Trials@uspto.gov
`571-272-7822
`
`
` Paper: 22
`
`Date: January 15, 2021
`
`UNITED STATES PATENT AND TRADEMARK OFFICE
`____________
`BEFORE THE PATENT TRIAL AND APPEAL BOARD
`____________
`
`APPLE INC.,
`Petitioner,
`
`v.
`
`UNILOC 2017 LLC,
`Patent Owner.
`____________
`
`IPR2019-01337
`Patent 7,136,999 B1
`____________
`
`Before JENNIFER S. BISK, MIRIAM L. QUINN, and
`CHRISTOPHER C. KENNEDY, Administrative Patent Judges.
`
`BISK, Administrative Patent Judge.
`
`
`
`JUDGMENT
`Final Written Decision
`Determining Some Challenged Claims Unpatentable
`35 U.S.C § 318(a)
`
`
`
`
`
`
`571-272-7822
`
`
` Paper: 22
`
`Date: January 15, 2021
`
`UNITED STATES PATENT AND TRADEMARK OFFICE
`____________
`BEFORE THE PATENT TRIAL AND APPEAL BOARD
`____________
`
`APPLE INC.,
`Petitioner,
`
`v.
`
`UNILOC 2017 LLC,
`Patent Owner.
`____________
`
`IPR2019-01337
`Patent 7,136,999 B1
`____________
`
`Before JENNIFER S. BISK, MIRIAM L. QUINN, and
`CHRISTOPHER C. KENNEDY, Administrative Patent Judges.
`
`BISK, Administrative Patent Judge.
`
`
`
`JUDGMENT
`Final Written Decision
`Determining Some Challenged Claims Unpatentable
`35 U.S.C § 318(a)
`
`
`
`
`
`
`
`IPR2019-01337
`Patent 7,136,999 B1
`
`
`I. INTRODUCTION
`Apple Inc. (“Petitioner”) filed a Petition requesting an inter partes
`review of claims 1–17 of U.S. Patent No. 7,136,999 B1 (Ex. 1001, “the ’999
`patent”). Paper 2 (“Pet.”). Uniloc 2017 LLC (“Patent Owner”), identified
`as a real party-in-interest to the ’999 patent (Paper 4, 1), filed a Preliminary
`Response to the Petition. Paper 6 (“Prelim. Resp.”). We instituted this
`review as to all challenged claims. Paper 7 (“Inst. Dec.”).
`Subsequent to institution, Patent Owner filed a Patent Owner
`Response. Paper 9 (“PO Resp.”). Petitioner filed a Reply. Paper 10
`(“Reply”). And Patent Owner filed a Sur-Reply. Paper 11 (“Sur-Reply”).
`An oral hearing was held on October 21, 2020. Paper 21 (“Tr.”).
`This Final Written Decision is entered pursuant to 35 U.S.C. § 318(a).
`We have jurisdiction under 35 U.S.C. § 6. For the reasons that follow,
`Petitioner has demonstrated by a preponderance of the evidence that claims
`1, 2, 4, 5, 7–10, 13–15, and 17 of the ’999 patent are unpatentable, but has
`not demonstrated that claims 3, 6, 11, 12, and 16 are unpatentable.
`
`II. BACKGROUND
`
`A. Related Matters
`The parties identify several district court cases involving the ’999
`patent. Pet. 1–2; Prelim. Resp. 8.1 Institution was denied in IPR2020-
`00117, which also challenged the ’999 patent. IPR2020-00117, Paper 11
`(PTAB May 28, 2020).
`
`
`1 The Preliminary Response does not have page numbers.
`
`2
`
`
`
`IPR2019-01337
`Patent 7,136,999 B1
`
`
`B. The ’999 Patent
`The ’999 patent, titled Method and System for Electronic Device
`Authentication, issued November 14, 2006. Ex. 1001, codes (45), (54). In
`particular, the ’999 patent describes the process of authenticating devices
`using Bluetooth. Id. at 1:11–59. Specifically, according to the ’999 patent,
`to establish a link using Bluetooth when the devices are less than 100 meters
`apart, a user enters the same numerical code (key) in the two devices, the
`devices then communicate to verify that the numbers match, and, if so, each
`device stores the key and uses it to authenticate the two devices for any
`subsequent Bluetooth link between them. Id. at 1:39–53. The ’999 patent
`also describes basic authentication over wide area networks, including the
`Internet, which typically requires a user to enter a user ID and password
`combination. Id. at 1:60–67.
