Trials@uspto.gov
`571-272-7822
`
`Paper 9
`Date: July 18, 2023
`
`UNITED STATES PATENT AND TRADEMARK OFFICE
`
`BEFORE THE PATENT TRIAL AND APPEAL BOARD
`
`UNIFIED PATENTS, LLC,
`Petitioner,
`v.
`DYNAPASS IP HOLDINGS LLC,
`Patent Owner.
`
`IPR2023-00425
`Patent 6,993,658 B1
`
`
`
`
`
`
`
`
`
`Before KEVIN F. TURNER, KRISTEN L. DROESCH, and
`LYNNE H. BROWNE, Administrative Patent Judges.
`BROWNE, Administrative Patent Judge.
`
`DECISION
`Granting Institution of Inter Partes Review
`35 U.S.C. § 314, 37 C.F.R. § 42.4
`
`
`
`
`
`
`
`
`571-272-7822
`
`Paper 9
`Date: July 18, 2023
`
`UNITED STATES PATENT AND TRADEMARK OFFICE
`
`BEFORE THE PATENT TRIAL AND APPEAL BOARD
`
`UNIFIED PATENTS, LLC,
`Petitioner,
`v.
`DYNAPASS IP HOLDINGS LLC,
`Patent Owner.
`
`IPR2023-00425
`Patent 6,993,658 B1
`
`
`
`
`
`
`
`
`
`Before KEVIN F. TURNER, KRISTEN L. DROESCH, and
`LYNNE H. BROWNE, Administrative Patent Judges.
`BROWNE, Administrative Patent Judge.
`
`DECISION
`Granting Institution of Inter Partes Review
`35 U.S.C. § 314, 37 C.F.R. § 42.4
`
`
`
`
`
`
`
`
`
`IPR2023-00425
`Patent 6,993,658 B1
`
`INTRODUCTION
`I.
`Unified Patents, LLC (“Petitioner”) filed a Petition (Paper 1 (“Pet.”))
`requesting institution of an inter partes review of claims 1 and 3–6 of
`U.S. Patent No. 6,993,658 B1 (Ex. 1001, “the ’658 Patent”). Dynapass IP
`Holdings LLC (“Patent Owner”) timely filed a Preliminary Response.
`Paper 8 (“Prelim. Resp.”).
`Under 35 U.S.C. § 314(a), an inter partes review may not be instituted
`unless the information presented in the Petition and any response thereto
`shows “there is a reasonable likelihood that the petitioner would prevail with
`respect to at least 1 of the claims challenged in the petition.” Upon
`consideration of the Petition and the evidence of record, we conclude that
`the information presented in the Petition establishes that there is a reasonable
`likelihood that Petitioner would prevail in challenging at least one of
`claims 1 and 3–6 of the ’658 Patent as unpatentable under the grounds
`presented in the Petition. Pursuant to § 314, we hereby institute an inter
`partes review as to the challenged claims of the ’658 Patent.
`A. Real Parties in Interest
`Petitioner identifies itself, Unified Patents, LLC, as the only real
`party-in-interest. Pet. 79. Patent Owner identifies itself, Dynapass IP
`Holdings LLC and DynaPass Inc., as the only real parties-in-interest.
`Paper 3, 1.
`B. Related Matters
`The parties identify the following as related district court matters:
`Dynapass IP Holdings LLC v. Regions Financial Corporation, 2:22-cv-
`00215 (EDTX 6-17-2022), Dynapass IP Holdings LLC v. JPMorgan Chase
`& Co., 2:22-cv-00212 (EDTX 6-17-2022), Dynapass IP Holdings LLC
`
`2
`
`
`
`IPR2023-00425
`Patent 6,993,658 B1
`v. PlainsCapital Bank, 2:22-cv-00213 (EDTX 6-17-2022), Dynapass IP
`Holdings LLC v. Woodforest National Bank, 2:22-cv-00218 (EDTX 6-17-
`2022), Dynapass IP Holdings LLC v. Bank of America Corporation, 2:22-
`cv-00210 (EDTX 6-17-2022), Dynapass IP Holdings LLC v. Wells Fargo &
`Company, 2:22-cv-00217 (EDTX 6-17-2022), Dynapass IP Holdings LLC
`v. Truist Financial Corporation, 2:22-cv-00216 (EDTX 6-17-2022),
`Dynapass IP Holdings LLC v. PNC Financial Services, 2:22-cv-00214
`(EDTX 6-17-2022), Dynapass IP Holdings LLC v. BOKF, National
`Association, 2:22-cv-00211 (EDTX 6-17-2022), Dynapass Inc. v. Mobile
`Authentication Corporation, 8:18-cv-01173 (C.D. Cal. 7-3-2018). Pet. 80–
`81; Paper 3, 1–2.
