`571-272-7822
`
`
`Paper No. 51
`Entered: October 8, 2019
`
`
`
`
`UNITED STATES PATENT AND TRADEMARK OFFICE
`____________
`
`BEFORE THE PATENT TRIAL AND APPEAL BOARD
`____________
`
`APPLE INC.,
`Petitioner,
`
`v.
`
`UNIVERSAL SECURE REGISTRY, LLC,
`Patent Owner.
`____________
`
`IPR2018-00809
`Patent 9,530,137 B2
`____________
`
`
`
`Before PATRICK R. SCANLON, GEORGIANNA W. BRADEN, and
`JASON W. MELVIN, Administrative Patent Judges.
`
`MELVIN, Administrative Patent Judge.
`
`
`
`
`JUDGMENT
`Final Written Decision
`Determining All Claims Unpatentable
`Denying Patent Owner’s Motion to Amend
`35 U.S.C. § 318(a)
`Denying Petitioner’s Motion to Strike
`Denying Patent Owner’s Motion to Strike
`37 C.F.R. § 42.5
`
`
`
`
`
`
`
`Case IPR2018-00809
`Patent 9,530,137 B2
`
`
`I.
`
`BACKGROUND
`
`Petitioner, Apple Inc., requested inter partes review of claims 1, 2,
`
`and 5–12 of U.S. Patent No. 9,530,137 B2 (Ex. 1101, “the ’137 patent”).
`
`Paper 3 (“Pet.”). Patent Owner, Universal Secure Registry, LLC, timely filed
`
`a Preliminary Response. Paper 8 (“Prelim. Resp.”). We instituted review.
`
`Paper 9 (“Inst.” or “Institution Decision”). Because Patent Owner disclaimed
`
`claims 8, 10, and 11 (Ex. 2003), the instituted review does not include those
`
`claims. Inst. 6–7. Thus, we review claims 1, 2, 5–7, 9, and 12 (the
`
`“challenged claims”).
`
`Patent Owner filed a Response (Paper 18 (“PO Resp.”)) and a
`
`Conditional Motion to Amend (Paper 19 (“MTA”)); Petitioner filed a Reply
`
`(Paper 25 (“Pet. Reply)) and an Opposition to Patent Owner’s Contingent
`
`Motion to Amend (Paper 24 (“MTA Opp.”)); Patent Owner filed a Sur-reply
`
`(Paper 30) and a Reply to Petitioner’s Opposition (Paper 31
`
`(“MTA Reply”)); and Petitioner filed a Sur-reply to the Contingent Motion
`
`to Amend (Paper 39 (“MTA Sur-reply”)). We held a hearing on July 16,
`
`2019, and a transcript is included in the record. Paper 49 (“Tr.”).
`
`This is a final written decision as to the patentability of the challenged
`
`claims. For the reasons discussed below, we determine that Petitioner has
`
`shown by a preponderance of the evidence that the challenged claims are
`
`unpatentable. We also deny Patent Owner’s Conditional Motion to Amend.
`
`A. RELATED MATTERS
`
`As required by 37 C.F.R. § 42.8(b)(2), each party identifies various
`
`judicial or administrative matters that would affect or be affected by a
`
`decision in this proceeding. Pet. 2–3; Paper 7, 2 (Patent Owner’s Updated
`
`Mandatory Notices).
`
`2
`
`
`
`Case IPR2018-00809
`Patent 9,530,137 B2
`
`
`B. THE ’137 PATENT
`
`The ’137 patent is titled “Method and Apparatus for Secure Access
`
`Payment and Identification” and describes ways to securely authenticate the
`
`identity of a plurality of users. Ex. 1101, codes (54), (57), 1:43–55.
`
`The challenged patent describes a secure database called a “Universal
`
`Secure Registry” (USR), which can be used as “a universal identification
`
`system” and/or “to selectively provide information about a person to
`
`authorized users.” Id. at 4:8–11. The ’137 patent states that the USR
`
`database is designed to “take the place of multiple conventional forms of
`
`identification.” Id. at 4:23–25. The ’137 patent further states that various
`
`forms of information can be stored in the database to verify a user’s identity
`
`and prevent fraud: (1) algorithmically generated codes, such as a time-
`
`varying multi-character code or an “uncounterfeitable token,” (2) “secret
`
`information” like a PIN or password, and/or (3) a user’s “biometric
`
`information,” such as fingerprints, voice prints, an iris or facial scan, DNA
`
`analysis, or even a photograph. See id. at 14:1–7, 14:21–40, 44:54–61,
`
`Fig. 3.
