`
`
`
`UNITED STATES PATENT AND TRADEMARK OFFICE
`
`BEFORE THE PATENT TRIAL AND APPEAL BOARD
`
`
`
`Experian Information Solutions, Inc.,
`
`Petitioner
`
`v.
`
`Dynapass IP Holdings LLC,
`
`Patent Owner.
`
`
`
`
`
`IPR2023-01406
`
`U.S. Patent No. 6,993,658
`
`
`
`PETITION FOR INTER PARTES REVIEW UNDER 37 C.F.R. § 42.101
`
`
`
`
`
`Petition for Inter Partes Review of U.S. Patent No. 6,993,658
`IPR2023-01406
`
`TABLE OF CONTENTS
`
`Page
`
`I.
`
`II.
`
`INTRODUCTION ........................................................................................... 1
`
`GROUNDS FOR STANDING ........................................................................ 1
`
`III. REASONS FOR THE REQUESTED RELIEF .............................................. 1
`
`IV. BACKGROUND ............................................................................................. 1
`
`A.
`
`B.
`
`C.
`
`D.
`
`E.
`
`The ’658 Patent ..................................................................................... 1
`
`Prosecution History ............................................................................... 6
`
`Claim Construction ............................................................................. 11
`
`1.
`
`2.
`
`“Passcode,” “Token,” and “Password” ..................................... 11
`
`Order of Steps ........................................................................... 12
`
`Priority Date of the Challenged Claims .............................................. 14
`
`Person of Ordinary Skill in the Art ..................................................... 14
`
`V. GROUNDS FOR CHALLENGE .................................................................. 15
`
`VI. CLAIMS 1–7 ARE UNPATENTABLE UNDER 35 U.S.C. § 103 .............. 15
`
`A.
`
`Sormunen, Perlman, and Motivation to Combine ............................... 15
`
`1.
`
`2.
`
`Sormunen .................................................................................. 15
`
`Perlman ..................................................................................... 20
`
`3. Motivation to Combine Sormunen and Perlman ...................... 22
`
`B.
`
`Claims 1–7 are Obvious over Sormunen in view of Perlman ............. 28
`
`1.
`
`Claim 1 ...................................................................................... 28
`
`i
`
`
`
`Petition for Inter Partes Review of U.S. Patent No. 6,993,658
`IPR2023-01406
`
`a.
`
`b.
`
`c.
`
`d.
`
`e.
`
`f.
`
`g.
`
`h.
`
`i.
`
`A method of authenticating a user on a first secure
`computer network, the user having a user account
`on said first secure computer network, the method
`comprising: ..................................................................... 28
`
`personal
`a
`user with
`the
`associating
`communication device possessed by the user, said
`personal communication device in communication
`over a second network, wherein said second
`network is a cell phone network different from the
`first secure computer network; ....................................... 29
`
`receiving a request from the user for a token via
`the personal communication device, over the
`second network; .............................................................. 32
`
`generating a new password for said first secure
`computer network based at least upon the token
`and a passcode, wherein the token is not known to
`the user and wherein the passcode is known to the
`user; ................................................................................. 34
`
`setting a password associated with the user to be
`the new password; .......................................................... 37
`
`activating access the user account on the first
`secure computer network; ............................................... 38
`
`personal
`the
`to
`token
`the
`transmitting
`communication device; ................................................... 38
`
`receiving the password from the user via the first
`secure computer network; and ........................................ 39
`
`deactivating access to the user account on the first
`secure computer network within a predetermined
`amount of time after said activating, such that said
`user account
`is not accessible
`through any
`password, via said first secure computer network. ......... 40
`
`ii
`
`
`
`Petition for Inter Partes Review of U.S. Patent No. 6,993,658
`IPR2023-01406
`
`2.
`
`3.
`
`4.
`
`5.
`
`Claim 2: The method of claim 1, wherein the new
`password is generated by concatenating the token and the
`passcode. ................................................................................... 41
`
`Claim 3: The method of claim 1, wherein the personal
`communication device is a mobile phone. ................................ 42
`
`Claim 4: The method of claim 1, wherein the personal
`communication device is a pager. ............................................. 43
`
`Claim 5 ...................................................................................... 44
`
`a.
`
`b.
`
`c.
`
`d.
