UNITED STATES PATENT AND TRADEMARK OFFICE
`________________
`
`IPR2023-00425
`Patent 6,993,658
`
`
`BEFORE THE PATENT TRIAL AND APPEAL BOARD
`_________________
`
`UNIFIED PATENTS, LLC,
`
`Petitioner,
`
`v.
`
`DYNAPASS IP HOLDINGS, LLC
`
`Patent Owner.
`__________________
`
`Inter Partes Review No. IPR2023-00425
`Patent No. 6,993,658
`PATENT OWNER’S SUR-REPLY TO PETITIONER’S REPLY
`
`Filed on behalf of Patent Owner by:
`
`John Wittenzellner (Reg. No. 61,662)
`1735 Market Street, Suite 125, #453
`Philadelphia, PA 19103
`
`Mark McCarthy (Reg. No. 69,575)
`601 Congress Ave., Suite 600
`Austin, TX 78701
`
`WILLIAMS SIMONS & LANDIS PLLC
`
`
`
`
`________________
`
`IPR2023-00425
`Patent 6,993,658
`
`
`BEFORE THE PATENT TRIAL AND APPEAL BOARD
`_________________
`
`UNIFIED PATENTS, LLC,
`
`Petitioner,
`
`v.
`
`DYNAPASS IP HOLDINGS, LLC
`
`Patent Owner.
`__________________
`
`Inter Partes Review No. IPR2023-00425
`Patent No. 6,993,658
`PATENT OWNER’S SUR-REPLY TO PETITIONER’S REPLY
`
`Filed on behalf of Patent Owner by:
`
`John Wittenzellner (Reg. No. 61,662)
`1735 Market Street, Suite 125, #453
`Philadelphia, PA 19103
`
`Mark McCarthy (Reg. No. 69,575)
`601 Congress Ave., Suite 600
`Austin, TX 78701
`
`WILLIAMS SIMONS & LANDIS PLLC
`
`
`
`
`
`TABLE OF CONTENTS
`
`IPR2023-00425
`Patent 6,993,658
`
`
`I.
`
`II.
`
`INTRODUCTION ........................................................................................... 1
`
`CLAIM CONSTRUCTION ............................................................................ 1
`
`III. GROUND 1 — VENEKLASE AND JONSSON DO NOT RENDER
`
`OBVIOUS INDEPENDENT CLAIM 5. ......................................................... 1
`
`A. The Combination of Veneklase and Jonsson Does Not Teach or
`
`Suggest Claim Element [5.3]. ............................................................... 2
`
`B. The Combination of Veneklase and Jonsson Does Not Teach or
`
`Suggest Claim Element [5.4]. ............................................................... 6
`
`C. The Combination of Veneklase and Jonsson Does Not Teach or
`
`Suggest Claim Element [5.5]. ............................................................... 8
`
`D. The Combination of Veneklase and Jonsson Does Not Teach or
`
`Suggest Claim Element [5.6]. ............................................................. 10
`
`IV. GROUND 2 — KEW AND SORMUNEN DO NOT RENDER
`
`OBVIOUS INDEPENDENT CLAIMS 1 and 5. ...........................................13
`
`A. The Combination of Kew and Sormunen Does Not Teach or
`
`Suggest Claim Element [5.3]. ............................................................. 13
`
`1.
`
`2.
`
`Kew’s “identity code” is not the claimed “passcode.” ..............14
`
`Kew’s “user identification code” is not the claimed
`
`“passcode.” ................................................................................16
`-i-
`
`
`
`Kew’s “user identification code” and Kew’s “identity code”
`
`IPR2023-00425
`Patent 6,993,658
`
`
`3.
`
`are different. ..............................................................................17
`
`B. The Combination of Kew and Sormunen Does Not Teach or
`
`Suggest Claim Element [5.6]. ............................................................. 19
`
`C. The Combination of Kew and Sormunen Does Not Teach or
`
`Suggest Claim Element [1.2]. ............................................................. 24
`
`V.
`
`CONCLUSION ..............................................................................................25
`
`
`
`
`
`
`
`-ii-
`
`
`
`TABLE OF AUTHORITIES
`
`IPR2023-00425
`Patent 6,993,658
`
`
`Cases
`
`Phillips v. AWH Corp.,
`
`415 F.3d 1303 (Fed. Cir. 2005) (en banc) ............................................................11
`
`Xerox Corp., et al. v. Bytemark, Inc.,
`
`IPR2022-00624, Paper 9 (P.T.A.B. Aug. 24, 2022) (Precedential) .....................15
`
`
`
`
`
`
`
`-iii-
`
`
`
`EXHIBIT LIST
`
`Exhibit Description
`
`IPR2023-00425
`Patent 6,993,658
`
`
`2001
`
`2002
`
`2003
`
`2004
`
`2005
`
`2006
`
`Google Patents webpage for U.S. Patent No. 6,993,658,
`
`https://patents.google.com/patent/US6993658B1/
`
`“Preliminary Constructions,” Dynapass IP Holdings, LLC v.
