`____________
`
`BEFORE THE PATENT TRIAL AND APPEAL BOARD
`____________
`
`
`UNIFIED PATENTS INC.,
`Petitioner,
`
`v.
`
`SMART AUTHENTICATION IP, LLC,
`Patent Owner.
`____________
`
`Case IPR2017-02047
`Patent 8,082,213 B2
`____________
`
`Record of Oral Hearing
`Held: November 6, 2018
`____________
`
`
`
`
`
`
`
`
`
`
`Before KEVIN W. CHERRY, MICHELLE N. WORMMEESTER, and
`JAMES A. WORTH, Administrative Patent Judges.
`
`
`
`
`
`
`
`
`
`
`
`
`Case IPR2017-02047
`Patent 8,082,213 B2
`
`
`APPEARANCES:
`ON BEHALF OF THE PETITIONER:
`ROSHAN MANSINGHANI, ESQUIRE
`JONATHAN R. BOWSER, ESQUIRE
`Unified Patents
`13355 Noel Road
`Suite 1100
`Dallas, Texas 75240
`
`ON BEHALF OF PATENT OWNER:
`TAREK N. FAHMI, ESQUIRE
`Ascenda Law Group
`333 W. San Carlos Street
`Suite 200
`San Jose, California 95110-2730
`
`
`
`
`The above-entitled matter came on for hearing on Tuesday,
`
`
`November 6, 2018, commencing at 1:00 p.m., at the U.S. Patent and
`Trademark Office, 600 Dulany Street, Alexandria, Virginia.
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
` 2
`
`
`
`Case IPR2017-02047
`Patent 8,082,213 B2
`
`
`
`P R O C E E D I N G S
`- - - - -
`JUDGE WORMMEESTER: Good afternoon, everyone. We have
`our final hearing in IPR2017-02047, Unified Patents, Inc., v. Smart
`Authentication IP, LLC, which concerns U.S. patent number 8,082,213. I'm
`Judge Wormmeester, and with me are Judge Cherry and Judge Worth.
`Let's get the parties' appearances, please. Who do we have for
`petitioner?
`MR. MANSINGHANI: Good afternoon. My name is Roshan
`Mansinghani. And my colleague, Jonathan Bowser, is here with me. We
`both work at Unified Patents.
`JUDGE WORMMEESTER: Thank you. Welcome. Who will be
`presenting the arguments?
`MR. MANSINGHANI: I will, thank you.
`JUDGE WORMMEESTER: And for patent owner, who do we
`
`have?
`
`MR. FAHMI: Good afternoon, Your Honors. Tarek Fahmi on
`behalf of the patent owner.
`JUDGE WORMMEESTER: Thank you. Welcome. We set forth
`the procedure for today's hearing in our trial order, but just to remind
`everyone the way this will work, each party will have 60 minutes to present
`arguments. Petitioner has the burden and will go first and may reserve time
`for rebuttal. Patent Owner will then have the opportunity to present its
`
`1
`2
`3
`4
`5
`6
`7
`8
`9
`10
`11
`12
`13
`14
`15
`16
`17
`18
`19
`20
`21
`22
`23
`
`
`
`
`
`
`
` 3
`
`
`
`Case IPR2017-02047
`Patent 8,082,213 B2
`
`response. And when referring to any demonstrative, please remember to
`state the slide for the record -- the slide number for the record. Also, this is a
`reminder that the demonstratives you submitted are not part of the record.
`The record of the hearing will be the transcript.
`We will give you a warning when you are into your rebuttal time
`or nearing the end of your argument time.
`Are there any questions before we start? Okay, will you be
`reserving any time?
`MR. MANSINGHANI: Yes, I would like to reserve 20 minutes
`for rebuttal.
`JUDGE WORMMEESTER: Twenty minutes, okay. And you
`may start when you are ready.
`MR. MANSINGHANI: I'm ready to begin. Good afternoon.
`Thank you so much for your time here today. I represent Unified Patents.
`We do believe that the challenged claims are unpatentable, and today we are
`here to present to you a summary of the reasons why, but also most
`importantly to answer your questions. So if you do have questions as I'm
`presenting, feel free to interrupt me. My main goal is to answer your
`questions more than anything else.
`On slide 2 I have got a summary of what I want to talk about
`today, and what I would like to start with is slide 3, which is just giving a
`brief overview of the patent so we are all on the same page.
