`Unified Patents, LLC
`v.
`Dynapass IP Holdings LLC
`U.S. Patent 6,993,658
`
`Petitioner’s Demonstratives
`April 16, 2024
`
`Demonstrative Exhibit- Not Evidence
`
`Petitioner, Slide 1
`
`UNIFIED PATENTS EXHIBIT 1025
`UNIFIED PATENTS, LLC v. DYNAPASS IP HOLDINGS LLC
`IPR2023-00425
`
`
`
`Agenda
`
`• Introduction
`• Claim Overview
`• Level of Skill in the Art
`• Veneklase and Jonsson
`• Kew and Sormunen
`
`Demonstrative Exhibit- Not Evidence
`
`2
`
`UNIFIED PATENTS EXHIBIT 1025
`UNIFIED PATENTS, LLC v. DYNAPASS IP HOLDINGS LLC
`IPR2023-00425
`
`
`
`Ex. 1001, FIG.1
`
`Demonstrative Exhibit- Not Evidence
`
`3
`
`UNIFIED PATENTS EXHIBIT 1025
`UNIFIED PATENTS, LLC v. DYNAPASS IP HOLDINGS LLC
`IPR2023-00425
`
`
`
`Challenged Claims
`
`• Ground 1
`• Claim 5 would have been obvious over Veneklase (Ex. 1005)
`and Jonsson (Ex. 1006)
`• Ground 2
`• Claims 1 and 3-6 would have been obvious over Kew (Ex. 1007)
`and Sormunen (Ex. 1008)
`• PO made no separate arguments with respect to claims 3, 4, or 6.
`
`Demonstrative Exhibit- Not Evidence
`
`4
`
`UNIFIED PATENTS EXHIBIT 1025
`UNIFIED PATENTS, LLC v. DYNAPASS IP HOLDINGS LLC
`IPR2023-00425
`
`
`
`1. A method of authenticating a user on a first secure computer network, the user having a
`user account on said first secure computer network, the method comprising:
`[1.1] associating the user with a personal communication device possessed by the user,
`said personal communication device in communication over a second network, wherein
`said second network is a cell phone network different from the first secure computer
`network;
`[1.2] receiving a request from the user for a token via the personal communication device,
`over the second network;
`[1.3] generating a new password for said first secure computer network based at least upon
`the token and a passcode, wherein the token is not known to the user and wherein the
`passcode is known to the user;
`[1.4] setting a password associated with the user to be the new password;
`[1.5] activating access the user account on the first secure computer network;
`[1.6] transmitting the token to the personal communication device;
`[1.7] receiving the password from the user via the first secure computer network; and
`[1.8] deactivating access to the user account on the first secure computer network within a
`predetermined amount of time after said activating, such that said user account is not
`accessible through any password, via said first secure computer network.
`
`Demonstrative Exhibit- Not Evidence
`
`5
`
`UNIFIED PATENTS EXHIBIT 1025
`UNIFIED PATENTS, LLC v. DYNAPASS IP HOLDINGS LLC
`IPR2023-00425
`
`
`
`5. A user authentication system comprising:
`[5.1] a computer processor;
`[5.2] a user database configured to associate a user with a personal communication
`device possessed by the user, said personal communication device configured to
`communicate over a cell phone network with the user authentication system;
`[5.3] a control module executed on the computer processor configured to create a
`new password based at least upon a token and a passcode, wherein the token is not
`known to the user and wherein the passcode is known to the user, the control
`module further configured to set a password associated with the user to be the new
`password;
`[5.4] a communication module configured to transmit the token to the personal
`communication device through the cell phone network; and
`[5.5] an authentication module configured to receive the password from the user
`through a secure computer network, said secure computer network being different
`from the cell phone network, wherein the user has an account on the secure
`computer network,
`[5.6] wherein the authentication module activates access to the account in
`response to the password and deactivates the account within a predetermined
`amount of time after activating the account, such that said account is not
`accessible through any password via the secure computer network.
`
`Demonstrative Exhibit- Not Evidence
`
`6
`
`UNIFIED PATENTS EXHIBIT 1025
`UNIFIED PATENTS, LLC v. DYNAPASS IP HOLDINGS LLC
`IPR2023-00425
`
`
`
`Claim Construction
`
`• Limitation [5.6]: “deactivates the account within a predetermined
`amount of time after activating the account”
`• Petitioner/Institution Decision-
`• does not require that the predetermined amount of time correspond
`to the entire time period between activation and deactivation of the
`account. Paper 9, 25.
