Trials@uspto.gov
`571-272-7822
`
`
`
`
`Paper 32
`Entered: March 6, 2018
`
`
`
`
`
`UNITED STATES PATENT AND TRADEMARK OFFICE
`____________
`
`BEFORE THE PATENT TRIAL AND APPEAL BOARD
`____________
`
`TWILIO INC.,
`Petitioner,
`
`v.
`
`TELESIGN CORPORATION,
`Patent Owner.
`____________
`
`Case IPR2016-01688
`Patent 9,300,792 B2
`____________
`
`
`
`Before SALLY C. MEDLEY, MICHAEL W. KIM, and JUSTIN T. ARBES,
`Administrative Patent Judges.
`
`ARBES, Administrative Patent Judge.
`
`FINAL WRITTEN DECISION
`35 U.S.C. § 318(a)
`
`
`

`

`IPR2016-01688
`Patent 9,300,792 B2
`
`
`I. BACKGROUND
`Petitioner Twilio Inc. filed a Petition (Paper 1, “Pet.”) requesting inter
`partes review of claims 1–6, 8, 10–15, and 17 of U.S. Patent No. 9,300,792
`B2 (Ex. 1001, “the ’792 patent”) pursuant to 35 U.S.C. § 311(a). Patent
`Owner TeleSign Corporation filed, with its Preliminary Response, evidence
`that it filed with the Office a statutory disclaimer of claims 3, 5, 7, 12, 14,
`and 16 of the ’792 patent pursuant to 37 C.F.R. § 1.321(a). See Paper 8, 3;
`Ex. 2003, 380.
`On March 8, 2017, we instituted an inter partes review of the
`remaining challenged claims 1, 2, 4, 6, 8, 10, 11, 13, 15, and 17 on a single
`ground of unpatentability. Paper 10 (“Dec. on Inst.”); see 37 C.F.R.
`§ 42.107(e) (“No inter partes review will be instituted based on disclaimed
`claims.”). Patent Owner subsequently filed a Patent Owner Response
`(Paper 15, “PO Resp.”) and Petitioner filed a Reply (Paper 18, “Reply”).
`Patent Owner also filed a Motion to Exclude (Paper 20, “Mot.”) certain
`evidence submitted by Petitioner, to which Petitioner filed an Opposition
`(Paper 24) and Patent Owner filed a Reply (Paper 25, “PO Reply”). An
`oral hearing was held on October 25, 2017, and a transcript of the hearing is
`included in the record (Paper 31, “Tr.”).
`We have jurisdiction under 35 U.S.C. § 6. This Final Written
`Decision is issued pursuant to 35 U.S.C. § 318(a). For the reasons that
`follow, we determine that Petitioner has shown by a preponderance of the
`evidence that claims 1, 2, 4, 6, 8, 10, 11, 13, 15, and 17 are unpatentable.
`
`
`
`
`
`
`
`
`2
`
`

`

`IPR2016-01688
`Patent 9,300,792 B2
`
`
`A. The ’792 Patent1
`The ’792 patent pertains to “on-line or web-site registration,” and
`describes processes for (1) “verifying an on-line registration by a telephone
`connection separate from the on-line connection between the web-site and
`potential registrant,” and (2) “notifying registrants of predetermined events
`using information obtained during the registration process.” Ex. 1001,
`col. 1, ll. 29–36. According to the ’792 patent, there was a need in the art
`for a way to accurately verify an individual’s identity during registration
`because “potential registrants often register with untraceable or false e-mail
`addresses and phone numbers.” Id. at col. 1, ll. 37–60. Similarly, there was
`a need to prevent fraud by subsequently notifying the registered individual
`when certain events occur and potentially seeking the individual’s
`authorization. Id. at col. 1, l. 61–col. 2, l. 25.
`The registration process begins with a user filling out “an on-line
`registration form accessed through a website” (i.e., a “first communication
`connection”). Id. at col. 4, ll. 15–17, 51–54. “For example, the registrant or
`consumer could be an individual attempting to access a web-site and set up
`an account with a financial institution.” Id. at col. 4, ll. 35–38. The user
`provides certain information requested in the form, such as his or her
`telephone number. Id. at col. 4, ll. 55–58. The website then sends a Short
`
`
`1 The ’792 patent also was challenged in Case CBM2016-00099, in which
`the petition seeking covered business method patent review was denied
`because Petitioner had not established that the ’792 patent is eligible for
`such review. The ’792 patent also is related to U.S. Patent No. 8,462,920
`B2, challenged in Case IPR2016-00450, and U.S. Patent No. 8,687,038 B2,
`challenged in Case IPR2016-00451, in which the petitions seeking inter
`partes review were denied.
`
`
`
`3
`
`