`So the '213 patent is addressed to a problem of how to authenticate
`a user that is remote whose identity may have been stolen while trying to
`
`1
`2
`3
`4
`5
`6
`7
`8
`9
`10
`11
`12
`13
`14
`15
`16
`17
`18
`19
`20
`21
`22
`23
`24
`
`
`
`
`
`
`
` 4
`
`
`
`Case IPR2017-02047
`Patent 8,082,213 B2
`
`deal with an online service, for example, logging into a bank. So on the
`right we have Figure 3 that's been annotated just with colors and some
`examples in the annotations to explain the solution. And on slide 4, we have
`the proposed solution that the patent provides.
`The first part of this solution is to give the user the control to be
`able to tell the authentication system these are the policies I would like and
`be able to set it up per site or per service. That aspect of the claims is
`actually not at issue today. So I'm not going to focus on it, but that is part of
`the proposed solution.
`The second part is where most of the focus today, I imagine, will
`be presented. That's where most of the parties' dispute is, and that is when
`you are dealing in a situation where a user's identity may have been stolen,
`the Smart Authentication patent, the '213 patent, proposes a solution. That
`solution is: instead of the user just providing one piece of authentication
`information, let's let them provide more than one, and in the example we are
`discussing here, two.
`So the two that would be provided would be the user would
`provide secret information such as their password, something that only the
`user is supposed to know, but this is the piece that can be stolen. So as a
`failsafe, let's also have the user provide evidence that they control a tangible
`object like a cell phone.
`And how this works is we've got some slides on that as well. So
`turning to the next slide, slide 5, we have the same figure, but now we have
`highlighted the communication channels in blue, red and green, since that's
`
`1
`2
`3
`4
`5
`6
`7
`8
`9
`10
`11
`12
`13
`14
`15
`16
`17
`18
`19
`20
`21
`22
`23
`24
`
`
`
`
`
`
`
` 5
`
`
`
`Case IPR2017-02047
`Patent 8,082,213 B2
`
`really where the dispute between the parties lie. So in the first step, the user,
`using, for example, their laptop, will try to connect to the website it wants to
`log into called the ASP client, using the '213 patent's parlance. And that is
`done using a first communication channel. We've highlighted that in blue.
`Then the ASP client will contact the ASP, which is the
`authentication service, to determine whether any other forms of
`authentication are needed. And that is done using either the first medium, so
`the ASP client and the ASP could be connected via the internet in this
`example or a second medium. And Figure 3 is an embodiment in which
`there is a second medium. And we've highlighted that in red. An example
`of a different medium might be a local area network if, for example, the ASP
`client and the ASP happen to be in a common network.
`Finally, though, which is the main dispute between the parties
`here, is the ASP then causes the user at a second device, using a different
`medium than either the first or the second, to receive a code and then the
`code is then provided to the ASP client to confirm that the user has control
`of that second device. So the example given in the '213 patent is the cell
`phone. And the third communication medium that's different than the first
`two is, for example, a cell phone channel where you can send SMS
`messages.
`JUDGE WORTH: Would you agree that this Figure 3 that you
`have annotated on the screen here only applies when there's the correct user?
`So there could be a different diagram if there was a fraudulent attempt and
`
`1
`2
`3
`4
`5
`6
`7
`8
`9
`10
`11
`12
`13
`14
`15
`16
`17
`18
`19
`20
`21
`22
`23
`
`
`
`
`
`
`
` 6
`
`
`
`Case IPR2017-02047
`Patent 8,082,213 B2
`
`then you had an authentication code, let's say, in green sent to a different
`person?
`MR. MANSINGHANI: Absolutely, Judge Worth, that's right. So
`how the '213 patent operates is that if there is someone who has stolen the
`user's password, for example, so if we have a thief's laptop that would be
`logging in to the ASP client, that green communication channel -- medium,
`excuse me, would be them pointing to the user's other device that, hopefully,
`hasn't also been stolen by the thief. And so, yes, in the example you gave,
`my understanding of the '213 patent's teachings would be that the diagram
`would look different if authentication failed. Now, importantly, claim 1
`doesn't really contemplate the situation where the authentication failed. It
`just contemplates that you have two devices that the user is using, one to use
`what we've colored in blue, the first communications medium, and the
`second device using what we've colored in green, the, I guess, claimed third
`medium.
`JUDGE WORTH: I bring that up because that was part of your
`opening. You had framed the problem that was being addressed, and that's
`how it would be addressed.
