`571-272-7822
`
`
` Paper: 22
`
`Date: January 15, 2021
`
`UNITED STATES PATENT AND TRADEMARK OFFICE
`____________
`BEFORE THE PATENT TRIAL AND APPEAL BOARD
`____________
`
`APPLE INC.,
`Petitioner,
`
`v.
`
`UNILOC 2017 LLC,
`Patent Owner.
`____________
`
`IPR2019-01337
`Patent 7,136,999 B1
`____________
`
`Before JENNIFER S. BISK, MIRIAM L. QUINN, and
`CHRISTOPHER C. KENNEDY, Administrative Patent Judges.
`
`BISK, Administrative Patent Judge.
`
`
`
`JUDGMENT
`Final Written Decision
`Determining Some Challenged Claims Unpatentable
`35 U.S.C § 318(a)
`
`
`
`
`
`
`
`IPR2019-01337
`Patent 7,136,999 B1
`
`
`I. INTRODUCTION
`Apple Inc. (“Petitioner”) filed a Petition requesting an inter partes
`review of claims 1–17 of U.S. Patent No. 7,136,999 B1 (Ex. 1001, “the ’999
`patent”). Paper 2 (“Pet.”). Uniloc 2017 LLC (“Patent Owner”), identified
`as a real party-in-interest to the ’999 patent (Paper 4, 1), filed a Preliminary
`Response to the Petition. Paper 6 (“Prelim. Resp.”). We instituted this
`review as to all challenged claims. Paper 7 (“Inst. Dec.”).
`Subsequent to institution, Patent Owner filed a Patent Owner
`Response. Paper 9 (“PO Resp.”). Petitioner filed a Reply. Paper 10
`(“Reply”). And Patent Owner filed a Sur-Reply. Paper 11 (“Sur-Reply”).
`An oral hearing was held on October 21, 2020. Paper 21 (“Tr.”).
`This Final Written Decision is entered pursuant to 35 U.S.C. § 318(a).
`We have jurisdiction under 35 U.S.C. § 6. For the reasons that follow,
`Petitioner has demonstrated by a preponderance of the evidence that claims
`1, 2, 4, 5, 7–10, 13–15, and 17 of the ’999 patent are unpatentable, but has
`not demonstrated that claims 3, 6, 11, 12, and 16 are unpatentable.
`
`II. BACKGROUND
`
`A. Related Matters
`The parties identify several district court cases involving the ’999
`patent. Pet. 1–2; Prelim. Resp. 8.1 Institution was denied in IPR2020-
`00117, which also challenged the ’999 patent. IPR2020-00117, Paper 11
`(PTAB May 28, 2020).
`
`
`1 The Preliminary Response does not have page numbers.
`
`2
`
`
`
`IPR2019-01337
`Patent 7,136,999 B1
`
`
`B. The ’999 Patent
`The ’999 patent, titled Method and System for Electronic Device
`Authentication, issued November 14, 2006. Ex. 1001, codes (45), (54). In
`particular, the ’999 patent describes the process of authenticating devices
`using Bluetooth. Id. at 1:11–59. Specifically, according to the ’999 patent,
`to establish a link using Bluetooth when the devices are less than 100 meters
`apart, a user enters the same numerical code (key) in the two devices, the
`devices then communicate to verify that the numbers match, and, if so, each
`device stores the key and uses it to authenticate the two devices for any
`subsequent Bluetooth link between them. Id. at 1:39–53. The ’999 patent
`also describes basic authentication over wide area networks, including the
`Internet, which typically requires a user to enter a user ID and password
`combination. Id. at 1:60–67.
`The ’999 patent recognizes that once two devices are authenticated on
`a restricted network, using an authentication scheme such as Bluetooth, the
`two devices can be re-connected through another, unrestricted network, such
`as the Internet by, for example, reusing the stored restricted network
`authentication information. Id. at 2:24–30, 2:43–49, 4:40–55. According to
`the ’999 patent, security is maintained because the initial authentication and
`exchange of key information occurs in the secure system, for example, in a
`context where physical proximity is required. Id. at 4:56–64.