`

`IPR2016-01688
`Patent 9,300,792 B2
`
`Message Service (SMS) message to the user’s telephone (i.e., a “second
`communication connection”) containing a verification code. Id. at col. 4,
`ll. 61–63, col. 6, ll. 29–36. The user enters the verification code in the
`website form and, if there is a match and the information provided shows
`that the user is who he or she purports to be, the user is verified and may
`login. Id. at col. 2, ll. 57–64, col. 4, ll. 63–67.
`“After registration, notification events are established” by the user or
`business utilizing the system or by a third party. Id. at col. 2, l. 65–col. 3,
`l. 1. A notification event may comprise, for example, “a news event, or a
`request to access or alter [the] registrant’s account.” Id. at col. 3, ll. 1–3.
`When a previously established notification event occurs, the user is notified
`via the telephone number provided during registration. Id. at col. 3, ll. 4–10.
`For example, the system may send an SMS message or voice message to the
`user’s telephone containing a verification code. Id. at col. 9, ll. 25–37. The
`user then enters the verification code into a website form, allowing the user
`to verify his or her identity, “provide[ ] confirmation of receipt of the
`information and, where necessary, authorization for the event to occur, such
`as access to the account, etc.” Id. at col. 9, ll. 37–43.
`
`
`B. Illustrative Claim
`Claim 1 of the ’792 patent recites:
`1. A verification and notification method implemented by
`a computing system, the method comprising:
`receiving, from a user, information via a computing
`interface presented to the user as a result of an attempt by the
`user to access a service, the received information including a
`telephone number associated with the user;
`
`
`4
`
`
`
`
`
`

`

`IPR2016-01688
`Patent 9,300,792 B2
`
`
`verifying the telephone number by:
`establishing a short message service (SMS)
`connection with the user using the received telephone
`number;
`communicating a verification code to the user
`through the SMS connection;
`receiving, via the computing interface, a submitted
`verification code that is entered by the user; and
`verifying the telephone number if the submitted
`verification code is the same as the communicated
`verification code;
`completing a registration of the user based on the received
`information and verified telephone number, wherein the
`completed registration enables the user to access the service;
`maintaining a record of one or more notification events
`associated with actions that require acknowledgement by the
`user;
`
`upon receiving an indication of an occurrence of an
`established notification event, transmitting a message addressed
`to the verified telephone number indicating the occurrence of the
`notification event; and
`receiving, from the user, an acknowledgement of an action
`associated with the established notification event.
`
`C. Prior Art
`The pending ground of unpatentability in the instant inter partes
`review is based on the following prior art:
`U.S. Patent No. 8,781,975 B2, filed May 23, 2005, issued
`July 15, 2014 (Ex. 1003, “Bennett”); and
`U.S. Patent Application Publication No. 2006/0020816
`A1, filed July 5, 2005, published Jan. 26, 2006 (Ex. 1004,
`“Campbell”).
`
`
`
`
`5
`
`