`• predetermined amount of time begins at some point after
`activation. Reply, 9-10.
`• PO-
`• the claimed ‘predetermined amount of time’ is the timeframe between
`activation and deactivation of the account. Response at 36.
`
`Demonstrative Exhibit- Not Evidence
`
`7
`
`UNIFIED PATENTS EXHIBIT 1025
`UNIFIED PATENTS, LLC v. DYNAPASS IP HOLDINGS LLC
`IPR2023-00425
`
`
`
`Claim Construction
`
`• Limitation [5.6]: “activates access to the account in response to
`the password”
`• PO: activates access to the account in response to the creation of the
`password. Response, 32.
`• Obvious under the plain meaning and PO’s construction. Petition, 41-46,
`66-70; Reply, 7-10; 16-17.
`
`Demonstrative Exhibit- Not Evidence
`
`8
`
`UNIFIED PATENTS EXHIBIT 1025
`UNIFIED PATENTS, LLC v. DYNAPASS IP HOLDINGS LLC
`IPR2023-00425
`
`
`
`Level of Ordinary Skill in the Art
`
`Petition, p. 5
`
`Preliminary Response (Paper 8, p. 11)
`
`PO sur-reply, p.1
`
`Demonstrative Exhibit- Not Evidence
`
`9
`
`UNIFIED PATENTS EXHIBIT 1025
`UNIFIED PATENTS, LLC v. DYNAPASS IP HOLDINGS LLC
`IPR2023-00425
`
`
`
`Ground 1 - Claim Limitations in Dispute
`
`5. A user authentication system comprising:
`[5.1] a computer processor;
`[5.2] a user database configured to associate a user with a personal communication device possessed by
`the user, said personal communication device configured to communicate over a cell phone network with
`the user authentication system;
`[5.3] a control module executed on the computer processor configured to create a new password based
`at least upon a token and a passcode, wherein the token is not known to the user and wherein the
`passcode is known to the user, the control module further configured to set a password associated with
`the user to be the new password;
`[5.4] a communication module configured to transmit the token to the personal communication device
`through the cell phone network; and
`[5.5] an authentication module configured to receive the password from the user through a secure
`computer network, said secure computer network being different from the cell phone network, wherein
`the user has an account on the secure computer network,
`[5.6] wherein the authentication module activates access to the account in response to the password and
`deactivates the account within a predetermined amount of time after activating the account, such that
`said account is not accessible through any password via the secure computer network.
`
`Demonstrative Exhibit- Not Evidence
`
`10
`
`UNIFIED PATENTS EXHIBIT 1025
`UNIFIED PATENTS, LLC v. DYNAPASS IP HOLDINGS LLC
`IPR2023-00425
`
`
`
`[5.3] a control module executed on the computer processor configured to create a new password
`based at least upon a token and a passcode, wherein the token is not known to the user and
`wherein the passcode is known to the user, the control module further configured to set a password
`associated with the user to be the new password;
`• Veneklase
`• Random Code = token
`• Password = passcode
`• Jonsson
`• Challenge Code = token
`• Input security number =
`passcode
`• Response Code = New password
`
`Veneklase, Ex. 1005, 7:22-28.
`
`Petition, 25-34
`
`Demonstrative Exhibit- Not Evidence
`
`11
`
`UNIFIED PATENTS EXHIBIT 1025
`UNIFIED PATENTS, LLC v. DYNAPASS IP HOLDINGS LLC
`IPR2023-00425
`
`
`
`Motivations to Combine
`
`• Transmit one “password” instead of two transmitted “passwords”
`• Prevent unauthorized access through SIM swapping
`• Explicit teaching, suggestion, and motivation to combine the
`algorithm of Jonsson because Veneklase also discloses the use of
`algorithms for additional security
`• Using a known technique to improve similar devices in the same
`way
`
`Petition, 31-34
`
`Demonstrative Exhibit- Not Evidence
`
`12
`
`UNIFIED PATENTS EXHIBIT 1025
`UNIFIED PATENTS, LLC v. DYNAPASS IP HOLDINGS LLC
`IPR2023-00425
`
`
`
`5.4- a communication module configured to transmit the token to the personal
`communication device through the cell phone network;
`
`EX1018 (corresponding to EX2005), 173.
`Demonstrative Exhibit- Not Evidence
`
`Reply, 3-5
`
`13
`
`EX1019, filed June 21, 2000.
