`571-272-7822
`
`
`
`
`
`
`
`Paper 8
`Entered: January 27, 2021
`
`UNITED STATES PATENT AND TRADEMARK OFFICE
`
`BEFORE THE PATENT TRIAL AND APPEAL BOARD
`
`SONY INTERACTIVE ENTERTAINMENT LLC,
`Petitioner,
`
`v.
`
`BOT M8, LLC,
`Patent Owner.
`
`IPR2020-01218
`Patent 8,095,990 B2
`
`
`
`
`
`
`
`
`
`Before KALYAN K. DESHPANDE, LYNNE E. PETTIGREW, and
`JAMES A. TARTAL, Administrative Patent Judges.
`
`PETTIGREW, Administrative Patent Judge.
`
`DECISION
`Denying Institution of Inter Partes Review
`35 U.S.C. § 314
`
`I. INTRODUCTION
`
`Petitioner, Sony Interactive Entertainment LLC, filed a Petition for
`
`inter partes review of claims 1–10 of U.S. Patent No. 8,095,990 B2
`
`(Ex. 1001, “the ’990 patent”). Paper 2 (“Pet.”). Patent Owner, Bot M8
`
`LLC, filed a Preliminary Response. Paper 7 (“Prelim. Resp.”).
`
`
`
`
`
`IPR2020-01218
`Patent 8,095,990 B2
`
`Under 35 U.S.C. § 314 and 37 C.F.R. § 42.4(a), we have authority to
`
`institute an inter partes review if “the information presented in the
`
`petition . . . and any response . . . shows that there is a reasonable likelihood
`
`that the petitioner would prevail with respect to at least 1 of the claims
`
`challenged in the petition.” 35 U.S.C. § 314(a). After considering the
`
`parties’ briefing and the evidence of record, we conclude the information
`
`presented does not show there is a reasonable likelihood that Petitioner
`
`would prevail in establishing the unpatentability of at least one of claims 1–
`
`10 of the ’990 patent. Accordingly, we do not institute an inter partes
`
`review.
`
`II. BACKGROUND
`
`A. Related Matters
`
`The parties identify the following district court proceeding related to
`
`the ’990 patent: Bot M8, LLC v. Sony Corporation of America, 3:19-cv-
`
`07027 (N.D. Cal.). Pet. 81; Paper 5, 1 (Patent Owner’s Mandatory Notices).
`
`Petitioner asserts that the ’990 patent has been dismissed from that case due
`
`to failure to state a claim of infringement. Pet. 81.
`
`B. Overview of the ’990 Patent
`
`The ’990 patent describes a gaming machine and a gaming
`
`information authentication loading device configured to authenticate and
`
`load gaming information stored in a portable storage medium. Ex. 1001,
`
`1:15–23. The disclosed gaming machine contains a game action executing
`
`device, a loading device, and a process device. Id. at 4:43–5:3. The loading
`
`device contains a connection unit for connecting a storage medium
`
`containing gaming information to the gaming machine. Id. at 5:4–9.
`
`The ’990 patent explains that in the prior art, when a removable
`
`storage medium is employed to carry gaming information to a gaming
`
`2
`
`
`
`IPR2020-01218
`Patent 8,095,990 B2
`
`machine, a malicious third party can copy or falsify the stored gaming
`
`information. Id. at 1:25–48. The ’990 patent addresses this security
`
`problem by employing a two-way authentication configuration where the
`
`gaming machine stores an authentication program for authenticating the
`
`gaming information and the gaming information of the removable storage
`
`medium stores a mutual authentication program in order to maintain
`
`consistency between the gaming information and the authentication
`
`program. Id. at 5:9–19.