`
`JPMorgan Chase & Co., et al., No. 2:22-cv-00212-JRG-RSP (E.D.
`
`Tex.)
`
`Declaration of Rajeev Surati
`
`CV of Rajeev Surati
`
`Microsoft Computer Dictionary (5th ed. 2002)
`
`Claim Construction Order, Dynapass Holdings LLC v. JPMorgan
`
`Chase & Co., et al., Case No. 2:22-cv-00212-JRG-RSP, Dkt. 120
`
`(E.D. Tex. Oct. 31, 2023).
`
`2007
`
`Supplemental Declaration of Rajeev Surati
`
`-iv-
`
`
`
`I.
`
`INTRODUCTION
`
`IPR2023-00425
`Patent 6,993,658
`
`
`Dynapass IP Holdings, LLC (“Patent Owner”) respectfully submits this Sur-
`
`Reply to Petitioner’s Reply (“Reply”) in Inter Partes Review No. IPR2023-00425
`
`of U.S. Patent No. 6,993,658 (the “’658 Patent”).
`
`II.
`
`CLAIM CONSTRUCTION
`
`According to Petitioner, “PO’s proposed construction improperly attempts to
`
`import limitations from the specification into the claims, and should be rejected.”
`
`Reply, p. 1. Patent Owner disagrees. In fact, in its Claim Construction Order dated
`
`Oct. 31, 2023 (i.e., after the deadline for filing Patent Owner’s Response), the United
`
`States District Court for the Eastern District of Texas agreed with Patent Owner’s
`
`construction:
`
`
`
`Ex. 2006, p. 13. The Board should adopt the same claim construction as the court.
`
`III.
`
`GROUND 1 — VENEKLASE AND JONSSON DO NOT RENDER
`OBVIOUS INDEPENDENT CLAIM 5.
`
`Petitioner misrepresents that “the Response fails to identify or consider the
`
`level of skill in the art.” Paper 16, p. 2. In fact, Patent Owner has applied Petitioner’s
`
`definition of a POSITA throughout these proceedings. See Paper 8, p. 11.
`
`-1-
`
`
`
`IPR2023-00425
`Patent 6,993,658
`
`A. The Combination of Veneklase and Jonsson Does Not Teach or
`Suggest Claim Element [5.3].
`
`Patent Owner’s Response (“Response”) presented two distinct rebuttals to
`
`obviousness: (1) Petitioner’s proposed combination renders Veneklase inoperable
`
`for its intended purpose, and (2) Petitioner’s proposed combination changes
`
`Veneklase’s principle of operation. See Response at 18-19. Petitioner’s Reply
`
`argues that the “proffered combination would not render Veneklase’s system
`
`inoperable, nor has PO demonstrated such inoperability. PO does not offer any
`
`evidence that the proposed modified system . . . would not work for Veneklase’s
`
`stated goal to ‘ensure that only authorized users gain access to a computer system.’”
`
`Reply, p. 3 (quoting Ex. 1005, 3:31-33) (emphasis added). As an initial matter,
`
`Patent Owner plainly did offer evidence via an expert declaration. See Ex. 2003,
`
`¶¶75-79. That declaration stands unrebutted because Petitioner did not depose the
`
`expert. Further, Petitioner fails to rebut Patent Owner’s showing that the proposed
`
`modification changes Veneklase’s principle of operation and thus is not obvious. See
`
`Reply, pp. 2-5.
`
`As characterized by Petitioner, “Veneklase teaches a system which a user
`
`inputs a password known beforehand, receives a randomly generated previously-
`
`unknown code, and then inputs that [randomly generated code] for authentication
`
`purposes.” Pet. at 31 (citing Ex. 1005, 7:52-8:27) (emphasis added). In other words,
`
`-2-
`
`
`
`IPR2023-00425
`Patent 6,993,658
`
`“Veneklase’s system allows for authentication through user input of a known and
`
`unknown code at separate times in a two-step process.” Id. (emphasis added). A
`
`POSITA would understand that Veneklase’s principle of operation necessarily
`
`includes that two-step authentication process. See Response, pp. 18-19 (citing Ex.
