UNITED STATES PATENT AND TRADEMARK OFFICE
`__________________________________
`
`BEFORE THE PATENT TRIAL AND APPEAL BOARD
`__________________________________
`
`SPECTRUM BRANDS, INC.
`Petitioner
`
`v.
`
`ASSA ABLOY AB
`Patent Owner.
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`Case No. TBD
`U.S. Patent No. 7,706,778
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`DECLARATION OF PROFESSOR MATTHEW GREEN, PH.D.
`
`
`
`
`
`
`
`SPECTRUM EX. 1004
`Spectrum Brands v. Assa Abloy
`US Patent No. 7,706,778
`
`
`__________________________________
`
`BEFORE THE PATENT TRIAL AND APPEAL BOARD
`__________________________________
`
`SPECTRUM BRANDS, INC.
`Petitioner
`
`v.
`
`ASSA ABLOY AB
`Patent Owner.
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`Case No. TBD
`U.S. Patent No. 7,706,778
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`DECLARATION OF PROFESSOR MATTHEW GREEN, PH.D.
`
`
`
`
`
`
`
`SPECTRUM EX. 1004
`Spectrum Brands v. Assa Abloy
`US Patent No. 7,706,778
`
`
`
`Spectrum Brands v. Assa Abloy AB
`IPR Petition – U.S. Patent No. 7,706,778
`
`
`I, Professor Matthew Green, Ph.D., declare and state as follows:
`
`I. BACKGROUND AND QUALIFICATIONS
`
`1.
`
`I have been retained by Petitioner Spectrum Brands, Inc. to provide
`
`expert opinions in connection with this IPR proceeding. I have been asked by
`
`counsel to review relevant materials and render my expert opinion in connection
`
`with technical matters related to the petition for inter partes review of U.S. Patent
`
`7,706,778 (“’778 Patent”).
`
`2.
`
`I have been asked to provide my opinions regarding the validity of
`
`Claims 1, 4, 6, 8, 10-14, 16-18, 22-25, 28-31, 33 and 34 of the ’778 Patent. I have
`
`used my education and my years of experience working in the field of security
`
`systems, and my understanding of the knowledge, creativity, and experience of a
`
`person of ordinary skill in the art in forming the opinions expressed in this
`
`declaration.
`
`3.
`
`Attached as Appendix A to this declaration is my current curriculum
`
`vitae, which includes a listing of my publications, patents, research support, and
`
`prior testimony as an expert. The following paragraphs briefly summarize my
`
`relevant expertise.
`
`4.
`
`I hold a Ph.D. in Computer Science from Johns Hopkins University, a
`
`Master of Science degree in Computer Science from Johns Hopkins University,
`
`and a Bachelor of Arts in Computer Science from Oberlin College. I conducted my
`
`-1-
`
`
`
`Spectrum Brands v. Assa Abloy AB
`IPR Petition – U.S. Patent No. 7,706,778
`
`Ph.D. thesis work on new cryptographic techniques for providing access control in
`
`secure databases, while simultaneously maintaining privacy of data accesses. I
`
`have authored numerous research papers
`
`in peer-reviewed
`
`journals and
`
`conferences, including papers in conferences and journals of the Institute of
`
`Electrical and Electronics Engineers (IEEE) and the Association for Computing
`
`Machinery (ACM).
`
`5.
`
`I am presently Assistant Research Professor at Johns Hopkins
`
`University in Baltimore, Maryland. As a Professor, I research novel techniques in
`
`the area of computer security and applied cryptography. This research includes
`
`investigation of computerized access control systems. I have published numerous
`
`papers related to access control systems and their underlying technology, including
`
`encryption protocols and cryptography.
`
`6.