`
`Figure 11 of the ’990 patent is reproduced below:
`
`Figure 11 above is a block diagram illustrating a gaming information
`
`authentication loading device according to one embodiment disclosed in the
`
`
`
`3
`
`
`
`IPR2020-01218
`Patent 8,095,990 B2
`
`’990 patent. Id. at 6:48–51, 13:13–24. A gaming machine (e.g., a slot
`
`machine) incorporates gaming information authentication loading device 3, a
`
`process device (e.g., mother board 20), and a loading device (e.g., gaming
`
`board 16). Id. at 7:8–11. The loading device includes a connection unit
`
`(e.g., card slot 12) that receives and connects to a removable storage medium
`
`(e.g., memory card 30) carrying gaming information (e.g., gaming program
`
`30a and gaming system program 30b) and mutual authentication program
`
`30c included within the gaming information. Id. at 7:45–51. The loading
`
`device also includes a program storage unit (e.g., boot ROM 11) that stores
`
`authentication program 11a. Id. at 7:32–34. The process device contains a
`
`readable and rewriteable storage unit (e.g., RAM 23), a reading unit and
`
`writing unit (e.g., main CPU 21), an action controlling unit (e.g., main CPU
`
`21), an authentication unit (e.g., main CPU 21), and a mutual authentication
`
`unit (e.g., main CPU 21). Id. at 7:54–8:13.
`
`4
`
`
`
`IPR2020-01218
`Patent 8,095,990 B2
`
`Figure 12 of the ’990 patent, reproduced below, shows the gaming
`
`information authentication loading procedure. Id. at 6:52–56, 13:25–14:62.
`
`As shown in Figure 12 above, with reference to Figure 11, authentication
`
`program 11a is read (r1) at step S4 from boot ROM 11 to RAM 23. Id.
`
`at 13:56–62. As the gaming information (including gaming system
`
`program 30b) is read (r2, r3) from memory card 30 to RAM 23, the gaming
`
`
`
`5
`
`
`
`IPR2020-01218
`Patent 8,095,990 B2
`
`information is authenticated (f2, f3) using the stored authentication program
`
`at steps S11 and S12. Id. at 14:15–25. At step S16, mutual authentication
`
`program 30c, included in the read gaming information as part of gaming
`
`system program 30b, mutually authenticates (f5) authentication
`
`program 11a, which has been read from boot ROM 11 to RAM 23.
`
`Id. at 14:43–56.
`
`The ’990 patent explains that the mutual authentication program (f5)
`
`is carried out to check that authentication program 11a is a legitimate
`
`program according to mutual authentication program 30c included in gaming
`
`system program 30b. Id. at 15:28–31; see also id. at 14:52–56 (“The
`
`authentication process f5 is called the mutual authentication process because
`
`the authentication program 11a is authenticated according to the
`
`authenticated gaming system program 30b including the mutual
`
`authentication program 30c therein.”). “Therefore, the authentication
`
`processes are carried out bi-directionally between the gaming information
`
`and the authentication program 11a.” Id. at 15:31–34 (emphasis added).
`
`C. Illustrative Claim
`
`Challenged claims 1, 5, and 9 are independent. Claims 2–4 depend
`
`directly or indirectly from claim 1, claims 6–8 depend directly or indirectly
`
`from claim 5, and claim 10 depends directly from claim 9. Claim 1 is
`
`illustrative of the claimed subject matter and is reproduced below:
`
`1. A gaming machine comprising:
`
`(a) a game action executing device configured to execute a
`game action;
`
`(b)(i) a loading device including a connection unit configured to
`be connected to a removable storage medium (ii) storing therein
`gaming information including a mutual authentication program;
`and
`
`6
`
`
`
`IPR2020-01218
`Patent 8,095,990 B2
`
`(c) a process device including a readable and rewritable storage
`unit,
`
`(d) wherein each of (i) a program storage unit, (ii) a reading
`unit, (iii) an authentication unit and (iv) a mutual authentication
`unit is included in at least one of the loading device and the
`process device:
`
`(e) the program storage unit configured to store therein an
`authentication program for authenticating the gaming
`information stored in the storage medium;
`
`(f) the reading unit configured to read (i) the authentication
`program from the program storage unit and (ii) the gaming
`information from the storage medium connected to the
`connection unit;
`
`(g) the authentication unit configured to execute an
`authentication process for the read gaming information
`according to the read authentication program; and
`
`(h) the mutual authentication unit configured to execute a
`mutual authentication process for the authentication program to
`check that the authentication program is a legitimate program
`according to the mutual authentication program included in the
`gaming information authenticated by the authentication unit,
`
`(i) the process device includes a writing unit configured to write
`the gaming information authenticated by the authentication unit
`to the readable and rewritable storage unit, and
`
`(j) the process device includes an action controlling unit
`configured to control the game action executing device
`according to the written gaming information so that the game
`action executing device executes the game action, when the
`mutual authentication unit has executed the mutual
`authentication process.