`

`IPR2016-01688
`Patent 9,300,792 B2
`
`
`D. Pending Ground of Unpatentability
`In the instant inter partes review, Petitioner challenges claims 1, 2, 4,
`6, 8, 10, 11, 13, 15, and 17 as unpatentable over Bennett and Campbell
`under 35 U.S.C. § 103(a).2
`
`
`II. ANALYSIS
`A. Claim Interpretation
`The Board interprets claims in an unexpired patent using the “broadest
`reasonable construction in light of the specification of the patent in which
`[they] appear[ ].” 37 C.F.R. § 42.100(b); see also Cuozzo Speed Techs.,
`LLC v. Lee, 136 S. Ct. 2131, 2144–46 (2016) (upholding the use of the
`broadest reasonable interpretation standard). In the Decision on Institution,
`we preliminarily interpreted the claim term “notification event” to mean an
`event that results in the user being notified that the event occurred. Dec. on
`Inst. 6–10. The parties apply this interpretation in their Response and Reply,
`and we do not perceive any reason or evidence that compels any deviation
`from our earlier interpretation. See Resp. 14–15; Reply 11. We adopt the
`previous analysis and conclude that no other terms require interpretation.
`
`
`B. Principles of Law
`To prevail in challenging claims 1, 2, 4, 6, 8, 10, 11, 13, 15, and 17 of
`the ’792 patent, Petitioner must demonstrate by a preponderance of the
`
`
`2 The Leahy-Smith America Invents Act, Pub. L. No. 112-29, 125 Stat. 284
`(2011) (“AIA”), amended 35 U.S.C. §§ 102 and 103. Because the
`challenged claims of the ’792 patent have an effective filing date before the
`effective date of the applicable AIA amendments, we refer to the pre-AIA
`versions of 35 U.S.C. §§ 102 and 103.
`6
`
`
`
`

`

`IPR2016-01688
`Patent 9,300,792 B2
`
`evidence that the claims are unpatentable. 35 U.S.C. § 316(e); 37 C.F.R.
`§ 42.1(d). A claim is unpatentable for obviousness if, to one of ordinary
`skill in the pertinent art, “the differences between the subject matter sought
`to be patented and the prior art are such that the subject matter as a whole
`would have been obvious at the time the invention was made.” KSR Int’l
`Co. v. Teleflex Inc., 550 U.S. 398, 406 (2007) (quoting 35 U.S.C. § 103(a)).
`The question of obviousness is resolved on the basis of underlying factual
`determinations, including “the scope and content of the prior art are to be
`determined; differences between the prior art and the claims at issue are to
`be ascertained; and the level of ordinary skill in the pertinent art resolved.”3
`Graham v. John Deere Co., 383 U.S. 1, 17–18 (1966).
`A patent claim “is not proved obvious merely by demonstrating that
`each of its elements was, independently, known in the prior art.” KSR,
`550 U.S. at 418. An obviousness determination requires finding “both ‘that
`a skilled artisan would have been motivated to combine the teachings of the
`prior art references to achieve the claimed invention, and that the skilled
`artisan would have had a reasonable expectation of success in doing so.’”
`Intelligent Bio-Sys., Inc. v. Illumina Cambridge Ltd., 821 F.3d 1359,
`1367–68 (Fed. Cir. 2016) (citation omitted); see KSR, 550 U.S. at 418
`(for an obviousness analysis, “it can be important to identify a reason that
`would have prompted a person of ordinary skill in the relevant field to
`
`
`3 Additionally, secondary considerations, such as “commercial success, long
`felt but unsolved needs, failure of others, etc., might be utilized to give light
`to the circumstances surrounding the origin of the subject matter sought to
`be patented. As indicia of obviousness or nonobviousness, these inquiries
`may have relevancy.” Graham, 383 U.S. at 17–18. Patent Owner, however,
`has not presented any such evidence.
`
`
`
`7
`
`