`
`e.
`
`f.
`
`A user authentication system comprising: ...................... 44
`
`a computer processor; ..................................................... 45
`
`a user database configured to associate a user with
`a personal communication device possessed by the
`user,
`said personal
`communication device
`configured to communicate over a cell phone
`network with the user authentication system; ................ 46
`
`a control module executed on the computer
`processor configured to create a new password
`based at least upon a token and a passcode,
`wherein the token is not known to the user and
`wherein the passcode is known to the user, the
`control module further configured
`to set a
`password associated with the user to be the new
`password; ........................................................................ 46
`
`a communication module configured to transmit
`the token to the personal communication device
`through the cell phone network; and .............................. 46
`
`an authentication module configured to receive the
`password from the user through a secure computer
`network, said secure computer network being
`different from the cell phone network, wherein the
`user has an account on the secure computer
`
`iii
`
`
`
`Petition for Inter Partes Review of U.S. Patent No. 6,993,658
`IPR2023-01406
`
`the authentication module
`network, wherein
`activates access to the account in response to the
`password and deactivates the account within a
`predetermined amount of time after activating the
`account, such that said account is not accessible
`through any password via the secure computer
`network. .......................................................................... 47
`
`6.
`
`7.
`
`the
`Claim 6: The system of claim 5, wherein
`communication module is further configured to receive a
`request from the user for the token, and wherein the
`control module is further configured to create the new
`password in response to the request. ......................................... 47
`
`Claim 7: The system of claim 6, wherein the request is
`transmitted by
`the user
`through
`the personal
`communication device. ............................................................. 47
`
`VII.
`
`INSTITUTION DISCRETION ..................................................................... 48
`
`A. General Plastic Factors Favor Petitioner ............................................ 48
`
`B.
`
`Fintiv Factors Favor Petitioner ............................................................ 50
`
`1.
`
`2.
`
`3.
`
`4.
`
`5.
`
`whether a stay has been granted or may be granted if a
`proceeding is instituted ............................................................. 51
`
`proximity of the court’s trial date to the Board’s
`projected statutory deadline for a final written decision .......... 51
`
`investment in the parallel proceeding by the court and the
`parties ........................................................................................ 51
`
`overlap between issues raised in the petition and in the
`parallel proceeding .................................................................... 52
`
`whether the petitioner and the defendant in the parallel
`proceeding are the same party ................................................... 52
`
`iv
`
`
`
`Petition for Inter Partes Review of U.S. Patent No. 6,993,658
`IPR2023-01406
`
`6.
`
`other circumstances that impact the Board’s exercise of
`discretion, including the merits ................................................. 53
`
`VIII. MANDATORY NOTICES ........................................................................... 53
`
`A.
`
`B.
`
`C.
`
`37 C.F.R. § 42.8(b)(1): Real Parties-in-Interest .................................. 53
`
`37 C.F.R. § 42.8(b)(2): Related Matters ............................................. 53
`
`Lead and Back-Up Counsel and Service Information ........................ 55
`
`IX. PAYMENT OF FEES PURSUANT TO 37 C.F.R. § 42.103 ....................... 55
`
`CERTIFICATE OF COMPLIANCE ....................................................................... 57
`
`CERTIFICATE OF SERVICE ................................................................................ 58
`
`
`
`
`
`v
`
`
`
`Petition for Inter Partes Review of U.S. Patent No. 6,993,658
`IPR2023-01406
`
`TABLE OF AUTHORITIES