`
`The patent discloses a variety of embodiments including those in
`
`which a user is authenticated on a device using secret information (such a
`
`PIN code) and biometric information (such as a fingerprint), then the first
`
`device transmits information to a second device for further authentication.
`
`See id. at 29:21–44. The second device may verify the user’s information
`
`and return an enablement signal to the first device. Id. at 33:20–34.
`
`Accordingly, the ’137 patent discloses that the system can be used to
`
`selectively provide authorized users with access to perform transactions
`
`3
`
`
`
`Case IPR2018-00809
`Patent 9,530,137 B2
`
`involving various types of confidential information stored in a secure
`
`database. See, e.g., id. at 4:8–15.
`
`C. CHALLENGED CLAIMS
`
`Challenged claims 1 and 12 are independent. Claim 1 is illustrative of
`
`the claimed subject matter and is reproduced below, including Petitioner’s
`
`square-bracketed annotations that segment the claim when mapping it to the
`
`prior art (see Pet. 20–41):
`
`1. [p] A system for authenticating a user for enabling a
`transaction, the system comprising:
`
`[a] a first device including:
`
`a first processor, the first processor programmed to
`authenticate a user of the first device based on secret
`information and [b] to retrieve or receive first
`biometric information of the user of the first device;
`
`[c] a first wireless transceiver coupled to the first
`processor and programmed to transmit a first wireless
`signal including first authentication information of
`the user of the first device; and
`
`[d] a biometric sensor configured to capture the first
`biometric information of the user;
`
`[e] wherein the first processor is programmed to
`generate one or more signals including the first
`authentication information, an indicator of biometric
`authentication, and a time varying value in response
`to valid authentication of the first biometric
`information, and [f] to provide the one or more
`signals including the first authentication information
`for transmitting to a second device; and
`
`[g] wherein the first processor is further configured to
`receive an enablement signal from the second device;
`and
`
`4
`
`
`
`Case IPR2018-00809
`Patent 9,530,137 B2
`
`
`[h] the system further including the second device that is
`configured to provide the enablement signal indicating
`that the second device approved the transaction based on
`use of the one or more signals;
`
`[i] wherein the second device includes a second
`processor that is configured to provide the
`enablement signal based on the indication of
`biometric authentication of the user of the first
`device, at least a portion of the first authentication
`information, and second authentication information
`of the user of the first device to enable and complete
`processing of the transaction.
`
`Ex. 1101, 45:27–61.
`
`D. GROUNDS OF UNPATENTABILITY
`
`Petitioner asserts the following grounds of unpatentability based on
`
`the following evidence of record:
`
`Claim(s) Challenged Statutory Basis
`
`References
`
`1, 2, 6, 7, 9, and 12
`
`§ 103(a)
`
`Jakobsson1 and Maritzen2
`
`5
`
`§ 103(a)
`
`Jakobsson, Maritzen, and Niwa3
`
`Pet. 20, 53, 63. Petitioner also relies on the Declaration of Dr. Victor Shoup
`
`(Ex. 1102). Pet. 9.
`
`E. OBVIOUSNESS OVERVIEW
`
`An invention is not patentable “if the differences between the subject
`
`matter sought to be patented and the prior art are such that the subject matter
`
`
`1 International Patent Application Publication No. WO 2004/051585,
`published June 17, 2004 (Ex. 1113).
`2 U.S. Patent Application Publication No. 2004/0236632, published
`November 25, 2004 (Ex. 1114).
`3 U.S. Patent No. 6,453,301, issued September 17, 2002 (Ex. 1117).
`
`5
`
`
`
`Case IPR2018-00809
`Patent 9,530,137 B2
`
`as a whole would have been obvious at the time the invention was made to a
`
`person having ordinary skill in the art to which said subject matter pertains.”