`
`I have conducted research projects involving various physical and
`
`electronic security systems. In one project I undertook at Johns Hopkins
`
`University, I investigated an access control system that was used to secure millions
`
`of vehicles against automotive theft. In the course of that investigation, my co-
`
`investigators and I uncovered serious vulnerabilities that led to national press
`
`coverage by the NEW YORK TIMES, WASHINGTON POST, and other media outlets,
`
`and resulted in subsequent system re-designs by the manufacturer. In other
`
`academic research projects, I investigated electronic security access control
`
`-2-
`
`
`
`Spectrum Brands v. Assa Abloy AB
`IPR Petition – U.S. Patent No. 7,706,778
`
`systems. These included toll collection systems; electronic payment systems;
`
`cryptographic Hardware Security Modules (HSMs) used by the banking industry
`
`and others; systems designed to protect electronic audiovisual content against
`
`unauthorized access; and systems designed to secure communications transmitted
`
`over the Internet. In the last three years, I have conducted research funded by the
`
`Defense Advanced Research Projects Agency (DARPA)
`
`to further our
`
`understanding of secure computing on encrypted data, and I have conducted
`
`research in collaboration with Google to develop portable secure access control
`
`modules for use in Android devices such as mobile phones.
`
`7.
`
`Prior to my current position at Johns Hopkins University, I worked in
`
`industry for a number of years as a software developer and technology consultant.
`
`As a software developer and technology consultant, I gained expertise in several
`
`fields, including access control systems and technologies.
`
`8.
`
`From 1999-2003 I held the position of Senior Technical Staff Member
`
`at AT&T Laboratories in Florham Park, NJ, where my responsibilities included
`
`developing software for secure delivery of digital content. This work involved
`
`developing computerized access control systems responsible for securing music
`
`and video content, limiting access to said content only to authorized users under a
`
`specific set of policy conditions.
`
`-3-
`
`
`
`Spectrum Brands v. Assa Abloy AB
`IPR Petition – U.S. Patent No. 7,706,778
`
`
`9.
`
`Subsequently, I worked for a number of years as a consultant for firms
`
`to provide my experience and expertise in digital access control technology.
`
`Specifically, from 2005-2011, I served as Principal Analyst and CTO of
`
`Independent Security Evaluators, a custom security evaluation and design
`
`consultancy. In that position, I worked with several clients to develop electronic
`
`access control technology for physical systems such as physical locks, remote
`
`vehicle starters, and for electronic systems such as electronic book readers and
`
`video players. During this time I analyzed access control mechanisms used in
`
`payment terminals deployed by the largest credit card payment processor in United
`
`States. I also designed and analyzed software protection systems intended to thwart
`
`the reverse-engineering of software.
`
`10. Based on my experience, I am an expert in the field of electronic
`
`access control and security systems.
`
`11.
`
`I have used my education and my years of experience working in the
`
`field of computer security and system architecture design, and my understanding of
`
`the knowledge, creativity, and experience of a person of ordinary skill in the art in
`
`forming the opinions expressed in this declaration.
`
`12.
`
`I am being compensated for my time in connection this proceeding at
`
`my customary rate of $425 per hour. My compensation is not dependent on the
`
`outcome of this proceeding. I have no personal or financial stake or interest in the
`
`-4-
`
`
`
`Spectrum Brands v. Assa Abloy AB
`IPR Petition – U.S. Patent No. 7,706,778
`
`outcome of this proceeding. I am not an employee, consultant, or contractor of the
`
`Petitioner or Patent Owner.
`
`13. Between now and such time that I may be asked to testify, I expect to
`
`continue my review, evaluation, and analysis of evidence presented before and/or
`
`at the hearing. I expect to review the declarations and other evidence submitted by
`
`Patent Owner’s experts. I reserve the right to amend or supplement this
`
`declaration, as appropriate, after considering the opinions set forth by Patent
`
`Owner’s experts. In the event that additional relevant information becomes
`
`available to me, I also reserve the right to review and consider that information in
`
`further developing or refining my opinions.
`
`II. INFORMATION AND MATERIALS CONSIDERED
`
`14.
`
`In order to render my opinions in this matter, I have reviewed the
`
`specification and claims of the ’778 Patent (Ex. 1001). I have been informed that
`
`the ’778 Patent was filed on April 3, 2006 and issued on April 27, 2010. I also
`
`understand that the ’778 Patent claims priority to a provisional application filed on
`
`April 5, 2005, a copy of which I have reviewed.
`
`15.
`
`I have also reviewed the following materials:
`
`a. U.S. Patent Application Publication
`
`2002/0180582A1
`
`(“Nielsen”), Ex. 1002.
`
`-5-
`
`
`
`Spectrum Brands v. Assa Abloy AB
`IPR Petition – U.S. Patent No. 7,706,778
`
`
`b. U.S. Patent Application Publication
`
`2002/0031228A1
`
`(“Karkas”), Ex. 1003.