`
` Page(s)
`
`Cases
`Allied Erecting & Dismantling Co. v. Genesis Attachments, LLC,
`825 F.3d 1373 (Fed. Cir. 2016) .......................................................................... 25
`Apple Inc. v. Fintiv, Inc.,
`IPR2020-00019, Paper 11 (P.T.A.B. Mar. 20, 2020) ......................................... 50
`Axonics, Inc. v. Medtronic, Inc.,
`73 F.4th 950 (Fed. Cir. 2023) ............................................................................. 25
`Bank of America, NA v. Dynapass IP Holdings LLC,
`IPR2023-00367, Paper 9 (P.T.A.B. July 18, 2023) ............................................ 49
`General Plastic Indus. v. Canon Kabushiki Kaisha,
`IPR2016-01357, Paper 19 (P.T.A.B. Sept. 6, 2017) ..................................... 48, 50
`JPMorgan Chase & Co. v. Dynapass IP Holdings LLC,
`IPR2023-01331, Paper 1 (P.T.A.B. Aug. 16, 2023) ........................................... 48
`In re Keller,
`642 F.2d 413, 425 (CCPA 1981) ........................................................................ 25
`Sotera Wireless, Inc. v. Masimo Corp.,
`IPR2020-01019, Paper 12 (P.T.A.B. Dec. 1, 2020) ........................................... 50
`Unified Patents, LLC v. Dynapass IP Holdings LLC,
`IPR2023-00425, Paper 9 (P.T.A.B. July 18, 2023) ...................................... 48, 49
`Statutes
`35 U.S.C. § 102(a) ................................................................................................... 15
`35 U.S.C. § 102(a) (2002) ........................................................................................ 20
`35 U.S.C. § 102(b) ................................................................................................... 15
`35 U.S.C. § 102(e) (2002) ........................................................................................ 20
`
`vi
`
`
`
`Petition for Inter Partes Review of U.S. Patent No. 6,993,658
`IPR2023-01406
`
`35 U.S.C. § 311 .......................................................................................................... 1
`35 U.S.C. § 314(a) ............................................................................................. 50, 53
`35 U.S.C. § 325(d) ................................................................................................... 48
`Other Authorities
`USPTO Director Vidal, Interim Procedure for Discretionary Denials
`in AIA Post-Grant Proceedings with Parallel District Court
`Litigation (Memorandum, June 21, 2022) at 3, available at
`https://tinyurl.com/a6x9xnvj ............................................................................... 50
`
`
`
`vii
`
`
`
`Petition for Inter Partes Review of U.S. Patent No. 6,993,658
`IPR2023-01406
`
`EXHIBIT LIST
`
`Exhibit No.
`1001
`
`Description1
`U.S. Patent No. 6,993,658
`
`1002
`
`1003
`
`1004
`
`1005
`
`1006
`
`1007
`
`1008
`
`1009
`
`1010
`
`1011
`
`1012
`
`Certified File History for U.S. Patent No. 6,993,658
`
`Declaration of Stephen Perkins, Ph.D.
`
`PCT Publication No. WO 97/31306 (“Sormunen”)
`
`U.S. Patent No. 6,173,400 (“Perlman”)
`
`U.S. Patent No. 6,731,731 (“Ueshima”)
`
`U.S. Patent No. 5,881,226 (“Veneklase”)
`
`Japanese Patent Publication No. P2000-10927 (“Katou”)
`
`European Patent Publication No. EP1107089 (“Williamson”)
`
`U.S. Patent No. 5,787,169 (“Eldridge”)
`
`Hopcroft & Ullman, Introduction to Automata Theory, Languages,
`and Computation (1979) (ISBN: 0-201-02988-X)
`
`Carlo Ghezzi & Mehdi Jazayeri, Programming Language Concepts
`(1982) (ISBN 0-471-82173-X)
`
`1013
`
`Robert Sedgewick, Algorithms (1983) (ISBN 0-201-06672-6)
`
`1014
`
`Brian Kernighan & Dennis Ritchie, The C Programming
`Language (2d ed. 1988) (ISBN 0-13-110370-9))
`
`1015
`
`U.S. Patent No. 6,496,477 (Stephen J. Perkins, et al.)
`
`
`1 Descriptions are for convenience only and are not admissions or evidence.
`
`viii
`
`
`
`Petition for Inter Partes Review of U.S. Patent No. 6,993,658
`IPR2023-01406
`
`Description1
`M. Wahl, “A Summary of the X.500(96) User Schema for use
`with LDAPv3,” RFC2256, Dec. 1997
`
`June 14, 2023, Docket Control Order, Dynapass IP Holdings LLC
`v. Amazon.com, Inc., No. 2:23-cv-00063 (Lead Case) (E.D. Tex.)
`(ECF No. 57)
`
`April 21, 2023, Defendant Experian Information Solutions, Inc.’s
`Corporate Disclosure Statement, Dynapass IP Holdings LLC v.
`Amazon.com, Inc., No. 2:23-cv-00063 (Lead Case) (E.D. Tex.)