`
`Ex. 1001, 17:2–41 (Petitioner’s identification of limitations added).
`
`7
`
`
`
`IPR2020-01218
`Patent 8,095,990 B2
`
`D. Asserted Grounds of Unpatentability
`
`Petitioner asserts that the challenged claims are unpatentable based on
`
`the following grounds (Pet. 3–4):
`
`Claims Challenged
`1, 5, 9
`1, 5, 9
`
`35 U.S.C. §
`103(a)1
`103(a)
`
`4, 8–10
`
`2, 3, 6, 7
`
`1, 5, 9
`4, 8–10
`
`2, 3, 6, 7
`
`103(a)
`
`103(a)
`
`103(a)
`103(a)
`
`103(a)
`
`References
`Gazdic,2 Ryan3
`Gazdic, Ryan, Diamant4
`Gazdic, Ryan, Diamant,
`Alcorn5
`Gazdic, Ryan, Diamant,
`Alcorn, Gatto6
`Takeda,7 Diamant
`Takeda, Diamant, Alcorn
`Takeda, Diamant, Alcorn,
`Gatto
`
`In support of its contentions, Petitioner relies on the Declaration of
`
`Andrew Wolfe, Ph.D. (Ex. 1003).
`
`
`1 The Leahy-Smith America Invents Act (“AIA”), Pub. L. No. 112-29, 125
`Stat. 284, 285–88 (2011), revised 35 U.S.C. § 103 effective March 16, 2013.
`Because the ’990 patent has an effective filing date prior to the effective date
`of the applicable AIA amendment, we refer to the pre-AIA version of § 103.
`2 U.S. Patent Application Publ’n No. 2003/0195033 A1, published Oct. 16,
`2003 (Ex. 1008).
`3 U.S. Patent Application Publ’n No. 2005/0009599 A1, published Jan. 13,
`2005 (Ex. 1009).
`4 U.S. Patent Application Publ’n No. 2006/0101310 A1, published May 11,
`2006 (Ex. 1006).
`5 U.S. Patent No. 6,149,522, issued Nov. 21, 2000 (Ex. 1007).
`6 U.S. Patent Application Publ’n No. 2004/0198496 A1, published Oct. 7,
`2004 (Ex. 1027).
`7 U.S. Patent No. 6,394,905 B1, issued May 28, 2002 (Ex. 1005).
`
`8
`
`
`
`IPR2020-01218
`Patent 8,095,990 B2
`
`III. ANALYSIS
`
`A. Principles of Law
`
`A claim is unpatentable under § 103(a) if the differences between the
`
`claimed subject matter and the prior art are such that the subject matter, as a
`
`whole, would have been obvious at the time the invention was made to a
`
`person having ordinary skill in the art to which said subject matter pertains.
`
`KSR Int’l Co. v. Teleflex Inc., 550 U.S. 398, 406 (2007). The question of
`
`obviousness is resolved on the basis of underlying factual determinations,
`
`including (1) the scope and content of the prior art; (2) any differences
`
`between the claimed subject matter and the prior art; (3) the level of ordinary
`
`skill in the art; and (4) when in evidence, objective indicia of
`
`non-obviousness.8 Graham v. John Deere Co., 383 U.S. 1, 17–18 (1966).
`
`An invention “composed of several elements is not proved obvious
`
`merely by demonstrating that each of its elements was, independently,
`
`known in the prior art.” KSR, 550 U.S. at 418. In an obviousness analysis,
`
`“it can be important to identify a reason that would have prompted a person
`
`of ordinary skill in the relevant field to combine the elements in the way the
`
`claimed new invention does.” Id. Further, “[t]o satisfy its burden of proving
`
`obviousness, a petitioner cannot employ mere conclusory statements. The
`
`petitioner must instead articulate specific reasoning, based on evidence of
`
`record, to support the legal conclusion of obviousness.” In re Magnum Oil
`
`Tools Int’l, Ltd., 829 F.3d 1364, 1380 (Fed. Cir. 2016).