`
`35 U.S.C. § 103(a).4 The question of obviousness is resolved on the basis of
`
`underlying factual determinations including: (1) the scope and content of the
`
`prior art; (2) any differences between the claimed subject matter and the
`
`prior art; (3) the level of skill in the art; and, (4) where in evidence, so-called
`
`secondary considerations, including commercial success, long-felt but
`
`unsolved needs, and failure of others. Graham v. John Deere Co., 383 U.S.
`
`1, 1718 (1966). When evaluating a combination of teachings, we must also
`
`“determine whether there was an apparent reason to combine the known
`
`elements in the fashion claimed by the patent at issue.” KSR Int’l Co. v.
`
`Teleflex Inc., 550 U.S. 398, 418 (2007) (citing In re Kahn, 441, F.3d 977,
`
`988 (Fed. Cir. 2006)). Whether a combination of elements produced a
`
`predictable result weighs in the ultimate determination of obviousness.
`
`KSR, 550 U.S. at 416–17.
`
`II. DISCUSSION
`
`A. LEVEL OF ORDINARY SKILL IN THE ART
`
`Petitioner and Patent Owner propose very similar statements of the
`
`level of ordinary skill in the art. In Patent Owner’s phrasing, a skilled artisan
`
`would have had “a Bachelor of Science degree in electrical engineering,
`
`computer science or computer engineering, and three years of work or
`
`research experience in the fields of secure transactions and encryption; or a
`
`
`4 The America Invents Act included revisions to, inter alia, 35 U.S.C. § 103
`effective on March 16, 2013. Because the ’137 patent claims benefit of
`filing date under § 120 to an application filed before March 16, 2013 (see
`Ex. 1101, 1:7–40), the pre-AIA version of 35 U.S.C. § 103 applies.
`
`6
`
`
`
`Case IPR2018-00809
`Patent 9,530,137 B2
`
`Master’s degree in electrical engineering, computer science or computer
`
`engineering, and two years of work or research experience in related fields.”
`
`PO Resp. 16–17 (citing Ex. 2004 ¶ 18). Petitioner’s statement includes only
`
`a bachelor’s degree and marginally less work experience. Pet. 5. Patent
`
`Owner states that its positions would be the same under either party’s
`
`proposal. PO Resp. 17. We agree with Patent Owner that the analysis and
`
`conclusions remain the same under either proposal. As a more-
`
`comprehensive definition for a skilled artisan, we adopt Patent Owner’s
`
`statement and note that it is consistent with the prior art of record.
`
`B. CLAIM CONSTRUCTION
`
`Before the Board, claims in an unexpired patent are interpreted
`
`according to their broadest-reasonable construction in light of the
`
`specification of the patent in which they appear. 37 C.F.R. § 42.100(b)
`
`(2017); Cuozzo, 136 S. Ct. 2131, 2144–46 (2006).5 Under the standard
`
`applicable here, we generally give a claim term its “ordinary and customary
`
`meaning,” which is “the meaning that the term would have to a person of
`
`ordinary skill in the art in question” at the time of the invention. In re
`
`Translogic Tech., Inc., 504 F.3d 1249, 1257 (Fed. Cir. 2007). The
`
`specification may impose a specialized meaning, departing from the
`
`ordinary and customary meaning, by defining a term with reasonable clarity,
`
`deliberateness, and precision. In re Paulsen, 30 F.3d 1475, 1480 (Fed. Cir.
`
`
`5 A recent amendment to this rule does not apply here because the Petition
`was filed before November 13, 2018. See Changes to the Claim
`Construction Standard for Interpreting Claims in Trial Proceedings Before
`the Patent Trial and Appeal Board, 83 Fed. Reg. 51,340 (Oct. 11, 2018)
`(amending 37 C.F.R. § 42.100(b), effective Nov. 13, 2018).
`
`7
`
`
`
`Case IPR2018-00809
`Patent 9,530,137 B2
`
`1994). Further, a party may prove “the existence of a ‘clear and
`
`unmistakable’ disclaimer” that narrowed a term’s definition in the
`
`prosecution history of a challenged patent. Trivascular, Inc. v. Samuels, 812
`
`F.3d 1056, 1063–64 (Fed. Cir. 2016) (quoting Elbex Video, Ltd. v.
`
`Sensormatic Elecs. Corp., 508 F.3d 1366, 1371 (Fed. Cir. 2007)).
