IN THE UNITED STATES PATENT AND TRADEMARK OFFICE
`
`Attorney Docket No.:42342-0134IP1
`
`David L. Brown
`In re Patent of:
`8,646,042
`U.S. Patent No.:
`February 4, 2014
`Issue Date:
`Appl. Serial No.: 13/445,825
`Filing Date:
`April 12, 2012
`Title:
`HYBRID DEVICE HAVING A PERSONAL DIGITAL KEY AND
`RECEIVER-DECODER CIRCUIT AND METHODS OF USE
`
`DECLARATION OF DR. PATRICK TRAYNOR
`
`
`
`
`I, Patrick Gerard Traynor, of Gainesville, Florida, declare that:
`
`QUALIFICATIONS AND BACKGROUND INFORMATION
`1. My name is Patrick Gerard Traynor and I have been retained as an
`
`expert witness by Microsoft in the matter of Proxense, LLC vs. Microsoft
`
`Corporation. My qualifications for forming these conclusions are summarized below.
`
`2.
`
`I earned a B.S. in Computer Science from the University of Richmond
`
`in 2002 and an M.S. and Ph.D. in Computer Science and Engineering from the
`
`Pennsylvania State University in 2004 and 2008, respectively. My dissertation,
`
`entitled “Characterizing the Impact of Rigidity on the Security of Cellular
`
`Telecommunications Networks,” focused on security problems that arise in cellular
`
`infrastructure when gateways to the broader Internet were created.
`
`3.
`
`I am currently a Professor in the Department of Computer and
`
`Information Science and Engineering (CISE) at the University of Florida. I was hired
`
`under the “Rise to Preeminence” Hiring Campaign and serve as the Associate Chair
`
`1
`
`MICROSOFT 1003
`
`
`
`Attorney Docket No.:42342-0134IP1
`
`David L. Brown
`In re Patent of:
`8,646,042
`U.S. Patent No.:
`February 4, 2014
`Issue Date:
`Appl. Serial No.: 13/445,825
`Filing Date:
`April 12, 2012
`Title:
`HYBRID DEVICE HAVING A PERSONAL DIGITAL KEY AND
`RECEIVER-DECODER CIRCUIT AND METHODS OF USE
`
`DECLARATION OF DR. PATRICK TRAYNOR
`
`
`
`
`I, Patrick Gerard Traynor, of Gainesville, Florida, declare that:
`
`QUALIFICATIONS AND BACKGROUND INFORMATION
`1. My name is Patrick Gerard Traynor and I have been retained as an
`
`expert witness by Microsoft in the matter of Proxense, LLC vs. Microsoft
`
`Corporation. My qualifications for forming these conclusions are summarized below.
`
`2.
`
`I earned a B.S. in Computer Science from the University of Richmond
`
`in 2002 and an M.S. and Ph.D. in Computer Science and Engineering from the
`
`Pennsylvania State University in 2004 and 2008, respectively. My dissertation,
`
`entitled “Characterizing the Impact of Rigidity on the Security of Cellular
`
`Telecommunications Networks,” focused on security problems that arise in cellular
`
`infrastructure when gateways to the broader Internet were created.
`
`3.
`
`I am currently a Professor in the Department of Computer and
`
`Information Science and Engineering (CISE) at the University of Florida. I was hired
`
`under the “Rise to Preeminence” Hiring Campaign and serve as the Associate Chair
`
`1
`
`MICROSOFT 1003
`
`
`
`for Research in my Department. I also hold the endowed position of the John and
`
`Mary Lou Dasburg Preeminent Chair in Engineering.
`
`4.
`
`Prior to joining the University of Florida, I was an Associate Professor
`
`from March to August 2014 and an Assistant Professor of Computer Science from
`
`2008 to March 2014 at the Georgia Institute of Technology. I have supervised many
`
`Ph.D., M.S., and undergraduate students during the course of my career.
`
`5. My area of expertise is security, especially as it applies to mobile
`
`systems and networks, including cellular networks. As such, I regularly teach
`
`students taking my courses and participating in my research group to program and
`
`evaluate software and architectures for mobile and cellular systems. I have taught
`
`courses on the topics of network and systems security, cellular networks, and mobile
`
`systems at both Georgia Tech and the University of Florida. I also advised and
`
`instructed the Information Assurance Officer Training Program for the United States
`
`Army Signal Corps in the Spring of 2010.
`
`6.