`
`3
`
`
`
`IPR2019-01337
`Patent 7,136,999 B1
`
`
`C. Illustrative Claims
`Claims 1, 13, 14, and 17 are independent. Claims 1 and 13 are
`
`illustrative of the subject matter at issue and read as follows:
`1. A method of authenticating first and second electronic
`devices, comprising:
`upon link set-up over a short-range wireless link,
`executing an authentication protocol by exchanging
`authentication information between the first and second
`electronic devices to initially authenticate communication
`between the first and second devices;
`later, when the first and second electronic devices
`are beyond the short-range wireless link, executing the
`authentication protocol by exchanging the authentication
`information between the first and second electronic
`devices over an alternate communications link, then only
`allowing communication between the first and second
`devices if the first and second devices had initially been
`successfully authenticated.
`13. A method of authenticating first and second electronic
`devices, comprising:
`upon link set-up over a first link, executing an
`authentication protocol by exchanging authentication
`information between the first and second electronic
`devices to initially authenticate communication between
`the first and second devices;
`later, when the first and second electronic devices
`are connected using a second link, executing the
`authentication protocol by exchanging the authentication
`information between the first and second electronic
`devices over the second link, then only allowing
`communication between the first and second devices if
`the first and second devices had initially been
`successfully authenticated.
`
`4
`
`
`
`IPR2019-01337
`Patent 7,136,999 B1
`
`Ex. 1001, 5:17–31, 6:1–14 (emphases added to disputed limitation).
`Claims 14 and 17—and, therefore, all challenged claims—contain a
`limitation substantially similar to that emphasized above. See id. at
`6:22–23, 6:47.
`
`D. Proposed Grounds of Unpatentability
`35 U.S.C. §2
`Claim(s) Challenged
`Reference(s)/Basis
`1–3, 6–8, 11–14, 16, 17
`103
`Varadharajan3
`1, 2, 4, 5, 7–10, 13–15,
`103
`Varadharajan and BT Core4
`17
`13
`
`Hind5
`
`103
`
`Pet. 4, 8–68. Petitioner also relies on two Declarations of Jon Weissman
`Ph.D. Ex. 1006; Ex. 1013 (Supplemental Declaration filed with the Reply).
`Petitioner asserts that Varadharajan is prior art to the ’999 patent
`under 35 U.S.C. § 102(b), BT Core is prior art under § 102(a), and Hind is
`prior art under § 102(e). Id. at 3, 30–31 (citing Ex. 1008 (the Declaration of
`Michael Foley) along with Exs. 1006, 1009, and 1010–12 to show the public
`accessibility of BT Core). Patent Owner does not challenge the prior art
`status of any cited reference. On this record, we determine the references
`
`
`2 Because the application leading to the ’999 patent was filed before
`March 16, 2013, patentability is governed by the version of 35 U.S.C. § 103
`preceding the Leahy-Smith America Invents Act (“AIA”), Pub L. No. 112–
`29, 125 Stat. 284 (2011).
`3 U.S. Patent No. 5,887,063 (filed July 29, 1996, issued March 23, 1999)
`(Ex. 1003).
`4 Specification of the Bluetooth System, Wireless Connections Made Easy,
`Core, Volume 1, Version 1.0B, (December 1, 1999) (Ex. 1004).
`5 U.S. Patent No. 6,772,331 B1 (filed May 21, 1999, issued Aug. 3, 2004)
`(Ex. 1005).
`
`5
`
`
`
`IPR2019-01337
`Patent 7,136,999 B1
`
`asserted by Petitioner qualify as prior art to the challenged claims of the
`’999 patent.
