`
`By:
`
`Jordan M. Rossen, Reg. No. 74,064
`Ashraf Fawzy, Reg. No. 67,914
`Unified Patents, LLC
`4445 Willard Ave., Suite 600
`Chevy Chase, MD, 20815
`Email: jordan@unifiedpatents.com
`afawzy@unifiedpatents.com
`
`UNITED STATES PATENT AND TRADEMARK OFFICE
`
`BEFORE THE PATENT TRIAL AND APPEAL BOARD
`
`UNIFIED PATENTS, LLCJPMORGAN CHASE BANK, N.A.
`Petitioner
`v.
`DYNAPASS IP HOLDINGS LLC,
`Patent Owner
`IPR2023-00425
`
`Case No. – Not Yet Assigned
`U.S. Patent No. 6,993,658
`
`PETITION FOR INTER PARTES REVIEW OF U.S. PATENT 6,993,658
`
`PETITION FOR INTER PARTES REVIEW OF
`i
`
`JPMORGAN EXHIBIT 1017
`Page 1 of 100
`
`
`
`U.S. Patent 6,993,658
`Ipr2023-00425 – Petition for Inter Partes Review
`
`TABLE OF CONTENTS
`(continued)
`
`U.S. PATENT 6,993,658
`
`Page
`
`ii
`
`JPMORGAN EXHIBIT 1017
`Page 2 of 100
`
`
`
`U.S. Patent 6,993,658
`IPR2023-00425 – Petition for Inter Partes Review
`TABLE OF CONTENTS
`
`Page
`
`1
`
`1
`1
`2
`2
`5
`6
`6
`
`IntroductionINTRODUCTION
`I.
`II. Overview of Challenge and Relief RequestedOVERVIEW OF CHALLENGE
`AND RELIEF REQUESTED
`A. Prior Art
`B. Grounds for Challenge
`C. U.S. 6,993,658
`D. Prosecution History
`E. Level of Ordinary Skill in the Art
`F. Claim Construction
`1. “a control module…configured to…”; “a communication module
`configured to…”; “an authentication module configured to…”
`2. “Cell phone network”
`3. “Not known to the user”
`III. Grounds of UnpatentabilityGROUNDS OF UNPATENTABILITY
`A. Ground 1: Claim 5 Is Obvious over Veneklase in view of Jonsson
`1. Overview of Veneklase
`2. Overview of Jonsson
`3. Claim 5
`Motivations to Combine Veneklase and Jonsson
`B. Ground 2: Claims 1, 3-6 Are Obvious over Kew in view of Sormunen
`1. Overview of Kew
`2. Overview of Sormunen
`3. Claim 5
`Motivations to Combine Kew and Sormunen
`4. Claim 6
`5. Claim 1
`6. Claim 3
`7. Claim 4
`C. Analogous Art
`
`6
`910
`10
`13
`13
`13
`15
`17
`3031
`4546
`4546
`4849
`4950
`5657
`7071
`7172
`7475
`7677
`7778
`
`i
`
`JPMORGAN EXHIBIT 1017
`Page 3 of 100
`
`
`
`U.S. Patent 6,993,658
`IPR2023-00425 – Petition for Inter Partes Review
`TABLE OF CONTENTS
`(continued)
`
`Page
`
`78MANDATORY NOTICES
`
`IV. Mandatory Notices
`79
`A. Real Party-in-Interest
`B. Related Matters
`C. Petitioner is aware that the ’658 Patent has been challenged in
`8082
`IPR2023-00367 on January 3, 2022.Lead and Back-up Counsel
`8082
`D. Service Information, Email, Hand Delivery, and Postal
`V. Certification Of Grounds For Standing 80CERTIFICATION OF GROUNDS
`FOR STANDING
`83
`VI. DISCRETIONARY INSTITUTION
`84
`A. The General Plastic Factors Favor Institution
`84
`VIB.
`DiscretionaryThe Fintiv Factors Favor Institution
`8185
`C. The Becton Factors Favor Institution
`VII. ConclusionCONCLUSION
`
`7879
`79
`
`87
`8588
`
`ii
`
`JPMORGAN EXHIBIT 1017
`Page 4 of 100
`
`
`
`U.S. Patent 6,993,658
`IPR2023-00425 – Petition for Inter Partes Review
`
`TABLE OF EXHIBITS
`
`Exhibit No.
