager 420) to communicate with the user authentication system (e.g., host
`
`computer 402, which includes automatic phone/pager dialer 418). See, e.g.,
`
`EX1005, Fig. 6.
`
`
`
`22
`
`

`

`U.S. Patent 6,993,658
`IPR2023-00425 – Petition for Inter Partes Review
`
`
`
`
` POSITA would have understood that the “conventional and commercially
`
` A
`
`available communication channel 422” described in Veneklase is the same type of
`
`cell phone network disclosed in the ’658 patent, which repeatedly makes clear that
`
`it covers both networks that communicate with cell phones and those that
`
`communicate with pagers. EX1003, ¶80. For instance, the ’658 Patent discloses
`
`that “[t]he communication module 118 forwards tokens 156 to a text messaging
`
`
`
`23
`
`

`

`U.S. Patent 6,993,658
`IPR2023-00425 – Petition for Inter Partes Review
`
`service provider 104, which may be a pager or mobile phone service provider.”
`
`EX1001, 5:32-40; see also Abstract, 1:10-11, 2:6-8, 2:28-31, 3:1-3, 4:13-17, 9:45-
`
`54. Furthermore, Veneklase discloses that the communication channel over which
`
`the random code is sent could be a pager or a cell phone, stating that “the
`
`predetermined period of time would be shorter when communications channel 84
`
`comprises a pager or cellular phone, since the owner has immediate access to the
`
`code upon transmission.” EX1005, 8:55-58. Thus, a POSITA would have
`
`understood that communication channel 422 meets the requirements of a cell phone
`
`network as claimed in the ’658 Patent, i.e., a mobile device or pager service provider
`
`communication network. EX1003, ¶¶77-80.
`
`To the extent it is argued that the pager network disclosed in Veneklase does
`
`not satisfy the cell phone network limitation, a POSITA would have found it obvious
`
`to implement the authentication system of Veneklase using a cell phone network.
`
`EX1003, ¶81; KSR Intern. Co. v. Teleflex Inc., 550 U.S. 398, 418-19 (2007). Indeed,
`
`Veneklase explicitly contemplates such a system, thus providing a teaching,
`
`suggestion, or motivation to modify it in such a way, as it notes that “the
`
`predetermined period of time would be shorter when communications channel 84
`
`comprises a pager or cellular phone, since the owner has immediate access to the
`
`code upon transmission.” EX1005, 8:55-58. In addition, it would have been obvious
`
`to use a cell phone network to send Veneklase’s random code because doing so
`
`
`
`24
`
`

`

`U.S. Patent 6,993,658
`IPR2023-00425 – Petition for Inter Partes Review
`
`would be a simple substitution of one known element for another and would have
`
`made the system available to even more users in more locations, which is one of the
`
`intentions of the reference. EX1003, ¶81. It would also have been obvious because
`
`it would have enabled users to use their cell phones to authenticate their access,
`
`which many users would prefer because they provide for larger screens and are thus
`
`easier to view. Id. A POSITA would have had a reasonable expectation of success
`
`in modifying Veneklase’s authentication system to use a cellular network instead of
`
`a pager network because they operate similarly, many times using the same
`
`protocols, and would just involve swapping out devices and making some software
`
`configuration changes. Id.
`
`Thus, Veneklase teaches a user database c