`
`2003, ¶76). It is undisputed that Petitioner’s proposed modification abolishes that
`
`two-step authentication process. See Pet., pp. 28, 31, 34; see also Reply, p. 4 (“Put
`
`simply, the proposed modification alters [Veneklase’s] method of operation . . .”);
`
`Ex. 1024, ¶5 (“the modification necessarily changes how Veneklase would
`
`operate”). Accordingly, Petitioner and Petitioner’s Expert concede that the proposed
`
`modification changes Veneklase’s principle of operation and is thus too drastic to be
`
`obvious.
`
`Next, Petitioner argues that “the combination offers several other advantages
`
`that further Veneklase’s goal for secure access, such as avoiding SIM swapping and
`
`streamlining the process through only having to enter the passcode once. PO admits
`
`that requiring entry of the passcode once provides enhanced security over entering
`
`the passcode multiple times.” Reply, p. 3 (internal citations omitted) (emphasis
`
`added). That argument is misleading as shown below.
`
`First, Patent Owner’s Response demonstrated why SIM swapping also would
`
`not work in Veneklase’s existing system. See Response, p. 21. In Reply, Petitioner
`
`offered no rebuttal to that showing. See Reply, pp. 2-5.
`-3-
`
`
`
`IPR2023-00425
`Patent 6,993,658
`
`Second, Petitioner admits that Veneklase’s “password” (the Petitioner-
`
`identified “passcode”) is already only entered once in Veneklase’s system. See Pet.,
`
`p. 31 (“Veneklase teaches a system which a user inputs a password known
`
`beforehand, receives a randomly generated previously-unknown code, and then
`
`inputs that for authentication purposes.”) (emphasis added).
`
` Specifically,
`
`Veneklase’s “password” (the Petitioner-identified “passcode”) is only entered during
`
`the first step of the two-step authentication process. See id. Thus, the advantages
`
`allegedly resulting from the combination of Veneklase and Jonsson are already
`
`present in Veneklase’s system. Accordingly, there is no motivation to combine
`
`Veneklase and Jonsson.
`
`Petitioner argues that like Veneklase, the proposed “combination would still
`
`alert the user that someone is attempting to access the account” because the user
`
`would “receiv[e] a challenge code without requesting one” and thus there is no
`
`decrease in security. Reply, pp. 3-4 (citing Ex. 1024, ¶6). But neither Petitioner nor
`
`its expert cited any such evidence. See id. Additionally, Petitioner conveniently
`
`glosses over the fact that in Veneklase’s system, the notification feature (i.e.,
`
`generation and transmission of random code) is triggered only by receipt and
`
`successful cross-referencing of Veneklase’s password. See Response, p. 20 (citing
`
`Ex. 1005, 8:2-5). That trigger sequence is part of Veneklase’s multi-layer/level
`
`security. See Ex. 2003, ¶¶77-78. In contrast, the “challenge code” in the proposed
`-4-
`
`
`
`IPR2023-00425
`Patent 6,993,658
`
`combination is generated and transmitted without needing a password. See Ex.
`
`1006, 9:1-8. Accordingly, the proposed combination still dismantles Veneklase’s
`
`multi-layer/level security, and Petitioner provides no evidence that the security of
`
`the proposed combination is superior to Veneklase’s multi-layer/level security, so
`
`the proposed combination cannot be obvious.
`
`Petitioner argues that “the combined system would not be ‘more prone’ to
`
`DoS attack at least because a DoS attack is not dependent on knowing a password.
`
`As such, like Jonsson and the ’658 Patent, Veneklase is susceptible to repeated
`
`requests for access from a DoS attack.” Reply, p. 5. And that “PO does not explain
`
`or offer any evidence to support this assertion other than the parroting of its expert.”
`
`Reply, p. 4. Patent Owner disagrees.
`
`First, because Petitioner did not depose Patent Owner’s expert, his declaration
`
`stands unrebutted. See Ex. 1003, ¶¶79, 90. Further, as discussed in the Response,
`
`the proposed combination still requires the legitimate user to transmit an
`
`“authentication request” to the system to trigger generation and transmission of a
`
`“challenge code” to the legitimate user’s “personal communication device” (e.g.,
`
`pager). Response, p. 27 (citing Ex. 1006, 9:1-4, 10:18-20, Fig. 3; Ex. 2003, ¶89).