`MR. MANSINGHANI: That's exactly right. That's how it would
`be solved, yes.
`On slide 7 we see that this is exactly what got this patent allowed
`during prosecution. So the patent owner at the time had to amend the claims
`to recite these limitations. And the two key points here that slide 7 is
`making is that what made this patent allowable is using two different devices
`
`1
`2
`3
`4
`5
`6
`7
`8
`9
`10
`11
`12
`13
`14
`15
`16
`17
`18
`19
`20
`21
`22
`23
`24
`
`
`
`
`
`
`
` 7
`
`
`
`Case IPR2017-02047
`Patent 8,082,213 B2
`
`and using two different communication media for those two different
`devices.
`
`On slide 8 I have a summary of the two issues that -- high-level
`issues that we are facing regarding the two grounds we've presented, the
`Vandergeest-based grounds and the Harris-based grounds. One thing to
`note, patent owner has not disputed in any of their writings after the
`institution decision and they did not submit a preliminary response in this
`case the obviousness of claim 12 and its dependents. So the patent has two
`sets of independent claims that we've challenged, claim 1 and its dependents,
`and claim 12 and its dependents. They haven't challenged claim 12 at all.
`So today we are going to be focusing on claim 1. And on claim 1 and its
`dependent claims, patent owner has only presented arguments regarding
`independent claim 1. They haven't presented any separate arguments
`regarding the dependent claims. So that's why today we are just focusing on
`claim 1. All the rest of the claims rise and fall.
`So let's turn to Vandergeest and looking at slide 10. And as we
`look at the overview of why we believe Vandergeest renders this claim
`obvious, we see that Vandergeest discloses a system that's nearly identical to
`what is disclosed by the '213 patent. In Vandergeest the user has two
`different devices called a first unit and a third unit. Third is a little
`confusing but it's not referring to the number of devices of the user. It's just
`the numbering scheme that the patent drafter chose to use since Vandergeest
`is a patent reference. So the user has those two devices. And you can see
`that an example of the first device would be a laptop, and an example of a
`
`1
`2
`3
`4
`5
`6
`7
`8
`9
`10
`11
`12
`13
`14
`15
`16
`17
`18
`19
`20
`21
`22
`23
`24
`
`
`
`
`
`
`
` 8
`
`
`
`Case IPR2017-02047
`Patent 8,082,213 B2
`
`second device could be a cell phone that Vandergeest discloses. And
`Vandergeest also discloses using three media, and it discloses that the two
`devices of the users use different media. So this is exactly what the '213
`patent claims and exactly what got this patent allowed in the Patent Office
`was these features.
`Now, I'm going to now walk through an operation of Vandergeest
`fairly quickly. It's going to sound very familiar because it's very reminiscent
`of what the '213 patent discloses. So in the first step, the user uses that first
`unit across Channel 310, which we've colored in blue, for example, to
`contact a second unit which could be a web server. So the website that the
`user is trying to log into.
`Then over in Step 2, over the suitable link, which Vandergeest
`does not have a reference numeral for the suitable link. It's just called a
`suitable link. I have colored that in red. The second unit communicates
`with the authentication unit which we have mapped to the ASP of the claim,
`the authentication service of the claim. And then the authentication unit
`causes the user's second device to receive an authentication code over a
`completely separate medium which is -- which Vandergeest calls the back
`channel. And an example of that in Vandergeest is text messaging. So this
`is very, very similar, if not almost identical to what the '213 patent teaches
`and certainly what it claims.
`JUDGE CHERRY: Does Vandergeest explain whether the units
`could be running on the same server or does Vandergeest describe them as
`running on separate servers?
`
`1
`2
`3
`4
`5
`6
`7
`8
`9
`10
`11
`12
`13
`14
`15
`16
`17
`18
`19
`20
`21
`22
`23
`24
`
`
`
`
`
`
`
` 9
`
`
`
`Case IPR2017-02047
`Patent 8,082,213 B2
`
`
`MR. MANSINGHANI: So looking at slide 11, Judge Cherry, you
`are asking me if the second unit of Vandergeest and the authentication unit
`of Vandergeest can be on the same server or separate servers?
`JUDGE CHERRY: Yes.
`MR. MANSINGHANI: That's a great question. I'm going to have
`my colleague look into that briefly, and then if I find the answer for you, I
`will give it to you during maybe the rebuttal time or towards the end of my
`time right now. I don't have that answer off the top of my head. Thank you.