`
`
`8 With respect to the fourth Graham factor, the parties do not present
`arguments or evidence regarding objective indicia of non-obviousness.
`Therefore, the obviousness analysis at this stage of the proceeding is based
`on the first three Graham factors.
`
`9
`
`
`
`IPR2020-01218
`Patent 8,095,990 B2
`
`B. Level of Ordinary Skill in the Art
`
`Petitioner asserts that a person of ordinary skill in the art at the time of
`
`the alleged invention of the ’990 patent would have had
`
`the equivalent of at least an undergraduate degree in computer
`science, computer engineering, electrical engineering, or a
`similar technical field, and with one or more years of work
`experience in the field of computer hardware and/or software
`authentication or verification. Additional education may
`substitute for less work experience and vice versa.
`
`Pet. 2 (citing Ex. 1003 ¶¶ 46–48). Patent Owner does not offer a proposal
`
`regarding the level of ordinary skill in the art. See generally Prelim. Resp.
`
`(declining to address level of skill in the art).
`
`On the present record, we determine that Petitioner’s proposed level
`
`of ordinary skill in the art is consistent with the ’990 patent and asserted
`
`prior art. See Okajima v. Bourdeau, 261 F.3d 1350, 1355 (Fed. Cir. 2001).
`
`Therefore, we adopt Petitioner’s proposal for purposes of deciding whether
`
`to institute inter partes review.
`
`C. Claim Construction
`
`In an inter partes review, we apply the same claim construction
`
`standard that would be used in a civil action under 35 U.S.C. § 282(b),
`
`following the standard articulated in Phillips v. AWH Corp., 415 F.3d 1303
`
`(Fed. Cir. 2005) (en banc). 37 C.F.R. § 42.100(b) (2019). In applying this
`
`standard, we generally give claim terms their ordinary and customary
`
`meaning, as would be understood by a person of ordinary skill in the art, at
`
`the time of the invention and in the context of the entire patent disclosure.
`
`Phillips, 415 F.3d at 1312–14.
`
`Neither party proposes a construction for any claim term. Petitioner
`
`contends that no claim terms require express construction for purposes of
`
`applying the prior art. Pet. 4. Patent Owner argues that, at this stage of the
`
`10
`
`
`
`IPR2020-01218
`Patent 8,095,990 B2
`
`proceeding, the Board should adopt the ordinary and customary meaning of
`
`the claim terms. Prelim. Resp. 5. For purposes of this decision, we
`
`determine that no claim terms require express construction. See Nidec
`
`Motor Corp. v. Zhongshan Broad Ocean Motor Co., 868 F.3d 1013, 1017
`
`(Fed. Cir. 2017) (holding that only claim terms in controversy need to be
`
`construed, and only to the extent necessary to resolve the controversy (citing
`
`Vivid Techs., Inc. v. Am. Sci. & Eng’g, Inc., 200 F.3d 795, 803 (Fed. Cir.
`
`1999))).
`
`D. Asserted Obviousness over Gazdic and Ryan
`
`Petitioner contends that claims 1, 5, and 9 of the ’990 patent are
`
`unpatentable under 35 U.S.C. § 103 as obvious over Gazdic and Ryan.9
`
`Pet. 5–40.10 For the reasons discussed below, we conclude that Petitioner
`
`has not demonstrated a reasonable likelihood it would prevail in showing
`
`that claims 1, 5, and 9 are unpatentable on this asserted ground.
`
`1. Overview of Gazdic
`
`Gazdic discloses a gaming machine and a method of authenticating a
`
`game data set stored on a first memory using an authentication program
`
`
`9 Petitioner generally relies on Gazdic and Ryan together as a single
`disclosure because Ryan explicitly incorporates Gazdic by reference. Pet. 5
`& n.2 (citing Ex. 1009 ¶ 1). In the event that Gazdic and Ryan do not
`constitute a single disclosure, Petitioner relies on the opinion of Dr. Wolfe to
`support the obviousness of combining the entirety of Gazdic and Ryan. Id.