`
`UNIFIED PATENTS EXHIBIT 1025
`UNIFIED PATENTS, LLC v. DYNAPASS IP HOLDINGS LLC
`IPR2023-00425
`
`
`
`[5.5] an authentication module configured to receive the password from the user
`through a secure computer network, said secure computer network being different
`from the cell phone network,
`
`Veneklase-
`
`Jonsson
`
`Ex.1005, 7:23-24.
`
`Ex. 1006, 7:27–31.
`
`Demonstrative Exhibit- Not Evidence
`
`14
`
`UNIFIED PATENTS EXHIBIT 1025
`UNIFIED PATENTS, LLC v. DYNAPASS IP HOLDINGS LLC
`IPR2023-00425
`
`
`
`[5.6] wherein the user has an account on the secure computer network, wherein the authentication
`module activates access to the account in response to the password and deactivates the account
`within a predetermined amount of time after activating the account, such that said account is not
`accessible through any password via the secure computer network
`• Petition
`• Activates Access = allow access if
`received response code matches
`expected response code. Pet. 41
`• PO’s interpretation:
`• Activates Access = activates access to
`the account in response to [the
`creation of] the password
`
`“The response code is compared to an
`expected response code, which, in
`exemplary embodiments, may be pre-stored
`or generated using the same algorithm and
`variables.” Jonsson, 10:2-5
`
`“the challenge code and the response is
`unique for each transaction.” Jonsson, 3:16-
`18
`
`Petition, 41-46; Reply, 7-10.
`
`Demonstrative Exhibit- Not Evidence
`
`15
`
`UNIFIED PATENTS EXHIBIT 1025
`UNIFIED PATENTS, LLC v. DYNAPASS IP HOLDINGS LLC
`IPR2023-00425
`
`
`
`[5.6] wherein the user has an account on the secure computer network, wherein the authentication
`module activates access to the account in response to the password and deactivates the account
`within a predetermined amount of time after activating the account, such that said account is not
`accessible through any password via the secure computer network
`
`Veneklase-Jonsson
`• “predetermined ‘window’ of
`time”
`• Receive/send challenge code
`• Send response code for
`comparison to expected
`response code
`
`Demonstrative Exhibit- Not Evidence
`
`16
`
`Petition, 42-46; Reply, 7-10.
`
`Veneklase, 8:40-49
`
`Veneklase, 9:3-5.
`
`UNIFIED PATENTS EXHIBIT 1025
`UNIFIED PATENTS, LLC v. DYNAPASS IP HOLDINGS LLC
`IPR2023-00425
`
`
`
`Ground 2 - Claim Limitations in Dispute
`
`5. A user authentication system comprising:
`[5.1] a computer processor;
`[5.2] a user database configured to associate a user with a personal communication device
`possessed by the user, said personal communication device configured to communicate over
`a cell phone network with the user authentication system;
`[5.3] a control module executed on the computer processor configured to create a new
`password based at least upon a token and a passcode, wherein the token is not known to the
`user and wherein the passcode is known to the user, the control module further configured to
`set a password associated with the user to be the new password;
`[5.4] a communication module configured to transmit the token to the personal
`communication device through the cell phone network; and
`[5.5] an authentication module configured to receive the password from the user through a
`secure computer network, said secure computer network being different from the cell phone
`network, wherein the user has an account on the secure computer network,
`[5.6] wherein the authentication module activates access to the account in response to the
`password and deactivates the account within a predetermined amount of time after activating
`the account, such that said account is not accessible through any password via the secure
`computer network.
`
`Demonstrative Exhibit- Not Evidence
`
`17
`
`UNIFIED PATENTS EXHIBIT 1025
`UNIFIED PATENTS, LLC v. DYNAPASS IP HOLDINGS LLC
`IPR2023-00425
`
`
`
`Ground 2 - Claim Limitations in Dispute
`
`1. A method of authenticating a user on a first secure computer network, the user having a user
`account on said first secure computer network, the method comprising:
`[1.1] associating the user with a personal communication device possessed by the user, said
`personal communication device in communication over a second network, wherein said
`second network is a cell phone network different from the first secure computer network;
`[1.2] receiving a request from the user for a token via the personal communication device,
`over the second network;
`[1.3] generating a new password for said first secure computer network based at least upon the
`token and a passcode, wherein the token is not known to the user and wherein the passcode is
`known to the user;
`[1.4] setting a password associated with the user to be the new password;
`[1.5] activating access the user account on the first secure computer network;
`[1.6] transmitting the token to the personal communication device;
`[1.7] receiving the password from the user via the first secure computer network; and
`[1.8] deactivating access to the user account on the first secure computer network within a
`predetermined amount of time after said activating, such that said user account is not
`accessible through any password, via said first secure computer network.