`Patent Owner also identifies Bank of America, N.A. v. Dynapass IP
`Holdings LLC, IPR2023-00367 (filed January 3, 2022) as a related matter.
`Paper 3, 2.
`C. The ’658 Patent
`The ’658 Patent is titled “Use of Personal Communication Devices
`For User Authentication.” Ex. 1001, code (54). The invention “relates
`generally to the authentication of users of secure systems and, more
`particularly, the invention relates to a system through which user tokens
`required for user authentication are supplied through personal
`communication devices such as mobile telephones and pagers.” Id. at
`1:7–11.
`One embodiment of the invention provides a password setting system
`that includes a user token server and a communication module wherein a
`user token server generates a random token in response to a request for a
`new password from a user. Ex. 1001, 1:63–2:2. “The server creates a new
`
`3
`
`
`
`IPR2023-00425
`Patent 6,993,658 B1
`password by concatenating a secret passcode that is known to the user with
`the token” and “sets the password associated with the user’s user ID to be
`the new password.” Id. at 2:2–6. A “communication module transmits the
`token to a personal communication device, such as a mobile phone or a
`pager carried by the user.” Id. at 2:6–8. Then, the user concatenates the
`secret passcode with the received token in order to form a valid password,
`which the user submits to gain access to the secure system. Id. at 2:8–11.
`Figure, reproduced below, “illustrates an overview, including system
`components, of a user authentication system 100 according to a preferred
`embodiment of the present invention.” Ex. 1001, 4:2–4.
`
`
`
`User authentication system 100 includes authentication Server 102, text
`messaging Service provider 104, personal communication device 106 carried
`
`4
`
`
`
`IPR2023-00425
`Patent 6,993,658 B1
`by user 108, and secure system 110 to which the authentication system 100
`regulates access. Id. at 4:9–13. “[P]ersonal communication device 106 is
`preferably a pager or a mobile phone having SMS (short message Service)
`receive capability.” Id. at 4:13–15. Secure system 110 can be “any system,
`device, account, or area to which it is desired to limit access to authenticated
`users.” Id. at 4:18–20.
`User authentication server 102 is configured to require that user 108
`supply authentication information through secure system 110 in order to
`gain access to secure system 110. Ex. 1001, 4:32–35. Authentication
`information provided by the user includes user ID 152, passcode 154 and
`user token 156. Id. at 4:36–37. User ID 152 may be publicly known and
`used to identify the user and passcode 154 is secret and only known to the
`user 108, whereas token 156 is provided only to user 108 by user
`authentication server 102 through personal communication device 106. Id.
`at 4:39–44. To gain access to secure system 100, user 108 combines token
`156 with passcode 154 to form password 158. Id. at 4:52–53. Thus, user
`108 needs to have personal communication device 106 in order to gain
`access to secure system 110. Id. at 4:46–48. Further, token 156 has a
`limited lifespan, such as 1 minute or 1 day. Id. at 4:44–45.
`D. Challenged Claims
`Petitioner challenges claims 1 and 3–6. Pet. 1. Claims 1 and 5,
`reproduced below with Petitioner’s identifiers included, are the independent
`claims at issue in this proceeding. Ex. 1001, 11:43–12:13, 12:20–47.
`Claims 3 and 4 depend from claim 1 and claim 6 depends from claim 5. Id.
`at 12:16–19, 12:48–52.
`
`5
`
`
`
`IPR2023-00425
`Patent 6,993,658 B1
`1.