`
`Petitioner proposes constructions for thee terms: “biometric
`
`information,” “secret information,” and “authentication information.”
`
`Pet. 14–20. Patent Owner asserts that resolving issues in dispute requires no
`
`construction for any of those terms. PO Resp. 12.
`
`We agree with Patent Owner that no unpatentability dispute turns on
`
`the construction of the three terms Petitioner identifies. Thus, construing
`
`those terms would not benefit this proceeding, and we therefore decline to
`
`expressly construe them. See Nidec Motor Corp. v. Zhongshan Broad Ocean
`
`Motor Co., 868 F.3d 1013, 1017 (Fed. Cir. 2017) (affirming that the Board
`
`only need construe claims terms “to the extent necessary to resolve the
`
`controversy”) (citing Vivid Techs., Inc. v. Am. Sci. & Eng’g, Inc., 200 F.3d
`
`795, 803 (Fed. Cir. 1999)).
`
`Patent Owner, however, asserts also that the term “the one or more
`
`signals,” as used in both independent claims, should be construed to mean
`
`“one or more signals that include all of the following three types of
`
`information: (1) first authentication information, (2) an indicator of
`
`biometric authentication of the user of the first device, and (3) a time
`
`varying value.” PO Resp. 12–13 (citing Ex. 2001 ¶ 38–43). Petitioner
`
`primarily addresses whether the prior art teaches the limitation as expressed
`
`by Patent Owner. See Reply 1–2. Petitioner also states that “limitation 1[f]
`
`does not require that the authentication code include all three pieces of
`
`8
`
`
`
`Case IPR2018-00809
`Patent 9,530,137 B2
`
`information” (id. at 2) but that assertion does not address the antecedent
`
`basis for “one or more signals,” which Patent Owner relies on to argue
`
`multiple places in the claim require the signals include three distinct pieces
`
`of information (PO Resp. 12–13). As to the three pieces of information as
`
`recited in limitation 1[e], Petitioner appears to accept Patent Owner’s
`
`construction. See Reply 1–3.
`
`Patent Owner argues that “independent claims 1 and 12 require the
`
`first device to transmit three separate and distinct types of information to a
`
`second device for processing because each is a ‘distinct component’ of the
`
`claimed invention.” Sur-reply 5 (quoting Becton, Dickinson & Co. v. Tyco
`
`Healthcare Grp., 616 F.3d 1249, 1254 (Fed. Cir. 2010)). In particular, Patent
`
`Owner distinguishes a claim scope where the claimed signals are “derived
`
`from some of the three distinct types of information.” Id. Because, as
`
`discussed below (see infra at 12–16), we conclude that Jakobsson teaches
`
`multiple methods of assembling its authentication code, even Patent
`
`Owner’s sought construction does not eliminate Jakobsson’s disclosures
`
`from the claim scope. Accordingly, we conclude that we need not further
`
`address Patent Owner’s construction for the one or more signals.
`
`We explained in the Institution Decision that we view the meaning of
`
`“transaction” as significant to the issues here. Inst. 7. As we discussed in a
`
`related proceeding, CBM2018-00022, “the written description describes the
`
`invention as being broader than a system for secure access payment and the
`
`authentication of a purchaser’s identify.” CBM2018-00022, paper 10, 12–13
`
`(citing Ex. 1101,6 13:42–14:7, 42:64–43:3, Figs. 3, 4). We also noted that
`
`
`6 The ’137 patent appears as Exhibit 1101 in this proceeding and
`Exhibit 1001 in CBM2018-00022.
`
`9
`
`
`
`Case IPR2018-00809
`Patent 9,530,137 B2
`
`“[w]e do not consider the term ‘transaction’ by itself to be explicitly or
`
`inherently financial, because the ’137 patent indicates that a particular
`
`transaction is financial in nature by using the term ‘financial transaction.’”
`
`Id. at 13 (citing Ex. 1101, 6:59, 7:9, claim 11). We adopt that same
`
`understanding of “transaction” in this case.
`
`We conclude there is no need to construe any other term to resolve the
`
`issues in this decision. See Nidec Motor Corp., 868 F.3d at 1017; Vivid
`
`Techs., 200 F.3d at 803.