`
`Description
`
`1001
`
`1002
`
`1003
`
`1004
`
`1005
`
`1006
`
`1007
`
`1008
`
`1009
`
`1010
`
`1011
`
`1012
`
`U.S. Patent 6,993,658
`
`Prosecution History File of Application 09/519,829
`
`Declaration of Bruce McNair (¶¶1-168)
`
`Curriculum Vitae of Bruce McNair
`
`European Patent Application No. 0844510844551 to Veneklase
`(“Veneklase”)
`
`PCT Patent Publication No. WO 96/00485 to Jonsson (“Jonsson”)
`
`PCT Patent Publication No. WO 95/19593 to Kew (“Kew”)
`
`PCT Patent Publication No. WO 97/31306 to Sormunen
`(“Sormunen”)
`Li Gong, “Optimal Authentication Protocols Resistant to
`Password Guessing Attacks,” Proceedings The Eighth IEEE
`Computer Security Foundations Workshop, 1995, pp. 24-29, doi:
`10.1109/CSFW.1995.518549.
`
`U.S. Patent 3,938,091
`
`IETF RFC2289, “A One-Time Password System,” February 1989,
`available at https://www.rfc-editor.org/rfc/rfc2289.html
`
`U.S. Patent 5,276,444
`
`i
`
`JPMORGAN EXHIBIT 1017
`Page 5 of 100
`
`
`
`1013
`
`1014
`
`U.S. Patent 6,993,658
`IPR2023-00425 – Petition for Inter Partes Review
`S.A. Sherman, R. Skibo, R.S. Murray, “Secure Network Access
`Using Multiple Applications of AT&T’s Smart Card,” AT&T
`Technical Journal, September/October 1994
`Lt. Gen. Charles R. Myers, “Vietnam Studies: Division-Level
`Communications, 1962-1973”, US Department of the Army, 1982,
`Ch. 8, retrieved from
`https://history.army.mil/catalog/pubs/90/90-11.html December 13,
`2022.
`Z. J. Haas and S. Paul, “Limited-lifetime shared-access in mobile
`systems,” Proceedings IEEE International Conference on
`Communications ICC ’95, 1995, pp. 1404-1408 vol.3, doi:
`10.1109/ICC.1995.524434
`Mobivity, A Brief History of Text Messaging, Sept. 27, 2012,
`available at
`https://www.mobivity.com/mobivity-blog/a-brief-history-of-text-
`messaging
`Declaration of Kevin Jakel (¶¶115) Redline Comparison of
`Unified Patents’ Petition in IPR2023-00425 and JPMorgan Chase
`Bank, N.A.’s Petition
`
`1015
`
`1016
`
`1017
`
`ii
`
`JPMORGAN EXHIBIT 1017
`Page 6 of 100
`
`
`
`U.S. Patent 6,993,658
`IPR2023-00425 – Petition for Inter Partes Review
`
`I.
`
`INTRODUCTION
`Unified Patents, LLC (“Petitioner” or “UnifiedJPMorgan Chase Bank, N.A.
`
`(“JPMorgan” or “Petitioner”) respectfully submits this Petition for Inter Partes
`
`Review (“IPR”) of claims 1, 3-6 (“Challenged Claims”) of U.S. Patent 6,993,658
`
`(“the ’658 Patent”) (EX1001).
`
`Petitioner authorizes the Patent and Trademark Office to charge Deposit
`
`Account 503013, ref: 080461-000051 for the fees set in 37 C.F.R. § 42.15(a) for
`
`this Petition for Inter Partes Review, and further authorizes payment for any
`
`additional fees to be charged to this Deposit Account.
`
`II. OVERVIEW OF CHALLENGE AND RELIEF REQUESTED
`A.
`Prior Art
`
`The ’658 Patent was filed March 6, 2000.
`
`Veneklase (EX1005) was filed October 22, 1997 and published May 27,
`
`1998. Therefore, Veneklase qualifies as prior art under at least 35 U.S.C.
`
`§§ 102(a) and (b).
`
`Jonsson (EX1006) was filed June 24, 1994 and published January 4, 1996.
`
`Therefore, Jonsson qualifies as prior art under at least 35 U.S.C. §§ 102(a) and (b).
`
`1
`
`JPMORGAN EXHIBIT 1017
`Page 7 of 100
`
`
`
`U.S. Patent 6,993,658
`IPR2023-00425 – Petition for Inter Partes Review
`Kew (EX1007) was filed January 12, 1995 and published July 20, 1995.
`
`Therefore, Kew qualifies as prior art under at least 35 U.S.C. §§ 102(a) and (b).
`
`Sormunen (EX1008) was filed February 6, 1997 and published August 28,
`
`1997. Therefore, Sormunen qualifies as prior art under at least 35 U.S.C.
`
`§§ 102(a) and (b).
`
`B.
`
`Grounds for Challenge
`
`Petitioner requests IPR under 35 U.S.C. § 311 of the Challenged Claims.