`[1.0] A method of authenticating a user on a first secure
`computer network, the user having a user account on said first
`secure computer network, the method comprising:
`[1.1] associating the user with a personal communication device
`possessed by the user, said personal communication device in
`communication over a second network, wherein said second
`network is a cell phone network different from the first secure
`computer network;
`[1.2] receiving a request from the user for a token via the
`personal communication device, over the second network;
`[1.3] generating a new password for said first secure computer
`network based at least upon the token and a passcode, wherein
`the token is not known to the user and wherein the passcode is
`known to the user;
`[1.4] setting a password associated with the user to be the new
`password;
`[1.5] activating access the user account on the first secure
`computer network;
`[1.6] transmitting the token to the personal communication
`device;
`[1.7] receiving the password from the user via the first secure
`computer network, and
`[1.8] deactivating access to the user account on the first secure
`computer network within a predetermined amount of time after
`said activating, such that said user account is not accessible
`through any password, via said first secure computer network.
`5.
`[5.0] A user authentication system comprising:
`[5.1] a computer processor,
`[5.2] a user database configured to associate a user with a
`personal communication device possessed by the user, said
`personal communication device configured to communicate
`over a cell phone network with the user authentication system;
`
`6
`
`
`
`IPR2023-00425
`Patent 6,993,658 B1
`[5.3] a control module executed on the computer processor
`configured to create a new password based at least upon a token
`and a passcode, wherein the token is not known to the user and
`wherein the passcode is known to the user, the control module
`further configured to set a password associated with the user to
`be the new password;
`[5.4] a communication module configured to transmit the token
`to the personal communication device through the cell phone
`network, and
`[5.5] an authentication module configured to receive the
`password from the user through a secure computer network,
`said secure computer network being different from the cell
`phone network, [5.6] wherein the user has an account on the
`secure computer network, wherein the authentication module
`activates access to the account in response to the password and
`deactivates the account within a predetermined amount of time
`after activating the account, such that said account is not
`accessible through any password via the secure computer
`network.
`Ex. 1001, 11:43–12:13, 12:20–47.
`E. Prior Art and Asserted Grounds
`Petitioner asserts that claims 1 and 3–6 would have been unpatentable
`on the following grounds:
`Claim(s) Challenged
`35 U.S.C. §
`5
`103
`1, 3–6
`103
`
`Reference(s)/Basis
`Veneklase, 1 Jonsson2
`Kew, 3 Sormunen4
`
`
`
`
`1 EP 0 844 551 A2, published May 27, 1998 (“Veneklase”) (Ex. 1005).
`2 WO 96/00485, published January 4, 1996 (“Jonsson”) (Ex. 1006).
`3 WO 95/19593, published July 20, 1995 (“Kew”) (Ex. 1007).
`4 WO 97/31306, published August 28, 1997 (“Sormunen”) (Ex. 1008).
`
`7
`
`
`
`IPR2023-00425
`Patent 6,993,658 B1
`
`II. ANALYSIS
`A. Level of Ordinary Skill in the Art
`In determining the level of skill in the art, we consider the type of
`problems encountered in the art, the prior art solutions to those problems, the
`rapidity with which innovations are made, the sophistication of the
`technology, and the educational level of active workers in the field.
`Custom Accessories, Inc. v. Jeffrey-Allan Indus. Inc., 807 F.2d 955, 962
`(Fed. Cir. 1986); Orthopedic Equip. Co. v. U.S., 702 F.2d 1005, 1011
`(Fed. Cir. 1983).
`Petitioner contends that a person of ordinary skill in the art
`(“POSITA5”) “for the ’658 Patent would have had at least (1) an
`undergraduate degree in electrical and computer engineering or a closely
`related field; and (2) two or more years of experience in security. EX1001,
`generally; EX1003, ¶¶49-51.” Pet. 5. “For the purposes of [the Preliminary]
`Response only, Patent Owner does not dispute the level of skill of a person
`of ordinary skill in the art (‘POSITA’) identified in the Petition.”
`Prelim. Resp. 11.
`Based on the record presented, including our review of the ’658 Patent
`and the types of problems and solutions described in the patent and the cited
`prior art, we adopt Petitioner’s assessment of the level of ordinary skill in
`the art and apply it for purposes of this Decision.
`B. Claim Construction
`We apply the claim construction standard articulated in Phillips
`v. AWH Corp., 415 F.3d 1303 (Fed. Cir. 2005) (en banc), and its progeny.
`
`
`5 Person of ordinary skill in the art.