`
`III. ANALYSIS
`
`A. Level of Skill in the Art
`The level of skill in the art is a factual determination that provides a
`primary guarantee of objectivity in an obviousness analysis. See Al-Site
`Corp. v. VSI Int’l Inc., 174 F.3d 1308, 1323 (Fed. Cir. 1999) (citing Graham
`v. John Deere Co., 383 U.S. 1, 17–18 (1966)). The level of skill in the art
`also informs the claim construction analysis. See Teva Pharm. USA, Inc. v.
`Sandoz, Inc., 135 S. Ct. 831, 841 (2015) (explaining that claim construction
`seeks the meaning “a skilled artisan would ascribe” to the claim term “in the
`context of the specific patent claim”).
`Petitioner asserts that a person of ordinary skill in the art “would have
`had at least a bachelor’s degree in computer science, computer engineering,
`or a related subject, and two years of experience, including industry and
`graduate experience, working with security system, including
`encryption/decryption and authentication processes.” Pet. 5–6 (citing
`Ex. 1006 ¶¶ 31–32). Patent Owner does not dispute Petitioner’s
`characterization of the level of ordinary skill in the art. PO Resp. 7 (“For
`purposes of this Response only, Patent Owner does not dispute Petitioner’s
`definition of a [person having ordinary skill in the art (“POSITA”)].).
`Because we find Petitioner’s proposed definition generally consistent
`with the subject matter of the ’999 patent and cited references, we adopt it
`for purposes of this analysis.
`
`6
`
`
`
`IPR2019-01337
`Patent 7,136,999 B1
`
`
`B. Claim Construction
`For petitions filed on or after November 13, 2018, such as the one in
`this case, we interpret claims in the same manner used in a civil action under
`35 U.S.C. § 282(b) “including construing the claim in accordance with the
`ordinary and customary meaning of such claim as understood by one of
`ordinary skill in the art and the prosecution history pertaining to the patent.”
`37 C.F.R. § 42.100(b) (2019). Only terms that are in controversy need to be
`construed, and then only to the extent necessary to resolve the controversy.
`Nidec Motor Corp. v. Zhongshan Broad Ocean Motor Co., 868 F.3d 1013,
`1017 (Fed. Cir. 2017).
`In pre-institution briefing, neither party expressly offered a proposed
`construction for any claim term. Pet. 7; Prelim. Resp. 9. Based on Patent
`Owner’s validity arguments, however, the Institution Decision addressed the
`scope of the term “exchanging the authentication information.” Inst. Dec.
`6–7. We also addressed claim 13, which, unlike claims 1 and 14, does not
`recite “beyond the short-range wireless link” when referring to a second
`communications link.6 Compare Ex. 1001, 6:1–14, with 5:24–31, 6:22–28.
`1. “exchanging the authentication information”
`The Institution Decision adopted a construction of “exchanging the
`authentication information” 7 such that authentication information must be
`
`
`6 Claim 17 also does not use the term “beyond the short-range wireless link,”
`but does specify that the “said first communications link and said second
`communications link are different types of links.” Ex. 1001 6:50–52.
`7 Specifically, claim 1 recites “executing an authentication protocol by
`exchanging authentication information between the first and second
`electronic devices to initially authenticate communication between the first
`and second devices” (“the first exchange of authentication information”
`7
`
`
`
`IPR2019-01337
`Patent 7,136,999 B1
`
`the same in both the first and second exchange of authentication information
`limitations. Inst. Dec. 6–8. This determination was made despite Patent
`Owner’s arguments that “because the claims recite first ‘exchanging
`authentication information’ over a first link and then ‘exchanging the
`authentication information’ over a second link, the claims all require
`exchanging ‘similar’ authentication information over both links.” Id. at 6–7.
`In particular, the Institution Decision states that although “the patentee’s
`mere use of a term with an antecedent does not require that both terms have
`the same meaning” (id. at 7 (citing Microprocessor Enhancement Corp. v.