`(ECF No. 20)
`
`July 7, 2023, Dynapass IP Holdings LLC’s First Supplemental
`Disclosure of Asserted Claims and Infringement Contentions
`
`April 17, 2023, Consolidation Order, Dynapass IP Holdings LLC
`v. Experian Information Services, Inc., No. 2:23-cv-00066 (E.D.
`Tex.) (ECF No. 7)
`
`September 27, 2023, Defendant’s Stipulation Regarding
`Invalidity Contentions, Dynapass IP Holdings LLC v.
`Amazon.com, Inc., No. 2:23-cv-00063 (Lead Case) (E.D. Tex.)
`(ECF No. 90)
`
`Exhibit No.
`
`1016
`
`1017
`
`1018
`
`1019
`
`1020
`
`1021
`
`
`
`
`ix
`
`
`
`Petition for Inter Partes Review of U.S. Patent No. 6,993,658
`IPR2023-01406
`
`I.
`
`INTRODUCTION
`
`Experian Information Solutions, Inc. (“Experian” or “Petitioner”) hereby
`
`petitions for an inter partes review of claims 1–7 (“the Challenged Claims”) of
`
`U.S. Patent No. 6,993,658 (“the ’658 Patent”) (Ex-1001). Petitioner respectfully
`
`submits that the Challenged Claims are unpatentable under 35 U.S.C. § 103 and
`
`requests their cancellation. See 35 U.S.C. § 311.
`
`II. GROUNDS FOR STANDING
`
`Petitioner certifies under 37 C.F.R. § 42.104(a) that the ’658 Patent is
`
`available for inter partes review and that Petitioner is not barred or estopped from
`
`requesting an inter partes review of the Challenged Claims on the grounds
`
`identified herein. This Petition is complete pursuant to 37 C.F.R. § 42.106(a).
`
`III. REASONS FOR THE REQUESTED RELIEF
`
`As explained below and in the attached Declaration of Petitioner’s expert,
`
`Dr. Stephen Perkins (Ex-1003), the authentication method and system of the
`
`Challenged Claims was obvious over the prior art to a person of ordinary skill in
`
`the art (“POSA”) at the time of the claimed invention.
`
`IV. BACKGROUND
`A. The ’658 Patent
`The ’658 Patent is titled “Use of Personal Communication Devices for User
`
`Authentication,” and was filed on March 6, 2000. The ’658 Patent relates
`
`1
`
`
`
`Petition for Inter Partes Review of U.S. Patent No. 6,993,658
`IPR2023-01406
`
`“generally
`
`to
`
`the authentication of users of secure systems and, more
`
`particularly, . . . to a system through which user tokens required for user
`
`authentication are supplied through personal communication devices such as
`
`mobile telephones and pagers.” Ex-1001, 1:7–11. The ’658 Patent has seven
`
`claims: method claims 1–4 and system claims 5–7.
`
`The ’658 Patent notes that systems “typically require the submission of a
`
`user ID and password combination” for access. Id., 1:15–20. The ’658 Patent
`
`provides that “[p]asswords created by users are often combinations of words and
`
`names, which are easy to remember but also easily guessed” by “hackers.” Id.,
`
`1:28–31. As a consequence, “many systems impose regulations on password
`
`formats,” but this can make passwords hard to remember and can “result[] in the
`
`password being written down,” creating a security risk. Id., 1:31–43.
`
`The ’658 Patent indicates that “requiring a two-factor authentication
`
`process” was a known solution. Id., 1:44–46. The ’658 Patent notes that RSA
`
`Security Inc. was distributing the “SecurID product” for two-factor authentication.
`
`Id., 1:44–46. The first factor is something the user knows (“a user passcode or
`
`personal identification number”) and the second factor is a something “possessed
`
`by the user”—“a SecurID card.” Id., 1:46–48. The ’658 Patent provides that “[t]he
`
`SecurID card generates and displays unpredictable, one-time-only codes that
`
`automatically change every 60 seconds. The user supplies the displayed code upon
`2
`
`
`
`Petition for Inter Partes Review of U.S. Patent No. 6,993,658
`IPR2023-01406
`
`logging into a system.” Id., 1:49–52. The system verifies it with “a corresponding
`
`code generator.” Id., 1:52–53.