`
`8
`
`
`
`IPR2023-00425
`Patent 6,993,658 B1
`Only terms that are in controversy need to be construed, and then only to the
`extent necessary to resolve the controversy. Nidec Motor
`Corp. v. Zhongshan Broad Ocean Motor Co. Matal, 868 F.3d 1013, 1017
`(Fed. Cir. 2017) (in the context of an inter partes review, applying Vivid
`Techs., Inc. v. Am. Sci. & Eng’g, Inc., 200 F.3d 795, 803 (Fed. Cir. 1999)).
`Petitioner states that “all terms should be given their plain meaning.”
`Pet. 6. Yet, Petitioner proposes claim construction for “cell phone network”
`and “[n]ot known to the user.” Pet. 9–13. 6
`“Patent Owner contends that claim construction is not necessary for
`the Board to determine that the Petition fails to demonstrate a reasonable
`likelihood that any challenged claim of the ’658 Patent is unpatentable.”
`Prelim. Resp. 11.
`At this stage of this proceeding, we agree with the parties that claim
`construction is not necessary.
`C. Patentability Challenges
`1. Principles of Law: Obviousness
`A claim is unpatentable under 35 U.S.C. § 103 if “the differences
`between the subject matter sought to be patented and the prior art are such
`that the subject matter as a whole would have been obvious at the time the
`invention was made to a person having ordinary skill in the art to which said
`subject matter pertains.” KSR Int’l Co. v. Teleflex Inc., 550 U.S. 398, 406
`(2007). The question of obviousness is resolved on the basis of underlying
`factual determinations, including: (1) the scope and content of the prior art;
`(2) any differences between the claimed subject matter and the prior art;
`
`
`6 Petitioner also acknowledges that the Board may construe some limitations
`as means-plus-function limitations. Pet. 6.
`
`9
`
`
`
`IPR2023-00425
`Patent 6,993,658 B1
`(3) the level of skill in the art; and (4) objective evidence of nonobviousness,
`i.e., secondary considerations. 7 See Graham v. John Deere Co. of Kansas
`City, 383 U.S. 1, 17–18 (1966).
`2. Prior Art
`a) Veneklase (Ex. 1005)
`Veneklase is a European Patent application published May 27, 1998.
`Petitioner asserts that Veneklase is prior art under pre-AIA 35 U.S.C. §
`102(a) and (b). Pet. 1.
`Veneklase’s “invention relates to a security and/or access restriction
`system . . . adapted to grant only authorized users access to a computer
`system and/or certain data.” Ex. 1005, 1:5–9. Veneklase is directed to
`preventing exposure and hacking of user passwords (id. at 2:2–21), theft of
`user access cards (id. at 2:22–37), and interception and decryption of
`encryption of keys (id. at 2:37-57). The invention provides “a technique to
`substantially prevent the unauthorized interception and use of transmitted
`data . . . by splitting the data into a plurality of separate communication
`channels, each of which must be ‘broken’ for the entire data stream to be
`obtained.” Id. at 3:3–11.
`In Veneklase’s system individual 18, desiring access to and within
`computer 80, utilizes a first communication channel 82 (e.g., a first
`telephone line, radio channel, and/or satellite channel) and communicates,
`by use of his or her voice or by use of a computer 19, a first password to
`analyzing means 12. Id. at 6:5–10. “Analyzing means 12 then checks
`and/or compares this first received password with a master password list
`
`
`7 The current record does not present or address any evidence of
`nonobviousness.
`
`10
`
`
`
`IPR2023-00425
`Patent 6,993,658 B1
`which contains all of the authorized passwords associated with authorized
`entry and/or access to computer 80.” Id. at 6:10–14. If the received
`password matches an entry of the master password list, analyzing means
`12 causes the random code generation means 14 to generate a pseudo-
`random number or code and to transmit the number and/or code via a second
`communications channel 84, to the individual 85 associated with the
`received password 202 in the master password list. Id. at 6:27–37. “Once
`the pseudo-random number is received by the analyzing means 12, from
`channel 82, it is compared with the number generated by generation means
`14.” Id. at 6:51–54. If the two codes are substantially the same, entry to
`computer 80 or to a certain part of computer 80 such as the hardware,
`software, or firmware portions of computer 80 is granted to individual 18.
`Id. at 6:54–58.
`b) Jonsson (Ex. 1006)
`Jonsson is a Patent Cooperation Treaty application published January
`4, 1996. Petitioner asserts that Jonsson is prior art under pre-AIA 35
`U.S.C. § 102(a) and (b). Pet. 1.