`The ’999 patent recognizes that once two devices are authenticated on
`a restricted network, using an authentication scheme such as Bluetooth, the
`two devices can be re-connected through another, unrestricted network, such
`as the Internet by, for example, reusing the stored restricted network
`authentication information. Id. at 2:24–30, 2:43–49, 4:40–55. According to
`the ’999 patent, security is maintained because the initial authentication and
`exchange of key information occurs in the secure system, for example, in a
`context where physical proximity is required. Id. at 4:56–64.
`
`3
`
`
`
`IPR2019-01337
`Patent 7,136,999 B1
`
`
`C. Illustrative Claims
`Claims 1, 13, 14, and 17 are independent. Claims 1 and 13 are
`
`illustrative of the subject matter at issue and read as follows:
`1. A method of authenticating first and second electronic
`devices, comprising:
`upon link set-up over a short-range wireless link,
`executing an authentication protocol by exchanging
`authentication information between the first and second
`electronic devices to initially authenticate communication
`between the first and second devices;
`later, when the first and second electronic devices
`are beyond the short-range wireless link, executing the
`authentication protocol by exchanging the authentication
`information between the first and second electronic
`devices over an alternate communications link, then only
`allowing communication between the first and second
`devices if the first and second devices had initially been
`successfully authenticated.
`13. A method of authenticating first and second electronic
`devices, comprising:
`upon link set-up over a first link, executing an
`authentication protocol by exchanging authentication
`information between the first and second electronic
`devices to initially authenticate communication between
`the first and second devices;
`later, when the first and second electronic devices
`are connected using a second link, executing the
`authentication protocol by exchanging the authentication
`information between the first and second electronic
`devices over the second link, then only allowing
`communication between the first and second devices if
`the first and second devices had initially been
`successfully authenticated.
`
`4
`
`
`
`IPR2019-01337
`Patent 7,136,999 B1
`
`Ex. 1001, 5:17–31, 6:1–14 (emphases added to disputed limitation).
`Claims 14 and 17—and, therefore, all challenged claims—contain a
`limitation substantially similar to that emphasized above. See id. at
`6:22–23, 6:47.
`
`D. Proposed Grounds of Unpatentability
`35 U.S.C. §2
`Claim(s) Challenged
`Reference(s)/Basis
`1–3, 6–8, 11–14, 16, 17
`103
`Varadharajan3
`1, 2, 4, 5, 7–10, 13–15,
`103
`Varadharajan and BT Core4
`17
`13
`
`Hind5
`
`103
`
`Pet. 4, 8–68. Petitioner also relies on two Declarations of Jon Weissman
`Ph.D. Ex. 1006; Ex. 1013 (Supplemental Declaration filed with the Reply).
`Petitioner asserts that Varadharajan is prior art to the ’999 patent
`under 35 U.S.C. § 102(b), BT Core is prior art under § 102(a), and Hind is
`prior art under § 102(e). Id. at 3, 30–31 (citing Ex. 1008 (the Declaration of
`Michael Foley) along with Exs. 1006, 1009, and 1010–12 to show the public
`accessibility of BT Core). Patent Owner does not challenge the prior art
`status of any cited reference. On this record, we determine the references
`
`
`2 Because the application leading to the ’999 patent was filed before
`March 16, 2013, patentability is governed by the version of 35 U.S.C. § 103
`preceding the Leahy-Smith America Invents Act (“AIA”), Pub L. No. 112–
`29, 125 Stat. 284 (2011).
`3 U.S. Patent No. 5,887,063 (filed July 29, 1996, issued March 23, 1999)
`(Ex. 1003).
`4 Specification of the Bluetooth System, Wireless Connections Made Easy,
`Core, Volume 1, Version 1.0B, (December 1, 1999) (Ex. 1004).
`5 U.S. Patent No. 6,772,331 B1 (filed May 21, 1999, issued Aug. 3, 2004)
`(Ex. 1005).