`
`They are unpatentable under 35 U.S.C. § 103.
`
`The grounds for challenge include:
`
`round
`
`References
`
`Challenged Claims
`
`Veneklase in view of Jonsson
`
`Kew in view of Sormunen
`
`5
`
`1, 3-6
`
`1G
`
`2
`
`C.
`
`U.S. 6,993,658
`
`The ’658 Patent is directed to “the authentication of users of secure systems,
`
`and, more particularly, the invention relates to a system through which user tokens
`
`required for user authentication are supplied through personal communication
`
`devices such as mobile telephones and pagers.” EX1001, 1:7-11. Specifically, the
`
`’658 Patent describes an authentication system in which “access to the system is
`
`2
`
`JPMORGAN EXHIBIT 1017
`Page 8 of 100
`
`
`
`U.S. Patent 6,993,658
`IPR2023-00425 – Petition for Inter Partes Review
`based upon: nonsecret information known to the user, such as the user ID; secret
`
`information known to the user, such as the passcode; and information provided to
`
`the user through an object possessed by the user, such as the token.” Id., 2:11-15.
`
`As shown in Figure 1, the ’658 Patent teaches that “the user token server
`
`116 generates a token,” and then creates the new password 158 based on the user’s
`
`passcode 154 and the newly generated token 156. Id., 6:59-63.
`
`Id., Fig. 1. “The token server 116 transmits the token 156 to the user’s personal
`
`communication device 106 via the token delivery communication link 105.”
`
`3
`
`JPMORGAN EXHIBIT 1017
`Page 9 of 100
`
`
`
`U.S. Patent 6,993,658
`IPR2023-00425 – Petition for Inter Partes Review
`EX1001, 7:31-33. The ’658 Patent discloses that “[t]he communication module
`
`118 forwards tokens 156 to a text messaging service provider 104, which may be a
`
`pager or mobile phone service provider,” which “then forwards the token 156…to
`
`the personal communication device 106.” Id., 5:34-41.
`
`After receiving the token, “the user 108 logs into the secure system 110
`
`using the user ID 152 and the password 158,” where the password either
`
`“combines the passcode 154 and the token 152” or they are “submitted separately.”
`
`Id., 7:40-45. Once this information is entered into the system by the user, “the
`
`secure system 110 transmits login data 159 to the user authentication server 102
`
`over the computer network 103 for authentication of the user 108” and “[i]n order
`
`to authenticate the user 108, the authentication server 102 preferably compares the
`
`login data to the password 158 (hashed or unhashed) or the passcode 154 and
`
`token 156 (hashed or unhashed) corresponding to the user ID 152 stored in the user
`
`database 114.” Id., 7:46-63. Finally, “[i]f the token has an expiry time, the token
`
`156 expires,” and “upon expiration of the token 156, the control module 402
`
`deactivates the user account in the user database 114.” Id., 9:60-64.
`
`The ’658 Patent has seven claims, including two independent claims. Claim
`
`5 is the broadest claim and will thus be considered first. It is generally directed to
`
`an authentication system involving sending a token over a cell phone network and
`
`4
`
`JPMORGAN EXHIBIT 1017
`Page 10 of 100
`
`
`
`U.S. Patent 6,993,658
`IPR2023-00425 – Petition for Inter Partes Review
`receiving a password based on the token and a passcode over a second network.
`
`EX1001, 12:12:20-49. Claim 1 is a method claim with similar elements, which
`
`also requires that the system receive a request via a token over the cell phone
`
`network. Id., 11:43-12:13. EX1003, ¶¶52-59.
`
`D.
`
`Prosecution History
`
`The ’658 Patent was filed on March 6, 2000. On March 11, 2004, Applicant
`
`responded to a rejection by arguing that Menezes could not meet the claimed
`
`element “generating a new password based at least upon a token and a passcode”
`
`and “receiving the password from the user,” because Menezes’ system did not use
`
`a new token each time a login was requested and because the token was never sent
`
`to the user. EX1002, 109-124.
`
`On May 12, 2005, Applicant responded to a final rejection by filing an RCE
`
`and heavily amending the claims to require additional elements, including a cell
`
`phone network, activation in response to the password, and deactivation within a
`
`predetermined amount of time. EX1002, 59-64.
`
`On July 21, 2005, the Examiner issued a Notice of Allowance with an
`
`examiner’s amendment adding “a computer processor” and noting that “no art
`
`could be found wherein the transaction for determining the password in the setting
`
`up of a new calling-card-derived temporary network account is performed entirely
`
`5
`
`JPMORGAN EXHIBIT 1017
`Page 11 of 100
`
`
`
`U.S. Patent 6,993,658
`IPR2023-00425 – Petition for Inter Partes Review
`over a connection other than that used by eventual network account. EX1002,
`
`45-49. EX1003, ¶¶60-62.