`
`I have received numerous awards for research and teaching, including
`
`being named a Kavli Fellow (2017), a Fellow of the Center for Financial Inclusion
`
`(2016), and a Research Fellow of the Alfred P. Sloan Foundation (2014). I also won
`
`the Lockheed Inspirational Young Faculty Award (2012), was awarded a National
`
`Science Foundation (NSF) CAREER Award (2010), and received the Center for
`
`2
`
`
`
`Enhancement of Teaching and Learning at Georgia Tech’s “Thanks for Being a
`
`Great Teacher” Award (2009, 2012, 2013).
`
`7.
`
`I have published over 100 articles in top conferences and journals in the
`
`areas of information security, mobile systems, and networking. Many of my results
`
`are highly cited, and I have received multiple “Best Paper” Awards. I have also
`
`written a book entitled “Security for Telecommunications Networks”, which is used
`
`in wireless and cellular security courses at a number of top universities.
`
`8.
`
`I am a Senior Member of the Association for Computing Machinery
`
`(ACM) and the Institute of Electrical and Electronics Engineers (IEEE). I am also a
`
`member of the USENIX Advanced Computing Systems Association.
`
`9.
`
`I serve as an Associate Editor for IEEE Security and Privacy Magazine,
`
`have been the Program Chair for eight conferences and workshops, and have served
`
`as a member of the Program Committee for over 50 different conferences and
`
`workshops. I am also currently the Security Subcommittee Chair for the ACM US
`
`Technology Policy Committee (USACM).
`
`10.
`
`I was a co-Founder and Research Fellow for a private start-up, Pindrop
`
`Security, from 2012 to 2014. Pindrop provides anti-fraud and authentication
`
`solutions for Caller-ID spoofing attacks in enterprise call centers by creating and
`
`matching acoustic fingerprints. Pindrop Security currently employs over 200 people,
`
`and their technology is based off of my research (US Patent 9,037,113 B2).
`
`3
`
`
`
`11.
`
`I was a co-Founder and Chief Executive of a private start-up,
`
`CryptoDrop. CryptoDrop developed a ransomware detection and recovery tool to
`
`provide state of the art protection to home, small business, and enterprise users. This
`
`technology was also based off of my research (US Patent 10,685,114 B2).
`
`12.
`
`I was also a co-Founder and Chief Executive of a private start-up, Skim
`
`Reaper. Skim Reaper developed tools to detect credit card skimming devices, and
`
`worked with a range of banks, international law enforcement, regulators, and
`
`retailers. This technology was also based off of my research (US Patent 10,496,914
`
`B2).
`
`13.
`
`I am a named inventor on ten US patents. These patents detail methods
`
`for determining the origin and path taken by phone calls as they traverse various
`
`networks, cryptographically authenticating phone calls, providing a secure means of
`
`indoor localization using mobile/wireless devices, detecting credit card skimmers,
`
`identifying cloned credit cards, and blocking ransomware from encrypting data.
`
`14. My curriculum vitae, included with this declaration as App. A, includes
`
`a list of publications on which I am a named author. It contains further details
`
`regarding my experience, education, publications, and other qualifications to render
`
`an expert opinion in connection with this proceeding.
`
`15.
`
`In writing this Declaration, I have considered the following: my own
`
`knowledge and experience, including my work experience in mobile systems and
`
`4
`
`
`
`networks; my experience in teaching those subjects; and my experience in working
`
`with others involved in those fields. In addition, I have analyzed the following
`
`publications and materials, in addition to other materials I cite in my declaration:
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`U.S. Patent No 8,646,042 (MS-1001), and its accompanying prosecution
`
`history (MS-1002)
`
`U.S. Patent Publication No. 2007/0245157 A1 (“Giobbi-157”) (MS-1005)
`
`U.S. Patent Publication No. 2004/0255139 A1 (“Giobbi-139”) (MS-1006)
`
`U.S. Patent No. 9,042,819 (“Dua”) (MS-1007)
`
`European Patent No. EP 1 536 306 A1 (“Broadcom”) (MS-1008)
`
`Claim Construction Order, Proxense, LLC v Samsung Electronics Co., Ltd,
`
`6:21-CV-00210-ADA, W.D. Tex., filed January 18, 2022 (MS-1009)
`
`Provisional Application No. 60/798,843 (MS-1010)
`
`I.
`
`LEGAL PRINCIPLES
`Anticipation
`
`16.
`
`I have been informed that a patent claim is invalid as anticipated under
`
`35 U.S.C. § 102 if each and every element of a claim, as properly construed, is found
`
`either explicitly or inherently in a single prior art reference. Under the principles of
`
`inherency, if the prior art necessarily functions in accordance with, or includes the
`
`claimed limitations, it anticipates.
`
`5
`
`
`
`17.