`
`Demonstrative Exhibit- Not Evidence
`
`18
`
`UNIFIED PATENTS EXHIBIT 1025
`UNIFIED PATENTS, LLC v. DYNAPASS IP HOLDINGS LLC
`IPR2023-00425
`
`
`
`[5.3] a control module executed on the computer processor configured to create a new password
`based at least upon a token and a passcode, wherein the token is not known to the user and
`wherein the passcode is known to the user, the control module further configured to set a
`password associated with the user to be the new password;
`
`• UserID/Identity Code = passcode
`• Code A = token
`• Code B = New Password
`
`Pet. At 60-62; Ex. 1007, FIG 2
`
`Demonstrative Exhibit- Not Evidence
`
`19
`
`UNIFIED PATENTS EXHIBIT 1025
`UNIFIED PATENTS, LLC v. DYNAPASS IP HOLDINGS LLC
`IPR2023-00425
`
`
`
`[5.3] a control module executed on the computer processor configured to create a new password based at least
`upon a token and a passcode, wherein the token is not known to the user and wherein the passcode is known
`to the user, the control module further configured to set a password associated with the user to be the new
`password;
`Claim 1: A method of preventing unauthorised access to a host computer system (1) by a user at a remote terminal (2)
`comprising the steps of
`accepting a user identification code [passcode] input to the terminal by the user;
`generating a random code (Code A) [token] ;
`subjecting Code A to a transformation characteristic of a transformation algorithm identified by the input user
`identification code so as to generate a transformed code (Code B) [New Password]; transmitting Code A via a
`paging system (7) , to a receiver (6) held by the user, the receiver (6) comprising transformation means adapted to
`transform the received Code A to a second transformed Code C…
`
`When the user seeks access to the host system 1 via the terminal 2 , he enters his user identification code. This code may take any suitable
`
`form, for example his actual name or preferably a more secure code such as a PIN. The security server 5 includes a database of all authorised
`
`users and their authorised receiver units 6, and identifies the corresponding identity code for the appropriate receiver unit 6. The security
`
`server 5 then generates a random code (Code A) and subjects this number to an encryption using the same one-way algorithm as is stored
`
`in the user's receiver 6 together with the corresponding identity code. In this way a transformed code (Code B) is produced. EX1006, 7:34-
`
`8:10
`
`Demonstrative Exhibit- Not Evidence
`
`20
`
`UNIFIED PATENTS EXHIBIT 1025
`UNIFIED PATENTS, LLC v. DYNAPASS IP HOLDINGS LLC
`IPR2023-00425
`
`
`
`[5.6] wherein the authentication module activates access to the account in response to the
`password and deactivates the account within a predetermined amount of time after activating the
`account, such that said account is not accessible through any password via the secure computer
`network.
`• Petition
`• Activates Access = allows access to the account by the user (Code B and Code C match)
`• PO’s interpretation:
`• Activates Access = activates access to the account in response to [the creation of] the
`password
`• Kew discloses creation of Code B (new password) when sending Code A
`(token) to the receiver to be transformed to Code C, which is then compared
`to Code B to allow access to the account
`• POSITA would have understood account access to be activated under PO’s
`interpretation when Code B was created and not after code C was received for
`comparison to Code B
`
`Demonstrative Exhibit- Not Evidence
`
`21
`
`Petition, 41-46; Reply, 7-10
`
`UNIFIED PATENTS EXHIBIT 1025
`UNIFIED PATENTS, LLC v. DYNAPASS IP HOLDINGS LLC
`IPR2023-00425
`
`
`
`[5.6] wherein the authentication module activates access to the account in response to the password
`and deactivates the account within a predetermined amount of time after activating the account,
`such that said account is not accessible through any password via the secure computer network.
`
`• Kew discloses that the security server “prompts” entry of the “transformed Code C displayed by
`the receiver unit 6.” EX1007, 9:6-7.