`Jonsson provides an authentication procedure wherein the user carries
`a personal unit not limited to use with or physically connected to a terminal
`of any one specific electronic service. Ex. 1006, 2:30–34. Jonsson’s
`personal unit includes a receiver for receiving a transmitted challenge code
`and an algorithm unit which processes the challenge code, a user input such
`as a personal identification number (PIN) or electronically recognizable
`signature, and an internally stored security key for calculating a response
`code according to a pre-stored algorithm. Ex. 1006 at 6:24–29.
`
`11
`
`
`
`IPR2023-00425
`Patent 6,993,658 B1
`c) Kew (Ex. 1007)
`Kew is a Patent Cooperation Treaty application published July 20,
`1995. Petitioner asserts that Kew is prior art under pre-AIA 35 U.S.C. §
`102(a) and (b). Pet. 1.
`Kew’s invention relates to a method for “preventing unauthorized
`access to a host computer system.” Ex. 1007, 1:3–5. Specifically, Kew
`describes a “method of preventing unauthorized access to a host computer
`system by a user at a remote terminal.” Id. at 1:21–23. In Kew’s method the
`host computer system accepts a user identification code input to the terminal
`by the user and generates a random code (Code A). Id. at 1:24–26. Using a
`transformation algorithm, Kew’s computer system transforms Code A to
`transformed Code B. Id. at 1:27–30. The computer system also transmits
`Code A to user’s receiver which transform’s Code A to transformed Code C.
`Id. at 1:31–34. The user inputs Code C into the remote terminal and the
`computer system compares Code B with Code C, and if the Codes match
`permits access to the host computer system. Id. at 1:36–2:3.
`d) Sormunen (Ex. 1008)
`Sormunen is a Patent Cooperation Treaty application published
`August 28, 1998. Petitioner asserts that Sormunen is prior art under
`pre-AIA 35 U.S.C. § 102(a) and (b). Pet. 1.
`Sormunen’s “invention relates to a method and system for obtaining at
`least one item of user specific authentication data, such as a password and/or
`a user name.” Ex. 1008, 1:3–5. Sormunen discloses the use of mobile
`communication systems including cellular systems, paging systems, and
`mobile phone systems. Id. at 4:36–5:1.
`
`12
`
`
`
`IPR2023-00425
`Patent 6,993,658 B1
`3. Ground 1: Alleged Obviousness of Independent Claim 5
`Petitioner asserts that claim 5 is unpatentable over the combined
`teachings of Veneklase and Jonsson. Pet. 13. Petitioner addresses each
`limitation of claim 5 and provides the testimony of Dr. McNair in support of
`its position with respect to them claim 5. Pet. 17–46; Ex. 1003 ¶¶ 71–111.
`Patent Owner does not contest Petitioner’s assertions for limitations [5.0]–
`[5.2] of claim 5. For the uncontested limitations ([5.0]–[5.2]), we have
`considered Petitioner’s evidence and arguments with respect to these
`limitations, including the relevant testimony of Dr. McNair and find it to be
`sufficient to show that Petitioner has demonstrated a reasonable likelihood
`of prevailing in showing that Veneklase, either alone or in combination with
`Jonsson, teaches or suggests these limitations. Accordingly, we focus our
`discussion on contested limitations [5.3]–[5.6] and Patent Owner’s
`arguments regarding these limitations.
`a) Limitation [5.3]: a control module executed on the computer
`processor configured to create a new password based at least
`upon a token and a passcode, wherein the token is not known
`to the user and wherein the passcode is known to the user, the
`control module further configured to set a password associated
`with the user to be the new password;
`Petitioner asserts that “Veneklase in combination with Jonsson teaches
`this limitation.” Pet. 26 (citing Ex. 1003 ¶¶ 83–90). Regarding Veneklase,
`Petitioner asserts that Veneklase discloses assigning a password to the user;
`receiving the password by use of a first communication channel; generating
`a code in response to the received password; transmitting the code to the
`user via a second communications channel; transmitting the code to the
`computer; and allowing access to the computer only after the code is
`transmitted to the computer. Pet. 26 (citing Ex. 1005, 4:8–15).