`Texas Instruments Inc., 520 F.3d 1367, 1375 (Fed. Cir. 2008)), “Patent
`Owner does not further explain, nor is it clear based on the claim language
`or Specification, why the authentication information used by the two
`communication links must be ‘similar,’” as opposed to being identical (id.).
`In its Response Brief, Patent Owner maintains that the authentication
`information exchanged over the second link must have a “relationship with,”
`but “need not be identical” to the authentication information exchanged over
`the first link. PO Resp. 8–9. According to Patent Owner “[a]lthough the
`authentication information need not be identical, use of the antecedent ‘the’
`to refer to the authentication information does indicate a relationship with
`the first-recited authentication information, whether the information be the
`
`
`limitation) and later, when the first and second electronic devices are beyond
`the short-range wireless link executing the authentication protocol by
`exchanging the authentication information between the first and second
`electronic devices over an alternate communications link” (the “second
`exchange of authentication information” limitation). Claims 13, 14, and 17
`recite substantially similar limitations.
`8
`
`
`
`IPR2019-01337
`Patent 7,136,999 B1
`
`same as or derived from the other recited authentication information, e.g.,
`modified, enhanced, etc.” Id. at 9.
`Petitioner asserts that “there is no dispute as to whether the challenged
`grounds invalidate the asserted claims under a broad or narrow interpretation
`of this term” and, therefore, “the Board need not adopt a construction.”
`Reply 3 (citing PO Resp. 8–27).
`Although Patent Owner emphasizes that construction of the term is
`required (see PO Resp. 8; Sur-Reply 2), we agree with Petitioner that our
`analysis, below, does not depend on whether “exchanging the authentication
`information” requires that the first and second authentication information be
`exactly the same or merely similar. Thus, we decline to decide the exact
`relationship between the two recitations of “authentication information” in
`the claims other than to agree with both parties that they are not wholly
`unrelated.
`2. Claim 13
`The Institution Decision noted that during prosecution, the pending
`claims were rejected over Hind as an anticipatory reference and, in response,
`Patent Owner filed an amendment representing that the independent claims
`were not anticipated by Hind because they included the terms “beyond the
`short-range wireless link” and “over an alternate communications link.”
`Inst. Dec. 8 (citing Ex. 1002, 110–112, 122). Because claim 13 does not
`include these terms, the Institution Decision adopted a construction that
`“both the first and second link recited by claim 13 can be short-range.” Id.
`at 9.
`Patent Owner does not address claim 13 in the claim construction
`
`section of its Response. See PO Resp. 8–9. In its arguments regarding the
`
`9
`
`
`
`IPR2019-01337
`Patent 7,136,999 B1
`
`validity of claim 13, however, Patent Owner asserts that “‘the second link’
`as recited in Claim 13 at least refers to another link that is separate and
`distinct from ‘the first link’ as recited in Claim 13.” Id. at 25. Further,
`Patent Owner asserts that “the ’999 Patent understands that if ‘the first link’
`recitation of Claim 13 is, for example, a Bluetooth link between two devices,
`then a second link would have to be something different than the Bluetooth
`link between those two devices.” Id. at 26. In its Sur-Reply, Patent Owner
`clarifies that it is not arguing that the two links must be of different types,
`but that the two links must be separate and distinct and cannot be “the same
`link at different points in time.” Sur-Reply 4. However, Patent Owner
`appears to rely on a construction that any Bluetooth connection between two
`devices that reuses an authentication key is not a second link, but is simply a
`reestablishment of the first link. PO Resp. 26. Patent Owner bases this
`assertion on certain language in the ’999 patent: “the key exchanged upon
`link initialization identifies a unique link and can be used reliably for
`subsequent authentication when the link is re-established.” Id. (citing Ex.
`1001, 1:47–53) (emphasis added by Patent Owner).
`According to Petitioner, Patent Owner’s construction is incorrect.
`Reply 3–6. Instead, Petitioner asserts that “the express language of claim 13
`requires only that the first and second devices are connected using the
`second link ‘later,’ after the authentication protocol involving the exchange
`of authentication information is executed over the first link.” Id. at 5.
