Trials@uspto.gov
`571-272-7822
`
`Paper 33
`Entered: July 12, 2024
`
`UNITED STATES PATENT AND TRADEMARK OFFICE
`
`BEFORE THE PATENT TRIAL AND APPEAL BOARD
`
`UNIFIED PATENTS, LLC,
`Petitioner,
`v.
`DYNAPASS IP HOLDINGS LLC,
`Patent Owner.
`
`IPR2023-00425
`Patent 6,993,658 B1
`
`
`
`
`
`
`
`
`
`Before KEVIN F. TURNER, LYNNE H. BROWNE, and
`JASON M. REPKO, Administrative Patent Judges.
`BROWNE, Administrative Patent Judge.
`
`DECISION
`Final Written Decision
`Determining Some Challenged Claims Unpatentable
`35 U.S.C. § 314
`
`
`
`
`
`
`
`
`571-272-7822
`
`Paper 33
`Entered: July 12, 2024
`
`UNITED STATES PATENT AND TRADEMARK OFFICE
`
`BEFORE THE PATENT TRIAL AND APPEAL BOARD
`
`UNIFIED PATENTS, LLC,
`Petitioner,
`v.
`DYNAPASS IP HOLDINGS LLC,
`Patent Owner.
`
`IPR2023-00425
`Patent 6,993,658 B1
`
`
`
`
`
`
`
`
`
`Before KEVIN F. TURNER, LYNNE H. BROWNE, and
`JASON M. REPKO, Administrative Patent Judges.
`BROWNE, Administrative Patent Judge.
`
`DECISION
`Final Written Decision
`Determining Some Challenged Claims Unpatentable
`35 U.S.C. § 314
`
`
`
`
`
`
`
`
`
`IPR2023-00425
`Patent 6,993,658 B1
`
`INTRODUCTION
`I.
`We have authority to hear this inter partes review under 35 U.S.C.
`§ 6. This Final Written Decision is issued pursuant to 35 U.S.C. § 318(a)
`and 37 C.F.R. § 42.73. For the reasons discussed below, we determine that
`Petitioner, Unified Patents, LLC has shown by a preponderance of the
`evidence that claim 5 of U.S. Patent No. 6,993,658 B1 (Ex. 1001, “the ’658
`Patent”) is unpatentable and has not shown by a preponderance of the
`evidence that claims 1, 3, 4, and 6 are unpatentable. See 35 U.S.C. § 316(e)
`(2018); 37 C.F.R. § 42.1(d) (2019).
`A. Procedural History
`The Petition (Paper 1, “Pet.” or “Petition”) requested inter partes
`review of claims 1 and 3–6 of the ’658 Patent. Patent Owner, Dynapass IP
`Holdings, LLC, filed a Preliminary Response. Paper 8. Based upon the
`record at that time, we instituted inter partes review on all challenged claims
`on the grounds presented in the Petition. Paper 9.
`After institution, Patent Owner filed a Response (Paper 13, “PO
`Resp.”), Petitioner filed a Reply (Paper 16, “Pet. Reply”), and Patent Owner
`filed a Sur-reply (Paper 19, “PO Sur-reply”).
`On April 16, 2024, an oral hearing was held. The transcript of this
`hearing was entered in the record of this proceeding as Paper 31 (“Tr.”).
`During the oral hearing, Petitioner, for the first time, asserted that Patent
`Owner
`the
`filed amended infringement contentions in one of
`corresponding District Court cases . . . which alleged that
`infringement of the claim passcode limitation is met by the
`password that the user uses for login or other information that is
`known to the user, such as the username or in termination that
`references or is an alias to the username.
`
`2
`
`
`
`IPR2023-00425
`Patent 6,993,658 B1
`Tr. 12.
`On April 17, 2024, we ordered additional briefing on two questions:
`1) is it too late for Petitioner to file a copy of the infringement contentions
`argued at oral argument; and 2) if the infringement contentions are allowed
`to be entered, what if any, weight should we give to a position taken by
`Patent Owner in a different, albeit related, proceeding (i.e., district court
`litigation). Paper 27 (“Order”). Petitioner filed a Supplemental Brief (Paper
`28, “Pet. Supp.”), and Patent Owner filed a Response (Paper 30, “PO Resp.
`to Supp.”).