`
`In Petitioner’s proposed combination, the “authentication request” is not a password
`
`(i.e., not a secret). Response, pp. 27-28 (citing Ex. 2003, ¶90). Accordingly, nothing
`
`prevents a hacker from continuously transmitting the non-secret “authentication
`-5-
`
`
`
`IPR2023-00425
`Patent 6,993,658
`
`request” to the system, triggering generation and transmission of “challenge codes”
`
`to the legitimate user’s “personal communication unit” (e.g., pager)—thus
`
`interfering with the legitimate user’s access to the system. See Ex. 2007, ¶¶4-6. That
`
`is a denial of service (DoS) attack. See Ex. 1019, 1:14-16 (“A [DoS] attack is
`
`characterized by an explicit attempt by attackers to prevent legitimate users of a
`
`service from using that service.”). In contrast, Veneklase’s existing system requires
`
`a password (i.e., a secret) to trigger generation and transmission of the “random
`
`number code” to the legitimate user’s “pager 420.” See Ex. 1005, 8:1-15.
`
`Accordingly, the aforementioned DoS attack is less likely with Veneklase’s system
`
`because of the required password. See Ex. 2003, ¶90; Ex. 2007, ¶6.
`
`For these and all the reasons discussed in Patent Owner’s Response, the cited
`
`references fail to teach or suggest claim element [5.3].
`
`B.
`
`The Combination of Veneklase and Jonsson Does Not Teach or
`Suggest Claim Element [5.4].
`
`Patent Owner’s Response argued that the authentication process in the
`
`proposed combination still has two steps: (1) the user transmits Jonsson’s
`
`“authentication request” to the system to trigger generation of a “challenge code,”
`
`and then (2) the user transmits the “response code” to the system. See Response, p.
`
`27 (citing Ex. 2003, ¶89). Thus, Petitioner’s rationale for combining Veneklase and
`
`Jonsson (i.e., “reducing the steps to a single step and thus reducing the amount of
`
`-6-
`
`
`
`IPR2023-00425
`Patent 6,993,658
`
`time required,” Pet., p. 31) is not actually realized and a POSITA would not be
`
`motivated to execute the proposed combination. See Response, p. 27 (citing Ex.
`
`2003, ¶89).
`
`Petitioner’s Reply provides no rebuttal to that argument. See Reply, pp. 5-6.
`
`Instead, Petitioner argues “the Petition is clear that it is Jonsson’s use of only a single
`
`transmitted password that allows for enhanced security over the twice transmitted
`
`password of Veneklase.” Reply, p. 5 (citing Pet., pp. 30-32) (emphasis added). But
`
`by Petitioner’s own admission, Veneklase’s “password” is only transmitted once in
`
`Veneklase. See Pet., p. 31 (“Veneklase teaches a system which a user inputs a
`
`password known beforehand, receives a randomly generated previously-unknown
`
`code, and then inputs [the randomly generated code] for authentication purposes.”)
`
`(emphasis added). Specifically, Veneklase’s “password” is only transmitted during
`
`the first step of the two-step authentication process. See id. There is no second
`
`transmission. See id. Accordingly, the “enhanced security” promoted by Petitioner
`
`does not exist and thus is not a motivation to combine.
`
`Petitioner’s arguments regarding DoS attacks are addressed above in
`
`reference to claim element [5.3]. See Reply, p. 6.
`
`For the these and all the reasons discussed in Patent Owner’s Response, the
`
`cited references fail to teach or suggest claim element [5.4].
`
`-7-
`
`
`
`IPR2023-00425
`Patent 6,993,658
`
`C. The Combination of Veneklase and Jonsson Does Not Teach or
`Suggest Claim Element [5.5].
`
`In the Reply, Petitioner argues “PO alleges that Veneklase’s disclosure of an
`
`off-the-shelf pager requires that the pager is not capable of executing an algorithm.
`
`Response, 31. However, PO offers no evidence to support this assertion other than
`
`the nearly verbatim restatement of its expert.” Reply, p.6. That misrepresents Patent
`
`Owner’s arguments. Patent Owner actually argued “the evidence indicates that
`
`Veneklase’s ‘pager 420’ is not capable of executing such an algorithm.” Response,
`
`p. 31 (emphasis added). The phrase “such an algorithm” does not mean just any
`
`algorithm, but rather the “specialized security algorithms” of Jonsson. See
`
`Response, p. 30. Because Petitioner did not depose Patent Owner’s expert, his
`
`declaration stands unrebutted. See Ex. 2003, ¶¶95-96.
`
`Petitioner’s Reply argues that “a POSITA would have understood from the
`
`express teachings of Jonsson that conventional pagers are capable of running
`
`software to execute algorithms, such as Jonsson’s.” Reply, p. 7 (citing Ex. 1024,
`
`¶13). But neither Petitioner nor its expert muster any evidence that an off-the-shelf
`
`pager, in 1996, could execute Jonsson’s specialized security algorithms. The
`
`spectrum of computing resources necessary to execute an algorithm is vast:
`
`computing x+1 is an algorithm, but so are the neural networks used for artificial
`
`intelligence. So the capability for an off-the-shelf pager to execute some algorithm
`
`-8-
`
`
`
`IPR2023-00425
`Patent 6,993,658
`
`(e.g., x+1) does not support Petitioner’s argument. To the contrary, Jonsson itself
`
`notes that the off-the-shelf pager would still need to be customized by installing
`
`Jonsson’s specialized security algorithms onto the pager. See Ex. 2003, ¶96; Ex.