`at 5 n.3 (citing Ex. 1003 ¶ 292 n.4). For purposes of this Decision, we need
`not decide whether Gazdic and Ryan together constitute a single reference.
`Like the Petition, we sometimes refer to Gazdic and Ryan collectively as
`Gazdic/Ryan for convenience. See id. at 3.
`10 Petitioner’s obviousness analysis based on the combined teachings of
`Gazdic, Ryan, and Diamant is interspersed in its analysis of obviousness
`over Gazdic and Ryan. See, e.g., Pet. 17–20. We address Petitioner’s
`contentions regarding that alternative obviousness ground below in § III.E.
`
`11
`
`
`
`IPR2020-01218
`Patent 8,095,990 B2
`
`stored on a second memory. Ex. 1008, code (57), ¶ 5. A central processing
`
`unit (CPU) controls operation of the gaming machine, and the CPU includes
`
`a microprocessor and computer readable storage. Id. ¶¶ 17–18.
`
`Figure 2 of Gazdic is reproduced below:
`
`
`
`Figure 2 above illustrates a computer readable storage containing boot
`
`memory 20, high capacity storage memory 22, and serial read-write
`
`memory 24. High capacity storage memory 22 stores a game data set
`
`comprising game data files (including game and operating system executable
`
`files), digital signature 32 corresponding to the game data set, and a manifest
`
`file containing digital signatures 34 corresponding to the game data files.
`
`Ex. 1008 ¶¶ 5, 20, 24. The boot memory contains, among other contents, an
`
`authentication program (including hash function 42, digital signature
`
`algorithm (DSA) verify operation 44a, and public key 46a) and digital
`
`signature 30 corresponding to the contents of the boot memory as a whole.
`
`12
`
`
`
`IPR2020-01218
`Patent 8,095,990 B2
`
`Id. ¶ 19. In order to authenticate the game data files, the authentication
`
`program first authenticates the contents of the boot memory; if deemed
`
`authentic, the authentication program authenticates the game data set and
`
`game data files. Id. ¶ 5. The authentication process involves the
`
`authentication program generating fresh authentication codes and comparing
`
`the fresh codes with the pre-generated digital signatures 30, 32, and 34 of the
`
`boot memory, game data set, and game data files, respectively. Id. ¶¶ 5, 23–
`
`25, Figs. 3–4.
`
`Figure 5b of Gazdic is reproduced below:
`
`Figure 5b above illustrates the part of the authentication procedure that
`
`authenticates and loads the individual game data files that make up the game
`
`
`
`13
`
`
`
`IPR2020-01218
`Patent 8,095,990 B2
`
`data set within the high capacity storage memory. Ex. 1008 ¶¶ 11, 26, 29–
`
`30. Once the game data files have been authenticated and loaded into the
`
`CPU, the data files will reside in the CPU during execution and normal
`
`machine operation. Id. ¶ 29.
`
`After final boot, a continuous run-time authentication repeatedly
`
`verifies the presence of the high capacity storage medium connected to the
`
`CPU, the serial memory, the boot memory, and all files executing from the
`
`system RAM. Id. ¶¶ 31–32, Fig. 6. This run-time authentication is
`
`separated into two cycles. The first cycle of run-time authentication verifies
`
`the presence of the high capacity storage memory as connected to the CPU,
`
`and the second cycle authenticates the serial memory, boot memory, and
`
`files executing from the system RAM. Id. ¶¶ 31–32.
`
`2. Overview of Ryan
`
`Ryan discloses a gaming machine and a method of authenticating
`
`gaming machine software stored within the gaming machine while the
`
`gaming machine is running and interacting with a user. Ex. 1009, code (57),
`
`¶ 7. The gaming machine includes and is operated by a CPU. Id. ¶¶ 8, 23,
`
`Fig. 2.