`B. Real Parties in Interest
`Petitioner identifies itself, Unified Patents, LLC, as the only real
`party-in-interest. Pet. 79. Patent Owner identifies itself, Dynapass IP
`Holdings LLC and DynaPass Inc., as the only real parties-in-interest.
`Paper 3, 1.
`C. Related Matters
`The parties identify the following as related district court matters:
`Dynapass IP Holdings LLC v. Regions Financial Corporation, 2:22-cv-
`00215 (EDTX 6-17-2022), Dynapass IP Holdings LLC v. JPMorgan Chase
`& Co., 2:22-cv-00212 (EDTX 6-17-2022), Dynapass IP Holdings LLC
`v. PlainsCapital Bank, 2:22-cv-00213 (EDTX 6-17-2022), Dynapass IP
`Holdings LLC v. Woodforest National Bank, 2:22-cv-00218 (EDTX 6-17-
`2022), Dynapass IP Holdings LLC v. Bank of America Corporation, 2:22-
`cv-00210 (EDTX 6-17-2022), Dynapass IP Holdings LLC v. Wells Fargo &
`Company, 2:22-cv-00217 (EDTX 6-17-2022), Dynapass IP Holdings LLC
`v. Truist Financial Corporation, 2:22-cv-00216 (EDTX 6-17-2022),
`Dynapass IP Holdings LLC v. PNC Financial Services, 2:22-cv-00214
`
`3
`
`
`
`IPR2023-00425
`Patent 6,993,658 B1
`(EDTX 6-17-2022), Dynapass IP Holdings LLC v. BOKF, National
`Association, 2:22-cv-00211 (EDTX 6-17-2022), Dynapass Inc. v. Mobile
`Authentication Corporation, 8:18-cv-01173 (C.D. Cal. 7-3-2018). Pet. 80–
`81; Paper 3, 1–2.
`Patent Owner also identifies Bank of America, N.A. v. Dynapass IP
`Holdings LLC, IPR2023-00367 (filed January 3, 2022) as a related matter.
`Paper 3, 2.
`D. The ’658 Patent
`The ’658 Patent is titled “Use of Personal Communication Devices
`For User Authentication.” Ex. 1001, code (54). The invention “relates
`generally to the authentication of users of secure systems and, more
`particularly, the invention relates to a system through which user tokens
`required for user authentication are supplied through personal
`communication devices such as mobile telephones and pagers.” Id. at
`1:7–11.
`One embodiment of the invention provides a password setting system
`that includes a user token server and a communication module wherein a
`user token server generates a random token in response to a request for a
`new password from a user. Ex. 1001, 1:63–2:2. “The server creates a new
`password by concatenating a secret passcode that is known to the user with
`the token” and “sets the password associated with the user’s user ID to be
`the new password.” Id. at 2:2–6. A “communication module transmits the
`token to a personal communication device, such as a mobile phone or a
`pager carried by the user.” Id. at 2:6–8. Then, the user concatenates the
`secret passcode with the received token in order to form a valid password,
`which the user submits to gain access to the secure system. Id. at 2:8–11.
`
`4
`
`
`
`IPR2023-00425
`Patent 6,993,658 B1
`Figure 1, reproduced below, “illustrates an overview, including
`system components, of a user authentication system 100 according to a
`preferred embodiment of the present invention.” Ex. 1001, 4:2–4.
`
`
`
`As shown in Figure 1, user authentication system 100 includes
`authentication Server 102, text messaging Service provider 104, personal
`communication device 106 carried by user 108, and secure system 110 to
`which the authentication system 100 regulates access. Id. at 4:9–13.
`“[P]ersonal communication device 106 is preferably a pager or a mobile
`phone having SMS (short message Service) receive capability.” Id. at 4:13–
`15. Secure system 110 can be “any system, device, account, or area to
`which it is desired to limit access to authenticated users.” Id. at 4:18–20.
`
`5
`
`
`
`IPR2023-00425
`Patent 6,993,658 B1
`User authentication server 102 is configured to require that user 108
`supply authentication information through secure system 110 in order to
`gain access to secure system 110. Ex. 1001, 4:32–35. Authentication
`information provided by the user includes user ID 152, passcode 154 and
`user token 156. Id. at 4:36–37. User ID 152 may be publicly known and
`used to identify the user and passcode 154 is secret and only known to the
`user 108, whereas token 156 is provided only to user 108 by user
`authentication server 102 through personal communication device 106. Id.