`
`E.
`
`Level of Ordinary Skill in the Art
`
`A POSITA for the ’658 Patent would have had at least (1) an undergraduate
`
`degree in electrical and computer engineering or a closely related field; and (2) two
`
`or more years of experience in security. EX1001, generally; EX1003, ¶¶49-51.
`
`F.
`
`Claim Construction
`
`In post-grant proceedings, claims are construed under the same standard as
`
`they would be construed by Article III courts. See 37 C.F.R. § 42.100(b). At this
`
`time, Petitioner submits that the claims are obvious under any reasonable
`
`construction, but submits that all terms should be given their plain meaning.
`
`EX1003, ¶¶22-24. Petitioner addresses certain limitations below.
`
`“a control module…configured to…”; “a communication
`1.
`module configured to…”; “an authentication module configured to…”
`Some limitations recite a specific module that is “configured to” perform
`
`certain functions, such as create a new password based on certain factors, transmit
`
`a token, or receive a password and activate access to an account. Since “means” is
`
`not used, there is a rebuttable presumption against applying 35 U.S.C. § 112 ¶6
`
`(“Paragraph 6”) to these limitations. Williamson v. Citrix Online, LLC, 792 F.3d
`
`1339, 1346 (Fed. Cir. 2015) (en banc) . Given the absence of evidence showing
`
`6
`
`JPMORGAN EXHIBIT 1017
`Page 12 of 100
`
`
`
`U.S. Patent 6,993,658
`IPR2023-00425 – Petition for Inter Partes Review
`that the claims lack sufficient structure, Paragraph 6 should not apply. Dyfan, LLC
`
`v. Target Corp., 28 F.4th 1360 (Fed. Cir. 2022).
`
`The Board may reach obviousness whether Paragraph 6 applies and even if
`
`the claims are indefinite. Intel Corp. v. Qualcomm Inc., 21 F.4th 801, 813-14
`
`(Fed. Cir. 2021) (obviousness determination of indefinite means-plus-function
`
`claims possible, as indefiniteness precludes a patentability finding “only when the
`
`indefiniteness renders it logically impossible” to assess obviousness); see also
`
`Huawei Techs. Co. v. WSOU Invs., LLC, IPR2021-00226, Paper 10, 22 (P.T.A.B.,
`
`June 10, 2021) (construction of potential means-plus-function terms unnecessary at
`
`the institution stage).1 And Paragraph 6 is inapplicable if the limitations have
`
`sufficient structure. Here, the claims recite algorithms that comprise receiving
`
`data, sending data, and storing data—all features of generic computers. See In re
`
`Katz Interactive Call Processing Patent Litig., 639 F.3d 1303, 1316 (Fed. Cir.
`
`2011) (algorithms unnecessary for functions
`
`like receiving, storing, and
`
`processing). In addition, the claimed modules “describe[] adequate structure for
`
`1 Here, the prior art teachings are consistent with the specification’s disclosure for
`
`these claims, and the general public has an interest in the determination of
`
`patentability of the method claims, to which Paragraph 6 does not apply.
`
`Therefore, Petitioner requests IPR even if some claims are indefinite.
`
`7
`
`JPMORGAN EXHIBIT 1017
`Page 13 of 100
`
`
`
`U.S. Patent 6,993,658
`IPR2023-00425 – Petition for Inter Partes Review
`transmitting that motion data through conventional software and hardware.” Blast
`
`Motion v. Zepp Labs, 2017 WL 476428, *17 (Fed. Cir. 2017) (finding
`
`communications module not governed by 112(f)).
`
`To
`
`the extent
`
`that
`
`it
`
`is determined
`
`that
`
`the module
`
`terms are
`
`means-plus-function, they should be given the following constructions:
`
`a.
`
`“a control module…configured to”
`
`The ’658 Patent claims “a control module executed on the computer
`
`processor configured to” perform the following function: “create a new password
`
`based at least upon a token and a passcode” and “set a password associated with
`
`the user to be the new password.” EX1001, 12:27-33. The specification provides
`
`the corresponding structure for the claimed function to be software executed on a
`
`“server” that performs the following algorithm: (1) associates user ID with
`
`passcode and phone number of user’s personal communication device, (2)
`
`generates a new password, and (3) sets or rests the password associated with the
`
`user ID. See, e.g., EX1001, 2:32-48, 8:2-8, 8:53-9:44, Figs. 1, 4, 5; see also WMS
`
`Gaming v. International Game Technology, 184 F.3d 1339, 1349 (Fed. Cir. 1999).