`
`The ’658 Patent notes that instead of carrying an “additional item,” it would
`
`be more convenient “[i]t would be advantageous if the benefits of the SecurID
`
`system could be achieved using a device that many users already carry—a personal
`
`communication device such as mobile phones or pagers.” Id., 1:55–60.
`
`The ’658 Patent discloses “a password setting system for setting user
`
`passwords for a secure system, such as a computer system or a secure area of a
`
`building.” Id., 1:63–66. FIG. 1 of the ’658 Patent depicts “user authentication
`
`system 100 according to a preferred embodiment of the present invention.” Id.,
`
`4:2–4.
`
`Ex-1001, FIG. 1.
`
`3
`
`
`
`
`
`Petition for Inter Partes Review of U.S. Patent No. 6,993,658
`IPR2023-01406
`
`The ’658 Patent provides that “access to the system is based upon: nonsecret
`
`information known to the user, such as the user ID; secret information known to
`
`the user, such as the passcode; and information provided to the user through an
`
`object possessed by the user, such as the token.” Id., 2:11–15.
`
`Instead of getting the second factor from a code generator, the ’658 Patent
`
`discloses requesting one through a phone call or text, or through a user interface.
`
`See, e.g., id., 4:63–65, FIGs. 2C-D, 6:26–32. The ’658 Patent refers to this
`
`requested information as the “token.” The requesting personal communication
`
`device is identified as a user’s device because of an association of the user ID with
`
`the phone number, which can be stored in “any database capable of storing user ID
`
`and password data.” Id., 2:33–35, 5:20–21. The ’658 Patent discloses that a
`
`“token” is generated by “any number of methods that preferably produces a
`
`random or pseudorandom sequence of numbers and/or digits.” Id., 6:53–55. This
`
`“token” is then sent to the personal communication device, and may be time-
`
`limited. Id., 4:42–45, 9:61–54.
`
`The disclosed password-setting system of the ’658 Patent generates a
`
`password based on the passcode and token. Id., FIG. 3. The ‘658 Patent discloses
`
`that the new password is “preferably create[d]” by “combining the user’s passcode
`
`154, which is stored by the user token server 116, with the newly generated token
`
`156.” Id., 6:59–63. The ’658 Patent further discloses that the password is
`4
`
`
`
`Petition for Inter Partes Review of U.S. Patent No. 6,993,658
`IPR2023-01406
`
`“preferably generated by concatenating the passcode 154 and the token 156.” Id.,
`
`9:31–32. The only example given by the ’658 Patent is a passcode of “abcd” and a
`
`token of “1234,” and the password being “abcd1234.” Id., 4:52–56. The ’658
`
`Patent discloses that in the preferred embodiment, the user enters the password in a
`
`login screen, as shown in FIG. 2A. Id., 4:52–63. Alternatively, the user enters the
`
`passcode and token separately, as shown in FIG. 2B. Id.
`
`The user is able to access the secure system by “logging in using the
`
`supplied token 156.” Id., 9:55–60. The user uses it for logging in by submitting it
`
`with the user’s passcode (see, e.g., FIG. 2B), or by concatenating the passcode and
`
`token to form a “password” (see, e.g., FIG. 2A). See, e.g., id., 5:8–10
`
`(“authenticating a user based upon a supplied user ID 152 supplemented by a
`
`supplied password 158 or a
`
`passcode 154 and a token 156
`
`combination”), 7:42–45, 9:54–60
`
`(“The
`
`user
`
`108
`
`preferably
`
`concatenates
`
`his memorized
`
`secret passcode 154 with the valid
`
`token 156 to create the password
`
`158.”).
`
`5
`
`
`
`Petition for Inter Partes Review of U.S. Patent No. 6,993,658
`IPR2023-01406
`
`B.
`Prosecution History
`The application from which the ’658 Patent issued, U.S. Patent Application
`
`No. 09/519,829 (“the ’829 application”), was filed on March 6, 2000.
`
`All original 27 claims were cancelled and 26 new claims (28–53) presented
`
`in a preliminary amendment, starting with claim 28, shown below.
`
`
`
`Ex-1002, 157.