`at 4:39–44. To gain access to secure system 100, user 108 combines token
`156 with passcode 154 to form password 158. Id. at 4:52–53. Thus, user
`108 needs to have personal communication device 106 in order to gain
`access to secure system 110. Id. at 4:46–48. Further, token 156 has a
`limited lifespan, such as 1 minute or 1 day. Id. at 4:44–45.
`E. Challenged Claims
`Petitioner challenges claims 1 and 3–6. Pet. 1. Claims 1 and 5,
`reproduced below with Petitioner’s identifiers included, are the independent
`claims at issue in this proceeding. Ex. 1001, 11:43–12:13, 12:20–47.
`Claims 3 and 4 depend from claim 1 and claim 6 depends from claim 5. Id.
`at 12:16–19, 12:48–52.
`1.
`[1.0] A method of authenticating a user on a first secure
`computer network, the user having a user account on said first
`secure computer network, the method comprising:
`[1.1] associating the user with a personal communication device
`possessed by the user, said personal communication device in
`communication over a second network, wherein said second
`network is a cell phone network different from the first secure
`computer network;
`
`6
`
`
`
`IPR2023-00425
`Patent 6,993,658 B1
`[1.2] receiving a request from the user for a token via the
`personal communication device, over the second network;
`[1.3] generating a new password for said first secure computer
`network based at least upon the token and a passcode, wherein
`the token is not known to the user and wherein the passcode is
`known to the user;
`[1.4] setting a password associated with the user to be the new
`password;
`[1.5] activating access the user account on the first secure
`computer network;
`[1.6] transmitting the token to the personal communication
`device;
`[1.7] receiving the password from the user via the first secure
`computer network, and
`[1.8] deactivating access to the user account on the first secure
`computer network within a predetermined amount of time after
`said activating, such that said user account is not accessible
`through any password, via said first secure computer network.
`5.
`[5.0] A user authentication system comprising:
`[5.1] a computer processor,
`[5.2] a user database configured to associate a user with a
`personal communication device possessed by the user, said
`personal communication device configured to communicate
`over a cell phone network with the user authentication system;
`[5.3] a control module executed on the computer processor
`configured to create a new password based at least upon a token
`and a passcode, wherein the token is not known to the user and
`wherein the passcode is known to the user, the control module
`further configured to set a password associated with the user to
`be the new password;
`[5.4] a communication module configured to transmit the token
`to the personal communication device through the cell phone
`network, and
`
`7
`
`
`
`IPR2023-00425
`Patent 6,993,658 B1
`[5.5] an authentication module configured to receive the
`password from the user through a secure computer network,
`said secure computer network being different from the cell
`phone network, [5.6] wherein the user has an account on the
`secure computer network, wherein the authentication module
`activates access to the account in response to the password and
`deactivates the account within a predetermined amount of time
`after activating the account, such that said account is not
`accessible through any password via the secure computer
`network.
`Ex. 1001, 11:43–12:13, 12:20–47.
`F. Prior Art and Asserted Grounds
`Petitioner asserts that claims 1 and 3–6 would have been unpatentable
`on the following grounds:
`Claim(s) Challenged
`35 U.S.C. §
`5
`103
`1, 3–6
`103
`
`Reference(s)/Basis
`Veneklase,1 Jonsson2
`Kew, 3 Sormunen4
`
`
`
`G. Evidence
`Petitioner supports its challenged with the Declaration of Bruce
`McNair (Ex. 1003) and the Supplement Declaration of Bruce McNair (Ex.
`1024). Patent Owner supports its Response with the Declaration of Rajeev
`Surati (Ex. 2003).
`H. Consideration of Infringement Contentions
`Petitioner contends that “(1) the Board may consider a party’s
`inconsistent positions from a different venue at the oral argument state of
`
`
`1 EP 0 844 551 A2, published May 27, 1998 (“Veneklase”) (Ex. 1005).
`2 WO 96/00485, published January 4, 1996 (“Jonsson”) (Ex. 1006).
`3 WO 95/19593, published July 20, 1995 (“Kew”) (Ex. 1007).
`4 WO 97/31306, published August 28, 1997 (“Sormunen”) (Ex. 1008).