`
`EX1003, ¶¶29-30.
`
`8
`
`JPMORGAN EXHIBIT 1017
`Page 14 of 100
`
`
`
`U.S. Patent 6,993,658
`IPR2023-00425 – Petition for Inter Partes Review
`b.
`“a communication module configured to”
`
`The ’658 Patent claims “a communication module configured to” perform
`
`the following function: “transmit the token to the personal communication device
`
`through the cell phone network.” EX1001, 12:34-36. The specification provides
`
`the corresponding structure for the claimed function to be one of: (1) a mobile
`
`device with messaging capabilities, (2) a phone dialer, or (3) a connection card
`
`connected to a messaging service provider. See, e.g., EX1001, 2:39-42, 5:66-6:1,
`
`6:18-20, 10:14-41, Fig. 1. EX1003, ¶31.
`
`c.
`
`“an authentication module configured to”
`
`The ’658 Patent claims “an authentication module configured to” perform
`
`the following function: “receive the password from the user through a secure
`
`computer network” and “activate[] access to the account in response to the
`
`password and deactivates the account within a predetermined amount of time after
`
`activating the account.” EX1001, 12:37-45. The specification provides the
`
`corresponding structure for the claimed function to be software similar to that
`
`provided with operating systems executed on a “server” that performs the
`
`following algorithm: (1) receive a submitted password in response to a request for
`
`authentication and (2) grant access to the user if the submitted password matches
`
`the valid password. See, e.g., EX001, 3:4-25, 5:3-10. Fig. 1. EX1003, ¶32.
`
`9
`
`JPMORGAN EXHIBIT 1017
`Page 15 of 100
`
`
`
`U.S. Patent 6,993,658
`IPR2023-00425 – Petition for Inter Partes Review
`2.
`“Cell phone network”
`Claims 1 and 5 of the ’658 Patent require that the personal communication
`
`device communicates over a cell phone network. The ’658 Patent does not use the
`
`term cell phone network in the specification, but it does disclose that “[t]he
`
`communication module 118 forwards tokens 156 to a text messaging service
`
`provider 104, which may be a pager or mobile phone service provider.”
`
`EX1001, 5:32-40; see also 9:45-54, 4:13-17, 3:1-3, 2:28-31, 2:6-8, 1:7-11. Indeed,
`
`the ’658 Patent discloses an embodiment in which “the communication module
`
`118 is a phone dialer 622, the personal communication device 106 is a pager 624,
`
`and the text messaging service provider is a paging service 626.” EX1001,
`
`10:31-34. Furthermore, Claim 1 requires a personal communication device be in
`
`communication over a “cell phone network” and dependent claims 3 and 4 require
`
`that the personal communication device be a “mobile phone” and a “pager,”
`
`respectively. EX1001, 11:47-50, 12:16-19. Thus, a POSITA would have
`
`understood that the cell phone network, as claimed by the ’658 Patent, must at least
`
`include mobile device and pager service provider communication networks.
`
`EX1003, ¶25.
`
`“Not known to the user”
`3.
`Claims 1 and 5 of the ’658 Patent require that the token is not known to the
`
`user. While the specification never explicitly discusses this limitation, it is clear
`
`10
`
`JPMORGAN EXHIBIT 1017
`Page 16 of 100
`
`
`
`U.S. Patent 6,993,658
`IPR2023-00425 – Petition for Inter Partes Review
`from the embodiments disclosed in the ’658 Patent that this term must mean “not
`
`known to the user before being sent to the user as part of the authentication
`
`process.” EX1003, ¶¶26-28. This is because the ’658 Patent distinguishes
`
`between “secret information known to the user, such as the passcode” and
`
`“information provided to the user through an object possessed by the user, such as
`
`the token.” EX1005, 2:11-15. The ’658 Patent further discloses that “token 156 is
`
`preferably provided only to the user 108 by the user authentication server 102
`
`through the user’s personal communication device 106 on an as needed basis,” and
`
`in certain embodiments, “the user 108 combines the token 156 with the passcode
`
`154 to form a password 158.” EX1005, 4:41-44, 4:52-53. Furthermore, the claims
`
`require the user to receive the token and input the password, which is based on the
`
`token and passcode. Therefore, a POSITA would have understood that the token
`
`would eventually need to be known to the user. EX1003, ¶¶26-28). Indeed,
`
`Figures 2A-D of the ’658 Patent disclose “login screens that can be used in
`
`conjunction with various embodiments of the invention,” and all three of the
`
`embodiments require the user to eventually be provided the token in order to input
`
`it into the computer, either by itself (e.g., Figs. B and C-D) or combined with the
`
`passcode (e.g., Fig. A). EX1005, Figs. 2A-D.