`
`c. U.S. Patent Application Publication 2002/0057188 by Schuster,
`
`et al.
`
`d. U.S. Patent 6,975,202 to Rodriguez, et al.
`
`e. U.S. Patent 7,205,882 to Libin.
`
`f. U.S. Patent 7,624,280 to Oskari.
`
`g. Miller, “CoreStreet secures deal with No. 1 lock-maker,”
`
`Boston Business Journal, September 15, 2003.
`
`h. “Open Security Exchange Best Practices: Guidelines for
`
`Selection and Issuance of Identification Tokens for Logical and
`
`Physical Systems,” IEEE-ISTO Open Security Exchange
`
`Technical Committee, February 24, 2004.
`
`i. Hämäläinen, et al., “Applying Wireless Technology to an
`
`Access Control System,” Acta Universitatis Lappeenrantaensis,
`
`August 7, 2003.
`
`j. File History of U.S. Patent No. 7,706,778.
`
`k. Joint Claim Construction Submission from HID Global
`
`Corporation et al. v. Kwikset Corporation et al., No. 14-cv-
`
`00947-CJC-DFM (C.D. Cal.), Ex. 1006.
`
`-6-
`
`
`
`Spectrum Brands v. Assa Abloy AB
`IPR Petition – U.S. Patent No. 7,706,778
`
`
`16. The above references are in addition to any other materials referenced
`
`directly or indirectly in this declaration. I expect to review additional materials that
`
`are provided by the parties as this proceeding progresses.
`
`III. SUMMARY OF OPINIONS
`
`17.
`
`It is my opinion that Claims 1, 4, 6, 8, 10-14, 16-18, 22-25, 28-31, 33
`
`and 34 of the ’778 Patent are invalid as obvious over Nielsen (Ex. 1002) in view of
`
`Karkas (Ex. 1003).
`
`18.
`
`It is also my opinion that Claims 1, 4, 6, 8, 10-14, 16-18, 22-25, 28-
`
`31, 33 and 34 of the ’778 Patent are invalid as obvious over Nielsen (Ex. 1002) in
`
`view of the knowledge of a person of ordinary skill in the art.
`
`IV. BACKGROUND
`
`A. The ’778 Patent
`
`19. The ’778 Patent describes a secure access system that uses mobile
`
`devices to communicate with readers that control access to protected assets. The
`
`’778 Patent describes storing access control credential data on the mobile devices.
`
`Ex. 1001, Abstract. The mobile devices can communicate with readers, which
`
`make a determination as to whether the credential data on a given mobile device
`
`permits access to an asset, such as a locked room. Id., Col. 3:26-33. These mobile
`
`devices may be portable computers and cellular phones. Id., Col. 6:47-51.
`
`-7-
`
`
`
`Spectrum Brands v. Assa Abloy AB
`IPR Petition – U.S. Patent No. 7,706,778
`
`
`20. The ’778 Patent describes a central controller that communicates with
`
`mobile devices via a communication network. Id., Col. 3:17-20, 35-42. This
`
`communication includes updates that may enable, disable, or modify a credential.
`
`Id. The central controller may transmit credential updates to both the mobile device
`
`and to the readers. This allows the reader to correctly determine whether the
`
`mobile device is valid when it is presented to the reader. Id., Col. 3:54-59. A reader
`
`may also store a log of access attempts and other forms of activity, which it may
`
`transmit to the controller. Id., Col. 11:30-33.
`
`21. The ’778 Patent teaches that “mobile devices may require a periodic
`
`enablement of their credentials in order to maintain their validity.” Id., Col. 3:60-
`
`62. If a mobile device does not receive an enablement message, its credential
`
`information may be “erased, expire, or the mobile device may not be allowed to
`
`transmit its credential information.” Id., Col. 3:64-66.
`
`22. The ’778 Patent uses the term “self-authenticating data”. See id., Col.