`
`C. UNPATENTABILITY OVER JAKOBSSON AND MARITZEN
`
`Petitioner maps the limitations of claims 1, 2, 6, 7, 9, 10, and 12 onto
`
`Jakobsson’s and Maritzen’s disclosures. Pet. 20–41.
`
`Jakobsson is a published international patent application directed to an
`
`identity-authentication system. Ex. 1113. In certain embodiments of
`
`Jakobsson’s system, a user is first authenticated on a user device using a PIN
`
`or biometric information; the user device then sends information to a remote
`
`verifier including user authentication, PIN, biometric data, and a time-
`
`varying code, so that the remote system may verify the information and
`
`return a signal to the user device. See id. ¶¶ 50, 59.
`
`Maritzen is a published patent application directed to conducting a
`
`financial transaction, in one embodiment using communication “between a
`
`vehicle-accessed, payment-gateway terminal (VAPGT) and a pre-registered,
`
`key-enabled, personal transaction device (PTD).” Ex. 1114, code (57).
`
`Relevant here, Maritzen involves financial transactions in the form of
`
`payments. Id.
`
`Patent Owner argues that the combination of Jakobsson and Martizen
`
`fails to disclose: “the one or more signals” recited in claims 1 and 12
`
`10
`
`
`
`Case IPR2018-00809
`Patent 9,530,137 B2
`
`(PO Resp. 17–22); the “enablement signal” recited in claims 1 and 12 (id. at
`
`23–28); the comparison recited in claim 5 (id. at 28–30); the encryption
`
`recited in claim 6 (id. at 30–31); and the memory recited in claim 7 (id. at
`
`32). Patent Owner also argues a skilled artisan would have had no reason to
`
`combine: Jakobsson and Martizen. Id. at 32–37. Finally, Patent Owner
`
`argues that objective indicia of nonobviousness counsel a conclusion of no
`
`unpatentability. Id. at 38–44.
`
`1. Claims 1 and 12
`
`Petitioner maps the limitations of claim 1 onto Jakobsson’s
`
`disclosures, relying on Maritzen only for the preamble, in that Maritzen
`
`teaches authorization of financial transactions. Pet. 25 (“Accordingly, it
`
`would have been obvious to use the authentication system of Jakobsson to
`
`authenticate a financial transaction as disclosed in Maritzen.”). At least
`
`because we construe “transaction” as broader than just financial transactions,
`
`the preamble of claim 1 reads on Jakobsson’s disclosures. Ex. 1113 ¶ 39
`
`(“Authentication can result in the performance of one or more actions
`
`including, without limitation, providing access or privileges, taking action,
`
`or enabling some combination of the two. Access includes, without
`
`limitation: access to a physical location, communications network, computer
`
`system, and so on; access to such services as financial services and
`
`records.”); see Pet. 20–21. Thus, although Patent Owner argues that a skilled
`
`artisan would not have been motivated to combine Maritzen with Jakobsson
`
`(PO Resp. 32–37), that argument does not impact Petitioner’s showing for
`
`claim 1.
`
`11
`
`
`
`Case IPR2018-00809
`Patent 9,530,137 B2
`
`
`a. Transmitting and Processing “The One Or More Signals”
`(Limitations 1[f], 1[h], and 12[f])
`
`Jakobsson discloses a variety of configurations for the authentication
`
`codes sent to a remote verifier, including that one code may be augmented
`
`with additional information to produce another code. Ex. 1113 ¶¶ 52, 59,
`
`65–77. In particular, Jakobsson discloses using “the user data value (P) with
`
`the secret (K), the dynamic value (T), and the event state (E) to generate an
`
`authentication code A (K, T, E, P) 292.” Id. ¶ 73. It also discloses a user
`
`device that “first combines (K, T, E) to generate an authentication code A
`
`(K, T, E) 291” and “then combines the generated authentication code 291
`
`with the PIN (P) to generate an authentication code 292 that is a function of
`
`(K, T, E, P).” Id. That latter arrangement Jakobsson discloses as one
`
`example of how “[t]he combination function 230 can combine these values
`
`(K, T, E, P) in any order (and with other values not mentioned) to generate
`
`the authentication code 292.” Id.