`
`1006, 7:25-26 (“need to customize a communication device.”). Even with his
`
`supplemental declaration, Petitioner’s expert does not introduce any additional
`
`evidence to support Petitioner’s argument—he merely asserts that the off-the-shelf
`
`pager in Veneklase can execute some non-specified algorithm. See Ex. 1024, ¶13.
`
`At bottom, Petitioner provides no evidence that a user could simply acquire an off-
`
`the-shelf pager, in 1996, and immediately start using Jonsson’s system without
`
`heavy hardware and/or software customization.
`
`In contrast, Veneklase’s “pager 420” only needs to be capable of receiving a
`
`message and displaying the message to be ready for use in Veneklase’s system. See
`
`Ex. 1005, 8:1-26. But those simple algorithms are intrinsic functions (i.e., receive
`
`and display a message) of an off-the-shelf pager. That is why Veneklase describes
`
`“pager 420” as being a “conventional and commercially available” pager. Ex. 1005,
`
`8:11-12. That is also why Veneklase describes its system as being “very cost
`
`effective.” Ex. 1005, 7:21-24. Accordingly, Veneklase teaches away from the
`
`substantial software and/or hardware pager customization required by Jonsson, and
`
`thus teaches away from the proposed combination of Veneklase and Jonsson.
`
`-9-
`
`
`
`IPR2023-00425
`Patent 6,993,658
`
`For these and all the reasons discussed in Patent Owner’s Response, the cited
`
`references fail to teach or suggest claim element [5.5].
`
`D. The Combination of Veneklase and Jonsson Does Not Teach or
`Suggest Claim Element [5.6].
`
`As discussed in Patent Owner’s Response, Petitioner unambiguously mapped
`
`Veneklase granting access because the random codes match to the claimed “activates
`
`access to the account.” See Response, p. 35 (citing Pet., p. 41). Having now realized
`
`its disadvantage in that mapping, Petitioner seeks to map Jonsson’s generation of
`
`the “expected response code” to the claimed “activates access to the account.” See
`
`Reply, p. 8 (“POSITA would have understood that the ‘expected’ response code
`
`indicates that the account access is activated because it is awaiting (i.e., expecting)
`
`a response.”). Thus, Petitioner proceeds in a new direction with a new approach
`
`compared to its position in the Petition. Compare Pet., p. 41 with Reply, p. 8. Patent
`
`Owner respectfully submits that Petitioner should be held to its original mapping.
`
`Regarding the claimed “predetermined amount of time,” Petitioner argues “a
`
`POSITA would have understood that this claim limitation simply means any
`
`predetermined period after activation.” Reply, p. 9 (citing Ex. 1024, ¶19). Neither
`
`Petitioner nor Petitioner’s Expert cite to any part of the ’658 specification to support
`
`their construction. See Reply, pp. 7-10; Ex. 2024, ¶¶19-21. That is improper
`
`because the words of a claim “are generally given their ordinary and customary
`
`-10-
`
`
`
`IPR2023-00425
`Patent 6,993,658
`
`meaning.” Phillips v. AWH Corp., 415 F.3d 1303, 1312 (Fed. Cir. 2005) (en banc).
`
`The “ordinary meaning” of a term “is its meaning to the ordinary artisan after reading
`
`the entire patent.” Id. at 1321 (emphasis added). The specification “is the single best
`
`guide to the meaning of a disputed term.” Id. at 1315 (cleaned up). Accordingly,
`
`Petitioner’s construction should be disregarded. For the reasons discussed in the
`
`Response, Patent Owner maintains the claimed “predetermined amount of time”
`
`should be construed as the entire window between activation and deactivation of the
`
`account.
`
`Petitioner makes several references to the “predetermined period of time”
`
`disclosed by Veneklase. See Reply, pp. 9 (“would be governed by Veneklase’s
`
`teaching that the password must be ‘received within a predetermined period of
`
`time.’”) (emphasis added), 10 (“Veneklase’s teaching that the password must be
`
`‘received within a predetermined period of time’ . . . this line of attack completely
`
`ignores Veneklase’s teaching that the password must be ‘received within a
`
`predetermined period of time.’”) (emphasis added). If Petitioner is mapping
`
`Veneklase’s “predetermined period of time” to the claimed “predetermined amount
`
`of time,” that mapping is flawed. Specifically, Veneklase’s “predetermined period
`
`of time” starts when Veneklase’s system receives the password from the user (i.e.,
`
`step one in Veneklase’s two-step authentication process). See Ex. 1005, 8:40-49. In
`
`-11-
`
`
`
`IPR2023-00425
`Patent 6,993,658
`
`contrast, the claimed “predetermined amount of time,” under both sides’
`
`construction, does not start when the system receives a password from the user.