`
`8:21-25. This term is described in the ’778 Patent specification as data that “can
`
`assist the mobile device in determining if it is eligible to gain access to a particular
`
`asset.” Id. The ’778 Patent teaches that “times of allowed access to each asset”,
`
`i.e., expiration times, are one example of self-authenticating data. Id. This data
`
`“can assist the mobile device in determining if it is eligible to gain access to a
`
`particular asset.” Id. The ’778 Patent also uses the term “smart mobile device”,
`
`-8-
`
`
`
`Spectrum Brands v. Assa Abloy AB
`IPR Petition – U.S. Patent No. 7,706,778
`
`which according to the patent specification, refers to a mobile device that makes a
`
`determination about its own access rights. Id. Col. 8:29-31.
`
`23. The independent claims of the ’778 Patent describe techniques for
`
`updating the credential data stored on smart mobile devices. In the subsequent
`
`dependent claims, the ’778 Patent adds a series of limitations. These limitations
`
`generally describe the format and contents of credential data, the techniques used
`
`to communicate updated to the device, and what the mobile device does in
`
`response to the updates. Additionally, these dependent claims describe the mobile
`
`device’s interaction with readers.
`
`B. Claim Construction
`
`24.
`
`I understand that the owner of the ’778 Patent has proposed
`
`constructions for certain claim terms in a pending District Court case where it is
`
`asserting infringement of the ’778 Patent. For the term “credential,” I understand
`
`that the proposed construction is “data, set of data, encryption scheme, key,
`
`transmission protocol, and/or the like, used by a particular mobile device to verify
`
`its authenticity with a reader/interrogator.” Ex. 1006 at A-8. For the term “self-
`
`authenticating data,” I understand that the proposed construction is “data that can
`
`assist the mobile device in determining if it is eligible to gain access to a particular
`
`asset.” Id. at A-16. And for the term “smart mobile device,” I understand that the
`
`proposed construction is “a mobile device that determines its own access rights and
`
`-9-
`
`
`
`Spectrum Brands v. Assa Abloy AB
`IPR Petition – U.S. Patent No. 7,706,778
`
`permissions.” Id. at A-19. I have accepted and applied these constructions for the
`
`purposes of providing my opinions in this declaration.
`
`25.
`
` I also understand that the proper standard for claim construction in
`
`this IPR proceeding is the “broadest reasonable interpretation in light of the
`
`specification to one having ordinary skill in the art.” In my opinion, the
`
`constructions above are consistent with the broadest reasonable interpretation of
`
`the corresponding terms in light of the specification of the ’778 Patent to one
`
`having ordinary skill in the art when the ’778 Patent was filed.
`
`26. While the terms “self-authenticating data” and “smart mobile device”
`
`each require a mobile device to determine its own access rights, neither term
`
`excludes the possibility that the mobile device’s access rights are also validated,
`
`e.g., by a reader. Even with a smart mobile device and self-authenticating data, the
`
`’778 Patent teaches that “reader 108 is associated with one or more assets and the
`
`reader 108 is the gatekeeper of those assets.” Ex. 1001 at Col. 8:32-33. A person
`
`of ordinary skill would understand that the reader could not be an effective
`
`gatekeeper if it did not perform its own validation of the mobile device’s access
`
`rights. Such a reader would be fundamentally vulnerable to fraudulent or
`
`unauthorized access attempts, as it would blindly trust any validation signal it
`
`received with no further examination. This would include signals generated by a
`
`modified mobile device, or even an entirely different device purporting to be an
`
`-10-
`
`
`
`Spectrum Brands v. Assa Abloy AB
`IPR Petition – U.S. Patent No. 7,706,778
`
`authorized mobile device. A person of ordinary skill in the art would recognize the
`
`vulnerability that would result from such a design. Accordingly, the ’778 Patent
`
`leaves room for additional “confirmation of validation of the mobile device 112” in
`
`the specification. Id., Col. 8:48.
`
`27. Thus, it is my opinion that the broadest reasonable interpretation of
`
`“self-authenticating data” and “smart mobile device” does not preclude additional
`
`validation outside of the mobile device.
`
`C. Nielsen, U.S. Patent App. Pub. 2002/0180582 (Ex. 1002)
`
`28. Nielsen (Ex. 1002) describes an access control system
`
`that
`
`incorporates an electronic key device, a lock control unit, and a computer system.