`
`The Petition asserts that “the processor of user authentication
`
`device 120 [first processor] is configured to provide an authentication code
`
`[one or more signals] including a first authentication code [first
`
`authentication information].” Pet. 34 (emphasis omitted; bracketed material
`
`in original) (citing id. at 30–33 (discussing limitation 1[e]); Ex. 1102 ¶ 85).
`
`Patent Owner argues that Petitioner fails to show Jakobsson teaches
`
`transmitting signals including “the first authentication information, an
`
`indicator of biometric authentication, and a time varying value,” as recited in
`
`limitation 1[f]. PO Resp. 17–22. Patent Owner points to Petitioner’s
`
`assertion that Jakobsson discloses transmitting “the authentication code
`
`[first authentication information]” for verification. Id. at 18 (citing Pet. 34
`
`(bracketed material and emphasis in original).
`
`12
`
`
`
`Case IPR2018-00809
`Patent 9,530,137 B2
`
`
`Petitioner argues that, by referring back to its discussion of limitation
`
`1[e], it demonstrated that Jakobsson’s transmitted signals comprise “an
`
`authentication code (e.g., authentication code 292) [one or more signals]
`
`including a first authentication code (e.g., authentication code 291) [first
`
`authentication information], a strength of a biometric match (E) [indicator of
`
`biometric authentication], and a time-varying value (T) [time-varying
`
`value].” Reply 2 (quoting Pet. 33 (emphasis omitted; bracketed material in
`
`original)).
`
`Patent Owner’s argument refers to Petitioner’s use of “authentication
`
`code” without acknowledging that Petitioner identified two different types of
`
`“authentication code” from Jakobsson. Compare PO Resp. 18, with Pet. 33.
`
`Because Petitioner asserts that the transmitted authentication code includes
`
`information in a first authentication code and additional information added
`
`to that first authentication code, Petitioner asserts that the transmitted
`
`information includes all three aspects of the claimed signals. Accordingly,
`
`we do not agree with Patent Owner that Petitioner fails to assert teachings
`
`that satisfy claim limitations 1[f], 1[h], or the corresponding limitations of
`
`claim 12. See PO Resp. 18–20.
`
`Petitioner specifically points to Jakobsson’s wide range of disclosures.
`
`Pet. 32. Furthermore, Petitioner specifically points to Jakobsson’s disclosure
`
`that the combination function may operate “by prepending or appending . . .
`
`by arithmetically adding . . . or using a block cipher or other one-way
`
`function, or other algorithm, or a combination of these and other techniques
`
`that combine two or more input values together.” Id. at 31–32 (quoting
`
`Ex. 1113 ¶ 73). Petitioner also identifies that Jakobsson’s “event state (E)”
`
`13
`
`
`
`Case IPR2018-00809
`Patent 9,530,137 B2
`
`includes the “strength of a biometric match,” and “dynamic value (T)” is a
`
`“dynamic, time-varying value.” Id. at 30–33 (quoting Ex. 1113 ¶¶ 52, 60).
`
`Based on Petitioner’s assertions and Jakobsson’s disclosures, we
`
`explained in the Institution Decision that we understand Petitioner’s
`
`assertions map Jakobsson’s E and T to the claimed biometric information
`
`and time-varying value, respectively, and map the other factors included in
`
`Jakobsson’s transmitted authentication code (including user data value P and
`
`device secret K) to the claimed first authentication information. Inst. 10–11
`
`(citing Ex. 1113 ¶¶ 52, 59, 65–77). Patent Owner acknowledges our
`
`Institution Decision but argues that it impermissibly went beyond the
`
`Petition. PO Resp. 21. We do not agree because, as explained above, our
`
`understanding is consistent with Petitioner’s assertions.
`
`Patent Owner argues that the authentication code transmitted in
`
`Jakobsson does not include the three claimed elements “because the
`
`combination function transformed those pieces of information into a unitary
`
`authentication code prior to transmission.” PO Resp. 22. The argument
`
`appears to be based on viewing Jakobsson’s combination function as a one-
`
`way hash function. Id. (citing Ex. 2010 ¶ 54). Jakobsson discloses that the
`
`combination function may comprise a one-way function, but also discloses
`
`that it may combine information “by prepending or appending,” or
`
`“arithmetically adding” information. Ex. 1113 ¶ 73. Petitioner relies on
`
`Jakobsson’s broad disclosure for the combination function to assert that it
`
`would have been obvious to form the claimed “one or more signals” that
`
`include “first authentication information, an indicator of biometric
`
`authentication, and a time varying value.” Pet. 31–32 (citing Ex. 1113 ¶ 73).