`

`IPR2016-01688
`Patent 9,300,792 B2
`
`combine the elements in the way the claimed new invention does”).
`A motivation to combine the teachings of two references can be “found
`explicitly or implicitly in market forces; design incentives; the ‘interrelated
`teachings of multiple patents’; ‘any need or problem known in the field of
`endeavor at the time of invention and addressed by the patent’; and the
`background knowledge, creativity, and common sense of the person of
`ordinary skill.” Plantronics, Inc. v. Aliph, Inc., 724 F.3d 1343, 1354 (Fed.
`Cir. 2013) (citation omitted). Further, an assertion of obviousness “cannot
`be sustained by mere conclusory statements; instead, there must be some
`articulated reasoning with some rational underpinning to support the legal
`conclusion of obviousness.” KSR, 550 U.S. at 418 (quoting In re Kahn, 441
`F.3d 977, 988 (Fed. Cir. 2006)); In re Nuvasive, Inc., 842 F.3d 1376, 1383
`(Fed. Cir. 2016) (a finding of a motivation to combine “must be supported
`by a ‘reasoned explanation’” (citation omitted)).
`
`
`C. Level of Ordinary Skill in the Art
`Petitioner argues that a person of ordinary skill in the art at the time of
`the ’792 patent would have had “at least an undergraduate degree in
`computer science, or equivalent experience, and in addition would be
`familiar with Internet and telephone communications.” Pet. 22 (citing
`Ex. 1002 ¶¶ 11–20). Patent Owner does not dispute Petitioner’s assessment
`in its Response. Based on the record developed during trial, including our
`review of the ’792 patent and the types of problems and solutions described
`in the ’792 patent and cited prior art, we agree with Petitioner’s assessment
`of the level of ordinary skill in the art and apply it for purposes of this
`Decision.
`
`
`
`8
`
`

`

`IPR2016-01688
`Patent 9,300,792 B2
`
`
`D. Obviousness Ground Based on Bennett and Campbell
`(Claims 1, 2, 4, 6, 8, 10, 11, 13, 15, and 17)
`1. Bennett
`Bennett describes a system for “extending authentication to a two
`factor, out of band form, requiring an additional data element or code via a
`channel different from the channel used for the primary transaction.”
`Ex. 1003, Abstract. The user first provides information, such as his or her
`mobile telephone number, to the system via a website (i.e., a “first
`communication channel”). Id. at col. 2, ll. 61–63, col. 14, ll. 46–56. The
`system then establishes a telephone connection with the user (i.e., a “second
`communication channel”) and sends a completion code to the user (e.g., in
`an SMS message). Id. at col. 2, ll. 63–67, col. 5, ll. 32–35, col. 10, l. 62–col.
`11, l. 5, col. 15, ll. 8–13. The user enters the completion code into the
`website and the system determines, if there is a match, that the user is
`allowed to complete the transaction. Id. at col. 2, l. 67–col. 3, l. 4, col. 15,
`ll. 14–42. For example, the two-factor authentication process may be
`followed when a user initially registers with a service and when the user
`desires to perform various other types of transactions, such as an “online
`banking login,” “[o]nline purchasing,” “[m]oney transfers,” or “online
`banking transactions.” Id. at col. 12, l. 56–col. 13, l. 23.
`The user may be required to go through the authentication process
`only for certain transactions, such as when the user is accessing the system
`from a different device than what was used in the past, or for “each and
`every transaction.” Id. at col. 11, ll. 44–45, col. 18, ll. 4–16. In Bennett’s
`disclosed system, a decision making module determines whether a particular
`transaction requires the two-factor authentication process based on various
`
`
`
`9
`
`

`

`IPR2016-01688
`Patent 9,300,792 B2
`
`factors, such as, for example, the current “alert level.” Id. at col. 11,
`l. 28–col. 13, l. 23, col. 16, ll. 3–13, Fig. 2 (decision making module 115
`with decision engine 108).
`Figure 3 of Bennett is reproduced below.
`
`
`As shown in Figure 3, the process begins when the user “wish[es] to access
`an institution in order to receive service. For example, a user makes a
`request to open an account, pay a bill, transfer funds, or purchase goods
`from an institution,” and performs a “regular” authentication (e.g., providing
`
`
`
`10
`
`