`
`5
`
`
`
`IPR2019-01337
`Patent 7,136,999 B1
`
`asserted by Petitioner qualify as prior art to the challenged claims of the
`’999 patent.
`
`III. ANALYSIS
`
`A. Level of Skill in the Art
`The level of skill in the art is a factual determination that provides a
`primary guarantee of objectivity in an obviousness analysis. See Al-Site
`Corp. v. VSI Int’l Inc., 174 F.3d 1308, 1323 (Fed. Cir. 1999) (citing Graham
`v. John Deere Co., 383 U.S. 1, 17–18 (1966)). The level of skill in the art
`also informs the claim construction analysis. See Teva Pharm. USA, Inc. v.
`Sandoz, Inc., 135 S. Ct. 831, 841 (2015) (explaining that claim construction
`seeks the meaning “a skilled artisan would ascribe” to the claim term “in the
`context of the specific patent claim”).
`Petitioner asserts that a person of ordinary skill in the art “would have
`had at least a bachelor’s degree in computer science, computer engineering,
`or a related subject, and two years of experience, including industry and
`graduate experience, working with security system, including
`encryption/decryption and authentication processes.” Pet. 5–6 (citing
`Ex. 1006 ¶¶ 31–32). Patent Owner does not dispute Petitioner’s
`characterization of the level of ordinary skill in the art. PO Resp. 7 (“For
`purposes of this Response only, Patent Owner does not dispute Petitioner’s
`definition of a [person having ordinary skill in the art (“POSITA”)].).
`Because we find Petitioner’s proposed definition generally consistent
`with the subject matter of the ’999 patent and cited references, we adopt it
`for purposes of this analysis.
`
`6
`
`
`
`IPR2019-01337
`Patent 7,136,999 B1
`
`
`B. Claim Construction
`For petitions filed on or after November 13, 2018, such as the one in
`this case, we interpret claims in the same manner used in a civil action under
`35 U.S.C. § 282(b) “including construing the claim in accordance with the
`ordinary and customary meaning of such claim as understood by one of
`ordinary skill in the art and the prosecution history pertaining to the patent.”
`37 C.F.R. § 42.100(b) (2019). Only terms that are in controversy need to be
`construed, and then only to the extent necessary to resolve the controversy.
`Nidec Motor Corp. v. Zhongshan Broad Ocean Motor Co., 868 F.3d 1013,
`1017 (Fed. Cir. 2017).
`In pre-institution briefing, neither party expressly offered a proposed
`construction for any claim term. Pet. 7; Prelim. Resp. 9. Based on Patent
`Owner’s validity arguments, however, the Institution Decision addressed the
`scope of the term “exchanging the authentication information.” Inst. Dec.
`6–7. We also addressed claim 13, which, unlike claims 1 and 14, does not
`recite “beyond the short-range wireless link” when referring to a second
`communications link.6 Compare Ex. 1001, 6:1–14, with 5:24–31, 6:22–28.
`1. “exchanging the authentication information”
`The Institution Decision adopted a construction of “exchanging the
`authentication information” 7 such that authentication information must be
`
`
`6 Claim 17 also does not use the term “beyond the short-range wireless link,”
`but does specify that the “said first communications link and said second
`communications link are different types of links.” Ex. 1001 6:50–52.
`7 Specifically, claim 1 recites “executing an authentication protocol by
`exchanging authentication information between the first and second
`electronic devices to initially authenticate communication between the first
`and second devices” (“the first exchange of authentication information”
`7
`
`
`
`IPR2019-01337
`Patent 7,136,999 B1
`
`the same in both the first and second exchange of authentication information
`limitations. Inst. Dec. 6–8. This determination was made despite Patent
`Owner’s arguments that “because the claims recite first ‘exchanging
`authentication information’ over a first link and then ‘exchanging the
`authentication information’ over a second link, the claims all require
`exchanging ‘similar’ authentication information over both links.” Id. at 6–7.
`In particular, the Institution Decision states that although “the patentee’s
`mere use of a term with an antecedent does not require that both terms have
`the same meaning” (id. at 7 (citing Microprocessor Enhancement Corp. v.