`
`8
`
`
`
`IPR2023-00425
`Patent 6,993,658 B1
`this proceeding; and (2) [Patent Owner’s] contradictory statements should be
`given significant weight.” Pet. Supp. 1. Petitioner contends that “[t]he
`Board has broad discretion as to the conduct of the proceeding, including for
`issues not specifically addressed by the rules, and “may waive or suspend a
`requirement . . . . and place conditions on the waiver or suspension,” citing
`37 C.F.R. §§ 42.5(a) and (b). Id.
`Turning to the specifics of this Proceeding and the Board’s first
`question for which additional briefing was authorized, Petitioner contends
`that it was Patent Owner’s “noncompliance with mandatory discovery (Rule
`42.51(b)(1)(iii)) and duty of candor” that led Petitioner to identify during
`oral argument what Petitioner asserts is Patent Owner’s inconsistent
`position. Id. Petitioner contends that while there is a general prohibition to
`the introduction of new evidence at an oral hearing, Patent Owner’s failure
`to serve amended infringement contentions (Ex. 1026) when it filed its Sur-
`reply was in violation of mandatory disclosure requirements and the duty of
`candor owed by parties to the Board. Id. Under these circumstances
`Petitioner contends the Board can and should waive this rule. Id. at 2 (citing
`Dell Inc. v. Acceleron, LLC, 884 F.3d 1364, 1369-70 (Fed. Cir. 2018)).
`In answer to the Board’s second question, Petitioner contends that
`“Ex. 1026 should be afforded significant weight because it refutes [Patent
`Owner’s] arguments and discredits its expert’s verbatim assertions, while
`supporting Kew’s disclosure of the claimed ‘passcode’ of limitation [5.3].”
`Pet. Supp. 2.
`Patent Owner responds that it complied with mandatory discovery and
`the duty of candor. PO Resp. to Supp. 1–3. Specifically, Patent Owner also
`responds that the “infringement contentions have been publicly available
`
`9
`
`
`
`IPR2023-00425
`Patent 6,993,658 B1
`since December 8, 2023, on the EDTX docket in the JPMorgan Chase
`consolidated case (exhibits to Dkt. 153), more than four months before oral
`argument” and “that proceeding was identified as a related matter in Patent
`Owner’s Mandatory Notices.” Id. at 1 (citing Paper 3). Patent Owner
`further responds that Rule 42.51(b)(1)(iii) applies only to “relevant
`information that is inconsistent with a position advanced by the party during
`the proceeding” and that the rule does not apply in the present instance
`because “the infringement contentions do not contain an inconsistent
`position.” Id. at 2.
`Turning to the Board’s first question, Patent Owner contends that its
`position in the infringement contentions is not inconsistent with its position
`in this Proceeding because it has never argued that the claimed ‘passcode’
`could not be a username. Instead, Patent Owner argued that “the claimed
`‘passcode’ could not be Kew’s ‘user identification code.’” Id. at 3. Thus,
`Patent Owner contends that “it is too late for Petitioner to file a copy of the
`infringement contentions.” PO Resp. to Supp. 1.
`In answer to the Board’s second question, Patent Owner contends that
`“the infringement contentions should be afforded no weight because they do
`not contain an inconsistent position.” PO Resp. to Supp. 3.
`We agree with Patent Owner that it is too late for Petitioner to file a
`copy of the infringement contentions and argue that Patent Owner’s position
`in this Proceeding is inconsistent with its position in that proceeding.
`Petitioner had ample opportunity to raise its arguments about the
`infringement contentions well before the oral hearing. PO Resp. to Supp. 2.
`Patent Owner complied with our mandatory notice provision. Further, we
`agree with Patent Owner that its position in the infringement contentions is
`
`10
`
`
`
`IPR2023-00425
`Patent 6,993,658 B1
`not inconsistent with its position in this proceeding. Paper 3, 1. For these
`reasons, we decline to exercise our authority under 37 C.F.R. § 42.5(b) to
`consider the infringement contentions and the new arguments during an oral
`hearing.
`
`II. ANALYSIS
`Principles of Law: Obviousness
`A.
`A claim is unpatentable as obvious under 35 U.S.C. § 103 if the
`differences between the subject matter sought to be patented and the prior art
`are such that the subject matter as a whole would have been obvious to a
`person having ordinary skill in the art to which said subject matter pertains.