`
`13
`
`
`
`IPR2023-00425
`Patent 6,993,658 B1
`Specifically, Petitioner asserts that “Veneklase discloses a
`user/password check module (i.e., a control module) located on the host
`computer system 402 (i.e., the computer processor)” and that the
`“user/password check module assigns two passwords, one that is known to
`the user and one that is not previously known to the user.” Pet. 26–27
`(citing Ex. 1005, Fig. 6). 8 Petitioner asserts further that “[w]hile Veneklase
`teaches an authentication system in which the user inputs both a token that is
`not known to the user beforehand (e.g., the random code) and a passcode
`that is known to the user (e.g., the received password), it does not disclose
`creating a new password based on those two items.” Id. at 28.
`Turning to Jonsson, Petitioner asserts that Jonsson discloses an
`authentication system that “includes a service node that ‘generates a
`challenge code and requests that the challenge code be sent to the personal
`unit 20 via an authentication challenge network 28’” and that “[t]his
`challenge code generated by the system is a token because it is not known to
`the user before it is generated and sent to the user.” Pet. 28 (citing Ex. 1006,
`4:24–5:6; Ex. 1003 ¶¶ 86–87). Petitioner asserts further that “Jonsson
`discloses the use of a ‘user input such as a personal identification number
`(PIN),’ which by its very nature of being a user defined input, is known to
`the user beforehand” and that “Jonsson discloses an algorithm that
`‘calculates a response code [e.g., new password] based on the received
`challenge code [e.g., token], the user input (e.g., PIN) [e.g., passcode],
`and optionally [a] secret key.’” Pet. 29 (citing Ex. 1006, 3:3–10, 7:5–10,
`8:12–14, 9:23–25).
`
`
`8 Here and for the remainder of this decision, we do not reproduce the
`colored font used in the Petition.
`
`14
`
`
`
`IPR2023-00425
`Patent 6,993,658 B1
`Petitioner asserts that it would have been obvious to combine
`Veneklase’s token and passcode to “create a new password based on both of
`them.” Id. at 28. Petitioner then asserts that “Veneklase’s authentication
`system would incorporate Jonsson’s teachings related to using an algorithm
`to create a new password (e.g., response code) based on a known passcode
`(e.g., the received password/PIN) and an unknown token (e.g., the random
`code/challenge code).” Id. at 30 (citing Ex. 1003 ¶¶ 83–89). Thus,
`according to Petitioner,
`Veneklase in combination with Jonsson teaches a control module
`(e.g., user/password check module) executed on the computer
`processor configured to create a new password (e.g., assigning
`a password to the user) based at least upon a token (e.g., random
`code) and a passcode (e.g., received password), wherein the
`token is not known to the user (e.g., generated by the system) and
`wherein the passcode is known to the user (e.g., received from
`the user), the control module further configured to set a
`password associated with the user to be the new password (e.g.,
`set an expected response code).
`Id. (citing Ex. 1003 ¶¶ 83–90).
`In support of these assertions, Petitioner reasons that “[a] POSITA
`would have been motivated to make such a combination because having
`only the one password transmitted via the computer system is more efficient
`and secure.” Pet. 31 (citing Ex. 1003 ¶ 91). According to Petitioner,
`“Veneklase’s system allows for authentication through user input of a known
`and unknown code at separate times in a two-step process, while a POSITA
`would look to Jonsson because it would provide the added benefit of
`reducing the steps to a single step and thus reducing the amount of time
`required for the authentication process.” Id. Petitioner reasons further that
`“a POSITA would have been motivated to make such a combination because
`
`15
`
`
`
`IPR2023-00425
`Patent 6,993,658 B1
`implementing Veneklase’s authentication system with the algorithm of
`Jonsson’s system provides an additional layer of security.” Id. at 31–32.
`In addition, Petitioner asserts that Veneklase “explicitly discloses
`embodiments in which data streams are encoded and decoded using
`algorithms for additional security.” Pet. 32 (citing Ex. 1005, 9:26–10:11;
`KSR, 550 U.S. at 418–419). Thus, according to Petitioner, “a POSITA
`would have been motivated to use an algorithm for creating a new password
`based on the known password and the previously-unknown randomly
`generated code, such as described in Jonsson, to provide additional
`security.” Id. (citing Ex. 1003 ¶ 92). And, Petitioner asserts that “[a]
`POSITA would further be motivated to combine Veneklase and Jonsson
`because the combination merely uses a known technique to improve similar
`devices in the same way.” Id. at 33 (citing KSR 550 U.S. at 401).