`Petitioner points out that unlike claim 13, claim 17 explicitly recites
`“wherein said first communication link and said second communication link
`are different types of links.” Id. at 4 (citing Ex. 1001, 6:50–52).
`
`10
`
`
`
`IPR2019-01337
`Patent 7,136,999 B1
`
`
`We do not agree with Patent Owner that the quoted language of the
`’999 patent requires a construction of the term “second link” that excludes
`any Bluetooth connection that reuses authentication information. Other than
`the one vaguely worded sentence in the ’999 patent, Patent Owner does not
`point to any supporting evidence for this interpretation. PO Resp. 25–26;
`Ex. 1001, 1:47–53).
`To the contrary, the evidence supports a finding that when two
`devices reestablish communication after being disconnected, the subsequent
`Bluetooth link is considered a different link. See Reply 18 (citing Ex. 1004,
`151 (“Consequently, once a semi-permanent link key is defined, it may be
`used in the authentication of several subsequent connections between the
`Bluetooth units sharing it.”). This understanding is consistent with the ’999
`patent, which refers to “initial Bluetooth link[s]” and “subsequent Bluetooth
`link[s]” (Ex. 1001, 1:49–50, 1:58, 4:40), and discloses that multiple links
`can be made between two Bluetooth compatible devices (id. at 1:17–20),
`without any clarification that such links are considered the same if
`authentication information is reused.
`Accordingly, we find that claim 13 requires two different links, one of
`which occurs later in time than the other, but that those links are not required
`to be of different types. And we do not agree with Patent Owner’s narrow
`reading, based on one sentence in the ’999 patent, that Bluetooth links that
`reuse authentication codes are considered the same link.
`
`C. Obviousness over Varadharajan
`Petitioner contends that claims 1–3, 6–8, 11–14, 16, and 17 of the
`’999 patent are unpatentable because their subject matter would have been
`obvious over the disclosure of Varadharajan. Pet. 8–30.
`
`11
`
`
`
`IPR2019-01337
`Patent 7,136,999 B1
`
`
`1. Overview of Varadharajan
`Varadharajan is titled “Communication System for Portable
`Appliances.” Ex. 1003, code (54). Varadharajan describes a host device
`and a portable device that are “capable of communicating both remotely, e.g.
`via a modem link, and directly, when the host and portable device are
`docked or otherwise locally associated.” Id. at 4:1–5. To ensure security,
`the portable device and host device “periodically exchange a security key via
`the direct communication link, and the key is then used to control or encrypt
`subsequent remote communications.” Id. at 4:8–12. According to
`Varadharajan, this security key may be created and exchanged by “any of a
`variety of ways known to those skilled in the art” and the direct or local
`communication may take place using “an I.R. transmitter/receiver unit.” Id.
`at 4:13–15, 4:26–34.
`In one embodiment, Varadharajan describes a process in which,
`“[e]ach time the portable computer 50 is in local or direct communication
`with the desk top computer 48, this is detected . . . and the identity of the
`portable computer 50 is authenticated by the desk top computer 48 by a
`suitable test such as a challenge/response routine.” Ex. 1003, 4:62–67.
`Only if the portable computer 50 passes this authentication test does the desk
`top computer initiate a process in which a “key generating device 28
`generates a fresh security key which is stored in the encryption/decryption
`unit 30 of the host device 10 and transmitted via the local I.R. link to be
`stored in the encryption/decryption unit 38 of the portable device 12.” Id. at
`4:62–5:8. Subsequently, when the two devices are in remote
`communication, for authentication, the host device issues a random
`challenge to the portable device, which in turn calculates a response
`
`12
`
`
`
`IPR2019-01337
`Patent 7,136,999 B1
`
`including the “current security key” and transmits this to the host device. Id.
`at 5:32–40.