`KSR Int’l Co. v. Teleflex Inc., 550 U.S. 398, 406 (2007). The question of
`obviousness is resolved on the basis of underlying factual determinations,
`including: (1) the scope and content of the prior art; (2) any differences
`between the claimed subject matter and the prior art; (3) the level of skill in
`the art; and (4) objective evidence of nonobviousness, i.e., secondary
`considerations.5 See Graham v. John Deere Co. of Kansas City, 383 U.S. 1,
`17–18 (1966).
`The Supreme Court has made clear that we apply “an expansive and
`flexible approach” to the question of obviousness. KSR, 550 U.S. at 415.
`Whether a patent claiming the combination of prior art elements would have
`been obvious is determined by whether the improvement is more than the
`predictable use of prior art elements according to their established functions.
`Id. at 417. Reaching this conclusion, however, requires more than a mere
`showing that the prior art includes separate references covering each
`
`
`5 The current record does not present or address any evidence of
`nonobviousness.
`
`11
`
`
`
`IPR2023-00425
`Patent 6,993,658 B1
`separate limitation in a claim under examination. Unigene Labs., Inc. v.
`Apotex, Inc., 655 F.3d 1352, 1360 (Fed. Cir. 2011). Rather, obviousness
`requires the additional showing that a person of ordinary skill would have
`selected and combined those prior art elements in the normal course of
`research and development to yield the claimed invention. Id.
`B. Level of Ordinary Skill in the Art
`In determining the level of skill in the art, we consider the type of
`problems encountered in the art, the prior art solutions to those problems, the
`rapidity with which innovations are made, the sophistication of the
`technology, and the educational level of active workers in the field.
`Custom Accessories, Inc. v. Jeffrey-Allan Indus. Inc., 807 F.2d 955, 962
`(Fed. Cir. 1986); Orthopedic Equip. Co. v. U.S., 702 F.2d 1005, 1011
`(Fed. Cir. 1983).
`Petitioner contends that a person of ordinary skill in the art
`(“POSITA6”) “for the ’658 Patent would have had at least (1) an
`undergraduate degree in electrical and computer engineering or a closely
`related field; and (2) two or more years of experience in security. EX1001,
`generally; EX1003, ¶¶49-51.” Pet. 5. Patent Owner does not address the
`level of ordinary skill in the art. See generally PO Resp.
`Based on the record presented, including our review of the ’658 Patent
`and the types of problems and solutions described in the patent and the cited
`prior art, we adopt Petitioner’s assessment of the level of ordinary skill in
`the art and apply it for purposes of this Decision.
`
`
`6 Person of ordinary skill in the art.
`
`12
`
`
`
`IPR2023-00425
`Patent 6,993,658 B1
`C. Claim Construction
`We apply the claim construction standard articulated in Phillips
`v. AWH Corp., 415 F.3d 1303 (Fed. Cir. 2005) (en banc), and its progeny.
`Only terms that are in controversy need to be construed, and then only to the
`extent necessary to resolve the controversy. Nidec Motor
`Corp. v. Zhongshan Broad Ocean Motor Co. Matal, 868 F.3d 1013, 1017
`(Fed. Cir. 2017) (in the context of an inter partes review, applying Vivid
`Techs., Inc. v. Am. Sci. & Eng’g, Inc., 200 F.3d 795, 803 (Fed. Cir. 1999)).
`Petitioner states that “all terms should be given their plain meaning.”
`Pet. 6. Yet, Petitioner proposes claim construction for “cell phone network”
`and “[n]ot known to the user.” Pet. 9–13. 7 As these terms are not in
`controversy, we do not construe them.
`“Patent Owner contends that the Board instituted inter partes
`proceedings based, in part, on an incorrect interpretation of claim 5.”
`PO Resp. 9. Specifically, Patent Owner contends that “[t]he plain language
`of claim 5 requires activation of account access in response to generation of
`the claimed ‘new password.’” Id. (citing Ex. 2003 ¶¶ 65–67). Patent Owner
`contends further that “it follows, from the plain language of the claim, that
`creation of that password is a prerequisite to the ‘authentication module
`activat[ing] access to the account in response to the password.’” Id. at 10
`(citing Ex. 1001, 12:27–47; Ex. 2003 ¶¶ 65–67). In addition, Patent Owner
`contends that its “interpretation of claim 5 is also consistent with the
`preliminary construction issued by the Eastern District of Texas” and that we
`
`
`7 Petitioner also acknowledges that the Board may construe some limitations
`as means-plus-function limitations. Pet. 6.