`Texas Instruments Inc., 520 F.3d 1367, 1375 (Fed. Cir. 2008)), “Patent
`Owner does not further explain, nor is it clear based on the claim language
`or Specification, why the authentication information used by the two
`communication links must be ‘similar,’” as opposed to being identical (id.).
`In its Response Brief, Patent Owner maintains that the authentication
`information exchanged over the second link must have a “relationship with,”
`but “need not be identical” to the authentication information exchanged over
`the first link. PO Resp. 8–9. According to Patent Owner “[a]lthough the
`authentication information need not be identical, use of the antecedent ‘the’
`to refer to the authentication information does indicate a relationship with
`the first-recited authentication information, whether the information be the
`
`
`limitation) and later, when the first and second electronic devices are beyond
`the short-range wireless link executing the authentication protocol by
`exchanging the authentication information between the first and second
`electronic devices over an alternate communications link” (the “second
`exchange of authentication information” limitation). Claims 13, 14, and 17
`recite substantially similar limitations.
`8
`
`
`
`IPR2019-01337
`Patent 7,136,999 B1
`
`same as or derived from the other recited authentication information, e.g.,
`modified, enhanced, etc.” Id. at 9.
`Petitioner asserts that “there is no dispute as to whether the challenged
`grounds invalidate the asserted claims under a broad or narrow interpretation
`of this term” and, therefore, “the Board need not adopt a construction.”
`Reply 3 (citing PO Resp. 8–27).
`Although Patent Owner emphasizes that construction of the term is
`required (see PO Resp. 8; Sur-Reply 2), we agree with Petitioner that our
`analysis, below, does not depend on whether “exchanging the authentication
`information” requires that the first and second authentication information be
`exactly the same or merely similar. Thus, we decline to decide the exact
`relationship between the two recitations of “authentication information” in
`the claims other than to agree with both parties that they are not wholly
`unrelated.
`2. Claim 13
`The Institution Decision noted that during prosecution, the pending
`claims were rejected over Hind as an anticipatory reference and, in response,
`Patent Owner filed an amendment representing that the independent claims
`were not anticipated by Hind because they included the terms “beyond the
`short-range wireless link” and “over an alternate communications link.”
`Inst. Dec. 8 (citing Ex. 1002, 110–112, 122). Because claim 13 does not
`include these terms, the Institution Decision adopted a construction that
`“both the first and second link recited by claim 13 can be short-range.” Id.
`at 9.
`Patent Owner does not address claim 13 in the claim construction
`
`section of its Response. See PO Resp. 8–9. In its arguments regarding the
`
`9
`
`
`
`IPR2019-01337
`Patent 7,136,999 B1
`
`validity of claim 13, however, Patent Owner asserts that “‘the second link’
`as recited in Claim 13 at least refers to another link that is separate and
`distinct from ‘the first link’ as recited in Claim 13.” Id. at 25. Further,
`Patent Owner asserts that “the ’999 Patent understands that if ‘the first link’
`recitation of Claim 13 is, for example, a Bluetooth link between two devices,
`then a second link would have to be something different than the Bluetooth
`link between those two devices.” Id. at 26. In its Sur-Reply, Patent Owner
`clarifies that it is not arguing that the two links must be of different types,
`but that the two links must be separate and distinct and cannot be “the same
`link at different points in time.” Sur-Reply 4. However, Patent Owner
`appears to rely on a construction that any Bluetooth connection between two
`devices that reuses an authentication key is not a second link, but is simply a
`reestablishment of the first link. PO Resp. 26. Patent Owner bases this
`assertion on certain language in the ’999 patent: “the key exchanged upon
`link initialization identifies a unique link and can be used reliably for
`subsequent authentication when the link is re-established.” Id. (citing Ex.
`1001, 1:47–53) (emphasis added by Patent Owner).
`According to Petitioner, Patent Owner’s construction is incorrect.
`Reply 3–6. Instead, Petitioner asserts that “the express language of claim 13
`requires only that the first and second devices are connected using the
`second link ‘later,’ after the authentication protocol involving the exchange
`of authentication information is executed over the first link.” Id. at 5.
`Petitioner points out that unlike claim 13, claim 17 explicitly recites
`“wherein said first communication link and said second communication link
`are different types of links.” Id. at 4 (citing Ex. 1001, 6:50–52).