`
`I have been informed that a claim is invalid under 35 U.S.C. § 102(a) if
`
`the claimed invention was known or used by others in the U.S., or was patented or
`
`published anywhere, before the applicant’s invention. I further have been informed
`
`that a claim is invalid under 35 U.S.C. § 102(b) if the invention was patented or
`
`published anywhere, or was in public use, on sale, or offered for sale in this country,
`
`more than one year prior to the filing date of the patent application (critical date).
`
`And a claim is invalid, as I have been informed, under 35 U.S.C. § 102(e), if an
`
`invention described by that claim was described in a U.S. patent granted on an
`
`application for a patent by another that was filed in the U.S. before the date of
`
`invention for such a claim.
`
`Obviousness
`
`18.
`
`I have been informed that a patent claim is invalid as “obvious” under
`
`35 U.S.C. § 103 in light of one or more prior art references if it would have been
`
`obvious to a POSITA, taking into account (1) the scope and content of the prior art,
`
`(2) the differences between the prior art and the claims, (3) the level of ordinary skill
`
`in the art, and (4) any so called “secondary considerations” of non-obviousness,
`
`which include: (i) “long felt need” for the claimed invention, (ii) commercial success
`
`attributable to the claimed invention, (iii) unexpected results of the claimed
`
`invention, and (iv) “copying” of the claimed invention by others. For purposes of
`
`my analysis above and because I know of no indication from the patent owner or
`
`6
`
`
`
`others to the contrary, I have applied a date of December 6, 2007, as the date of
`
`invention in my obviousness analyses, although in many cases the same analysis
`
`would hold true even at an earlier time than December 6, 2007.
`
`19.
`
`I have been informed that a claim can be obvious in light of a single
`
`prior art reference or multiple prior art references. To be obvious in light of a single
`
`prior art reference or multiple prior art references, there must be a reason to modify
`
`the single prior art reference, or combine two or more references, in order to achieve
`
`the claimed invention. This reason may come from a teaching, suggestion, or
`
`motivation to combine, or may come from the reference or references themselves,
`
`the knowledge or “common sense” of one skilled in the art, or from the nature of the
`
`problem to be solved, and may be explicit or implicit from the prior art as a whole.
`
`I have been informed that the combination of familiar elements according to known
`
`methods is likely to be obvious when it does no more than yield predictable results.
`
`I also understand it is improper to rely on hindsight in making the obviousness
`
`determination.
`
`II. OVERVIEW OF CONCLUSIONS FORMED
`20. This expert Declaration explains the conclusions that I have formed
`
`based on my analysis. To summarize those conclusions:
`
` Based upon my knowledge and experience and my review of the prior
`
`art publications listed above, I believe that claims 1, 5-6, 8-11, and 13-
`
`7
`
`
`
`14 of the ’042 patent are obvious over Giobbi-157 in view of Giobbi-
`
`139.
`
` Based upon my knowledge and experience and my review of the prior
`
`art publications listed above, I believe that claims 1, 5-6, 8-11, and 13-
`
`14 of the ’042 patent are obvious over Giobbi-157 in view of Giobbi-
`
`139 and Dua.
`
` Based upon my knowledge and experience and my review of the prior
`
`art publications listed above, I believe that claims 10-11 and 13-14 the
`
`’042 patent are obvious over Broadcom.
`
`III. BACKGROUND KNOWLEDGE ONE OF SKILL IN THE ART
`WOULD HAVE HAD PRIOR TO THE PRIORITY DATE OF THE
`’042 PATENT
`21. Based on the foregoing and upon my experience in this area, a person
`
`of ordinary skill in the art (“POSITA”) relating to the subject matter of the ’042
`
`Patent as of December 6, 2007 would have had (1) at least a bachelor’s degree in
`
`computer science, electrical engineering, or a related field, and (2) at least two years
`
`of experience in the field of encryption and security. Additional graduate education
`
`could substitute for professional experience, and vice versa.
`
`22. Based on my experiences, I have a good understanding of the
`
`capabilities of a POSITA as I was such an individual at the time of the Critical Date.
`
`8
`
`
`
`Moreover, I have taught, participated in organizations, and worked closely with
`
`many such persons over the course of my career.
`
`IV.
`
`INTERPRETATIONS OF THE ’042 PATENT CLAIMS AT ISSUE
`23.
`I have been informed by Counsel and understand that the best indicator
`
`of claim meaning is its usage in the context of the patent specification as understood
`
`by one of ordinary skill. I further understand that the words of the claims should be
`
`given their plain meaning unless that meaning is inconsistent with the patent
`
`specification or the patent’s history of examination before the Patent Office.