`
`13
`
`
`
`IPR2023-00425
`Patent 6,993,658 B1
`are “required to apply the same claim-construction standard as in Federal
`district court.” Id. at 11.
`Petitioner replies that Patent Owner’s “proposed construction
`improperly attempts to import limitations from the specification into the
`claims, and should be rejected.” Pet. Reply 1 (citing Phillips, 415 F.3d at
`1323). Petitioner replies further that “[n]onetheless, this construction has no
`bearing on the patentability of the challenged claims at least because . . . the
`prior art cited in the Petition renders the challenged claims obvious, even
`under the district court’s construction.” Id. Thus, according to Petitioner, “a
`construction of this term is not necessary to resolve this proceeding.” Id. at
`1–2 (citing Nidec Motor Corp. v. Zhongshan Broad Ocean Motor Co. Matal,
`868 F.3d 1013, 1017 (Fed. Cir. 2017)).
`Patent Owner responds by reiterating its argument that “[t]he Board
`should adopt the same claim construction as the court.” PO Sur-reply 1.
`For there reasons discussed in Section II.D.3 below, we agree with
`Petitioner that for Ground 1, the prior art cited in the Petition renders
`challenged claim 5 obvious, even under the district court’s construction.
`Pet. Reply 1. For the reasons discussed in Section II.D.4 below, Petitioner’s
`challenge is deficient regardless of our construction of this term.
`Accordingly, construction of the term is not necessary to resolve this
`proceeding.
`
`14
`
`
`
`IPR2023-00425
`Patent 6,993,658 B1
`D. Patentability Challenges
`1. Prior Art
`a) Veneklase (Ex. 1005)
`Veneklase is a European Patent application published May 27, 1998.
`Petitioner asserts that Veneklase is prior art under pre-AIA 35 U.S.C. §
`102(a) and (b). Pet. 1.
`Veneklase’s “invention relates to a security and/or access restriction
`system . . . adapted to grant only authorized users access to a computer
`system and/or certain data.” Ex. 1005, 1:5–9. Veneklase is directed to
`preventing exposure and hacking of user passwords (id. at 2:2–21), theft of
`user access cards (id. at 2:22–37), and interception and decryption of
`encryption of keys (id. at 2:37-57). The invention provides “a technique to
`substantially prevent the unauthorized interception and use of transmitted
`data . . . by splitting the data into a plurality of separate communication
`channels, each of which must be ‘broken’ for the entire data stream to be
`obtained.” Id. at 3:3–11.
`In Veneklase’s system individual 18, desiring access to and within
`computer 80, utilizes a first communication channel 82 (e.g., a first
`telephone line, radio channel, and/or satellite channel) and communicates,
`by use of his or her voice or by use of a computer 19, a first password to
`analyzing means 12. Ex. 1005, 6:5–10. “Analyzing means 12 then checks
`and/or compares this first received password with a master password list
`which contains all of the authorized passwords associated with authorized
`entry and/or access to computer 80.” Id. at 6:10–14. If the received
`password matches an entry of the master password list, analyzing means
`12 causes the random code generation means 14 to generate a pseudo-
`
`15
`
`
`
`IPR2023-00425
`Patent 6,993,658 B1
`random number or code and to transmit the number and/or code via a second
`communications channel 84, to the individual 85 associated with the
`received password 202 in the master password list. Id. at 6:27–37. “Once
`the pseudo-random number is received by the analyzing means 12, from
`channel 82, it is compared with the number generated by generation means
`14.” Id. at 6:51–54. If the two codes are substantially the same, entry to
`computer 80 or to a certain part of computer 80 such as the hardware,
`software, or firmware portions of computer 80 is granted to individual 18.
`Id. at 6:54–58.
`b) Jonsson (Ex. 1006)
`Jonsson is a Patent Cooperation Treaty application published January
`4, 1996. Petitioner asserts that Jonsson is prior art under pre-AIA 35
`U.S.C. § 102(a) and (b). Pet. 1.
`Jonsson provides an authentication procedure wherein the user carries
`a personal unit not limited to use with or physically connected to a terminal
`of any one specific electronic service. Ex. 1006, 2:30–34. Jonsson’s
`personal unit includes a receiver for receiving a transmitted challenge code
`and an algorithm unit which processes the challenge code, a user input such
`as a personal identification number (PIN) or electronically recognizable
`signature, and an internally stored security key for calculating a response
`code according to a pre-stored algorithm. Id. at 6:24–29.