`
`The claims were rejected on December 15, 2003. Ex-1002, 181–187. Claims
`
`37–39 were rejected as anticipated by Australian Patent Application No. 63545/98
`
`by Schmitz. Id., 184. Claims 28–36 and 40–53 were rejected as obvious over
`
`Schmitz in view of the Handbook of Applied Cryptography by Menezes. Id., 185–
`
`86. The examiner identified that “it would be obvious to one of ordinary skill in the
`
`art at the time the invention was made to modify the system disclosed by Schmitz
`
`by creating a password using the user’s password information in addition to an ID
`
`for the device (the token), using a hashing function, as disclosed by Menezes, in
`
`order to make dictionary attacks less effective.” Id., 186.
`
`6
`
`
`
`Petition for Inter Partes Review of U.S. Patent No. 6,993,658
`IPR2023-01406
`
`In response, the applicants argued that Schmitz makes and receives a request
`
`from the same device and that Schmitz does not teach associating a user with a
`
`personal communication device possessed by the user. Id., 234–239.
`
`Claims 28–31 and 43–53 were subsequently rejected again on May 24, 2004,
`
`as anticipated by U.S. Patent No. 5,323,146 to Glaschick. Id., 245. Claims 37–39
`
`were rejected as anticipated by U.S. Patent No. 6,226,364 to O’Neil. Id., 245–246.
`
`Claims 32–36 and 40–42 were rejected as obvious over O’Neil and Glaschick. See
`
`id., 242–248.
`
`In response, the applicants argued that Glaschick failed to “associating the
`
`user with a personal communication device possessed by the user,” “wherein the
`
`request is transmitted from a personal communication device,” and “transmitting
`
`the token to the personal communication device.” Ex-1002, 258–260. The
`
`applicants also argued that there was no teaching, suggestion, or motivation to
`
`combine Glaschick with O’Neil. Id., 262–263.
`
`All claims were rejected again on February 7, 2005, in a final rejection that
`
`maintained the rejections based on Glaschick and O’Neil. Id., 266–274. The
`
`examiner found: “[T]he data station as disclosed by Glaschick may be a computer
`
`with programs (see column 1, line 15), and clearly has communication capability.
`
`Applicant’s personal communication device, as viewed in light of Applicant’s
`
`specification, is simply a type of computer with programs; therefore, the claimed
`7
`
`
`
`Petition for Inter Partes Review of U.S. Patent No. 6,993,658
`IPR2023-01406
`
`invention is anticipated.” Ex-1002, 271. Regarding combining Glaschick with
`
`O’Neil for obviousness, the examiner further found that “one skilled in the art
`
`would recognize that the motivation supplied by Glaschick would apply to any
`
`computerized system having authentication.” Id., 272–273.
`
`Following an examiner’s interview (id., 276–277), the applicants amended
`
`the claims to overcome the final rejection (id., 280–285). The amendments to
`
`independent claim 28 (issued claim 1) are reproduced below.
`
`Ex-1002, 281.
`
`8
`
`
`
`
`
`Petition for Inter Partes Review of U.S. Patent No. 6,993,658
`IPR2023-01406
`
`Following the amendments to the claims (including cancellation of claims
`
`30–31 and 37–53), a notice of allowance was issued on August 8, 2005. Ex-1002,
`
`289–296. The examiner’s “statement of reasons for allowance” was that “no art
`
`could be found wherein the transaction for determining the password in setting up
`
`of a new calling-card-derived temporary network account is performed entirely
`
`over a connection other than that used by [the] eventual network account.” Id.,
`
`294–295. The examiner also found: “Some of the closest art, the ‘Monkey
`
`Technical Overview’ (see IDS filed 23 May 2000), sets up a password for a
`
`temporary account, but the user request is sent over the network account
`
`connection.” Id., 295.
`
`The Monkey Technical Overview, dated July 15, 1999, discloses:
`
`The mobile network key (“monkey”) one-time password system for
`secure two-factor ‘what you have and what you know’ user
`authentication. In contrast to other hardware-based solutions, which
`depend on their own proprietary infrastructure to be established – by
`handing a hardware authentication token to each user -, monkey
`employs an existing world-wide infrastructure, the global GSM
`network for digital telephony, and thus turns any GSM mobile
`telephone into an authentication token.