`
`Thus, we do not agree that Jakobsson discloses only a combination function
`
`14
`
`
`
`Case IPR2018-00809
`Patent 9,530,137 B2
`
`that produces “a unitary authentication code.” See Sur-reply 4. Similarly,
`
`Patent Owner’s argument that Jakobsson discloses transmitting on “one of
`
`code 291, 292, or 293” (id.) directly contradicts Jakobsson’s disclosure that
`
`the user device first generates authentication code 291 and “combination
`
`function 230 then combines the generated authentication code 291 with the
`
`PIN (P) to generate an authentication code 292 that is a function of (K, T, E,
`
`P).” Ex. 1113 ¶ 73. In light of Jakobsson’s disclosures of (1) combination
`
`functions that include prepending or appending information and (2) using
`
`one authentication code as a further input to the combination function to
`
`generate another authentication code for transmission, we do not agree with
`
`Patent Owner that Petitioner’s assertions amount to “double-counting.” See
`
`Sur-reply 4.
`
`Based on the foregoing discussion, we find Jakobsson teaches
`
`claim 1’s “one or more signals including the first authentication information,
`
`an indicator of biometric authentication, and a time varying value in
`
`response to valid authentication of the first biometric information” as an
`
`authentication code generated by combining a user data value (P), a device
`
`secret (K), a dynamic value (T), and an event state that includes an indicator
`
`of biometric match (E). See Pet. 30–33. Furthermore, as discussed, Petitioner
`
`relies on transmission of that combined authentication code to assert that
`
`Jakobsson teaches the first processor is “programmed . . . to provide the one
`
`or more signals including the first authentication information for
`
`transmitting to a second device.” See Pet. 34–35. Patent Owner does not
`
`contest that Jakobsson teaches that transmission and only challenges whether
`
`the transmitted information includes the claimed “one or more signals.” See
`
`15
`
`
`
`Case IPR2018-00809
`Patent 9,530,137 B2
`
`PO Resp. 17–22. For the foregoing reasons, we find that Jakobsson teaches
`
`providing the one or more signals for transmitting to a second device.
`
`Because claim 12 recites parallel limitations (see id. at 20), we reach
`
`the same conclusion for claim 12.
`
`b. “Enablement Signal”
`(Limitations 1[h], 1[i], 12[h], and 12[i])
`
`Claim 1 recites “the system further including the second device that is
`
`configured to provide the enablement signal indicating that the second
`
`device approved the transaction based on use of the one or more signals” and
`
`“wherein the second device includes a second processor that is configured to
`
`provide the enablement signal based on the indication of biometric
`
`authentication of the user of the first device, at least a portion of the first
`
`authentication information, and second authentication information of the
`
`user of the first device to enable and complete processing of the transaction.”
`
`As the claimed “second device that is configured to provide the
`
`enablement signal indicating that the second device approved the transaction
`
`based on use of the one or more signals,” Petitioner points to Jakobsson’s
`
`verifier 105 that approves a transaction based on information in the received
`
`authentication code. Pet. 36–38 (citing Ex. 1113 ¶¶ 118, 39, 50; Ex. 1102
`
`¶¶ 91–94).
`
`Regarding the recitation in claim 1[i] that the enablement signal be
`
`“based on the indication of biometric authentication of the user of the first
`
`device, at least a portion of the first authentication information, and second
`
`authentication information of the user of the first device,” Petitioner points
`
`first to Jakobsson’s authentication codes, which, as described above, are
`
`made using a combination function to include a strength of biometric match
`
`and additional authentication information. Pet. 40–41 (citing Ex. 1113 ¶¶ 60,
`
`16
`
`
`
`Case IPR2018-00809
`Patent 9,530,137 B2
`
`52, 64, 50). For the second authentication information, Petitioner relies on
`
`Jakobsson’s verifier comparing received authentication code (AD) to an
`
`authentication code generated by the verifier (AV). Pet. 39–40 (citing
`
`Ex. 1113 ¶¶ 117, 118 (“The verifier compares the value of the first
`
`authentication code (A1V) with the value of the received authentication code
`
`(AD) generated by the authentication device 120.”), 50).