`
`Counsel has also informed me, and I understand that, the words of the claims should
`
`be interpreted as they would have been interpreted by one of ordinary skill at the
`
`time of the invention was made (not today). I have been informed by Counsel that I
`
`should use December 6, 2007 as the point in time for claim interpretation purposes.
`
`24.
`
`I have been asked to provide my interpretation of the following terms
`
`of the ’042 patent set forth below. In providing the following interpretations, I have
`
`carefully considered and applied the claim construction standard referred to in ¶23
`
`above. Below, I offer my analysis of how a POSITA would have construed certain
`
`claim features of the ’042 patent. My analysis also considers the constructions
`
`adopted in previous proceedings where family members of the ’042 patent were
`
`asserted. MS-1009.
`
`A. Hybrid Device
`
`9
`
`
`
`25. For the purposes of the present proceeding this term (“hybrid device”)
`
`appears in claims 1, 5-6, and 8-11. The use of the term “hybrid device” is consistent
`
`with the use of the term in the specification of the ’042 patent. See, e.g., MS-1001,
`
`Abstract, 1:65-2:19. Previously in a related proceeding with a family member of
`
`the ’042 patent, the court construed “hybrid device” to be “a device comprising an
`
`integrated personal digital key (PDK) and an integrated receiver-decoder circuit.”
`
`MS-1009. Accordingly, because the ’042 patent recites the use of a “PDK” and
`
`“RDC” in the “hybrid device” claims and given the consistency with the ’042 patent
`
`specification, I believe the previous construction is consistent. MS-1001, Claim 1,
`
`10. For purposes of this proceeding, I adopt this construction of “hybrid device,”
`
`which, as noted above, was adopted in previous proceedings. MS-1009.
`
`B.
`Personal Digital Key (“PDK”)
`26. For the purposes of the present proceeding, I believe this term, which
`
`appears in claims 1, 5-6, 8, 10, and 13-14, should be construed to mean “an operably
`
`connected collection of elements including an antenna and a transceiver for
`
`communicating with a RDC and a controller and memory for storing information
`
`particular to a user.” This definition is consistent with the use of the term in the
`
`specification of the ’042 patent. See, e.g., MS-1001, 13:41-54. Accordingly, I adopt
`
`the construction of “personal digital key,” which, as noted above, was adopted in
`
`previous proceedings. MS-1009.
`
`10
`
`
`
`C. Receiver-decoder circuit (“RDC”)
`27. For the purposes of the present proceeding, I believe this term, which
`
`appears in claims 1, 5-6, 8, 10, and 13-14 should be construed to mean “a component
`
`or collection of components, capable of wirelessly receiving data in an encrypted
`
`format and decoding the encrypted data for processing.” This definition is consistent
`
`with the use of the term in the specification of the ’042 patent. See, e.g., MS-1001,
`
`7:10-22. Accordingly, I adopt the construction of “receiver-decoder circuit,” which,
`
`as noted above, was adopted in previous proceedings. MS-1009.
`
`V.
`
`THE ’042 PATENT
`
`A. Overview
`28. The ’042 Patent is directed to “a hybrid device” that includes a personal
`
`digital key (PDK) and a receiver-decoder circuit (RDC) coupled in communication
`
`with each other. MS-1001, Abstract, 1:20-26. The integrated PDK communicates
`
`wirelessly with an external RDC and the integrated RDC communicates wirelessly
`
`with at least one external PDK within its proximity zone. MS-1001, 3:62-4:20. The
`
`specification discloses that the integrated PDK is capable of storing local, secured
`
`financial information or secured biometric information for authenticating a user.
`
`MS-1001, 3:20-32, 16: 20-38. Similarly, the external PDK is also capable of storing
`
`information. MS-1001, 3:62-4:20. For example, in one embodiment, the integrated
`
`PDK carries credentials such as credit card or account information that are used to
`
`11
`
`
`
`enable services associated with the external RDC. MS-1001, 4:63-5:24; 8:30-49. A
`
`user can make a purchase with the hybrid device provided that they are in possession
`
`of the external PDK and in proximity to the hybrid device. If so, the external PDK
`
`wirelessly connects to the integrated RDC and authorizes the integrated PDK to
`
`enable a transaction by sharing credit card or account information with the external
`
`RDC. Id.
`
`29. The ’042 Patent claims priority to a number of provisional applications,
`
`the earliest of which was filed 12/6/2007. MS-1001, Cover.
`
`B.
`Prosecution History
`30. The ’042 Patent was allowed after a single office action that presented
`
`only a double-patenting rejection. MS-1002, 380-386. During prosecution, the
`
`Examiner did not consider any of Giobbi-157, Giobbi-139, Dua, or Broadcom. Id.