`2. Analysis
`Petitioner asserts Varadharajan teaches or suggests each of the
`limitations of independent claims 1, 13, 14, and 17. Pet. 9–30. In particular,
`Petitioner contends that Varadharajan’s challenge/response routine over the
`I.R. link teaches the first exchange of authentication information limitation.
`Id. at 16–19 (citing Ex. 1003, 2:43–49, 4:13–21, 4:62–5:2, 5:33–40;
`Ex. 1006 ¶¶ 60–64). In addition, Petitioner contends that Varadharajan’s
`disclosure of the challenge/response routine over the remote communication
`link teaches the second exchange of authentication information limitation.
`Id. at 21–22 (citing Ex. 1003, 4:26–34, 4:62–67, 5:33–40; Ex. 1006 ¶¶ 71–
`73).
`
`Patent Owner does not agree that Varadharajan teaches the first and
`second exchange of authentication information limitations. PO Resp. 10–13.
`In particular, Patent Owner emphasizes that Varadharajan describes creating
`“a fresh security key” every time the portable computer is in proximity to the
`desktop computer after first authenticating the portable computer. Id. at 10.
`According to Patent Owner, because this fresh security key is subsequently
`used to authenticate the remote communication, that key has “no particular
`relationship to” the key used to authenticate the local connection. Id. at 10–
`11 (citing Ex. 1003, 5:4–8). Patent Owner also notes that Varadharajan
`discloses that frequent changes to the security key are used to enhance
`security. Id. at 11 (citing Ex. 1003, 2:51–58).
`The Institution Decision notes that “it is not clear that [Varadharajan]
`implies that the security key transmitted via the local I.R. Link is never
`
`13
`
`
`
`IPR2019-01337
`Patent 7,136,999 B1
`
`stored and reused when a remote authentication between the two devices
`occurs” and pointed to language in Varadharajan that the key update is not
`allowed to occur over a modem link. Inst. Dec. 11–12 (citing Ex. 1003,
`5:10–14). We, thus, concluded that we were not persuaded “a person of
`ordinary skill in the art would have understood Varadharajan to teach that
`the security key from the first, local, exchange is never stored and reused as
`the current security key in the second, remote, exchange.” Id. at 12.
`In Response, Patent Owner explains that Varadharajan does not
`affirmatively state that the security key is reused between a local and remote
`connection and that, in fact, the only detailed language in Varadharajan
`implies the opposite—that the security key is changed after every local
`authentication—and, thus, the disclosure of Varadharajan does not explicitly
`disclose reusing the same or similar authentication information in the second
`link. PO Resp. 11–12. Patent Owner also points out that Varadharajan’s
`language, noted in the Institution Decision, teaching that key updates cannot
`be done over the remote connection, does not support a finding that
`Varadharajan discloses using the same or similar authentication information
`over the two connections. Id.
`Petitioner argues that Varadharajan expressly describes using the
`same or similar authentication information between the two links. Reply 6–
`7. As support, Petitioner asserts that Varadharajan discloses that the two
`devices “perform authentication ‘[e]ach time’ the two devices are in
`communication, including after they initially exchange a security key” and
`“Varadharajan further discloses the two devices then exchange the same key
`when they later authenticate over a different, alternate link, such as a modem
`link.” Id. at 7 (citing Ex. 1003 5:33–40; Ex. 1006 ¶¶ 60–62, 74–76).
`
`14
`
`
`
`IPR2019-01337
`Patent 7,136,999 B1
`
`According to Petitioner, “[t]his is in part because the security key cannot be
`updated over the modem link, as noted in the Institution Decision and not
`disputed by [Patent Owner].” Id.