`
`Ex-1002, 94. The reference discloses transmitting requested passwords to users
`
`over a cell phone network that is separate from the “network account connection”:
`
`9
`
`
`
`Petition for Inter Partes Review of U.S. Patent No. 6,993,658
`IPR2023-01406
`
`monkey makes use of this GSM service to efficiently transmit one-
`time passwords via a separate channel, i.e. the GSM network, to users
`requesting authentication. Suppose Alice would like to authenticate
`herself. To do so, she initiates a connection to the point of
`authentication, e.g. a telnet session to a firewall machine. After having
`identified herself by means of a user name and, at the discretion of her
`security administrator, a fixed password, a temporary one-time
`password, transmitted by monkey, appears on the display of her
`mobile phone. Alice reads the password off the display, types it in
`and, in case she performed well, is granted access.
`
`Id.; Ex-1003, ¶¶ 71–73. As indicated by the examiner, the Monkey Technical
`
`Overview discloses:
`
`
`
`A secure computer network on which the user has an account: the user
`
`“initiates a connection to the point of authentication, e.g. a telnet
`
`session to a firewall machine” where the user identifies herself with a
`
`
`
`
`
`
`
`“user name.”
`
`A database of users and their mobile phone numbers.
`
`A passcode known to the user: “a fixed password.”
`
`A token not known to the user (at least prior to it being generated and
`
`sent to her in response to her request): “a temporary one-time
`
`password” that is sent to the user’s mobile phone and she reads “off
`
`10
`
`
`
`Petition for Inter Partes Review of U.S. Patent No. 6,993,658
`IPR2023-01406
`
`the display, types it in and,” if entered correctly, “the user is granted
`
`access.”
`
`Ex-1002, 94–99; Ex-1003, ¶ 73. Thus, according to the examiner, the missing
`
`teaching in the prior art was the user’s request being sent over the separate cell
`
`phone network rather than “over the network account connection.” Ex-1002, 295;
`
`Ex-1003, ¶ 73.
`
`C. Claim Construction
`Petitioner proposes that each claim term be given its plain and ordinary
`
`meaning as would be understood in the context of the specification and prosecution
`
`history, and that no specific construction of any claim term is required in this
`
`proceeding because the ground identified in this Petition demonstrates the
`
`unpatentability of the claims under any reasonable construction. Petitioner
`
`addresses the terms “passcode,” “token,” and “password,” as well as the ordering
`
`of steps with respect to the creation of the password and the transmission of the
`
`token to the user’s personal communication device.
`
`1.
`
`“Passcode,” “Token,” and “Password”
`
`A POSA would understand that “passcode,” “token,” and “password” refer
`
`to strings with different labels according to their function or role. Ex-1003, ¶ 125;
`
`see also Ex-1003, ¶¶ 89–102. The example in the ’658 Patent is a “memorized
`
`passcode of ‘abcd,’ a valid token of ‘1234,’” and forming the password
`
`11
`
`
`
`Petition for Inter Partes Review of U.S. Patent No. 6,993,658
`IPR2023-01406
`
`“abcd1234.” Ex-1001, 4:52–56. The ’658 Patent provides that a “passcode” is a
`
`“secret [string] known to the user.” Id., 2:13–14 (“secret information known to the
`
`user, such as the passcode”); Ex-1003, ¶ 125; see also Ex-1003, ¶¶ 88–101. It is
`
`information that can be associated with a user ID. Ex-1001, 8:53–55 (“[T]he
`
`control module 402 associates a user ID with a passcode 154 and phone number of
`
`a user’s personal communication device 106.”). A token is a string “that is
`
`provided to the user through an object possessed by the user.” Id., 2:14–15; Ex-
`
`1003, ¶ 125; see also Ex-1003, ¶¶ 89–102. The password is a string generated
`
`based on the token and the passcode, such as by combining or concatenating them.
`
`Ex-1001, 2:2–4 (“The server creates a new password by concatenating a secret
`
`passcode that is known to the user with the token.”); Ex-1003, ¶ 124; see also Ex-
`
`1003, ¶¶ 89–102.
`
`2. Order of Steps
`
`Claim 1 recites: “generating a new password for said first secure computer
`
`network based at least upon the token and a passcode, wherein the token is not
`
`known to the user and wherein the passcode is known to the user.” Claim 1 also
`
`recites: “transmitting the token to the personal communication device.”