`Patent Owner contends that “modifying Veneklase’s system by
`abolishing the two-step authentication process, as proposed by Petitioner,
`would violate Veneklase’s principle of operation.” Prelim. Resp. 17.
`According to Patent Owner, “this two-step authentication process is a key
`feature of Veneklase’s principle of operation, and a POSITA would not seek
`to remove steps as Petitioner proposes.” Id. (citing Ex. 1005, 7:16–28).
`Patent Owner contends that “the proposed modification of Veneklase is far
`too drastic to be considered obvious, and thus the combination of Veneklase
`and Jonsson fails to render claim 5 obvious.” Id. at 18 (citing MPEP
`§ 2143.01(VI); Plas-Pak Indus. v. Sulzer Mixpac AG, 600 F. App’x. 755,
`758 (Fed. Cir. 2015)).
`We disagree with Patent Owner’s arguments. Veneklase is directed to
`“a security and/or access restriction system . . .which is adapted to grant only
`
`16
`
`
`
`IPR2023-00425
`Patent 6,993,658 B1
`authorized users access to a computer system and/or to certain data which
`may be resident within the computer system and/or resident within a
`communications channel and/or other communications medium.” Ex. 1005,
`1:5–12. Patent Owner has not adequately demonstrated that the two-step
`authentication process is a key feature of Veneklase’s principle of operation
`such that the proposed modification would render Veneklase’s system
`inoperable. Rather, Patent Owner relies on unsupported attorney argument.
`See PO Resp. 17–18.
`Incorporating Jonsson’s teachings related to using an algorithm to
`create a new password would not destroy the principle of operation of
`Veneklase’s security system because it only changes how Veneklase
`accomplishes its goal of preventing unauthorized access to a computer
`system, rather than defeating its goal of preventing such access. See In re
`Mouttet, 686 F. 3d 1322, 1332 (Fed. Cir. 2012). Further, we do not agree
`that Plas-Pak (a nonprecedential decision) supports the Patent Owner’s
`contention that the proposed combination impermissibly changes
`Veneklase’s principle of operation as Patent Owner has not identified
`differences between the two authentication processes that would be
`“unlikely to motivate a person of ordinary skill to pursue” the proposed
`combination. Plas-Plak, 600 F. App'x at 757-59.
`Patent Owner contends that “Petitioner provides zero evidence that
`the security of its proposed combination is superior to the existing multi-
`layer/level security in Veneklase.” Prelim. Resp. 19. Thus, according to
`Patent Owner, “there is no motivation to combine Veneklase and Jonsson.”
`Id. at 20.
`
`17
`
`
`
`IPR2023-00425
`Patent 6,993,658 B1
`We disagree with Patent Owner’s arguments. Petitioner does not
`propose modifying Veneklase to include Jonsson’s teachings solely because
`the security of the proposed combination is superior to the security in
`Veneklase. Rather, Petitioner asserts that “[a] POSITA would have been
`motivated to make such a combination because having only the one
`password transmitted via the computer system is more efficient and secure.”
`Pet. 31 (citing Ex. 1003 ¶ 91). The Petition explains how the combination is
`more efficient in that it requires only a single step which reduces the amount
`of time required for the authentication process. Id. Moreover, the Petition
`explains how the proposed combination is more secure than Veneklase’s
`system in that it prevents unauthorized persons from accessing the computer
`system by engaging in SIM swapping. Id. at 32.
`Patent Owner contends that the portion of Veneklase cited by
`Petitioner in support of its assertion that Veneklase provides explicit
`motivation for using Jonsson’s algorithm in Veneklase’s system “does not
`pertain to an algorithm.” Prelim. Resp. 20 (citing Pet. 32 (citing Ex. 1005,
`9:20–10:11)).