`c) Kew (Ex. 1007)
`Kew is a Patent Cooperation Treaty application published July 20,
`1995. Petitioner asserts that Kew is prior art under pre-AIA 35 U.S.C. §
`102(a) and (b). Pet. 1.
`
`16
`
`
`
`IPR2023-00425
`Patent 6,993,658 B1
`Kew’s invention relates to a method for “preventing unauthori[z]ed
`access to a host computer system.” Ex. 1007, 1:3–5. Specifically, Kew
`describes a “method of preventing unauthorized access to a host computer
`system by a user at a remote terminal.” Id. at 1:21–23. In Kew’s method the
`host computer system accepts a user identification code input to the terminal
`by the user and generates a random code (Code A). Id. at 1:24–26. Using a
`transformation algorithm, Kew’s computer system transforms Code A to
`transformed Code B. Id. at 1:27–30. The computer system also transmits
`Code A to user’s receiver which transform’s Code A to transformed Code C.
`Id. at 1:31–34. The user inputs Code C into the remote terminal and the
`computer system compares Code B with Code C, and if the Codes match
`permits access to the host computer system. Id. at 1:36–2:3.
`d) Sormunen (Ex. 1008)
`Sormunen is a Patent Cooperation Treaty application published
`August 28, 1998. Petitioner asserts that Sormunen is prior art under
`pre-AIA 35 U.S.C. § 102(a) and (b). Pet. 1.
`Sormunen’s “invention relates to a method and system for obtaining at
`least one item of user specific authentication data, such as a password and/or
`a user name.” Ex. 1008, 1:3–5. Sormunen discloses the use of mobile
`communication systems including cellular systems, paging systems, and
`mobile phone systems. Id. at 4:36–5:1.
`2. Ground 1: Alleged Obviousness of Independent Claim 5 Based on
`the Combined Teachings of Veneklase and Jonsson
`Petitioner asserts that claim 5 is unpatentable over the combined
`teachings of Veneklase and Jonsson. Pet. 13. Petitioner addresses each
`limitation of claim 5 and provides the testimony of Dr. McNair in support of
`
`17
`
`
`
`IPR2023-00425
`Patent 6,993,658 B1
`its position with respect to each limitation. Pet. 17–46; Ex. 1003 ¶¶ 71–111.
`Patent Owner does not contest Petitioner’s assertions for limitations [5.0]–
`[5.2] of claim 5. For these uncontested limitations, we have considered
`Petitioner’s evidence and arguments, including the relevant testimony of Dr.
`McNair, and find it to be sufficient to show by a preponderance of the
`evidence that Veneklase, either alone or in combination with Jonsson,
`teaches or suggests these limitations. Accordingly, we focus our discussion
`on contested limitations [5.3]–[5.6] and Patent Owner’s arguments regarding
`these limitations.
`a) Limitation [5.3]: a control module executed on the computer
`processor configured to create a new password based at least
`upon a token and a passcode, wherein the token is not known
`to the user and wherein the passcode is known to the user, the
`control module further configured to set a password associated
`with the user to be the new password;
`(1) Petitioner’s Assertions
`Petitioner asserts that “Veneklase in combination with Jonsson teaches
`this limitation.” Pet. 26 (citing Ex. 1003 ¶¶ 83–90). Regarding Veneklase,
`Petitioner asserts that Veneklase discloses assigning a password to the user;
`receiving the password by use of a first communication channel; generating
`a code in response to the received password; transmitting the code to the
`user via a second communications channel; transmitting the code to the
`computer; and allowing access to the computer only after the code is
`transmitted to the computer. Id. (citing Ex. 1005, 4:8–15).
`Specifically, Petitioner asserts that “Veneklase discloses a
`user/password check module (i.e., a control module) located on the host
`computer system 402 (i.e., the computer processor)” and that the
`“user/password check module assigns two passwords, one that is known to
`
`18
`
`
`
`IPR2023-00425
`Patent 6,993,658 B1
`the user and one that is not previously known to the user.” Pet. 26–27
`(citing Ex. 1005, Fig. 6). 8 Petitioner asserts further that “[w]hile Veneklase
`teaches an authentication system in which the user inputs both a token that is
`not known to the user beforehand (e.g., the random code) and a passcode
`that is known to the user (e.g., the received password), it does not disclose
`creating a new password based on those two items.” Id. at 28.