`So looking at slide 13, we've now put side by side the claim
`language of the '213 patent and its Figure 3 along with Vandergeest's
`teaching and its figure regarding this point of whether or not the third
`medium is separate than the first and second media since that is what the
`parties dispute.
`And the point of this here is to demonstrate that Vandergeest does
`disclose three completely separate media, which is something the patent
`owner disputes and we think that they are incorrect about.
`JUDGE CHERRY: Does the '213 patent explain whether the ASP
`client and the ASP have to be separate or can they be -- could they be like,
`let's say, for example, could the bank have an ASP client and then also have
`the ASP within the same entity?
`MR. MANSINGHANI: Yes, it does, Judge Cherry. And I think
`this is an extremely important point that I believe addresses some of the
`patent owner's mistakes in their argument. And I have got some citations for
`that in the slides for that very point.
`
`1
`2
`3
`4
`5
`6
`7
`8
`9
`10
`11
`12
`13
`14
`15
`16
`17
`18
`19
`20
`21
`22
`23
`24
`
`
`
`
`
`
`
` 10
`
`
`
`Case IPR2017-02047
`Patent 8,082,213 B2
`
`
`So the '213 patent explicitly teaches that the ASP client and the
`ASP can be completely separate. They can also be arranged such that the
`ASP communicates to the user via the ASP client. So -- and it teaches that
`they can be co-located, meaning they can even be part of the same system.
`On slide 19 I have the specification slide that makes exactly this point. So it
`states, In certain embodiments the authentication is carried out via a
`dialogue between the ASP and user. In alternative embodiments, the ASP
`can proactively push information to the clients so that the routines running
`on the client using the information that's provided by the ASP can carry out
`all or a portion of the process. And then still yet another alternative
`embodiment is a proxy ASP server can be installed on a server running or
`controlled by the ASP client. So this is extremely important because it
`shows that the patent contemplated a variety of arrangements between the
`ASP and the ASP client.
`To answer your question about what does Vandergeest disclose
`regarding the second unit and the authentication unit, my colleague,
`Jonathan Bowser, helpfully found on column 6, lines starting at 58 through
`65 of Vandergeest it states, In this embodiment, the authentication unit is
`shown as being separate from the second unit. However, the authentication
`unit may be part of the second unit, which may be a web server, wireless
`network element or any other suitable device.
`So I think the answer to your question is, just like the '213 patent, a
`wide variety of embodiments are contemplated.
`
`1
`2
`3
`4
`5
`6
`7
`8
`9
`10
`11
`12
`13
`14
`15
`16
`17
`18
`19
`20
`21
`22
`23
`
`
`
`
`
`
`
` 11
`
`
`
`Case IPR2017-02047
`Patent 8,082,213 B2
`
`
`So turning to slide 15, we now have a summary of what we believe
`the patent owner is arguing in order to distinguish Vandergeest from these
`three media. And specifically, we believe the patent owner is trying to
`rewrite the claim in order to save the claim from unpatentability. I note here
`that they have not offered a claim construction position for this point, for the
`attempts to narrow. And this patent has not expired and they have not
`offered to amend their patent to narrow it further, which they could have.
`Ultimately, the patent owner believes that claim 1 should be
`rewritten to require that the ASP client not be involved at all when
`communicating with the -- when the ASP communicates with the user and
`that any media that may connect the ASP client with the ASP cannot be used
`in the communication between the ASP and the user. The problem is the
`claims don't say that. Rather, for patent owner's argument to have weight, it
`must have included -- the claim must have been written to have something
`like saying that you can only use the third communication medium which is
`different than the first and second medium. The claim doesn't say that. And
`this is ultimately the problem, we believe, that the patent owner has with
`their arguments. And we would like to step through those briefly if you
`would find that helpful.
`So on slide 16, we have a brief point that "different from" does
`have a plain and ordinary meaning. We are not seeking a construction of
`"different from" today. No one has sought a construction of "different from"
`in any of the briefing. It is straightforward. It is the normal sense of the
`
`1
`2
`3
`4
`5
`6
`7
`8
`9
`10
`11
`12
`13
`14
`15
`16
`17
`18
`19
`20
`21
`22
`23
`
`
`
`
`
`
`
` 12
`
`
`
`Case IPR2017-02047
`Patent 8,082,213 B2
`
`word, and there is nothing in the prosecution history or any expert evidence
`we have to somehow narrow that beyond its plain meaning.