`
`10
`
`
`
`IPR2019-01337
`Patent 7,136,999 B1
`
`
`We do not agree with Patent Owner that the quoted language of the
`’999 patent requires a construction of the term “second link” that excludes
`any Bluetooth connection that reuses authentication information. Other than
`the one vaguely worded sentence in the ’999 patent, Patent Owner does not
`point to any supporting evidence for this interpretation. PO Resp. 25–26;
`Ex. 1001, 1:47–53).
`To the contrary, the evidence supports a finding that when two
`devices reestablish communication after being disconnected, the subsequent
`Bluetooth link is considered a different link. See Reply 18 (citing Ex. 1004,
`151 (“Consequently, once a semi-permanent link key is defined, it may be
`used in the authentication of several subsequent connections between the
`Bluetooth units sharing it.”). This understanding is consistent with the ’999
`patent, which refers to “initial Bluetooth link[s]” and “subsequent Bluetooth
`link[s]” (Ex. 1001, 1:49–50, 1:58, 4:40), and discloses that multiple links
`can be made between two Bluetooth compatible devices (id. at 1:17–20),
`without any clarification that such links are considered the same if
`authentication information is reused.
`Accordingly, we find that claim 13 requires two different links, one of
`which occurs later in time than the other, but that those links are not required
`to be of different types. And we do not agree with Patent Owner’s narrow
`reading, based on one sentence in the ’999 patent, that Bluetooth links that
`reuse authentication codes are considered the same link.
`
`C. Obviousness over Varadharajan
`Petitioner contends that claims 1–3, 6–8, 11–14, 16, and 17 of the
`’999 patent are unpatentable because their subject matter would have been
`obvious over the disclosure of Varadharajan. Pet. 8–30.
`
`11
`
`
`
`IPR2019-01337
`Patent 7,136,999 B1
`
`
`1. Overview of Varadharajan
`Varadharajan is titled “Communication System for Portable
`Appliances.” Ex. 1003, code (54). Varadharajan describes a host device
`and a portable device that are “capable of communicating both remotely, e.g.
`via a modem link, and directly, when the host and portable device are
`docked or otherwise locally associated.” Id. at 4:1–5. To ensure security,
`the portable device and host device “periodically exchange a security key via
`the direct communication link, and the key is then used to control or encrypt
`subsequent remote communications.” Id. at 4:8–12. According to
`Varadharajan, this security key may be created and exchanged by “any of a
`variety of ways known to those skilled in the art” and the direct or local
`communication may take place using “an I.R. transmitter/receiver unit.” Id.
`at 4:13–15, 4:26–34.
`In one embodiment, Varadharajan describes a process in which,
`“[e]ach time the portable computer 50 is in local or direct communication
`with the desk top computer 48, this is detected . . . and the identity of the
`portable computer 50 is authenticated by the desk top computer 48 by a
`suitable test such as a challenge/response routine.” Ex. 1003, 4:62–67.
`Only if the portable computer 50 passes this authentication test does the desk
`top computer initiate a process in which a “key generating device 28
`generates a fresh security key which is stored in the encryption/decryption
`unit 30 of the host device 10 and transmitted via the local I.R. link to be
`stored in the encryption/decryption unit 38 of the portable device 12.” Id. at
`4:62–5:8. Subsequently, when the two devices are in remote
`communication, for authentication, the host device issues a random
`challenge to the portable device, which in turn calculates a response
`
`12
`
`
`
`IPR2019-01337
`Patent 7,136,999 B1
`
`including the “current security key” and transmits this to the host device. Id.
`at 5:32–40.
`2. Analysis
`Petitioner asserts Varadharajan teaches or suggests each of the
`limitations of independent claims 1, 13, 14, and 17. Pet. 9–30. In particular,
`Petitioner contends that Varadharajan’s challenge/response routine over the
`I.R. link teaches the first exchange of authentication information limitation.
`Id. at 16–19 (citing Ex. 1003, 2:43–49, 4:13–21, 4:62–5:2, 5:33–40;
`Ex. 1006 ¶¶ 60–64). In addition, Petitioner contends that Varadharajan’s
`disclosure of the challenge/response routine over the remote communication
`link teaches the second exchange of authentication information limitation.