`
`VI. ANALYSIS OF GIOBBI-157, GIOBBI-157, AND DUA
`31. Below, I analyze a first ground based on Giobbi-157 and Giobbi-139
`
`(“the Giobbi references”) and a second ground that additionally incorporates the
`
`disclosure of Dua. In the first ground [1A], I rely on the disclosure of the Giobbi
`
`references and explains why their disclosure, when interpreted in view of the general
`
`knowledge of a POSITA, renders obvious claims 1, 5-6, 8-11, and 13-14. In the
`
`second ground [1B], I rely on the same disclosure of the Giobbi references and
`
`explanation of obviousness as presented in the first ground [1A], but also turn to
`
`12
`
`
`
`Dua’s disclosure to provide additional implementation examples. Because the use
`
`of the Giobbi references’ disclosure and corresponding obviousness arguments are
`
`similar for both grounds [1A/1B], I discuss these grounds together for ease of
`
`presentation.
`
`A. Overview of Giobbi-157
`32. Giobbi-157 is directed at a system and method to “provide efficient,
`
`secure and highly reliable authentication for transaction processing and/or access
`
`control applications.” MS-1005, Abstract, ¶¶[0011]-[0014]. The disclosure further
`
`explains that a “transaction includes enabling access to secure physical or digital
`
`assets (e.g., unlocking a door, opening a vault, providing access to a secured hard
`
`drive, etc.).” MS-1005, ¶[0063]. This process is accomplished using “secure and
`
`tamperproof memories” to store information for “identification and authentication.”
`
`MS-1005, ¶[0036], see also ¶¶[0026]-[0029], [0035]-[0048]. Giobbi-157 is a
`
`continuation in part of a prior application and claims priority to five provisional
`
`applications. MS-1005, Cover, ¶[0002].
`
`33. Giobbi-157 discloses a Personal Digital Key (PDK) that “stores one or
`
`more profiles (e.g., a biometric profile) in a tamperproof memory that is acquired in
`
`a secure and trusted process.” MS-1005, ¶[0063], see also ¶¶[0026]-[0029], [0035]-
`
`[0048]. Giobbi-157 further teaches that the PDK may be integrated into an
`
`13
`
`
`
`electronic device, such as a cellphone. MS-1005, ¶[0035] (“a portable electronic
`
`device such as a cell phone”), see also ¶[0080], claims 27, 33.
`
`34. Giobbi-157 teaches that its integrated PDK can communicate with a
`
`receiver-decoder circuit (RDC). MS-1005, ¶¶[0049]-[0058], [0064]. The RDC
`
`establishes a secure communication channel between the PDK and RDC, then sends
`
`“profile authentication requests to the PDK 102 requesting transmission of one or
`
`more stored profiles over the secure channel.” MS-1005, ¶[0064]. In some
`
`examples, Giobbi-157 teaches that information stored on a PDK, such as fingerprint
`
`information, is transmitted to an external RDC located on a “Reader 108.” MS-1005,
`
`¶[0049]. An example of Giobbi-157’s PDK and Reader configuration is shown in
`
`the annotated version of Figures 2 and 3 below.
`
`14
`
`
`
`MS-1005, FIG. 21.
`
`
`
`1 My annotations to the figures in my declaration are shown in color.
`
`
`
`
`
`15
`
`
`
`MS-1005, FIG. 3.
`
`
`
`35. Giobbi-157 teaches that its RDC can authenticate a PDK and then
`
`enable a “transaction,” the “transaction includ[ing] enabling access to secure
`
`physical or digital assets (e.g., unlocking a door, opening a vault, providing access
`
`to a secured hard drive, etc.).” MS-1005, ¶¶[0057]-[0058], [0063], FIG. 4.
`
`16
`
`
`
`MS-1005, FIG. 4.
`
`
`
`36. Giobbi-157 also discloses that “the PDK can store other information
`
`such as credit/debit card information, bank information, or personal information in
`
`a memory for use in authorizing or completing a transaction.” MS-1005, ¶¶[0011],
`
`[0063], [0065].
`
`37. The Giobbi-157 provisional applications disclose several use cases of
`
`the PDK and RDC systems and detail both the process and components necessary to
`
`setup and operate a PDK and RDC system. MS-1010, pp. 2-14. The details include
`
`exemplary form factors for the PDKs and RDCs and explanations as to how a user
`
`17
`
`
`
`could incorporate these devices into a user’s current devices to setup and operate a
`
`PDK and RDC system. Id.