`Instead, patent owner turns to specification support to try to
`import, I guess, implicitly, since they haven't made a construction position,
`to include this concept of exclusivity and secrecy. So the first place that
`patent owner turns to is 2:55-67, which we have excerpted on slide 17. And
`here the passage simply states that the user can be connected to the ASP by
`at least two different media. It does not require nor even state that one of
`those media has to be the exclusive or only media that is used.
`The next patch they rely on is 3:20-25, which we have excerpted
`on slide 18. Here again, all this passage stands for is for the proposition that
`the user can be connected via two different communications media. It
`doesn't say that with any particular device the user has to be connected with
`only one medium.
`JUDGE WORMMEESTER: Counsel, so is it your position that
`when the claim recites, User communicates with the user authentication
`service through a third communications medium, is it your position that that
`language encompasses both indirect and direct communication?
`MR. MANSINGHANI: Yes, Judge Wormmeester, that is our
`position. It contemplates that. And the reason why it does, from our
`position, from our understanding of the specification is because the
`specification provides for that very thing. And we saw that, and I'll turn to it
`again briefly, slide 19. The specification teaches the opposite of what patent
`owner is urging this Board to read about the '213 patent. Again, on slide 19
`
`1
`2
`3
`4
`5
`6
`7
`8
`9
`10
`11
`12
`13
`14
`15
`16
`17
`18
`19
`20
`21
`22
`23
`24
`
`
`
`
`
`
`
` 13
`
`
`
`Case IPR2017-02047
`Patent 8,082,213 B2
`
`we have excerpted 7:49-56. Various embodiments are taught here about the
`arrangement between the ASP and the ASP client. They can be separate
`devices. They can be the same device or located physically on the same
`device, and they can be arranged such that the ASP communicates indirectly,
`as Judge Wormmeester said, with the user through the ASP client. All of
`these arrangements are contemplated, and there's no disclaimer or any other
`legal basis for reading out these embodiments from the claims when the
`claims are written to encompass that, since they don't use language like
`"only" or "directly," as Judge Wormmeester mentioned.
`JUDGE CHERRY: Does the '213 patent, it does identify SMS as
`one of the possible third communication media?
`MR. MANSINGHANI: Yes, that is my current recollection at the
`moment, but I'm going to have my colleague confirm just so that I don't
`mislead you in any way.
`So the other issue that patent owner disputes is that applying
`Vandergeest to the claims would lead to a situation in which the ASP client
`would not be kept in the dark between the ASP and user communication,
`which would prevent a form of man-in-the-middle attack, which is what
`patent owner has written in their patent owner response and in their
`sur-reply. In essence, they are requiring a form of secrecy that the ASP
`client -- that the communications, excuse me, between the ASP and the user
`be kept secret from the ASP client. Unfortunately, that concept is nowhere
`mentioned in the patent.
`
`1
`2
`3
`4
`5
`6
`7
`8
`9
`10
`11
`12
`13
`14
`15
`16
`17
`18
`19
`20
`21
`22
`23
`
`
`
`
`
`
`
` 14
`
`
`
`Case IPR2017-02047
`Patent 8,082,213 B2
`
`
`Also, the concept of foiling some sort of man-in-the-middle attack
`is also not mentioned in the patent at all. Rather, a man-in-the-middle
`attack, as I understand patent owner's argument, is one in which the
`communication path between the user and the service is untrusted. So you
`are not sure if someone is listening in on your communications, let's say, at
`the server level or even at the network level, and so it's that piece of the
`communications system that is untrusted. As we discussed regarding the
`overview of the '213 patent, the distrust that the '213 patent places is on the
`user. It's trying to deal with the issue of stolen identity of the user. Not
`distrust of the medium itself. Those are real authentication problems and
`communication security problems. They are just not ones the '213 patent
`ever addressed.
`So on slide 20 we have another excerpt from the patent that patent
`owner relies on, 2:15-18. And here you can see that the word "secret" is
`used, but it's not about keeping the ASP client in the dark. Rather, it's secret
`information as well as evidence of control of a tangible object. So secret
`information referred to here is the password. It's the information that is sent
`to the ASP client. So rather than the ASP client being kept in the dark, as
`patent owner is urging in their brief, the '213 patent teaches the opposite,
`that the ASP client actually receives the secret information.
`JUDGE CHERRY: Wouldn't for this to work, wouldn't the ASP
`client have to receive a copy of the information so they can -- because it's
`doing the comparison, right?