`
`11
`
`JPMORGAN EXHIBIT 1017
`Page 17 of 100
`
`
`
`U.S. Patent 6,993,658
`IPR2023-00425 – Petition for Inter Partes Review
`
`12
`
`JPMORGAN EXHIBIT 1017
`Page 18 of 100
`
`
`
`U.S. Patent 6,993,658
`IPR2023-00425 – Petition for Inter Partes Review
`
`Thus, a POSITA would have understood that not known to the user, as
`
`claimed by the ’658 Patent, must include information that is not known to the user
`
`at the start of the process, but is eventually provided to the user. EX1003,
`
`¶¶26-28.
`
`III. GROUNDS OF UNPATENTABILITY
`Pursuant to Rule 42.104(b)(4)-(5), the following sections (supported by
`
`Bruce McNair’s Declaration, EX1003, ¶¶1-168) explain
`
`the grounds of
`
`unpatentability, the limitations of the Challenged Claims, and how these claims
`
`were obvious.
`
`A.
`
`Ground 1: Claim 5 Is Obvious over Veneklase in view of Jonsson
`
`Overview of Veneklase
`1.
`Veneklase discloses a computer authentication system which is “adapted to
`
`grant an authorized individual access to a secured domain, such as a computer or
`
`data stream.” EX1005, Abstract. In particular, Veneklase discloses that a user
`
`contacts the host computer 402 and it “checks the received identification code and
`
`cross references the received password code against a pager phone number list
`
`resident within the user table 414.” EX1005, 8:1-5, Fig. 6.
`
`13
`
`JPMORGAN EXHIBIT 1017
`Page 19 of 100
`
`
`
`U.S. Patent 6,993,658
`IPR2023-00425 – Petition for Inter Partes Review
`
`If a match is made, it “causes the ‘code generator’ software subroutine 415
`
`resident within computer 402, to generate a pseudo-random number code and
`
`passes the received code along with the authorized user’s pager number to the
`
`commercially available and conventional automatic dialer 41B,” which telephones
`
`a “pager 420 by means of conventional and commercially available
`
`communication channel 422 (e.g., voice line) and transmits the code to the user’s
`
`pager.” Id. 8:5-15. This communication and the initial sending of the random
`
`code to the personal device “utilize[] two distinct communication channels.”
`
`EX1006, 7:11-28; see also 3:50-4:3. The user 404 “now enters the code he or she
`
`14
`
`JPMORGAN EXHIBIT 1017
`Page 20 of 100
`
`
`
`U.S. Patent 6,993,658
`IPR2023-00425 – Petition for Inter Partes Review
`has received from the pager 420…and sends this password or pseudo-random code
`
`back to computer 402, where it is compared with the software subroutine module
`
`denoted as ‘code compare’ 416.” Id., 8:18-24. “If the comparison yields a match,
`
`the user 404 is allowed access to computer 402 and/or a portion of computer 402.”
`
`Id., 8:24-27. EX1003, ¶¶65-66.
`
`Overview of Jonsson
`2.
`Jonsson discloses a system for providing “[a]uthorization for a user to use a
`
`service” via “a modified pager which calculates a unique response code to a
`
`transmitted challenge code based on the challenge code, an input personal
`
`identification number, and an internal key.” EX1006, Abstract. As shown in
`
`Figure 3, “a user initiates communication to a service node 26 via the service
`
`access network 24,” e.g., by dialing an appropriate telephone number stored in
`
`their personal unit. EX1007, 10:13-18, Fig. 3.
`
`15
`
`JPMORGAN EXHIBIT 1017
`Page 21 of 100
`
`
`
`U.S. Patent 6,993,658
`IPR2023-00425 – Petition for Inter Partes Review
`
`In response to this request, the system “requests authentication via an
`
`authentication challenge network 28 by sending a challenge code…to the user’s
`
`personal unit 20.” Id., 10:23-27. Then the user is prompted “to input, for example,
`
`a security code, such as a PIN,” and once entered, “the algorithm unit 21b of the
`
`personal unit 20 calculates and sends a response code…to the display.” Id.,
`
`10:29-33. Jonsson discloses that the algorithm “calculates a response code based
`
`on the received challenge code, the user input (e.g., PIN), and optionally the secret
`
`16
`
`JPMORGAN EXHIBIT 1017
`Page 22 of 100
`
`
`
`U.S. Patent 6,993,658
`IPR2023-00425 – Petition for Inter Partes Review
`key.” EX1006, 8:12-14; see also 7:5-10, 9:23-25. Finally, the user “manually
`
`inputs the displayed response code to the terminal 22,” and it is transmitted via the
`
`service access network 24 to the service node 26, where “the authentication center
`
`30 performs the comparison of the received response code to the expected response
`
`code.” Id., 11:4-20. EX1003, ¶¶67-68.