`
`Similarly, claim 5 recites: “a control module executed on the computer
`
`processor configured to create a new password based at least upon a token and a
`
`passcode, wherein the token is not known to the user and wherein the passcode is
`
`12
`
`
`
`Petition for Inter Partes Review of U.S. Patent No. 6,993,658
`IPR2023-01406
`
`known to the user, the control module further configured to set a password
`
`associated with the user to be the new password.” Claim 5 also recites: “a
`
`communication module configured to transmit the token to the personal
`
`communication device through the cell phone network.”
`
`It could be assumed that the token becomes known to the user when it is
`
`transmitted to the personal communication device. Thus, the password would have
`
`to be created prior to transmission of the token to the personal communication
`
`device. Ex-1003, ¶ 123. FIGs. 2A and 2B, for example, show that the user is given
`
`the token so that he or she can type it into the user interface. Ex-1001, FIGs. 2A
`
`and 2B. The ’658 Patent also provides: “In the preferred embodiment, the user 108
`
`combines the passcode 154 and the token 156 by concatenation to form the
`
`password 158.” Ex-1001, 7:42–45; Ex-1001, 9:54–60 (“The user 108 preferably
`
`concatenates his memorized secret passcode 154 with the valid token 156 to create
`
`the password 158.”). The user could not do so if the token did not become known
`
`to the user. Ex-1003, ¶ 123.
`
`However, it does not affect the unpatentability of the Challenged Claims on
`
`the ground asserted in this Petition. The prior art teaches the token being requested
`
`by and transmitted to a user over a cellular network via a personal communication
`
`device and then automatically provided by the personal communication device to a
`
`computer terminal through which the user authenticates to an account on a secure
`13
`
`
`
`Petition for Inter Partes Review of U.S. Patent No. 6,993,658
`IPR2023-01406
`
`computer network. Ex-1003, ¶¶ 124, 176. The prior art also teaches using a mobile
`
`device’s display to show the token to the user. Id. Thus, the prior art teaches at a
`
`minimum for purposes claims 1 and 5 that the token is not known to the user at the
`
`time the password is created, and at a maximum does not become known to the
`
`user even when the password is submitted. Thus, while the prior art also teaches
`
`that the token may subsequently become known to the user, it does not alter the
`
`unpatentability of the claims. Id.
`
`D.
`Priority Date of the Challenged Claims
`The earliest priority date for the ’658 Patent is the filing date: March 6,
`
`2000.
`
`E.
`Person of Ordinary Skill in the Art
`A POSA with respect to the ’658 Patent would have had a bachelor’s degree
`
`in computer science, management of
`
`information systems, or electrical
`
`engineering, or similar field, with one-to-two years of experience in the design,
`
`support, or implementation of systems requiring user authentication. Additio
Accessing this document will incur an additional charge of $.
After purchase, you can access this document again without charge.
Accept $ Charge
Still Working On It
This document is taking longer than usual to download. This can happen if we need to contact the court directly to obtain the document and their servers are running slowly.
Give it another minute or two to complete, and then try the refresh button.
A few More Minutes ... Still Working
It can take up to 5 minutes for us to download a document if the court servers are running slowly.
Thank you for your continued patience.
This document could not be displayed.
We could not find this document within its docket. Please go back to the docket page and check the link. If that does not work, go back to the docket and refresh it to pull the newest information.
Your account does not support viewing this document.
You need a Paid Account to view this document. Click here to change your account type.
Your account does not support viewing this document.
Set your membership
status to view this document.
With a Docket Alarm membership, you'll
get a whole lot more, including:
- Up-to-date information for this case.
- Email alerts whenever there is an update.
- Full text search for other cases.
- Get email alerts whenever a new case matches your search.
One Moment Please
The filing “” is large (MB) and is being downloaded.
Please refresh this page in a few minutes to see if the filing has been downloaded. The filing will also be emailed to you when the download completes.
Your document is on its way!
If you do not receive the document in five minutes, contact support at support@docketalarm.com.
Sealed Document
We are unable to display this document, it may be under a court ordered seal.
If you have proper credentials to access the file, you may proceed directly to the court's system using your government issued username and password.
Access Government Site