`
`Petitioner says “the predetermined period would include the time from
`
`receiving the challenge code (at or after account activation, as discussed above) and
`
`the sending of the response code.” Reply, p. 9. Patent Owner disagrees. The
`
`claimed “authentication module” deactivates the account upon expiration of the
`
`claimed “predetermined amount of time.” Accordingly, the claimed “authentication
`
`module” must know when the “predetermined amount of time” expires so that it can
`
`deactivate the account. Petitioner and its expert fail to explain how Veneklase’s
`
`“code compare module” (Petitioner-identified “authentication module”) would
`
`know exactly when the user sends the response code (i.e., the expiration of the
`
`“predetermined period”) because there is a delay between the user sending the
`
`“response code” and
`
`the “code compare module”
`
`(Petitioner-identified
`
`“authentication module”) receiving the “response code.” Accordingly, Petitioner’s
`
`mappings are flawed.
`
`Finally, Petitioner argues “Patent Owner alleges that ‘the predetermined
`
`period of time’ varies by when the user decides to send back the response code.
`
`However, this line of attack completely ignores Veneklase’s teaching that the
`
`password must be ‘received within a predetermined period of time.’” Reply, p. 10
`
`(internal citations omitted) (citing Response, p. 37). It is unclear what is meant by
`-12-
`
`
`
`IPR2023-00425
`Patent 6,993,658
`
`“completely ignores.” As discussed above, Veneklase’s “predetermined period of
`
`time” is not and cannot be the claimed “predetermined amount of time.” Further,
`
`different users have different levels of responsiveness. So the time between a user
`
`receiving the challenge code and sending the response code is user dependent (see
`
`Ex. 2003, ¶102), and is not a “predetermined amount of time” as claim element [5.6]
`
`requires.
`
`Given the foregoing and all the reasons discussed in Patent Owner’s
`
`Response, the cited references fail to teach or suggest claim element [5.6].
`
`IV.
`
`GROUND 2 — KEW AND SORMUNEN DO NOT RENDER OBVIOUS
`INDEPENDENT CLAIMS 1 and 5.
`A. The Combination of Kew and Sormunen Does Not Teach or Suggest
`Claim Element [5.3].
`
`Patent Owner’s Response argued that Kew fails to teach or suggest the claimed
`
`“token” because there is no evidence that Kew’s “Code A” (Petitioner-identified
`
`“token”) is “eventually . . . known to the user,” as Petitioner’s own claim
`
`construction requires. See Response, pp. 46-47 (quoting Pet., p. 10). Petitioner’s
`
`Reply provided no rebuttal to that showing. See Reply, pp. 11-16. Thus, Kew fails
`
`to teach or suggest the claimed “token.” Sormunen does not cure the deficiencies of
`
`Kew, and the Petition does not so allege. See Pet., pp. 60-63. Accordingly, the cited
`
`references fail to teach or suggest claim element [5.3].
`
`-13-
`
`
`
`IPR2023-00425
`Patent 6,993,658
`
`Petitioner argues that either Kew’s “user identification code” or Kew’s
`
`“identity code” is the claimed “passcode.” See Reply, pp. 11 (“The Petition
`
`identified the User ID/IdentityCode as the ‘passcode’ limitation.”), 12-13 (“both the
`
`user identity code (user ID) and the corresponding identity code (identified by the
`
`user ID) are used to generate Code B (e.g., password)”) (emphasis added). Neither
`
`mapping is correct and each is addressed below.
`
`1.
`
`Kew’s “identity code” is not the claimed “passcode.”
`
`The claim language is unequivocal: “the passcode is known to the user.” Ex.
`
`1001, 12:29-32. Petitioner is unable to identify any disclosure in Kew that the
`
`“identity code” is known to the user, as claim limitation [5.3] requires. See Reply,
`
`pp. 11-16. Facing that reality, Petitioner fabricates unrealistic scenarios to argue that
`
`Kew’s “identity code” is known to the user:
`
`a POSITA would have understood that it would be practical for the user
`[to] know the identity code. For example, if the user were to forget his
`user ID, the user would need to use the identity code as a back-up
`verification in order for the system to locate the correct algorithm to
`produce a password. Otherwise, the user would not be able to access
`the system and the receiver would need to be reprogrammed.