`
`3.
`
`Claim 5
`[5.0] A user authentication system comprising
`To the extent the preamble is deemed limiting,2 Veneklase teaches it; any
`
`alleged differences would have been obvious. EX1003, ¶¶71-72. Veneklase
`
`discloses that “[s]everal embodiments of computer security systems are described
`
`and which are adapted to grant an authorized individual access to a secured
`
`domain, such as a computer or data stream.” EX1005, Abstract, Fig. 6.
`
`2 Pacing Techs., LLC v. Garmin Intern., Inc., 778 F. 3d 1021, 1023–1024 (Fed.
`Cir. 2015) (preambles stating purpose or intended not normally limiting).
`
`17
`
`JPMORGAN EXHIBIT 1017
`Page 23 of 100
`
`
`
`U.S. Patent 6,993,658
`IPR2023-00425 – Petition for Inter Partes Review
`
`Thus, Veneklase teaches user authentication system (e.g., system adapted to
`
`grant an authorized individual access). EX1003, ¶¶71-72.
`
`[5.1] a computer processor;
`Veneklase teaches this limitation; any alleged differences would have been
`
`obvious. EX1003, ¶¶73-76. Specifically, Veneklase discloses that analyzing
`
`means 12 may comprise a microprocessor and/or similar type of computer.”
`
`EX1005, 5:35-37, Fig. 1.
`
`18
`
`JPMORGAN EXHIBIT 1017
`Page 24 of 100
`
`
`
`U.S. Patent 6,993,658
`IPR2023-00425 – Petition for Inter Partes Review
`
`Veneklase also discloses that the operations of its authentication system
`
`occur in host computer 402. See, e.g., EX1005, 7:29-8:27, Fig. 6.
`
`19
`
`JPMORGAN EXHIBIT 1017
`Page 25 of 100
`
`
`
`U.S. Patent 6,993,658
`IPR2023-00425 – Petition for Inter Partes Review
`
`A POSITA would have understood that a computer capable of all of these actions,
`
`including checking codes against a database and generating random numbers
`
`would necessarily contain a computer processor. EX1003, ¶¶73-76.
`
`Thus, Veneklase teaches a computer processor (e.g., microprocessor). Id.
`
`[5.2] a user database configured to associate a user with a
`personal communication device possessed by the user, said
`personal communication device configured to communicate
`over a cell phone network with the user authentication
`system;
`Veneklase teaches this limitation; any alleged differences would have been
`
`obvious. EX1003, ¶¶77-82. Veneklase discloses that “host computer 402 checks
`
`20
`
`JPMORGAN EXHIBIT 1017
`Page 26 of 100
`
`
`
`U.S. Patent 6,993,658
`IPR2023-00425 – Petition for Inter Partes Review
`the received identification code and cross references the received password
`
`code against a pager phone number list resident within the user table 414
`
`which is stored within computer 402.” EX1005, 8:1-5, Fig. 6; see also 6:15-26
`
`(“each authorized password 202, contained in this master password list 200, has a
`
`unique first entry 204 associated with it and which identifies the name of the
`
`authorized user who has been assigned that corresponding password and at
`
`least one telephone number 206 and/or network address associated with the
`
`identified user”), Fig. 5 (showing the telephone number 206 associated with the
`
`user identification 204).
`
`Furthermore, Veneklase discloses that the telephone number associated with
`
`the user identification is associated with a personal communication device, such as
`
`pager. EX1005, 8:1-5. This type of associating the user identification with a
`
`telephone number is exactly what is disclosed in the ’658 Patent. See, e.g.,
`
`21
`
`JPMORGAN EXHIBIT 1017
`Page 27 of 100
`
`
`
`U.S. Patent 6,993,658
`IPR2023-00425 – Petition for Inter Partes Review
`EX1001, 2:17-18 (“[t]he method includes associating a user ID with a phone
`
`number of a personal communication device”). Upon determining that the
`
`received identification code is matched with a pager phone number, “[t]he
`
`automatic dialer 418 telephones the conventional and commercially available pager
`
`420 by means of conventional and commercially available communication
`
`channel 422 (e.g. voice line).” EX1005, 8:5-14.
`
`Veneklase additionally teaches a personal communication device configured
`
`to communicate over a cell phone network with the user authentication system.