`

`IPR2016-01688
`Patent 9,300,792 B2
`
`a user ID and password). Id. at col. 15, l. 64–col. 16, l. 3. Each
`“authentication transaction” is then “evaluated as to whether it requires
`further checks.” Id. at col. 16, ll. 3–6. If so, the user is “asked for additional
`authentication via an additional communication channel,” such as a mobile
`telephone number, and the system “send[s] a completion code or other
`information to the user via the additional channel supplied.” Id. at col. 16,
`ll. 22–43. The user then provides the completion code and, if it matches
`what the system provided, the transaction can be completed. Id. at col. 16,
`ll. 50–61.
`
`
`2. Campbell
`Campbell describes a system for managing “authentication attempts
`using . . . a real time communication channel with the end user that is
`separate from the channel being used for authentication.” Ex. 1004,
`Abstract. The system receives information about an authentication attempt
`(an “event”), such as a user attempting to access the Internet from a
`particular location, and determines whether the event meets certain criteria
`that would warrant additional procedures to prevent fraud. Id. ¶¶ 13–18.
`For example, an authentication attempt may be made where the same user
`ID was already used and Internet access is still active, or where multiple
`authentication attempts during a particular time period indicate “atypical
`use.” Id. ¶¶ 18–22.
`If additional processing is required, the system communicates with the
`requesting user via a “separate communications channel,” such as a cellular
`network. Id. ¶¶ 23–24. For example, the system may automatically change
`the user’s password and send an SMS message to the user’s telephone with
`
`
`
`11
`
`

`

`IPR2016-01688
`Patent 9,300,792 B2
`
`the new password “along with a message explaining the reason a new
`password is being sent.” Id. ¶ 25. “An example message could read ‘Your
`password has been changed to XXXXXXX due to a risk that your old
`password has been compromised.’ Thus the valid user is automatically
`equipped with and informed of a change in password.” Id. ¶ 39. Or, if the
`number of authentication attempts in a particular time period exceeds a
`designated threshold,
`[t]he SMS message would indicate that the User account has
`been suspended and request
`the User
`to contact
`the
`authentication authority. The authentication authority could be a
`service provider or company that is granting access to, in this
`case, the internet. An example SMS message could read “Your
`account has been suspended due to a risk that your password has
`been compromised. Please contact 800-555-5555 for further
`information.” Thus the valid user is informed of the issue and
`can contact the authentication authority.
`Id. ¶ 41.
`
`
`3. Whether Bennett and Campbell are Prior Art
`to the Challenged Claims
`Bennett issued on July 15, 2014, from an application filed on May 23,
`2005. Campbell was published on January 26, 2006, from an application
`filed on July 5, 2005. Petitioner argues that both references are prior art
`because the earliest effective filing date of the challenged claims is October
`5, 2006. Pet. 9–21.
`
`
`
`
`
`
`12
`
`

`

`IPR2016-01688
`Patent 9,300,792 B2
`
`
`Petitioner provides the following chart on page 10 of the Petition
`depicting the lineage of the ’792 patent.
`
`
`
`As shown in the chart above, the ’792 patent claims priority as a
`continuation or divisional application of a series of applications, and as a
`continuation-in-part (CIP) of U.S. Patent Application No. 11/034,421
`(Ex. 1027, “the ’421 application”), filed on January 11, 2005. See Ex. 1001,
`col. 1, ll. 7–25. Petitioner argues that there is no presumption that the
`challenged claims are entitled to the filing date of the ’421 application,
`because the Office did not consider priority during prosecution of the
`’792 patent, and the ’421 application does not provide written description
`support for certain limitations pertaining to the recited “notification event”
`in independent claims 1 and 10 of the ’792 patent. Pet. 9–15.
`In our Decision on Institution, we agreed with Petitioner, based on the
`record at the time, that the challenged claims are not entitled to the filing
`date of the ’421 application, and the earliest effective filing date of the
`challenged claims is October 5, 2006. Dec. on Inst. 10–12. Patent Owner
`does not dispute Petitioner’s assertions regarding the effective filing date of
`13
`
`
`
`