`
`14
`
`
`
`IPR2020-01218
`Patent 8,095,990 B2
`
`Figure 2 of Ryan is reproduced below:
`
`
`
`Figure 2 above illustrates CPU 30, which includes microprocessor 32 that
`
`interfaces with many components of the gaming machine via interface
`
`bus 34. Id. ¶ 24. The various memory components of the gaming machine
`
`include boot memory 46, high capacity storage memory 48, and serial read-
`
`write memory 50. Id. ¶ 26. The boot memory contains, among other
`
`15
`
`
`
`IPR2020-01218
`Patent 8,095,990 B2
`
`contents, digital signature 58 and authentication program 54, which includes
`
`hash function 60, DSA verify operation 62, and public key 64. Id. ¶ 27. The
`
`high capacity storage memory contains a variety of data files that
`
`collectively form a gaming program, digital signature 78 corresponding to
`
`the high capacity storage memory as a whole, and a manifest file containing
`
`file digital signatures 76 that correspond to the individual data files. Id.
`
`¶ 29.
`
`An exemplary run-time authentication process has two main cycles,
`
`one cycle checking that high capacity storage memory 48 is connected to
`
`bus 34, and the second cycle continuously authenticating boot memory 46,
`
`serial read-write memory 36, and the integrity of data stored in battery
`
`backed memory 38. Id. ¶¶ 33–34. One purpose of run-time authentication is
`
`to ensure that files and data loaded into the main memory during boot have
`
`not been altered, and another purpose is to ensure the memory contents, as a
`
`whole, have not been altered. Id. ¶ 35.
`
`3. Analysis
`
`Petitioner cites the combined disclosure of Gazdic and Ryan for
`
`teaching a “gaming machine” as recited in the preamble of claim 1. Pet. 7–8
`
`(citing Ex. 1008 ¶ 14, Fig. 1; Ex. 1009 ¶ 20). Petitioner further asserts that
`
`Gazdic/Ryan teaches the structural components of the claimed gaming
`
`machine. For example, with respect to limitation 1(a), “a game action
`
`executing device configured to execute a game action,” Petitioner asserts
`
`that Gazdic/Ryan teaches a CPU that controls associated audio and video
`
`circuitry to display gameplay. Id. at 8–10 (citing Ex. 1008 ¶ 17; Ex. 1009
`
`¶¶ 23–25, Fig. 2; Ex. 1003 ¶¶ 94–100, 304–309). With respect to
`
`limitation 1(b)(i), “a loading device including a connection unit configured
`
`to be connected to a removable storage medium,” Petitioner asserts that
`
`16
`
`
`
`IPR2020-01218
`Patent 8,095,990 B2
`
`Gazdic/Ryan teaches a CD or DVD drive with associated interface buses
`
`configured to be connected to a removable CD-ROM or DVD-ROM (i.e.,
`
`high capacity storage memory), allowing interfacing between a
`
`microprocessor and various components. Id. at 11–12 (citing Ex. 1008 ¶ 18;
`
`Ex. 1009 ¶¶ 24, 26, 33, 46, Fig. 2 (bus 34), Ex. 1003 ¶¶ 310–313). With
`
`respect to limitation 1(c), “a process device including a readable and
`
`rewritable storage unit,” Petitioner asserts that Gazdic/Ryan teaches a
`
`process device comprising a microprocessor, system RAM/main memory,
`
`and boot memory, with system RAM/main memory serving as a readable
`
`and rewritable storage unit. Id. at 20–21 (citing Ex. 1008 ¶¶ 18, 29–30;
`
`Ex. 1009 ¶¶ 24–25; Ex. 1003 ¶¶ 329–336).