`
`B. Overview of Giobbi-139
`38. Giobbi-139 shares the same goal of securing physical or digital access
`
`as Giobbi-157, disclosing a “Personal Digital Key Digital Content Security System”
`
`which prevents “unauthorized use and protect[s] the digital content stored on
`
`computers from being wrongfully accessed, copied, and/or distributed.” MS-1006,
`
`Abstract, ¶[0010]. Like the Giobbi-157 publication, Giobbi-139 discusses the use
`
`of RDCs to communicate with PDKs to enable access and functions on devices. MS-
`
`1006, ¶¶[0010], [0071]-[0078]. The disclosure of Giobbi-139 further teaches that
`
`an RDC can be incorporated into a cell phone and that the RDC “is an integrated
`
`circuit able to process PDK-Key information, as well as encrypt/decrypt PDK-
`
`compliant digital content.” MS-1006, ¶[0077], [0088] (“This embodiment involves
`
`integrating RDCs into…PDAs, cell phones [etc.]"); MS-1005, ¶[0035].
`
`39. Giobbi-139 teaches the PDK and RDC relationship as being flexible
`
`and capable of being integrated with existing equipment. MS-1006, ¶¶[0087]-
`
`[0099]. Giobbi-139 also teaches that an RDC can be acquired independently and
`
`integrated into a device. MS-1006, ¶¶[0088]-[0090]. The integrated RDC could
`
`then be used to secure the device and can even “enable/disable” the device based on
`
`communication with a PDK. MS-1006, ¶¶[0087]-[0090]. When using a PDK to
`
`18
`
`
`
`secure a device with an integrated RDC, “[t]his security mechanism protects any
`
`data stored on such devices in the event they are ever stolen, left unattended, or even
`
`purposely ‘disabled’ to prevent access to sensitive content (i.e. preventing minors
`
`from accessing adult files, websites, etc.). MS-1006, ¶[0090]. When the associated
`
`PDK-Key(s) is not present, these devices and their storage means are locked and
`
`disabled.” Id.
`
`40. Giobbi-139 also discloses the scalability of RDC and PDK architecture.
`
`MS-1006, ¶¶[0091]-[0096]. For example, Giobbi-139 teaches that a user can
`
`“assign (or remove)” additional PDKs to a device with an integrated RDC. MS-
`
`1006, ¶¶[0092] (“Giving users the option to purchase and associate a PDK-Key at a
`
`later time, or importantly, assign a PDK-Key they already utilize for another PDK-
`
`based device. This allows a user to utilize a single PDK-Key to provide access to
`
`all their PDK based devices”), [0095].
`
`41. Giobbi-139 further discloses a version of communication between a
`
`PDK and RDC that is not wireless. ¶¶[0041], [0071]-[0073]. Particularly, Giobbi-
`
`139 teaches alternative embodiments where an RDC and PDK are communicatively
`
`coupled to each other by a wired signal line:
`
`“In other alternative embodiments, the communication between the
`user's physical electronic key [i.e., PDK] and the playing device is not
`wireless. Rather, in one alternative embodiment, the user's physical
`electronic key [i.e., PDK] communicates the activation code to the
`
`19
`
`
`
`playing device [i.e., the RDC on the playing device] via a transmission
`line such as a serial cable that plugs into the key at one end and the
`playing device at the other end. In another alternative embodiment, the
`key is a smart card or magnetic card into which the activation code is
`encoded, and the key is configured to physically fit into a card reader
`slot on the playing device.”
`MS-1006, ¶¶[0041], [0071]-[0073].
`
`C. Overview of Dua
`42. Dua discloses a wireless media player or related system (e.g., a cell
`
`phone) which establishes wireless connections with other devices to enable functions
`
`and exchange data. MS-1007, 6:46-65, FIG. 6. Dua’s device is shown, for example,
`
`in annotated Fig. 6:
`
`
`
`MS-1007, FIG. 6.
`
`20
`
`
`
`MS-1007, FIG. 4A.
`
`
`
`43. Dua employs an RFID system to secure data and applications on its
`
`device using an RFID “electronic key” (e.g., for point-of-sale transactions). MS-
`
`1007, 12:51-64. Dua uses an RFID Tag as an electronic “key” and an RFID Reader
`
`as the electronic “lock.” Id. Specifically, Dua discloses that its device uses RFID
`
`Tag-Reader Module (shown above in FIG. 4A), that includes both an RFID Reader
`
`Unit 304 and RFID Tag Unit 306. MS-1007, 13:22-48, FIGS. 4A, 6.