`
`Reply, pp. 14-15 (internal citations omitted) (emphasis added). Petitioner’s only
`
`support for that fabrication is a supplemental declaration, which does not cite any
`
`evidence, which should be afforded no weight. See Ex. 1024, ¶28; Xerox Corp., et
`
`al. v. Bytemark, Inc., IPR2022-00624, Paper 9, pp. 15-16 (P.T.A.B. Aug. 24, 2022)
`
`-14-
`
`
`
`IPR2023-00425
`Patent 6,993,658
`
`(Precedential) (declaration is entitled to little weight when it restates petitioner’s
`
`arguments without any additional supporting evidence). Regardless, Petitioner’s
`
`reasoning is flawed.
`
`First, Petitioner concedes that Kew filed in January 1995. Pet., p. 1. Kew
`
`discloses that the “identity code is a key for the one-way [encryption] algorithm.”
`
`Ex. 1007, 7:20-32. So in Petitioner’s scenario, the end user has forgotten his user
`
`ID, but somehow remembers an encryption key that was never needed for input
`
`before. That is not realistic today or in January 1995. Further, neither Petitioner nor
`
`its expert provide any evidence that Kew’s system can even accept the “identity
`
`code” (i.e., encryption key) as an input from the user “to locate the correct
`
`algorithm.” See Reply at 14-15; Ex. 1024, ¶28.
`
`Second, it is unclear why a forgotten user ID in Petitioner’s scenario
`
`necessarily requires reprogramming the receiver. As disclosed by Kew, “[w]hen the
`
`user seeks access to the host system 1 via the terminal 2, he enters his user
`
`identification code . . . The security server 5 includes a database of all authorised
`
`users and their authorised receiver units 6, and identifies the corresponding identity
`
`code for the appropriate receiver unit 6.” Ex. 1007, 7:34-8:5. See also id., 11:8-11
`
`(Kew’s system “uses the user identification code (USER ID) to access its database
`
`to locate the corresponding identity code for the appropriate receiver unit.”). Given
`
`those disclosures, Petitioner fails to explain why a new user ID could not simply be
`-15-
`
`
`
`IPR2023-00425
`Patent 6,993,658
`
`assigned to the user and Kew’s database be updated accordingly. There is no need
`
`to reprogram the receiver unit; it can keep its stored “identity code.”
`
`Accordingly, Kew fails to teach or suggest that that the “identity code”
`
`(Petitioner-identified “passcode”) is known to the user, and thus fails to teach or
`
`suggest claim element [5.3].
`
`2.
`
`Kew’s “user
`“passcode.”
`
`identification code”
`
`is not the claimed
`
`In several instances, the Petition unambiguously mapped Kew’s “identify
`
`code” to the claimed “passcode.” See Pet., p. 60 (“Kew discloses . . . a passcode
`
`(e.g., identity code)”), pp. 62-63 (“Kew teaches . . . a passcode (e.g., identity code)”).
`
`Its original expert Declaration did the same. See Ex. 1003, ¶136 (“Kew discloses . .
`
`. a passcode (e.g., identity code)”), ¶140 (“Kew teaches . . . a passcode (e.g., identity
`
`code)”). Having now realized its disadvantage in that mapping, Petitioner seeks to
`
`map Kew’s “user identification code” to the claimed “passcode” instead. Patent
`
`Owner respectfully submits that Petitioner should be held to its original mapping.
`
`Regardless, Kew’s “user identification code” is also not the claimed
`
`“passcode.” Claim element [5.3] recites, in part “create a new password based at
`
`least upon a token and a passcode.” Ex. 1001, 12:28-29. The ’658 Patent uses the
`
`term “password” to refer to the combination of at least the “passcode” and a “token.”
`
`Ex. 1001, 4:52-53 (“In the preferred embodiment, the user 108 combines the token
`
`-16-
`
`
`
`IPR2023-00425
`Patent 6,993,658
`
`156 with the passcode 154 to form a password 158.”). For example, if the passcode
`
`is “abcd” and the token is “1234,” the password could be “abcd1234” or “1234abcd.”