`Id. at 21–22 (citing Ex. 1003, 4:26–34, 4:62–67, 5:33–40; Ex. 1006 ¶¶ 71–
`73).
`
`Patent Owner does not agree that Varadharajan teaches the first and
`second exchange of authentication information limitations. PO Resp. 10–13.
`In particular, Patent Owner emphasizes that Varadharajan describes creating
`“a fresh security key” every time the portable computer is in proximity to the
`desktop computer after first authenticating the portable computer. Id. at 10.
`According to Patent Owner, because this fresh security key is subsequently
`used to authenticate the remote communication, that key has “no particular
`relationship to” the key used to authenticate the local connection. Id. at 10–
`11 (citing Ex. 1003, 5:4–8). Patent Owner also notes that Varadharajan
`discloses that frequent changes to the security key are used to enhance
`security. Id. at 11 (citing Ex. 1003, 2:51–58).
`The Institution Decision notes that “it is not clear that [Varadharajan]
`implies that the security key transmitted via the local I.R. Link is never
`
`13
`
`
`
`IPR2019-01337
`Patent 7,136,999 B1
`
`stored and reused when a remote authentication between the two devices
`occurs” and pointed to language in Varadharajan that the key update is not
`allowed to occur over a modem link. Inst. Dec. 11–12 (citing Ex. 1003,
`5:10–14). We, thus, concluded that we were not persuaded “a person of
`ordinary skill in the art would have understood Varadharajan to teach that
`the security key from the first, local, exchange is never stored and reused as
`the current security key in the second, remote, exchange.” Id. at 12.
`In Response, Patent Owner explains that Varadharajan does not
`affirmatively state that the security key is reused between a local and remote
`connection and that, in fact, the only detailed language in Varadharajan
`implies the opposite—that the security key is changed after every local
`authentication—and, thus, the disclosure of Varadharajan does not explicitly
`disclose reusing the same or similar authentication information in the second
`link. PO Resp. 11–12. Patent Owner also points out that Varadharajan’s
`language, noted in the Institution Decision, teaching that key updates cannot
`be done over the remote connection, does not support a finding that
`Varadharajan discloses using the same or similar authentication information
`over the two connections. Id.
`Petitioner argues that Varadharajan expressly describes using the
`same or similar authentication information between the two links. Reply 6–
`7. As support, Petitioner asserts that Varadharajan discloses that the two
`devices “perform authentication ‘[e]ach time’ the two devices are in
`communication, including after they initially exchange a security key” and
`“Varadharajan further discloses the two devices then exchange the same key
`when they later authenticate over a different, alternate link, such as a modem
`link.” Id. at 7 (citing Ex. 1003 5:33–40; Ex. 1006 ¶¶ 60–62, 74–76).
`
`14
`
`
`
`IPR2019-01337
`Patent 7,136,999 B1
`
`According to Petitioner, “[t]his is in part because the security key cannot be
`updated over the modem link, as noted in the Institution Decision and not
`disputed by [Patent Owner].” Id.
`We disagree with Petitioner that this description of Varadharajan’s
`disclosure is uncontested by Patent Owner. See Reply 7. To the contrary,
`Patent Owner argues that Varadharajan does not use the same or similar key
`during the remote authentication because a new key was already created
`before the second authentication when the two devices were in proximity,
`but after the local authentication. PO Resp. 10–12; Sur-Reply 6–10. Thus,
`according to Patent Owner, it is irrelevant that the key update cannot occur
`over the remote link. Moreover, despite our statement in the Institution
`Decision (see Inst. Dec. 12), upon further review of Varadharajan’s
`language, we agree with Patent Owner that whether the security key can be
`updated over a remote communication link is irrelevant to Patent Owner’s
`point that the security key is changed between the local authentication and
`the remote authentication.
`Patent Owner also argues that the language Petitioner relies on to
`show that the remote authentication uses the same key as the initial
`authentication does not support such a reading. Sur-Reply 7. We agree with
`Patent Owner. Petitioner relies on the following language (Pet. 22;
`Reply 7):
`
`During a subsequent remote communication exchange via
`the modem link 53, the desk top computer 48 issues a random
`challenge to the portable computer 50. The portable computer
`50 calculates a response as a function of the challenge and the
`current security key and transmits this to the desk top computer
`48. The desk top computer checks the response and if it
`
`15
`
`
`
`IPR2019-01337
`Patent 7,136,999 B1
`
`
`corresponds correctly to the challenge, allows [the] session to
`continue.