`
`44. Dua’s RFID Tag Unit 306 stores information necessary to gain access
`
`to an external device in an encrypted internal tag memory and transmits this
`
`information to an external Reader when establishing a connection. MS-1007, 13:9-
`
`18, 14:53-64, 15:42-56, 16:31-34. As shown in FIG. 4A above, Dua also discloses
`
`an integrated Reader Unit 304 for reading information transmitted by external Tag
`
`Units. MS-1007, 14:53-64, FIG. 4A.
`
`
`
`21
`
`
`
`D. The Giobbi-157-Giobbi-139 combination
`1. Giobbi-157 teaches integrating a PDK into a mobile device
`to enable a user to enjoy secure storage functionality via a
`commonly carried item
`45. Giobbi-157 expressly and repeatedly discloses the portability of a PDK,
`
`emphasizing that a PDK can be carried by a user on their person and expressly
`
`teaches integrating the PDK into cell phones, PDAs, and other commonly carried
`
`items. MS-1005, ¶¶[0012], [0027], [0030], [0035] (“integrated into commonly
`
`carried items … such as a cell phone, [or PDA]”); MS-1010, p. 3, 14 (“[c]ell phones
`
`& PDAs with integrated PDKs … [represent] an obvious advance in convenience
`
`and simplicity over currently available alternatives”). Based on these teachings, a
`
`POSITA would have readily recognized that integration of PDKs into mobile
`
`devices, such as cell phones, provides the benefits of simplicity and convenience by,
`
`for example, providing a secure and local storage location for the user’s biometric
`
`data. MS-1005, ¶¶[0012], [0027], [0030], [0035]. This integration enables a user
`
`who already carries a cell phone to enjoy the security benefits offered by Giobbi-
`
`157’s system without having to carry a separate PDK. Indeed, these benefits include
`
`enabling the user to execute transactions with, for example, external RDCs (e.g., to
`
`enable access to an external, secure, digital or physical asset) where the transactions
`
`are secured by biometric verification while providing an individual with “a simple
`
`and efficient enrollment process that does not put an individual’s highly personal
`
`22
`
`
`
`information at risk of identity theft or fraudulent use.” MS-1005, ¶¶[0010], [0063].
`
`The incorporated ’157 provisional application provides an illustration of a cell phone
`
`with integrated PDK.
`
`MS-1010, p. 28 (image cropped).
`
`
`
`2. Giobbi ’139 teaches integrating an RDC into a mobile
`device to provide enhanced security for the data stored on
`the mobile device.
`46. Giobbi-139 teaches integrating an RDC into the same type of device
`
`disclosed in Giobbi-157 (e.g., a mobile device, such as a cell phone). MS-1006,
`
`¶[0088]; MS-1005, ¶[0035]. Specifically, Giobbi-139 discloses the PDK and RDC
`
`architecture “to protect computers from unauthorized use and protect the digital
`
`content stored on computers from being wrongfully accessed, copied, and/or
`
`distributed.” MS-1006, Abstract. Like Giobbi-157, Giobbi-139 teaches that the
`
`23
`
`
`
`PDK stores the data that authenticates a user via an RDC. MS-1006, ¶¶[0022]-
`
`[0044].
`
`47. Giobbi-139 provides additional implementation details for its RDCs,
`
`noting that an RDC “is an integrated circuit able to process PDK-Key information,
`
`as well as encrypt/decrypt PDK-compliant digital content.” MS-1006, ¶[0072].
`
`Giobbi-139 also notes that its integrated RDC may communicate with a PDK
`
`wirelessly or through a physical connection. MS-1006, ¶¶[0022]-[0044]. Thus,
`
`Giobbi-139 teaches similar components as Giobbi ’157, where an RDC can
`
`communicate with at least one PDK to grant digital or physical access. MS-1006,
`
`Abstract, ¶¶[0036]-[0037], [0088]-[0090]. Notably, Giobbi-139 identifies such a
`
`configuration as an “enhancement.” MS-1006, ¶¶[0087]-[0088]. Giobbi-139 also
`
`discloses that it would have been desirable to include an RDC in a device holding
`
`data, such as a cell phone, to increase security by requiring a valid PDK to be used
`
`to permit access to the data. MS-1006, ¶[0088], FIG. 4. Given these teachings, a
`
`POSITA would have found it obvious and advantageous to integrate an RDC into
`
`Giobbi-157’s cell phone to thereby enhance the security of the data stored on the cell
`
`phone.
`
`48. Giobbi-139 additionally teaches a broader way to secure data on a cell
`
`phone and discloses that an RDC integrated into a cellphone can be used with a PDK
`
`to “effectively enable[]/disable[] the device itself.” MS-1006, ¶¶[0088]-[0089].