`

`IPR2016-01688
`Patent 9,300,792 B2
`
`the challenged claims in its Response, and we do not perceive any reason or
`evidence that compels any deviation from our earlier conclusion. Thus, we
`adopt the previous analysis, and conclude that Bennett is prior art under
`35 U.S.C. § 102(e) and Campbell is prior art under 35 U.S.C. § 102(a).
`
`4. Claim 1
`a. Whether Bennett and Campbell Collectively Teach
`All of the Limitations of Claim 1
`Petitioner explains in detail how Bennett and Campbell4 collectively
`teach every limitation of claim 1, relying on the testimony of Michael
`Shamos, Ph.D., as support. See Pet. 26–59; Ex. 1002 ¶¶ 70–137. Petitioner
`relies on Bennett for the majority of the limitations of claim 1. Pet. 26–59.
`For example, Petitioner argues that Bennett teaches receiving a telephone
`number from a user via a “computing interface presented to the user as a
`result of an attempt by the user to access a service” (i.e., a web page
`provided to the user), establishing an SMS connection with the user using
`the telephone number, communicating a “verification code” (i.e., completion
`code) to the user through the SMS connection, receiving the completion
`code entered by the user via the “computing interface,” verifying the user’s
`telephone number if there is a match, and completing the registration of the
`user. Id. at 26–37.
`With respect to the last three steps of claim 1, which pertain to
`“notification events,” Petitioner again relies primarily on Bennett, but relies
`on the combined teachings of Bennett and Campbell for one aspect of the
`
`
`4 Campbell was not considered during prosecution of the ’792 patent. See
`Ex. 1001, (56).
`
`
`
`14
`
`

`

`IPR2016-01688
`Patent 9,300,792 B2
`
`limitations. Id. at 44–59. Petitioner first argues that Bennett teaches
`“notification events associated with actions that require acknowledgement
`by the user,” as recited in the claims, based on Bennett’s use of “decision
`rules.” Id. at 38–41. For example, Bennett’s decision making module may
`apply the rules and determine that two-factor authentication is required
`“when a logon attempt is detected from a new device” or when there were
`“log-in attempts from suspicious [Internet Protocol (IP)] addresses and
`password recovery attempts.” Id. at 27, 40–41 (citing Ex. 1003, col. 18,
`ll. 4–50). According to Petitioner, the user acknowledges the action
`associated with the notification event by entering the completion code that
`he or she received. Id. at 38–39.
`As explained in the Decision on Institution, we do not agree with
`Petitioner that Bennett alone teaches “notification events,” because there is
`no indication in Bennett that the SMS message to the user containing the
`completion code notifies the user that the underlying event occurred.5 See
`Dec. on Inst. 16–17. In other words, Bennett teaches an “event” (e.g.,
`a login attempt from an unknown device or suspicious IP address, a request
`to perform a particular type of financial transaction) that triggers the SMS
`message with the completion code being sent to the user, but that event is
`not a “notification event” as we have interpreted the term (i.e., an event that
`results in the user being notified that the event occurred). See supra
`Section II.A.
`
`
`5 We do not perceive any reason or evidence that compels any deviation
`from that conclusion, and adopt our previous analysis for purposes of this
`Decision.
`
`
`
`15
`
`