`
`Ex. 1002 ¶ 1. Nielsen teaches that the electronic key device may be a mobile
`
`phone. Id. ¶¶ 38, 125. The computer system in Nielsen is described as an “access
`
`code management system” because it “generates and administers the access
`
`codes.” Id. ¶ 128. These components are shown, for example, in Fig. 2b of
`
`Nielsen, reproduced below.
`
`-11-
`
`
`
`Spectrum Brands v. Assa Abloy AB
`IPR Petition – U.S. Patent No. 7,706,778
`
`
`
`
`29. Nielsen defines the user of an electronic key device as an access right
`
`grantee, and describes the rights that apply to a particular grantee as an access right
`
`definition. Id. ¶¶ 132, 162. Nielsen explains that the access code management
`
`system receives the definition and transforms it into an electronic access code. Id. ¶
`
`132. Next, the management system transmits the access code to lock control units
`
`at the locations the grantee is allowed to access. Id. ¶ 133. The management system
`
`also transmits the access codes to the grantee’s electronic key devices. Id. Fig. 3 of
`
`Nielsen depicts these steps.
`
`30. The access code management system may transmit access codes to the
`
`key devices over a standard mobile telephone network using short message service
`
`-12-
`
`
`
`Spectrum Brands v. Assa Abloy AB
`IPR Petition – U.S. Patent No. 7,706,778
`
`(SMS) or higher-speed data channels such as global system for mobile
`
`communications (GSM) or code division multiple access (CDMA) transmissions.
`
`Id. ¶ 127. Both GSM and CDMA use radio frequency signals to transmit
`
`information.
`
`31. When accessing a location protected by a lock control unit, the user
`
`selects the access code for that location using a keypad on the mobile phone. Id. ¶¶
`
`153-154. The access code is transferred to the lock control unit wirelessly, for
`
`example by infrared or Bluetooth. Id. ¶¶ 156, 159. The lock control unit compares
`
`the received access code to the valid access codes stored in its memory. Id. ¶ 162.
`
`If the received access code is valid, the lock control unit opens the lock. Id. The
`
`user’s attempt to access the lock may be logged whether or not the lock is opened.
`
`Id. The log data may be saved at the lock control unit, at the electronic key device,
`
`or in a database at the access code management system. Id. ¶ 166.
`
`32. The access codes in Nielsen may include parameters that specify
`
`limits on how each access code may be used. These parameters are depicted in Fig.
`
`4, which is reproduced below. The parameters may include a lock control unit ID,
`
`which specifies the lock control unit or group of lock control units for which the
`
`access code is valid. Id. ¶ 146. The parameters may also include a key device ID
`
`that identifies which key devices are authorized to use the access code, a validity
`
`-13-
`
`
`
`Spectrum Brands v. Assa Abloy AB
`IPR Petition – U.S. Patent No. 7,706,778
`
`period that specifies when the access code expires, and a field indicating the type
`
`of access rights supported by the access code. Id.
`
`
`
`33. Nielsen also teaches that access codes may be automatically
`
`transmitted to either the lock control unit or the electronic key device, or both, in
`
`order to periodically replace previous access codes. Id. ¶ 128. Alternatively,
`
`existing codes may be invalidated upon specific request by a user. Id. In either
`
`case, the purpose of this mechanism is to improve security of the system. Id. Codes
`
`may be invalidated if, for example, they are misused or lost. Id. ¶ 51. When this
`
`happens, the invalid codes are replaced with new codes. Id.
`
`D. Karkas, U.S. Patent App. Pub. 2002/0031228 (Ex. 1003)
`
`34.
`
`In addition to Nielsen, there are other prior art systems that used
`
`mobile phones as keys. One such system is described in Karkas (Ex. 1003). The
`
`Karkas system uses components such as mobile phones, computer systems, and
`
`-14-
`
`
`
`Spectrum Brands v. Assa Abloy AB
`IPR Petition – U.S. Patent No. 7,706,778
`
`wireless locks to implement an access control system. These components
`
`correspond directly to the components in Nielsen and are used for the same
`
`purposes. Karkas is a useful supplement to Nielsen simply because it provides
`
`additional detail about several of the features it shares with Nielsen.