`Turning to Jonsson, Petitioner asserts that Jonsson discloses an
`authentication system that “includes a service node that ‘generates a
`challenge code and requests that the challenge code be sent to the personal
`unit 20 via an authentication challenge network 28’” and that “[t]his
`challenge code generated by the system is a token because it is not known to
`the user before it is generated and sent to the user.” Pet. 28 (citing Ex. 1006,
`4:24–5:6; Ex. 1003 ¶¶ 86–87). Petitioner asserts further that “Jonsson
`discloses the use of a ‘user input such as a personal identification number
`(PIN),’ which by its very nature of being a user defined input, is known to
`the user beforehand” and that “Jonsson discloses an algorithm that
`‘calculates a response code [e.g., new password] based on the received
`challenge code [e.g., token], the user input (e.g., PIN) [e.g., passcode], and
`optionally [a] secret key.’” Pet. 29 (citing Ex. 1006, 3:3–10, 7:5–10, 8:12–
`14, 9:23–25).
`Petitioner asserts that it would have been obvious to combine
`Veneklase’s token and passcode to “create a new password based on both of
`them.” Id. at 28. Petitioner then asserts that “Veneklase’s authentication
`system would incorporate Jonsson’s teachings related to using an algorithm
`
`
`8 Here and for the remainder of this decision, we do not reproduce the
`colored font or bold emphasis used in the Petition.
`
`19
`
`
`
`IPR2023-00425
`Patent 6,993,658 B1
`to create a new password (e.g., response code) based on a known passcode
`(e.g., the received password/PIN) and an unknown token (e.g., the random
`code/challenge code).” Id. at 30 (citing Ex. 1003 ¶¶ 83–89). Thus,
`according to Petitioner,
`Veneklase in combination with Jonsson teaches a control module
`(e.g., user/password check module) executed on the computer
`processor configured to create a new password (e.g., assigning
`a password to the user) based at least upon a token (e.g., random
`code) and a passcode (e.g., received password), wherein the
`token is not known to the user (e.g., generated by the system) and
`wherein the passcode is known to the user (e.g., received from
`the user), the control module further configured to set a
`password associated with the user to be the new password (e.g.,
`set an expected response code).
`Id. (citing Ex. 1003 ¶¶ 83–90).
`In support of these assertions, Petitioner reasons that “[a] POSITA
`would have been motivated to make such a combination because having
`only the one password transmitted via the computer system is more efficient
`and secure.” Pet. 31 (citing Ex. 1003 ¶ 91). According to Petitioner,
`“Veneklase’s system allows for authentication through user input of a known
`and unknown code at separate times in a two-step process, while a POSITA
`would look to Jonsson because it would provide the added benefit of
`reducing the steps to a single step and thus reducing the amount of time
`required for the authentication process.” Id. Petitioner reasons further that
`“a POSITA would have been motivated to make such a combination because
`implementing Veneklase’s authentication system with the algorithm of
`Jonsson’s system provides an additional layer of sec
Accessing this document will incur an additional charge of $.
After purchase, you can access this document again without charge.
Accept $ Charge
Still Working On It
This document is taking longer than usual to download. This can happen if we need to contact the court directly to obtain the document and their servers are running slowly.
Give it another minute or two to complete, and then try the refresh button.
A few More Minutes ... Still Working
It can take up to 5 minutes for us to download a document if the court servers are running slowly.
Thank you for your continued patience.
This document could not be displayed.
We could not find this document within its docket. Please go back to the docket page and check the link. If that does not work, go back to the docket and refresh it to pull the newest information.
Your account does not support viewing this document.
You need a Paid Account to view this document. Click here to change your account type.
Your account does not support viewing this document.
Set your membership
status to view this document.
With a Docket Alarm membership, you'll
get a whole lot more, including:
- Up-to-date information for this case.
- Email alerts whenever there is an update.
- Full text search for other cases.
- Get email alerts whenever a new case matches your search.
One Moment Please
The filing “” is large (MB) and is being downloaded.
Please refresh this page in a few minutes to see if the filing has been downloaded. The filing will also be emailed to you when the download completes.
Your document is on its way!
If you do not receive the document in five minutes, contact support at support@docketalarm.com.
Sealed Document
We are unable to display this document, it may be under a court ordered seal.
If you have proper credentials to access the file, you may proceed directly to the court's system using your government issued username and password.
Access Government Site