`

`IPR2016-01688
`Patent 9,300,792 B2
`
`
`Petitioner, therefore, relies on the combined teachings of Bennett and
`Campbell for the concept of a “notification event.” Pet. 44–47, 56–58.
`Specifically, Petitioner cites Campbell’s disclosure of determining, based on
`set criteria, that additional processing is required, and sending an SMS
`message to the user with an explanation. Id. at 44–45. One example, in
`Campbell, is “suspension of the user’s account as the result of multiple
`attempts to access the account using invalid user ID and password
`combinations within a certain time period,” where the corresponding SMS
`message reads “‘Your account has been suspended due to a risk that your
`password has been compromised. Please contact 800-555-5555 for further
`assistance.’” Id. (citing Ex. 1004 ¶¶ 40–41). Thus, according to Petitioner,
`suspension of the user’s account is an example of a “notification event,”
`because the user is notified of its occurrence via the text in the SMS
`message. Id.
`Petitioner asserts that it would have been obvious to combine this
`teaching from Campbell with Bennett, by “includ[ing] a sentence
`[in Bennett’s SMS message] along with the completion . . . code that
`describes the occurrence of the event that triggered the notification” (i.e., the
`reason why the user is being sent a completion code), and provides reasons
`as to why a person of ordinary skill in the art would have been motivated to
`do so. Id. at 45–47, 56–58. Thus, Petitioner makes clear in the Petition
`exactly how the references are being combined—Petitioner is relying on
`Bennett for all limitations of the claim other than a “notification event,” and
`by adding a sentence to Bennett’s SMS message describing what triggered
`the message, Bennett’s triggering “event” becomes a “notification event”
`(because it would result in the user being notified that the event occurred).
`
`
`
`16
`
`

`

`IPR2016-01688
`Patent 9,300,792 B2
`
`See id.; Dec. on Inst. 18–19; Tr. 20:16–24 (Patent Owner acknowledging the
`particular combination asserted by Petitioner). Petitioner’s analysis,
`supported by the testimony of Dr. Shamos, which we credit, is persuasive.
`Patent Owner makes three arguments concerning Petitioner’s alleged
`shortcomings with respect to the aforementioned combination, relying on the
`testimony of Seth Nielson, Ph.D. (Ex. 2008), as support. First, Patent
`Owner argues that Bennett and Campbell fail to teach the “action”
`limitations of the claim. PO Resp. 17–25. Claim 1 recites “maintaining a
`record of one or more notification events associated with actions that require
`acknowledgement by the user” and “receiving, from the user, an
`acknowledgement of an action associated with the established notification
`event” (emphases added). According to Patent Owner, Petitioner improperly
`“collapses the recited ‘action’ with a notification-event itself” by
`“attempting to show acknowledgement of the notification events themselves
`rather than of the recited ‘actions’ associated with notification events.” Id.
`at 17. With respect to Bennett, Patent Owner argues that Bennett cannot
`disclose “actions” associated with “notification events,” because it does not
`disclose “notification events” in the first place. Id. at 18. Patent Owner then
`argues that Campbell also fails to teach “actions” associated with
`“notification events,” because the alleged “notification event” in
`Campbell—the suspension of the user’s account—happens automatically,
`and, thus, has no associated “action” that requires user acknowledgement to
`occur. Id. at 18–24.
`By focusing on each reference individually, however, Patent Owner
`fails to consider the references’ teachings in combination, which is the basis
`for Petitioner’s obviousness assertion. As explained above, Bennett teaches
`
`
`
`17
`
`

`

`IPR2016-01688
`Patent 9,300,792 B2
`
`a decision making module that applies decision rules and evaluates whether
`the occurrence of a particular “event” (e.g., a login attempt from an
`unknown device or suspicious IP address, a request to perform a particular
`type of financial transaction) warrants two-factor authentication, in which
`case an SMS message is sent to the user with a completion code. See Pet.
`27, 38–41. The “event” in Bennett is what occurs that triggers the SMS
`message being sent to the user. Those “events,” however, are not
`“notification events,” as we have interpreted the term, because the SMS
`message does not tell the user anything (other than the completion code).
`Petitioner, therefore, relies on a combination with Campbell for the
`“notification event” concept. Id. at 44–47, 56–58. By adding a sentence to
`the SMS message notifying the user that the event occurred, Bennett’s
`“event” becomes a “notification event.”
`Importantly, Petitioner relies on Bennett—not Campbell—as teaching
`“actions” associated with an event. Specifically, Petitioner references what
`Bennett refers to as “transactions” that the user acknowledges by entering
`the completion code. Id. at 38–39 (“Bennett’s decision rules define which
`transactions (actions) require notifying the user and receiving user
`acknowledgement, in the form of two-factor authentication.” (emphasis
`added)); see also id. at 60, 62–63 (arguing for various dependent claims that
`Bennett teaches numerous types of financial and non-financial
`“transactions” that require two-factor authentication by “notifying the user
`and requiring an acknowledgement” of the transaction, including “online
`banking login, online purchasing, money transfers, online brokerage trading,
`[and] company extranet logon”); Tr. 20:25–21:1 (Patent Owner
`acknowledging that Petitioner does “rely on Bennett for everything
`
`
`
`18
`
`