`
`35. Karkas describes “mobile stations”. A person of ordinary skill would
`
`understand these mobile stations to include mobile phones, based on Karkas’
`
`teachings regarding cellular telephone and Internet connectivity. Ex. 1003 ¶¶ 2, 31,
`
`45. These mobile stations correspond to the electronic key devices (e.g., mobile
`
`phones) of Nielsen. Karkas further explains that a mobile station may connect to a
`
`“Bluetooth device” that is “a lock or an access device.” Id. ¶¶ 24-25. The
`
`Bluetooth device in Karkas corresponds to the lock control unit in Nielsen. In some
`
`embodiments, instead of Bluetooth, Karkas teaches that this device may use
`
`different radio frequencies, infrared, or wireless LAN. Id. ¶ 46. This is consistent
`
`with the operation of the mobile device in Nielsen.
`
`36. Karkas explains that the Bluetooth device receives “key information”
`
`from the mobile station. This information corresponds to the access codes
`
`described in Nielsen. Id. ¶ 36. The Bluetooth device compares the key information
`
`received from the mobile station to key information stored on the device to
`
`determine whether the received key information is valid. Id. ¶ 37. The Bluetooth
`
`device will also check to confirm that any time limit included in the key has not
`
`-15-
`
`
`
`Spectrum Brands v. Assa Abloy AB
`IPR Petition – U.S. Patent No. 7,706,778
`
`expired before granting access to the locked location (such as a hotel room). Id. ¶¶
`
`41, 49. A user may obtain more time beyond the initial time limit (for example, by
`
`requesting access to the hotel room for an extra day). Id. ¶¶ 48-49.
`
`37. Karkas recognizes the possibility that Bluetooth devices might be
`
`connected to a “central control element.” Id. ¶ 49. Such a “control element” would
`
`correspond directly to the access code management system in Nielsen. However,
`
`Karkas explains that such connections are not necessary if information about the
`
`key’s validity is provided as part of the key. Id. This information may identify, for
`
`example, a “validity time,” a “validity of a user,” or a “validity of use of the item
`
`being accessed.” Id. This information corresponds to the validity period, key
`
`device ID, and lock control unit ID, respectively, which are included in the access
`
`codes (i.e., keys) described in Nielsen. Ex. 1002 ¶ 146.
`
`38. Karkas explains how a mobile station can use the validity information
`
`that is part of a key to make determinations regarding its own access rights. For
`
`example, if a key has a time limit, the mobile station determines whether the key is
`
`expired and if so deletes the key automatically. Ex. 1003 ¶ 53. Additionally, the
`
`key may specify a “personal identity number (PIN)” that identifies an authorized
`
`user. Id. ¶ 52. If a person tries to use the key, the mobile station will prompt the
`
`person to enter their PIN. Id. The mobile device will not send the key to the
`
`Bluetooth device unless the PIN is correct. Id.
`
`-16-
`
`
`
`Spectrum Brands v. Assa Abloy AB
`IPR Petition – U.S. Patent No. 7,706,778
`
`
`39. A key may also include an “identification tag” that identifies a
`
`Bluetooth device for which the key is valid. Id. ¶ 39. This tag corresponds to the
`
`lock control unit ID described in Nielsen. The mobile station may use this identity
`
`tag to select the proper key when it encounters a particular Bluetooth device. Id.
`
`Thus, the mobile device relies on the identity tag to ensure that it sends only valid
`
`keys. This automatic key selection also prevents the need for a user to manually
`
`choose the appropriate key from a list on the mobile device.
`
`E.
`
`Legal Standards for Obviousness
`
`40.
`
`I am informed that a claim of an issued patent can be found to be
`
`invalid if the claim would have been obvious in view of the prior art. I understand
`
`that this determination is made from the perspective of a person having ordinary
`
`skill in the art who is presumed to be aware of all prior art.
`
`41.
`
`I am informed that Section 103 of Title 35 of the United States Code
`
`governs the determination of obviousness. According to 35 U.S.C. § 103(a):
`
`A patent may not be obtained though the invention is not identically
`
`disclosed or described as set forth in section 102 of this title, if the
`
`differences between the subject matter sought to be patented and the
`
`prior art are such that the subject matter as a whole would have been
`
`obvious at the time the invention was made to a person having
`
`ordinary skill in the art to which the subject matter pertains.
`
`-17-
`
`
`
`Spectrum Brands v. Assa Abloy AB
`IPR Petition – U.S. Patent No. 7,706,778
`
`
`42.