`We disagree with Petitioner that this description of Varadharajan’s
`disclosure is uncontested by Patent Owner. See Reply 7. To the contrary,
`Patent Owner argues that Varadharajan does not use the same or similar key
`during the remote authentication because a new key was already created
`before the second authentication when the two devices were in proximity,
`but after the local authentication. PO Resp. 10–12; Sur-Reply 6–10. Thus,
`according to Patent Owner, it is irrelevant that the key update cannot occur
`over the remote link. Moreover, despite our statement in the Institution
`Decision (see Inst. Dec. 12), upon further review of Varadharajan’s
`language, we agree with Patent Owner that whether the security key can be
`updated over a remote communication link is irrelevant to Patent Owner’s
`point that the security key is changed between the local authentication and
`the remote authentication.
`Patent Owner also argues that the language Petitioner relies on to
`show that the remote authentication uses the same key as the initial
`authentication does not support such a reading. Sur-Reply 7. We agree with
`Patent Owner. Petitioner relies on the following language (Pet. 22;
`Reply 7):
`
`During a subsequent remote communication exchange via
`the modem link 53, the desk top computer 48 issues a random
`challenge to the portable computer 50. The portable computer
`50 calculates a response as a function of the challenge and the
`current security key and transmits this to the desk top computer
`48. The desk top computer checks the response and if it
`
`15
`
`
`
`IPR2019-01337
`Patent 7,136,999 B1
`
`
`corresponds correctly to the challenge, allows [the] session to
`continue.
`Ex. 1003, 5:33–40 (emphasis added). According to Petitioner, this language
`implies that “the portable device sends a response including the same
`security key that is exchanged during execution of the authentication
`protocol over the short-range wireless link.” Pet. 22 (emphasis added).
`However, we read this language the same way Patent Owner does, that
`remote authentication uses the current security key, which was updated after
`the first authentication occurred and, therefore, is not the same or similar key
`used in the first authentication.
`Petitioner also asserts that Varadharajan discloses “the host device
`and the portable device may refresh the security key when the[y]
`communicate over a short-range link, but need not always do so.” Reply 8.
`However, we agree with Patent Owner (Sur-Reply 9–10) that the language
`Petitioner relies on for this statement does not, in fact, state that security
`keys need not be refreshed, but instead simply explains that “the described
`embodiments incorporate a secret key which is changed very frequently . . .,
`thus offering substantial extra protection.” Id. at 9 (citing Ex. 1003, 2:51–
`58). Although we agree with Petitioner that this language does not explicitly
`state that “Varadharajan’s security key must always be changed when the
`two devices communicate over the short-range link,” we note that Petitioner
`does not point to any language in Varadharajan stating that it need not
`always be refreshed. Id. In fact, the only language in Varadharajan on this
`issue appears to be that “[e]ach time the portable computer 50 is in local or
`direct communication with the desktop computer 48,” authentication is
`performed and then, if the portable computer passes the test, a key update
`
`16
`
`
`
`IPR2019-01337
`Patent 7,136,999 B1
`
`routine is initiated that changes the security key. Ex. 1003, 4:62–5:8. This
`language supports Patent Owner’s reading.
`Petitioner provides expert testimony supporting its position. Pet. 22
`(citing Ex. 1006 ¶¶ 71–73); Reply 7–8 (citing Ex. 1006 ¶¶ 74–76; Ex. 1013
`¶¶ 12–13). We, however, do not credit Dr. Weissman’s testimony on this
`issue, as it relies solely on the same portions of Varadharajan discussed
`above, without addressing Varadharajan’s explicit language describing key
`updates. See Ex. 1006 ¶ 73 (relying on Ex. 1003, 4:62–67 and 5:33–40 as
`supporting, without elaboration, a reading that the remote authentication
`uses “the same security key” as the initial authentication); Ex. 1013 ¶ 12
`(relying, again, on Ex. 1003, 5:33–40 to support a conclusion that “[w]hen
`the host device and the portable device later authenticate over a different,
`alternate link, such as a modem link, the two devices then exchange the
`same key to authenticate each other”); Ex. 1003, 4:62–5:8 (describing
`authentication followed by key update “[e]ach time” the two computers
`communicate over a local link).