`
`Petitioner also asserts that Gazdic/Ryan’s boot memory is “a program
`
`storage unit . . . included in . . . the process device,” as recited in
`
`limitation 1(d)(i). Id. at 22 (citing Ex. 1008 ¶ 8, Fig. 2). Petitioner further
`
`asserts that Gazdic/Ryan teaches that the boot memory stores an
`
`“authentication program” (including hash function 42, DSA verify
`
`operation 44a, and public key 46a) used to authenticate “gaming information
`
`stored in the storage medium” (game data files, including game and
`
`operating system executable files, stored in the high capacity storage
`
`memory), thereby satisfying limitation 1(e). Id. at 25–27 (citing Ex. 1008
`
`¶¶ 5, 8, 19–20, 28, 30, Fig. 2; Ex. 1009 ¶ 27, Fig. 2; Ex. 1003 ¶¶ 350–354);
`
`see also id. at 27–28 (citing Ex. 1008 ¶¶ 5, 18–20, 25, 28–30, Figs. 2, 4, 5a,
`
`5b; Ex. 1009 ¶¶ 44–45) (addressing “authentication program” in limitation
`
`1(f)(i)); id. at 29–31 (citing Ex. 1008 ¶¶ 19–20, 25, 29–30, Fig. 4; Ex. 1009
`
`¶¶ 43–45) (addressing “authentication program” in limitation 1(g)); id. at
`
`13–14 (citing Ex. 1008 ¶¶ 5, 20, Fig. 2; Ex. 1009 ¶ 29, Fig. 2) (addressing
`
`“gaming information” in limitation 1(b)(ii)).
`
`17
`
`
`
`IPR2020-01218
`Patent 8,095,990 B2
`
`In addition to the “authentication program” that authenticates the
`
`gaming information stored in the storage medium, claim 1 requires a
`
`“mutual authentication program.” As recited in limitation 1(h), the “mutual
`
`authentication program” is used to “check that the authentication program is
`
`a legitimate program,” i.e., to authenticate the authentication program.
`
`Ex. 1001, 17:26–30. As recited in limitations 1(b)(ii) and 1(h), the “mutual
`
`authentication program” is included in the “gaming information” that is
`
`stored in the removable storage medium and authenticated by an
`
`authentication unit according to the “authentication program.” Id. at 17:6–8,
`
`17:29–31. As noted above, Petitioner asserts that Gazdic/Ryan’s executable
`
`game/OS files, together constituting a game data set, are “gaming
`
`information” stored in the removable storage medium as recited in the claim.
`
`Pet. 13–14 (citing Ex. 1008 ¶¶ 5, 20, Fig. 2; Ex. 1009 ¶ 29, Fig. 2).
`
`To address the limitation requiring “a mutual authentication program”
`
`to be included within the “gaming information” (i.e., the executable
`
`game/OS files of Gazdic/Ryan), Petitioner first refers to the authentication
`
`program (including hash function 42, DSA verify operation 44a, and public
`
`key 46a in Gazdic/Ryan) stored in Gazdic/Ryan’s boot memory and used for
`
`authenticating the high capacity storage memory and the executable
`
`game/OS files. Pet. 14 (citing Ex. 1008 ¶¶ 19, 29–30, Fig. 2; Ex. 1009
`
`¶¶ 27, 35, 43, Fig. 2). Next, Petitioner cites Gazdic/Ryan’s teaching that the
`
`boot memory and the executable game/OS files are continuously
`
`authenticated during run-time of the system to ensure that information
`
`loaded during the boot process has not been altered. Id. at 15 (citing
`
`Ex. 1008 ¶¶ 31–32, Fig. 6). In particular, Petitioner points to the second
`
`cycle of Gazdic/Ryan’s run-time authentication process that authenticates
`
`the boot memory (including the authentication program) and the files
`
`18
`
`
`
`IPR2020-01218
`Patent 8,095,990 B2
`
`executing from the system RAM (including the executable game/OS files).
`
`Id. (citing Ex. 1008 ¶ 32, Fig. 6).
`
`Relying on the testimony of Dr. Wolfe, Petitioner asserts that one of
`
`ordinary skill in the art would have understood that the second cycle of the
`
`run-time authentication of Gazdic/Ryan uses a different authentication
`
`program from the authentication program stored in boot memory. Id. (citing
`
`Ex. 1003 ¶¶ 314–328). Petitioner also asserts that it would have been
`
`obvious to one of ordinary skill in the art to locate the separate run-time
`
`authentication program, as a set of executable instructions, within the
`
`executable game/OS files on a high capacity storage memory. Id. at 16
`
`(citing Ex. 1003 ¶¶ 314–328). Further, Petitioner asserts that a person of
`
`ordinary skill in the art would have understood that storing the run-time
`
`authentication program in a location different from the authentication
`
`program would increase security because tampering with one location would
`
`be insufficient to defeat authentication. Id. (citing Ex. 1003 ¶¶314–328).