`
`See id. at 4:54-56, Fig. 2A (“Your password is your passcode followed by a valid
`
`token.”) (emphasis added). Petitioner’s Expert concedes that is how the ’658 Patent
`
`uses the term “password.” See Ex. 1003, ¶26. The Petition itself concedes that is
`
`how the ’658 Patent uses the term “password.” See Pet., p. 3. In its Claim
`
`Construction Order dated Oct. 31, 2023 (i.e., after the deadline for filing Patent
`
`Owner’s Response), the United States District Court for the Eastern District of Texas
`
`reached the same conclusion: “until the passcode and token are combined, there is
`
`no password.” Ex. 2006, p. 15. But Kew’s “user identification code” (Petitioner-
`
`identified “passcode”) is never combined with Kew’s “Code A” (Petitioner-
`
`identified “token”) to generate Kew’s “Code B” (Petitioner-identified “password”).
`
`Accordingly, Kew’s “user identification code” (Petitioner-identified “passcode”) is
`
`not the claimed “passcode.”
`
`3.
`
`Kew’s “user identification code” and Kew’s “identity code”
`are different.
`
`Petitioner’s Reply argues that Kew suggests that its “user identification code”
`
`and “identity code” are the same. See Reply, pp. 15-16. That is not true.
`
` Kew discloses that the “identity code is a key for the one-way [encryption]
`
`algorithm.” Ex. 1007, 7:20-32. Kew never discloses that the “identity code” is the
`
`-17-
`
`
`
`IPR2023-00425
`Patent 6,993,658
`
`user’s name or a PIN. See id. In contrast, Kew discloses that the “user identification
`
`code” may be the user’s “actual name or preferably a more secure code such as a
`
`PIN.” Ex. 1007, 7:35-8:2. And Kew never discloses that the “user identification
`
`code” is an encryption key. See id. Accordingly, Kew’s “user identification code”
`
`and Kew’s “identity code” are not the same.
`
`Further, Kew’s system “uses the user identification code (USER ID) to access
`
`its database to locate the corresponding identity code for the appropriate receiver
`
`unit.”). Ex. 1007, 11:8-11 (emphasis added). See also id., 7:34-8:5 (“When the user
`
`seeks access to the host system 1 via the terminal 2, he enters his user identification
`
`code . . . The security server 5 includes a database of all authorised users and their
`
`authorised receiver units 6, and identifies the corresponding identity code for the
`
`appropriate receiver unit 6.”) (emphasis added). Accordingly, Kew’s “user
`
`identification code” is used to lookup, within a database, the appropriate “identity
`
`code.” If Kew’s “user identification code” and “identity code” were the same, the
`
`“identity code” would be known as soon as the “user identification code” is known,
`
`and there would be no need to look it up. Accordingly, Kew’s “user identification
`
`code” and Kew’s “identity code” are not the same.
`
`Petitioner’s Reply argues “Claim 1 of Kew suggests that [the “user
`
`identification code” and the “identity code”] can be the same, [because] the ‘input
`
`user identification code’ is performing the same function as the identity code of
`-18-
`
`
`
`IPR2023-00425
`Patent 6,993,658
`
`identifying the transformation algorithm to generate Code B.” Reply, p. 15. Claim
`
`1 makes no such suggestion. It merely recites that the “user identification code”
`
`identifies a transformation algorithm. Ex. 1007, 15:3-12 (“a transformation
`
`algorithm identified by the input user identification code.”) (emphasis added).
`
`Claim 1 does not even recite the “identity code.” See id. And as shown above,
`
`Kew’s “identity code” is an encryption key, while Kew’s “user identification code”
`
`is not. Accordingly, Kew’s “user identification c
Accessing this document will incur an additional charge of $.
After purchase, you can access this document again without charge.
Accept $ Charge
Still Working On It
This document is taking longer than usual to download. This can happen if we need to contact the court directly to obtain the document and their servers are running slowly.
Give it another minute or two to complete, and then try the refresh button.
A few More Minutes ... Still Working
It can take up to 5 minutes for us to download a document if the court servers are running slowly.
Thank you for your continued patience.
This document could not be displayed.
We could not find this document within its docket. Please go back to the docket page and check the link. If that does not work, go back to the docket and refresh it to pull the newest information.
Your account does not support viewing this document.
You need a Paid Account to view this document. Click here to change your account type.
Your account does not support viewing this document.
Set your membership
status to view this document.
With a Docket Alarm membership, you'll
get a whole lot more, including:
- Up-to-date information for this case.
- Email alerts whenever there is an update.
- Full text search for other cases.
- Get email alerts whenever a new case matches your search.
One Moment Please
The filing “” is large (MB) and is being downloaded.
Please refresh this page in a few minutes to see if the filing has been downloaded. The filing will also be emailed to you when the download completes.
Your document is on its way!
If you do not receive the document in five minutes, contact support at support@docketalarm.com.
Sealed Document
We are unable to display this document, it may be under a court ordered seal.
If you have proper credentials to access the file, you may proceed directly to the court's system using your government issued username and password.
Access Government Site