`

`IPR2016-01688
`Patent 9,300,792 B2
`
`associated with an action that requires acknowledgement”). Petitioner cites
`the following portion of Bennett, which broadly defines what Bennett means
`by “transactions”:
`As referred to in this description of the invention the term
`“Transaction” or “Transactions” may refer to any of the
`following non-limiting examples of online or other transactions,
`interactions, enrollment to a service, re-enrollment and password
`recovery using some sort of authentication/challenge or use of
`various services. It should be noted that the term Transaction is
`applicable not only to “financial” transactions but to any
`transaction involving authentication. For example, without
`limitation, Transaction refers not only to transactions such as an
`online banking login, but also to a company extranet login. It
`should be applicable to any transaction where the user is being
`authenticated by some means, regardless of the purpose of the
`authentication. Without limiting the foregoing, the following list
`illustrates certain types of transactions it may apply to: (1) Online
`enrolment, such as financial account opening: banking,
`brokerage, and insurance; subscriptions for example for ISP, data
`and
`informational content deliveries; customer
`service
`enrollment; enrollment to Programs (partnership, MLM, beta,
`etc.) and any other similar type of transaction; (2) Online
`transactions such as Online Purchasing, B2B, B2c and C2C
`transactions; Electronic Bill payment; Internet ACH providers;
`Money transfers between accounts; Online brokerage trading;
`Online insurance payments; Certain online banking transactions;
`Tax filing or Any other similar type of transaction; (3) Online
`Applications such as for credit cards; loans; memberships; patent
`applications or information; Governmental applications or other
`similar type of transactions; (4) Online password resetting, as
`well as online change or update
`to personal data by
`re-authentication/re-enrollment; by combining a mechanism
`involving secret questions; or by a combination of the above; (5)
`any login to a restricted service, or other operations that involve
`an element of risk. Other suitable transactions may be included
`as well.
`
`
`
`19
`
`

`

`IPR2016-01688
`Patent 9,300,792 B2
`
`Ex. 1003, col. 12, l. 56–col. 13, 23; see Pet. 38 (also citing Ex. 1003, col. 15,
`l. 61–col. 16, l. 13 (“For example, a user makes a request to open an account,
`pay a bill, transfer funds, or purchase goods from an institution.”)).
`In other words, the “action” in Bennett is the transaction that the user
`is attempting to complete, which will be completed once acknowledged.
`In Petitioner’s particular cited examples, a user is attempting to login, for
`instance. See Pet. 27, 38–41. The user acknowledges the transaction by
`entering the completion code he or she received, after which the transaction
`can be completed (e.g., the user can login, or the financial transaction can be
`completed). Id. at 58–59 (citing Ex. 1003, col. 15, ll. 12–41; Ex. 1002
`¶¶ 136–137 (explaining how when a user attempts to login from an unknown
`device or suspicious IP address, the two-factor authentication process
`requires the user to “acknowledg[e] that he or she is the one logging in by
`entering the completion [code]”)).
`Notably, Bennett’s descriptions of a user attempting to login and
`initiating a financial transaction are very similar to what is described