`
`Regarding the “enablement signal indicating that the second device
`
`approved the transaction,” Petitioner points to Jakobsson’s disclosure that its
`
`verifier may accept the received authentication code and then
`
`“[a]uthentication can result in the performance of one or more actions
`
`including . . . providing access or privileges, taking action, or enabling some
`
`combination of the two.” Pet. 37 (quoting Ex. 1113 ¶ 118). Petitioner also
`
`relies on Jakobsson’s disclosure that “the verifier can communicate positive
`
`or negative acknowledgement to the communications terminal.” Id. at 37–38
`
`(quoting Ex. 1113 ¶¶ 50).
`
`Patent Owner argues that Petitioner relies on Jakobsson’s
`
`authentication code as both the “indicator of biometric authentication” and
`
`“first authentication information.” PO Resp. 23. According to Patent Owner,
`
`Petitioner fails to identify Jakobsson’s disclosure of an authentication code
`
`“made up of data showing the ‘strength of a biometric match’ (as opposed to
`
`being generated from such data)” (Prelim. Resp. 24) but the distinction does
`
`not hold up.
`
`Patent Owner’s argument ignores that, as discussed above, Petitioner
`
`relies on a transmitted “authentication code” comprising multiple distinct
`
`types of information, including an indicator of biometric authentication and
`
`“first authentication information.” See supra at 14. Petitioner maps different
`
`17
`
`
`
`Case IPR2018-00809
`Patent 9,530,137 B2
`
`parts of Jakobsson’s transmitted “authentication code” to the claimed “first
`
`authentication information” and “indicator of biometric authentication.”
`
`That view of Jakobsson is supported by Jakobsson’s disclosure that “an
`
`authentication code is generated in a manner that communicates to the
`
`verifier information about the occurrence of one or more reportable events”
`
`including “confidence level in a biometric reading.” Ex. 1113 ¶ 11; accord
`
`id. ¶ 52 (“[R]eportable events can include . . . the strength of a biometric
`
`match . . . .”); see Pet. 31 (citing Ex. 1113 ¶ 52). Additionally, Jakobsson
`
`discloses that the verifier compares a received authentication code with one
`
`that it generates; the verifier enables a transaction only if the two codes
`
`match—requiring that the verifier correctly determines the event code used
`
`in the received authentication code. Ex. 1113 ¶¶ 118–119; see Pet. 37 (citing
`
`Ex. 1113 ¶ 118), 40 (same).
`
`Patent Owner also argues that the one-way function used in
`
`Jakobsson’s combination function means it is impossible to reconstruct the
`
`inputs to the function (including the event code). PO Resp. 25 (citing
`
`Ex. 2010 ¶¶ 58–59. Patent Owner relies on testimony of its declarant,
`
`Dr. Jakobsson, to support its position. Id. We find that testimony directly
`
`contradicts statements in the Jakobsson reference and that the testimony is
`
`therefore not credible. Compare Ex. 2010 ¶ 59 (“[T]he combination function
`
`is not simply stringing together different input data to form the
`
`authentication code”), with Ex. 1113 ¶ 73 (disclosing that inputs to the
`
`combination function may be combined “by prepending or appending”); see
`
`Pet. Reply 9 (citing Ex. 1130 ¶¶ 39–43).
`
`18
`
`
`
`Case IPR2018-00809
`Patent 9,530,137 B2
`
`
`Based on the foregoing discussion, we find Jakobsson teaches using
`
`the biometric information as distinct from the other authentication
`
`information in the authentication code.
`
`Moreover, we agree with Petitioner that, even in an embodiment with
`
`a one-way combination function, Jakobsson’s verifier enables a transaction
`
`“based on” both the authentication information and an indicator of biometric
`
`authentication because both aspects of the transmitted authentication code
`
`must be correct for the code to match that generated by the verifier. See Pet.
`
`Reply 8; Ex. 1113 ¶¶ 118–119.
`
`Patent Owner also argues that the “positive or negative
`
`acknowledgement” of the authentication code sent by Jakobsson’s verifier
`
`indicates only