`Ex. 1003, 5:33–40 (emphasis added). According to Petitioner, this language
`implies that “the portable device sends a response including the same
`security key that is exchanged during execution of the authentication
`protocol over the short-range wireless link.” Pet. 22 (emphasis added).
`However, we read this language the same way Patent Owner does, that
`remote authentication uses the current security key, which was updated after
`the first authentication occurred and, therefore, is not the same or similar key
`used in the first authentication.
`Petitioner also asserts that Varadharajan discloses “the host device
`and the portable device may refresh the security key when the[y]
`communicate over a short-range link, but need not always do so.” Reply 8.
`However, we agree with Patent Owner (Sur-Reply 9–10) that the language
`Petitioner relies on for this statement does not, in fact, state that security
`keys need not be refreshed, but instead simply explains that “the described
`embodiments incorporate a secret key which is changed very frequently . . .,
`thus offering substantial extra protection.” Id. at 9 (citing Ex. 1003, 2:51–
`58). Although we agree with Petitioner that this language does not explicitly
`state that “Varadharajan’s security key must always be changed when the
`two devices communicate over the short-range link,” we note that Petitioner
`does not point to any language in Varadharajan stating that it need not
`always be refreshed. Id. In fact, the only language in Varadharajan on this
`issue appears to be that “[e]ach time the portable computer 50 is in local or
`direct communication with the desktop computer 48,” authentication is
`performed and then, if the portable computer passes the test, a key update
`
`16
`
`
`
`IPR2019-01337
`Patent 7,136,999 B1
`
`routine is initiated that changes the security key. Ex. 1003, 4:62–5:8. This
`language supports Patent Owner’s reading.
`Petitioner provides expert testimony supporting its position. Pet. 22
`(citing Ex. 1006 ¶¶ 71–73); Reply 7–8 (citing Ex. 1006 ¶¶ 74–76; Ex. 1013
`¶¶ 12–13). We, however, do not credit Dr. Weissman’s testimony on this
`issue, as it relies solely on the same portions of Varadharajan discussed
`above, without addressing Varadharajan’s explicit language describing key
`updates. See Ex. 1006 ¶ 73 (relying on Ex. 1003, 4:62–67 and 5:33–40 as
`supporting, without elaboration, a reading that the remote authentication
`uses “the same security key” as the initial authentication); Ex. 1013 ¶ 12
`(relying, again, on Ex. 1003, 5:33–40 to support a conclusion that “[w]hen
`the host device and the portable device later authenticate over a different,
`alternate link, such as a modem link, the two devices then exchange the
`same key to authenticate each other”); Ex. 1003, 4:62–5:8 (describing
`authentication followed by key update “[e]ach time” the two computers
`communicate over a local link).
`In his Supplemental Declaration, Dr. Weissman adds that “[a]s
`Varadharajan does not disclose a mechanism to update the security key over
`the modem link, it discloses using the same security key for authentication
`over the disclosed modem link.” Ex. 1013 ¶ 12. However, as noted above,
`we agree with Patent Owner that it is immaterial what link the key update is
`made through—what matters is whether the key update is done after the
`initial authentication such that a different key is used for the remote
`authentication. And Varadharajan explicitly states that the update is made
`after the initial authentication and before the remote authentication.
`Ex. 1003, 4:62–5:8. Dr. Weissman also states, in his Supplemental
`
`17
`
`
`
`IPR2019-01337
`Patent 7,136,999 B1
`
`Declaration, that the key update “need not occur every time the host device
`and portable device are in communication over the short range link,” but,
`again, for this conclusion he relies solely on the portion of Varadharajan that
`states that keys are updated frequently. Ex. 1013 ¶ 13 (citing Ex. 1003,
`2:52–58). Dr. Weissman adds that “[a] person of ordinary skill in the art
`would not interpret this disclosure, and other disclosures from Varadharajan
`generally, to require that a security key refresh always occurs when the host
`device and the portable device communicate over the short-range link.” Id.