`
`1
`2
`3
`4
`5
`6
`7
`8
`9
`10
`11
`12
`13
`14
`15
`16
`17
`18
`19
`20
`21
`22
`23
`
`
`
`
`
`
`
` 15
`
`
`
`Case IPR2017-02047
`Patent 8,082,213 B2
`
`
`MR. MANSINGHANI: That is correct that the '213 patent teaches
`that the ASP client can do all of the verification. We saw that from the
`column 7 passage we referred to earlier.
`Turning to slide 21, we have another excerpt from lines 2 -- excuse
`me, column 2:52-67 of the '213 patent. Here again, we've seen this passage
`before. The word "secret" is not even used or there's nothing in there that
`even mentions that the ASP client needs to be held in the dark and kept away
`from the ASP at all.
`And on slide 22, another excerpt from 3:20-25, again, this is what
`the patent owner response cited to for their position of requiring secrecy.
`And here again, there's no mention of secrecy. It's just talking about the
`need for the ASP to be able to communicate with the user on two devices
`using two different media.
`JUDGE WORTH: Can we go back a couple of slides. So here
`there's an excerpt from Exhibit 1001 at 2:15-18. And then if you look at that
`passage, immediately prior to that, it walks through different embodiments.
`And so starting at 2:10, it says, In many of the embodiments the user and
`commercial entity are remote from one another and communicate through an
`electronic communications medium. And this is immediately before the
`quote that's on your slide. It says, In other embodiments the user may
`directly interact with the commercial or other entity. So can you fit that into
`your analysis.
`MR. MANSINGHANI: Absolutely. So looking at column 2 as a
`whole -- and just to be clear, the reason why we only included lines 15 to 18,
`
`1
`2
`3
`4
`5
`6
`7
`8
`9
`10
`11
`12
`13
`14
`15
`16
`17
`18
`19
`20
`21
`22
`23
`24
`
`
`
`
`
`
`
` 16
`
`
`
`Case IPR2017-02047
`Patent 8,082,213 B2
`
`because that was what the patent owner cited in their POR. So we were just
`trying to walk through each of their pieces of evidence for your benefit. But
`I would love to answer your question regarding column 2.
`So starting at line 3, the patent reads, Thus, in these embodiments
`of the present invention, a user controls the level and complexity of the
`authentication processes. So this portion is discussing what we talked about
`earlier, that there were two major parts of the solution that the '213 patent
`provided, right. The first one was a user controlling how complicated the
`authentication process could be. And then it says that the user -- so starting
`at line 8 which is in the middle of the sentence, The user, in the course of
`conducting electronic transactions, electronic dialogues and other
`interactions for which user authentication is needed, in many of the
`embodiments the user and commercial entity are remote from one another
`and communicate through an electronic communications medium. So that
`was, for example, that blue medium we highlighted with the internet, right.
`In other embodiments the user may directly interact with a commercial or
`other entity that needs to identify the user.
`So the difference between those two passages, those two
`paragraphs or sentences is thinking about the concept of a user being
`physically at a location, so for example, an ATM or the user is physically
`there as opposed to being remote. The claim talks about -- claim 1 talks
`about the user interacting with the ASP client over a first communications
`medium. So my understanding is that the claim would be covering more of
`that remote situation. However, I still think it's possible that maybe that
`
`1
`2
`3
`4
`5
`6
`7
`8
`9
`10
`11
`12
`13
`14
`15
`16
`17
`18
`19
`20
`21
`22
`23
`24
`
`
`
`
`
`
`
` 17
`
`
`
`Case IPR2017-02047
`Patent 8,082,213 B2
`
`medium is the physical medium that the user is interacting with, for
`example, the ATM service. So I think that both of those are included.
`I don't see that distinction between whether the user is physically at
`the service provider's location or terminal or connected over the internet as
`really changing the analysis because in Vandergeest it is remote, the user is
`communicating with the internet, and there is a separate back channel that
`the user uses to complete the authentication process. That's exactly what the
`'213 patent teaches as well.
`Does that help you, Judge Worth? Is that the answer you were
`looking for in terms of answering your question?
`JUDGE WORTH: You can proceed.
`MR. MANSINGHANI: Thank you. So on slide 23 we have a
`long excerpt from 7:6-22. I note that Judge Worth's question was sort of
`anticipated here. If you look at the end of this citation from the patent, it
`does talk about the ATM situation where you are physically located. But
`again, this long patch that's cited to by the patent owner does not mention
`any form of secrecy being required where the ASP client is kept in the dark.