`
`I further understand that the determination of obviousness is based on
`
`four factors, sometimes referred to as the Graham factors. They are: (a) the scope
`
`and content of the prior art, (b) the differences between the prior art and the
`
`claimed invention, (c) the level of ordinary skill in the pertinent art, and (d) any
`
`evidence of “objective indicia of nonobviousness.” Those objective indicia include
`
`considerations such as whether a product covered by the claims is commercially
`
`successful and whether there was a long-felt-but-unmet need in the field for the
`
`claimed invention, among other things.
`
`43.
`
`I further understand that courts often consider a reason that would
`
`have prompted a person of ordinary skill in the art to combine the elements in the
`
`references in the way the claimed new invention does.
`
`F.
`
`Level of Ordinary Skill in the Art
`
`44.
`
`I am informed that for purposes of assessing the obviousness of a
`
`claimed invention, the level of skill possessed by the hypothetical person of
`
`ordinary skill in the art is informed by several factors. These factors include the
`
`type of problems encountered in the relevant art, the prior art solutions to those
`
`problems, the rapidity with which innovations are made in the relevant art, the
`
`sophistication of the relevant technology, and the educational level of active
`
`workers in the field.
`
`-18-
`
`
`
`Spectrum Brands v. Assa Abloy AB
`IPR Petition – U.S. Patent No. 7,706,778
`
`
`45. The relevant field for the ’778 Patent includes electronic access
`
`control systems. I consider myself to be an expert in the relevant field.
`
`46.
`
`In my opinion, a person having ordinary skill in the art at the relevant
`
`time period, which I understand to be around the time of the filing date of
`
`Provisional Application No. 60/668,828 on April 5, 2005, would have at least a
`
`bachelor’s degree in computer science, computer engineering, or electrical
`
`engineering combined with at least one year of industry experience in security
`
`systems. This educational and industry background provides the necessary training
`
`and understanding of the system, including hardware and software, described in the
`
`’778 Patent. This level of skill is adequate for the ’778 Patent, given that neither
`
`the ’778 Patent nor the relevant prior art relies on details of cryptography,
`
`advanced mathematics, or silicon design. Indeed, as a professor of Computer
`
`Science I would feel comfortable teaching many of these concepts to upper-level
`
`undergraduates in my own courses. Thus, based on my experience in the field of
`
`electronic access control systems, the person of ordinary skill would have the
`
`education and experience described above.
`
`V. OBVIOUSNESS IN VIEW OF NIELSEN AND KARKAS
`
`47. Nielsen and Karkas render obvious Claims 1, 4, 6, 8, 10-14, 16-18,
`
`22-25, 28-31, 33 and 34 of the ’778 Patent for the reasons explained below.
`
`-19-
`
`
`
`Spectrum Brands v. Assa Abloy AB
`IPR Petition – U.S. Patent No. 7,706,778
`
`
`A. Reasons to Combine Nielsen and Karkas
`
`48.
`
`It would have been obvious to combine Nielsen with Karkas. Both
`
`references were published in the same year, and each reference discloses a closely-
`
`related access control system. Both references describe mobile devices that receive
`
`keys over a cellular network and transmit those keys to locks using short-range
`
`wireless protocols such as Bluetooth and infrared communications. They both
`
`describe access keys with embedded validity information that identifies valid users,
`
`locks, and time periods. Because of the similarities of Nielsen and Karkas, a
`
`person of ordinary skill would have readily combined their teachings.
`
`49.
`
`In Nielsen, the embedded validity information includes passwords,
`
`lock control IDs, and validity periods. In Karkas, the equivalent elements are
`
`respectively PINs, unique identity tags for Bluetooth devices, and validity times. In
`
`each of the two references, the validity times/periods are used to identify the time
`
`period during which a given access key/code is valid, which enables features such
`
`as access keys that expire after a given time. In each reference, the validity time
`
`can be checked at the time a user requests access to a lock, preventing the user
`
`from using an expired access code.
`
`50. Because the systems described in Nielsen and Karkas are so similar,
`
`many features disclosed in Karkas are readily compatible with the Nielsen system.