`• v
`
`EX1018, 427; EX1024, ¶35
`
`Petition, 48, 62, 64, 66; Reply 17-22
`
`Demonstrative Exhibit- Not Evidence
`
`22
`
`UNIFIED PATENTS EXHIBIT 1025
`UNIFIED PATENTS, LLC v. DYNAPASS IP HOLDINGS LLC
`IPR2023-00425
`
`
`
`Time-Bound Access was well-known in the art decades before
`the earliest priority date
`
`EX1003, ¶49; EX1024, ¶32; Reply, 17
`
`Demonstrative Exhibit- Not Evidence
`
`23
`
`UNIFIED PATENTS EXHIBIT 1025
`UNIFIED PATENTS, LLC v. DYNAPASS IP HOLDINGS LLC
`IPR2023-00425
`
`
`
`Kew’s time-bound access
`
`The receiver unit 6 therefore uses the received random
`number and the identity code stored in its own EPROM to
`produce a transformed code (Code C) via its own
`characteristic algorithm. This transformed Code C is then
`displayed to the user on a display means 9, preferably a
`liquid crystal display, for a predetermined length of time
`such as five minutes. Kew, 8:33-9:3
`
`the receiver can only be enabled for a predetermined
`period to permit it to transform the received Code A to
`the transformed Code C by input of a second user
`identification code by the user. This second code may also
`be in the form of a PIN. In this way additional security is
`provided since an unauthorised user cannot gain access to
`the system even if he has possession of the receiver and
`knows the user identification code without knowledge of the
`second identification or activation code. Kew, 3:14-23
`
`Petition, 68-71; Reply, 18-22
`
`Demonstrative Exhibit- Not Evidence
`
`24
`
`UNIFIED PATENTS EXHIBIT 1025
`UNIFIED PATENTS, LLC v. DYNAPASS IP HOLDINGS LLC
`IPR2023-00425
`
`
`
`Kew’s time-bound access as understood by a
`POSITA
`
`1) The user enters the user ID to generate Code A, which is used with the user ID/identity code to generate
`
`Code B, which begins the lifetime of Code B for a predetermined 5 minute period.
`
`2) Code A is sent to the receiver, which begins the lifetime of Code A for a predetermined period of 5 minutes.
`
`The user is alerted to enter his second identification code, which enables Code A to be transformed to Code
`
`C and displayed.
`
`3) The user must enter Code C while it is displayed during the 5 minute period that the receiver is enabled to
`
`generate code C.
`
`Reply, 22; EX1024, ¶39.
`
`Demonstrative Exhibit- Not Evidence
`
`25
`
`UNIFIED PATENTS EXHIBIT 1025
`UNIFIED PATENTS, LLC v. DYNAPASS IP HOLDINGS LLC
`IPR2023-00425
`
`
`
`PO: Kew’s “security sever” (Petitioner-identified “authentication module”) has no way
`of knowing when Kew’s “receiver unit” stops displaying “Code C,” and thus has no
`way of knowing when to deactivate the account. Sur-reply at 23.
`
`• Allows Code C to be valid
`indefinitely
`• Does not prevent a user from
`simply writing down Code C and
`entering it days later to access the
`account
`• Ignores the “prompt” from the
`security server
`
`Reply, 17-21
`
`Demonstrative Exhibit- Not Evidence
`
`26
`
`UNIFIED PATENTS EXHIBIT 1025
`UNIFIED PATENTS, LLC v. DYNAPASS IP HOLDINGS LLC
`IPR2023-00425
`
`
`
`[1.2] receiving a request from the user for a token via the personal
`communication device, over the second network;
`
`Kew, Fig.1
`
`Jonsson, Fig. 2
`
`Petition, 74-75; Reply, 23-24
`
`Demonstrative Exhibit- Not Evidence
`
`27
`
`UNIFIED PATENTS EXHIBIT 1025
`UNIFIED PATENTS, LLC v. DYNAPASS IP HOLDINGS LLC
`IPR2023-00425
`
`
`
`Kew’s receiver is linked to the remote terminal for the exchange of
`information
`
`the receiver unit 6 would probably, but not
`necessarily, comprise a stand-alone piece of
`equipment, in this embodiment the receiver unit 6
`is intended to be linked to the remote terminal 2
`for the passage of information therebetween
`
`Kew, 9:27-31; EX1024, ¶40; Reply, 23
`
`Demonstrative Exhibit- Not Evidence
`
`28
`
`UNIFIED PATENTS EXHIBIT 1025
`UNIFIED PATENTS, LLC v. DYNAPASS IP HOLDINGS LLC
`IPR2023-00425
`
`