`
`24
`
`
`
`Giobbi-139 teaches that, “[t]his security mechanism protects any data stored on such
`
`devices in the event they are ever stolen, left unattended, or even purposely ‘disabled’
`
`to prevent access to sensitive content (i.e. preventing minors from accessing adult
`
`files, websites, etc.).” MS-1006, ¶[0090]. In this configuration, the cell phone with
`
`the integrated RDC can enable or disable the device through authentication with a
`
`PDK. Id.
`
`3.
`The combination of Giobbi-157 and Giobbi-139
`49. Given the teachings of Giobbi-157 and Giobbi-139, a POSITA would
`
`have been motivated to integrate a PDK and RDC into the same mobile device (thus,
`
`creating a “hybrid device”). MS-1005, ¶¶[0012], [0027], [0030], [0035]; MS-1006,
`
`¶¶[0022]-[0044]. As stated above, Giobbi-157 enumerates the advantages and
`
`motivations of incorporating a PDK into a mobile device. MS-1005, ¶¶[0035],
`
`[0080], claims 27, 33. For example, a user carrying the hybrid device would be able
`
`to be wirelessly authenticated with RDCs to securely complete transactions or gain
`
`access to physical or digital assets. Each RDC would be capable of communicating
`
`with the PDK’s “secure and tamperproof memories,” in which biometric
`
`authentication data is stored securely on the device in a format retrievable by an
`
`RDC. MS-1005, ¶¶[0036], [0064]. Additionally, Giobbi-139 teaches the benefits
`
`of integrating an RDC into this hybrid device. MS-1006, ¶¶[0087]-[0099]. For
`
`instance, a user can use an RDC integrated in the hybrid device to secure the data
`
`25
`
`
`
`within the hybrid device (cell phone) to thereby protect it from loss or theft. MS-
`
`1006, ¶[0091]. Further the RDC would allow other external PDKs to interact with
`
`the hybrid device. Accordingly, a POSITA would have recognized that a mobile
`
`device having an integrated RDC and PDK would provide increased security in
`
`accessing both assets internal to the mobile device and assets external to the mobile
`
`device. In this way, the mobile device would provide the same enhanced security as
`
`the disclosed PDK and RDC security architecture taught in both Giobbi-157 and
`
`Giobbi-139 for accessing internal and external assets.
`
`
`MS-1005, FIGS. 2-3 (modified to incorporate Giobbi-139’s teachings).
`
`
`
`4.
`
`A POSITA would have found it obvious to integrate a PDK
`and RDC in a mobile device to enable secure access to assets
`
`26
`
`
`
`internal to the mobile device and assets external to the
`mobile device
`50. A POSITA would have found it obvious to communicatively couple the
`
`integrated PDK and RDC within the mobile device with a physical connection based
`
`on Giobbi ’139’s teachings that a PDK can be connected to an RDC by a
`
`“transmission line such as a serial cable.” MS-1006, ¶[0041]. By coupling the
`
`integrated PDK and RDC in this manner, assets internal to the mobile device (e.g.,
`
`files, applications, etc.) can thereby be protected using the PDK-RDC techniques
`
`disclosed by Giobbi-157 and Giobbi-139. MS-1005, ¶¶[0012], [0027], [0030],
`
`[0035]; MS-1006
Accessing this document will incur an additional charge of $.
After purchase, you can access this document again without charge.
Accept $ Charge
Still Working On It
This document is taking longer than usual to download. This can happen if we need to contact the court directly to obtain the document and their servers are running slowly.
Give it another minute or two to complete, and then try the refresh button.
A few More Minutes ... Still Working
It can take up to 5 minutes for us to download a document if the court servers are running slowly.
Thank you for your continued patience.
This document could not be displayed.
We could not find this document within its docket. Please go back to the docket page and check the link. If that does not work, go back to the docket and refresh it to pull the newest information.
Your account does not support viewing this document.
You need a Paid Account to view this document. Click here to change your account type.
Your account does not support viewing this document.
Set your membership
status to view this document.
With a Docket Alarm membership, you'll
get a whole lot more, including:
- Up-to-date information for this case.
- Email alerts whenever there is an update.
- Full text search for other cases.
- Get email alerts whenever a new case matches your search.
One Moment Please
The filing “” is large (MB) and is being downloaded.
Please refresh this page in a few minutes to see if the filing has been downloaded. The filing will also be emailed to you when the download completes.
Your document is on its way!
If you do not receive the document in five minutes, contact support at support@docketalarm.com.
Sealed Document
We are unable to display this document, it may be under a court ordered seal.
If you have proper credentials to access the file, you may proceed directly to the court's system using your government issued username and password.
Access Government Site