`
`A person of ordinary skill would be motivated to incorporate these features into the
`
`-20-
`
`
`
`Spectrum Brands v. Assa Abloy AB
`IPR Petition – U.S. Patent No. 7,706,778
`
`Nielsen system because they would make the system more convenient. For
`
`example, in certain embodiments described by Nielsen, a user must manually
`
`select the correct access code for a particular lock, as described above. A person of
`
`ordinary skill would recognize that manually selecting an access code is
`
`inconvenient, and would therefore be motivated to apply Karkas’ teachings on
`
`automatic code selection (using the “unique identity tag” from a Bluetooth device)
`
`to remove this inconvenience. Moreover, the Nielsen reference describes an
`
`“access code retrieval module 862” (see Nielsen, Fig. 8b excerpted below) that
`
`“retrieves selected access codes from the access code register and displays them on
`
`the display.” Ex. 1002 ¶ 177 (emphasis added). The Nielsen reference does not
`
`describe the detailed operation of the access code retrieval module, nor which
`
`access codes it would select from the access code register. Therefore a person of
`
`ordinary skill in the art would be motivated to seek out additional references, such
`
`as Karkas, to provide additional context for understanding this component. A
`
`skilled artisan would further recognize the need to select only the necessary and
`
`applicable access codes for the user, given the limited display size of the
`
`exemplary mobile devices described in Nielsen. Therefore it would be motivated
`
`and obvious to combine the Nielsen reference with the selection mechanism of
`
`Karkas.
`
`-21-
`
`
`
`Spectrum Brands v. Assa Abloy AB
`IPR Petition – U.S. Patent No. 7,706,778
`
`
`
`
`51. As a second example, Nielsen teaches that an access right may include
`
`a “password,” but does not specify how this password is used. A person of
`
`ordinary skill would recognize that the password in Nielsen is analogous to the PIN
`
`in Karkas, which may be required for a user to access a key. Indeed, a skilled
`
`artisan would recognize that a PIN is merely one form of password. However,
`
`while Nielsen proposes that a password might be provided with each access code,
`
`the reference offers no further specific instructions on how the suggested password
`
`checks might be implemented within the access control system. A person of
`
`ordinary skill in the art would therefore be motivated to seek additional references,
`
`such as Karkas, to identify a specific mechanism for implementing the password
`
`-22-
`
`
`
`Spectrum Brands v. Assa Abloy AB
`IPR Petition – U.S. Patent No. 7,706,778
`
`verification checks implied by Nielsen. Accordingly, the skilled person would be
`
`motivated to apply Karkas’ teachings on PINs to the system of Nielsen.
`
`52. As a third example, Nielsen involves locks that communicate with a
`
`central computer. A person of ordinary skill would recognize that it would be more
`
`convenient in some circumstances for the operator of an access control system to
`
`avoid the hassle of connecting all of the locks in the system to such a computer, as
`
`this would require additional network communications equipment at each lock, and
`
`appropriate wiring or wireless transce
Accessing this document will incur an additional charge of $.
After purchase, you can access this document again without charge.
Accept $ Charge
Still Working On It
This document is taking longer than usual to download. This can happen if we need to contact the court directly to obtain the document and their servers are running slowly.
Give it another minute or two to complete, and then try the refresh button.
A few More Minutes ... Still Working
It can take up to 5 minutes for us to download a document if the court servers are running slowly.
Thank you for your continued patience.
This document could not be displayed.
We could not find this document within its docket. Please go back to the docket page and check the link. If that does not work, go back to the docket and refresh it to pull the newest information.
Your account does not support viewing this document.
You need a Paid Account to view this document. Click here to change your account type.
Your account does not support viewing this document.
Set your membership
status to view this document.
With a Docket Alarm membership, you'll
get a whole lot more, including:
- Up-to-date information for this case.
- Email alerts whenever there is an update.
- Full text search for other cases.
- Get email alerts whenever a new case matches your search.
One Moment Please
The filing “” is large (MB) and is being downloaded.
Please refresh this page in a few minutes to see if the filing has been downloaded. The filing will also be emailed to you when the download completes.
Your document is on its way!
If you do not receive the document in five minutes, contact support at support@docketalarm.com.
Sealed Document
We are unable to display this document, it may be under a court ordered seal.
If you have proper credentials to access the file, you may proceed directly to the court's system using your government issued username and password.
Access Government Site