`We disagree with Patent Owner’s argument. Petitioner asserts that
`Veneklase “explicitly discloses embodiments in which data streams are
`encoded and decoded using algorithms for additional security.” Pet. 32
`(citing Ex. 1005, 9:26–10:11). The cited portion of Exhibit 1005 discloses,
`in relevant part, that
`System 70, as further shown, includes a data stream dividing
`means 74 which in one embodiment comprises a commercially
`available one input and two channel output time division or
`statistical multiplexor which samples the bits of received data
`and places, in a certain predetermined manner (e.g. alternately)
`some of the received data bits onto the first communications
`
`18
`
`
`
`IPR2023-00425
`Patent 6,993,658 B1
`channel 76 and some of the received data bits onto the second
`communications channel 78. In this manner, one attempting to
`wrongfully intercept and/or access the data stream 72 would need
`access to both communications channels 76, 78 and would need
`to know the dividing algorithm that dividing means 74 utilizes to
`divide the received data for placement onto channels 76,78.
`Ex. 1005, 9:33–48.
`The cited portion further states, in relevant part, that
`security system 70 further includes a decoding means 88 which
`may comprise a commercially available microprocessor
`operating under stored algorithmic program control and which
`contains “mirror image” of the algorithm used to divide the data
`stream transmitted to it by means 74. In this manner, the data
`from each of the channels 76,78 is reconstituted onto single
`channel 89, in substantially the exact same manner that it was
`received by means 74.
`Id. at 9:50–58.
`b) Limitation [5.4]: a communication module configured to
`transmit the token to the personal communication device
`through the cell phone network;
`Petitioner asserts that “Veneklase discloses that ‘host computer 402
`checks the received identification code and cross references the received
`password code against a pager phone number list resident within the user
`table 414 which is stored within computer 402.’” Pet. 35 (quoting Ex. 1005,
`8:1–5). Petitioner asserts further that “the generated random number code
`and pager number are passed ‘to the commercially available and
`conventional automatic dialer 418,’ which ‘telephones the conventional
`and commercially available pager 420 by means of conventional and
`commercially available communication channel 422 (e.g., voice line) and
`
`19
`
`
`
`IPR2023-00425
`Patent 6,993,658 B1
`transmits the code to the user’s pager.’” Id. (citing Ex. 1005, 7:52–8:17,
`Fig. 6). 9
`Thus, according to Petitioner, “Veneklase teaches a communication
`module (e.g., automatic phone/pager dialer 418) configured to transmit the
`token to the personal communication device through the cell phone network
`(e.g., transmit the random code through communication channel 422).”
`Pet. 37 (citing Ex. 1003 ¶¶ 97–100). Petitioner asserts that “[a] POSITA
`would have understood that the ‘conventional and commercially available
`communication channel 422’ described in Veneklase is the same type of cell
`phone network disclosed in the ’658 patent, which repeatedly makes clear
`that it covers both networks that communicate with cell phones and those
`that communicate with pagers.” Id. at 36
`Patent Owner agrees that “Veneklase’s system uses the received
`password (i.e., the first step in the two-step process) to lookup the user’s
`phone number and transmit the randomly generated code to the user.”
`Prelim. Resp. 22–23 (quoting Ex. 1005, 8:2–15; 6:10–37). Noting that
`“Petitioner’s proposed combination includes replacing Veneklase’s two-step
`authentication process (i.e., user transmiss
Accessing this document will incur an additional charge of $.
After purchase, you can access this document again without charge.
Accept $ Charge
Still Working On It
This document is taking longer than usual to download. This can happen if we need to contact the court directly to obtain the document and their servers are running slowly.
Give it another minute or two to complete, and then try the refresh button.
A few More Minutes ... Still Working
It can take up to 5 minutes for us to download a document if the court servers are running slowly.
Thank you for your continued patience.
This document could not be displayed.
We could not find this document within its docket. Please go back to the docket page and check the link. If that does not work, go back to the docket and refresh it to pull the newest information.
Your account does not support viewing this document.
You need a Paid Account to view this document. Click here to change your account type.
Your account does not support viewing this document.
Set your membership
status to view this document.
With a Docket Alarm membership, you'll
get a whole lot more, including:
- Up-to-date information for this case.
- Email alerts whenever there is an update.
- Full text search for other cases.
- Get email alerts whenever a new case matches your search.
One Moment Please
The filing “” is large (MB) and is being downloaded.
Please refresh this page in a few minutes to see if the filing has been downloaded. The filing will also be emailed to you when the download completes.
Your document is on its way!
If you do not receive the document in five minutes, contact support at support@docketalarm.com.
Sealed Document
We are unable to display this document, it may be under a court ordered seal.
If you have proper credentials to access the file, you may proceed directly to the court's system using your government issued username and password.
Access Government Site