`In his Supplemental Declaration, Dr. Weissman adds that “[a]s
`Varadharajan does not disclose a mechanism to update the security key over
`the modem link, it discloses using the same security key for authentication
`over the disclosed modem link.” Ex. 1013 ¶ 12. However, as noted above,
`we agree with Patent Owner that it is immaterial what link the key update is
`made through—what matters is whether the key update is done after the
`initial authentication such that a different key is used for the remote
`authentication. And Varadharajan explicitly states that the update is made
`after the initial authentication and before the remote authentication.
`Ex. 1003, 4:62–5:8. Dr. Weissman also states, in his Supplemental
`
`17
`
`
`
`IPR2019-01337
`Patent 7,136,999 B1
`
`Declaration, that the key update “need not occur every time the host device
`and portable device are in communication over the short range link,” but,
`again, for this conclusion he relies solely on the portion of Varadharajan that
`states that keys are updated frequently. Ex. 1013 ¶ 13 (citing Ex. 1003,
`2:52–58). Dr. Weissman adds that “[a] person of ordinary skill in the art
`would not interpret this disclosure, and other disclosures from Varadharajan
`generally, to require that a security key refresh always occurs when the host
`device and the portable device communicate over the short-range link.” Id.
`However, we do not credit this conclusory statement given Dr. Weissman
`does not take into account, or otherwise acknowledge, Varadharajan’s
`explicit language describing key updates in a paragraph that begins with the
`phrase “[e]ach time the portable computer 50 is in local or direct
`communication with the desk top computer 48 . . . .” Ex. 1003 4:62–5:8.
`Accordingly, based upon our review of the current record, we
`conclude that Petitioner has not demonstrated a reasonable likelihood of
`establishing that claims 1–3, 6–8, 11–14, 16, and 17 would have been
`obvious over Varadharajan.
`
`D. Obviousness over Varadharajan and BT Core
`Petitioner contends that claims 1, 2, 4, 5, 7–10, 13–15, and 17 of the
`’999 patent are unpatentable because their subject matter would have been
`obvious over the combined disclosure of Varadharajan and BT Core.
`Pet. 30–56.
`1. Overview of BT Core
`BT Core is titled “Specification of the Bluetooth System” and
`“defines the requirements for a Bluetooth transceiver operating in [the
`2.4GHz ISM] band.” Ex. 1004, 1, 18.
`
`18
`
`
`
`IPR2019-01337
`Patent 7,136,999 B1
`
`
`2. Analysis for Claim 1
`a. a method of authenticating first and second electronic devices
`The preamble of claim 1 recites “a method of authenticating first and
`second electronic devices.” Ex. 1001, 5:17–18. Petitioner asserts that both
`Varadharajan and BT Core teach these features. Pet. 37–39. Specifically,
`Petitioner explains that “Varadharajan and BT Core disclose a method for
`authenticating a portable device (first electronic device) and a host device
`(second electronic device)” using “both a direct link (short-range
`communication link) and a modem link (alternate communication link).” Id.
`37–38 (citing Ex. 1003, Abstract, 3:26–49, 4:8–21; Ex. 1006 ¶¶ 112–113).
`Petitioner explains that “[w]hen the portable device and the host device are
`configured to use Bluetooth and desire to communicate with each other, they
`initially perform an initialization process where the devices are paired to
`each other.” Id. at 38 (citing Ex. 1004, 153–154).
`Based on the record, we are persuaded by Petitioner’s showing that
`Varadharajan and BT Core teach or suggest a method of authenticating first
`and second electronic devices. Patent Owner does not dispute Petitioner’s
`contentions regarding this limitation. See PO Resp. 10–13. Accordingly, we
`determine that Petitioner has established by a preponderance of the evidence
`that Varadharajan and BT Core teach or suggest a method of authenticating
`first and second electronic devices as required by claim 1.
`b. upon link set-up over a short-range wireless link, executing an
`authentication p