`Finally, on slide 25, we believe the patent owner's position is a
`logical one. I believe Judge Cherry alluded to this issue. So in 7:6-22 we
`find, and we've got it underlined here starting at line 15, that the user can
`furnish the received randomly generated password which came from the
`ASP to the ASP client. So the ASP client is not kept in the dark in this form
`of communication. So this is why we believe patent owner's requirement for
`
`1
`2
`3
`4
`5
`6
`7
`8
`9
`10
`11
`12
`13
`14
`15
`16
`17
`18
`19
`20
`21
`22
`23
`
`
`
`
`
`
`
` 18
`
`
`
`Case IPR2017-02047
`Patent 8,082,213 B2
`
`secrecy is nowhere even mentioned and is also contrary to the embodiments
`that are mentioned in the specification.
`JUDGE CHERRY: Now, in terms of the patent, let's say I'm on
`my laptop and I have a wireless network in my house. I'm communicating
`with my cable modem via Wi-Fi and then my internet service provider has a
`cable that goes to the central server. Would that still be -- and I'm
`communicating with the ASP client. Would that still, even though I'm
`communicating over two different physical interfaces, would that still --
`within the '213 patent, would that be one still the first interface?
`MR. MANSINGHANI: Medium? Communications medium?
`JUDGE CHERRY: Yes.
`MR. MANSINGHANI: So my understanding of the '213 patent is
`that the term "communication media" would be -- it would be different, yes,
`because you have got the home network that you have. Let's say you are
`over Wi-Fi. Well, that is a local network. So that would be one medium.
`And then you are using the internet which it views as a second medium now.
`I think many of us know that the internet is quite complicated. There's a lot
`of sort of things that go on inside the internet that the '213 patent does not try
`to distinguish between. It just calls that whole thing a medium, right.
`So from my view, my answer to that question would be yes, but it
`wouldn't preclude the fact. So if a user used a first intermediary medium to
`get the actual medium that's connecting with the ASP client, that's what the
`'213 patent cares about. It cares about what is connected to the ASP client
`
`1
`2
`3
`4
`5
`6
`7
`8
`9
`10
`11
`12
`13
`14
`15
`16
`17
`18
`19
`20
`21
`22
`23
`
`
`
`
`
`
`
` 19
`
`
`
`Case IPR2017-02047
`Patent 8,082,213 B2
`
`and the user. And so that would be one medium because it would just be
`focusing on that one medium that actually went to the ASP client.
`JUDGE CHERRY: And in terms of the second medium, the
`medium between the second device and the -- that communicates to the ASP
`client, does the patent say that that has to be something other than the
`internet or could that also be the internet?
`MR. MANSINGHANI: That's a great question. So --
`JUDGE CHERRY: If you have the first communication medium
`being the internet.
`MR. MANSINGHANI: Right. That's right. So what the patent
`teaches and the claim teaches -- I'm going to flip to a slide just so we can
`have that and look at it together. Look at slide 5 here. So what the patent
`says is that the ASP client and the ASP can be linked via the same first
`medium or a second medium. That's what the claim says. So the patent
`contemplates both options and the claim explicitly contemplates both
`options. An example of something that would be different than the internet
`is that local area network if they happen to be residing on the same network.
`Turning back to slide 24, I did want to make a point about the legal
`framework in which this analysis should be undertaken, and that was from
`the Unwired Planet case that we cited in our reply brief. In order for a claim
`scope to read out embodiments from the ambit of a claim that would
`otherwise normally cover those embodiments, and there is a preference, as
`you well know, to include all of the embodiments you can into a claim
`scope, you need to have a clear disavowal. It has to be clear and
`
`1
`2
`3
`4
`5
`6
`7
`8
`9
`10
`11
`12
`13
`14
`15
`16
`17
`18
`19
`20
`21
`22
`23
`24
`
`
`
`
`
`
`
` 20
`
`
`
`Case IPR2017-02047
`Patent 8,082,213 B2
`
`unmistakable. The fact that alternative embodiments that go contrary to the
`patent owner's position, we think, defeats their position according to the case
`law.
`
`My colleague helped me by providing a citation to one of the
`earlier questions about what does the '213 patent disclose as far as that third
`medium. I'm going to refer to colu