`However, we do not credit this conclusory statement given Dr. Weissman
`does not take into account, or otherwise acknowledge, Varadharajan’s
`explicit language describing key updates in a paragraph that begins with the
`phrase “[e]ach time the portable computer 50 is in local or direct
`communication with the desk top computer 48 . . . .” Ex. 1003 4:62–5:8.
`Accordingly, based upon our review of the current record, we
`conclude that Petitioner has not demonstrated a reasonable likelihood of
`establishing that claims 1–3, 6–8, 11–14, 16, and 17 would have been
`obvious over Varadharajan.
`
`D. Obviousness over Varadharajan and BT Core
`Petitioner contends that claims 1, 2, 4, 5, 7–10, 13–15, and 17 of the
`’999 patent are unpatentable because their subject matter would have been
`obvious over the combined disclosure of Varadharajan and BT Core.
`Pet. 30–56.
`1. Overview of BT Core
`BT Core is titled “Specification of the Bluetooth System” and
`“defines the requirements for a Bluetooth transceiver operating in [the
`2.4GHz ISM] band.” Ex. 1004, 1, 18.
`
`18
`
`
`
`IPR2019-01337
`Patent 7,136,999 B1
`
`
`2. Analysis for Claim 1
`a. a method of authenticating first and second electronic devices
`The preamble of claim 1 recites “a method of authenticating first and
`second electronic devices.” Ex. 1001, 5:17–18. Petitioner asserts that both
`Varadharajan and BT Core teach these features. Pet. 37–39. Specifically,
`Petitioner explains that “Varadharajan and BT Core disclose a method for
`authenticating a portable device (first electronic device) and a host device
`(second electronic device)” using “both a direct link (short-range
`communication link) and a modem link (alternate communication link).” Id.
`37–38 (citing Ex. 1003, Abstract, 3:26–49, 4:8–21; Ex. 1006 ¶¶ 112–113).
`Petitioner explains that “[w]hen the portable device and the host device are
`configured to use Bluetooth and desire to communicate with each other, they
`initially perform an initialization process where the devices are paired to
`each other.” Id. at 38 (citing Ex. 1004, 153–154).
`Based on the record, we are persuaded by Petitioner’s showing that
`Varadharajan and BT Core teach or suggest a method of authenticating first
`and second electronic devices. Patent Owner does not dispute Petitioner’s
`contentions regarding this limitation. See PO Resp. 10–13. Accordingly, we
`determine that Petitioner has established by a preponderance of the evidence
`that Varadharajan and BT Core teach or suggest a method of authenticating
`first and second electronic devices as required by claim 1.
`b. upon link set-up over a short-range wireless link, executing an
`authentication p
Accessing this document will incur an additional charge of $.
After purchase, you can access this document again without charge.
Accept $ Charge
Still Working On It
This document is taking longer than usual to download. This can happen if we need to contact the court directly to obtain the document and their servers are running slowly.
Give it another minute or two to complete, and then try the refresh button.
A few More Minutes ... Still Working
It can take up to 5 minutes for us to download a document if the court servers are running slowly.
Thank you for your continued patience.
This document could not be displayed.
We could not find this document within its docket. Please go back to the docket page and check the link. If that does not work, go back to the docket and refresh it to pull the newest information.
Your account does not support viewing this document.
You need a Paid Account to view this document. Click here to change your account type.
Your account does not support viewing this document.
Set your membership
status to view this document.
With a Docket Alarm membership, you'll
get a whole lot more, including:
- Up-to-date information for this case.
- Email alerts whenever there is an update.
- Full text search for other cases.
- Get email alerts whenever a new case matches your search.
One Moment Please
The filing “” is large (MB) and is being downloaded.
Please refresh this page in a few minutes to see if the filing has been downloaded. The filing will also be emailed to you when the download completes.
Your document is on its way!
If you do not receive the document in five minutes, contact support at support@docketalarm.com.
Sealed Document
We are unable to display this document, it may be under a court ordered seal.
If you have proper credentials to access the file, you may proceed directly to the court's system using your government issued username and password.
Access Government Site