`
`For example, communication channel 422 allows the personal communication
`
`device (e.g., pager 420) to communicate with the user authentication system (e.g.,
`
`host computer 402, which includes automatic phone/pager dialer 418). See, e.g.,
`
`EX1005, Fig. 6.
`
`22
`
`JPMORGAN EXHIBIT 1017
`Page 28 of 100
`
`
`
`U.S. Patent 6,993,658
`IPR2023-00425 – Petition for Inter Partes Review
`
`A POSITA would have understood that the “conventional and commercially
`
`available communication channel 422” described in Veneklase is the same type of
`
`cell phone network disclosed in the ’658 patent, which repeatedly makes clear that
`
`it covers both networks that communicate with cell phones and those that
`
`communicate with pagers. EX1003, ¶80. For instance, the ’658 Patent discloses
`
`that “[t]he communication module 118 forwards tokens 156 to a text messaging
`
`service provider 104, which may be a pager or mobile phone service provider.”
`
`EX1001, 5:32-40; see also Abstract, 1:10-11, 2:6-8, 2:28-31, 3:1-3, 4:13-17,
`
`23
`
`JPMORGAN EXHIBIT 1017
`Page 29 of 100
`
`
`
`U.S. Patent 6,993,658
`IPR2023-00425 – Petition for Inter Partes Review
`9:45-54. Furthermore, Veneklase discloses that the communication channel over
`
`which the random code is sent could be a pager or a cell phone, stating that “the
`
`predetermined period of time would be shorter when communications channel 84
`
`comprises a pager or cellular phone, since the owner has immediate access to the
`
`code upon transmission.” EX1005, 8:55-58. Thus, a POSITA would have
`
`understood that communication channel 422 meets the requirements of a cell
`
`phone network as claimed in the ’658 Patent, i.e., a mobile device or pager service
`
`provider communication network. EX1003, ¶¶77-80.
`
`To the extent it is argued that the pager network disclosed in Veneklase does
`
`not satisfy the cell phone network limitation, a POSITA would have found it
`
`obvious to implement the authentication system of Veneklase using a cell phone
`
`network. EX1003, ¶81; KSR Intern. Co. v. Teleflex Inc., 550 U.S. 398, 418-19
`
`(2007). Indeed, Veneklase explicitly contemplates such a system, thus providing a
`
`teaching, suggestion, or motivation to modify it in such a way, as it notes that “the
`
`predetermined period of time would be shorter when communications channel 84
`
`comprises a pager or cellular phone, since the owner has immediate access to the
`
`code upon transmission.” EX1005, 8:55-58. In addition, it would have been
`
`obvious to use a cell phone network to send Veneklase’s random code because
`
`doing so would be a simple substitution of one known element for another and
`
`24
`
`JPMORGAN EXHIBIT 1017
`Page 30 of 100
`
`
`
`U.S. Patent 6,993,658
`IPR2023-00425 – Petition for Inter Partes Review
`would have made the system available to even more users in more locations, which
`
`is one of the intentions of the reference. EX1003, ¶81. It would also have been
`
`obvious because it would have enabled users to use their cell phones to
`
`authenticate their access, which many users would prefer because they provide for
`
`larger screens and are thus easier to view. Id. A POSITA would have had a
`
`reasonable expectation of success in modifying Veneklase’s authentication system
`
`to use a cellular network instead of a pager network because they operate similarly,
`
`many times using the same protocols, and would just involve swapping out devices
`
`and making some software configuration changes. Id.
`
`Thus, Veneklase teaches a user database configured to associate a user with
`
`a personal communication device possessed by the user (e.g., user table 414 that
`
`associates the name of the authorized user with at least one telephone number),
`
`said personal communication device (e.g., pager 420) configured to communicate
`
`over a cell phone network (e.g., communication channel 422) with the user
`
`authentication system (e.g., host computer 402). EX1003, ¶¶77-82.
`
`25
`
`JPMORGAN EXHIBIT 1017
`Page 31 of 100
`
`
`
`U.S. Patent 6,993,658
`IPR2023-00425 – Petition for Inter Partes Review
`[5.3] a control module executed on the computer processor
`configured to create a new password based at least upon a
`token and a passcode, wherein the token is not known to the
`user and wherein the passcode is known to the user, the
`control module further configured to set a password
`associated with the user to be the new password;
`Veneklase in combination with Jonsson teaches this limitation; any alleged
`
`differences would have been obvious. EX1003, ¶¶83-90. Veneklase discloses “the
`
`steps of assigning a password to the user; receiving the password by use of a first
`
`communication channel; generating a code in response to the received password;
`
`transmitting the code by use of a second communications channel to t