`
`In its Preliminary Response, Patent Owner explains that claim 1
`
`recites a “bi-directional authentication process where two separate
`
`authentication programs that are stored in two different locations
`
`authenticate each other.” Prelim. Resp. 12. Patent Owner contends that
`
`Petitioner has not shown that the combination of Gazdic and Ryan provides
`
`bi-directional authentication because the combination does not establish the
`
`existence of two separate authentication programs (i.e., an “authentication
`
`program” and a “mutual authentication program”) satisfying the
`
`requirements of the claim. Id. at 12–16. Patent Owner argues, among other
`
`things, that the disclosure of Gazdic/Ryan provides for only one
`
`authentication program that performs both the boot authentication process
`
`and the run-time authentication process. Id. at 13, 15 (citing Ex. 1008 ¶¶ 19,
`
`19
`
`
`
`IPR2020-01218
`Patent 8,095,990 B2
`
`30). Patent Owner further argues that even if a person of ordinary skill in
`
`the art would have inferred that Gazdic/Ryan’s run-time authentication
`
`process uses a separate authentication program, there is no evidence to
`
`support locating such a run-time authentication program on a removable
`
`storage medium. Id. at 14–15.
`
`On the record before us, we agree with Patent Owner that Petitioner
`
`has not shown that Gazdic/Ryan teaches or suggests a separate “mutual
`
`authentication program” as recited in claim 1. As Patent Owner correctly
`
`points out, Gazdic/Ryan describes only one authentication program located
`
`within the boot memory that authenticates the gaming information on a high
`
`capacity storage memory during the boot process and also performs run-time
`
`authentication. Ex. 1008 ¶¶ 19, 30–32, Fig. 2; see Prelim. Resp. 13, 15.
`
`Petitioner attempts to distinguish the second cycle of the run-time
`
`authentication process from any other authentication processes by asserting
`
`that the second cycle of the run-time authentication does not use the DSA
`
`verify operation stored in boot memory as depicted in Figure 4. Pet. 15
`
`(citing Ex. 1008 ¶ 32, Fig. 6). Petitioner does not point to any explicit
`
`disclosure in Gazdic/Ryan indicating that the run-time authentication
`
`process uses a different program than the authentication program executed
`
`during the boot process, but instead relies on Dr. Wolfe’s testimony that a
`
`person of ordinary skill in the art would have understood that run-time
`
`authentication uses a separate program. Id. (citing Ex. 1003 ¶¶ 314–328).
`
`Gazdic describes run-time authentication as part of the authentication
`
`procedure that begins with authenticating the executable data files on the
`
`high capacity storage memory during the boot process. Ex. 1008 ¶ 30 (“The
`
`authentication procedure then proceeds to the final stage—continuous run-
`
`time authentication.”). The second cycle of the run-time authentication
`
`20
`
`
`
`IPR2020-01218
`Patent 8,095,990 B2
`
`process authenticates the serial memory, boot memory, and files executing
`
`from the system RAM “preferably . . . using the message digest 48 of the
`
`corresponding memory or file, instead of the DSA verify operation,”
`
`because the message digests were stored previously in RAM and the “DSA
`
`verify operation is not necessary at this point because the memories and files
`
`were proven to be authentic during the system boot process.” Id. ¶ 32
`
`(emphasis added). Gazdic further states “that the DSA verify operation may
`
`instead be performed during this second cycle of continuous run-time
`
`authentication.” Id. Thus, rather than disclosing two separate authentication
`
`programs, Gazdic/Ryan provides only one authentication program that may
`
`omit the DSA verify operation under certain circumstances during run-time
`
`authorization. Id.
`
`For at least this reason, based on the record before us, Petitioner has
`
`not shown sufficiently that a person of ordinary skill in the art would have
`
`understood that Gazdic/Ryan teaches or suggests “a removable storage
`
`medium storing therein gaming information including a mutual
`
`authentication program” in addition to an “authentication program” as
`
`recited in claim 1. Independent claims 5 and 9 recite similar limitations, and
`
`for those claims Petitioner relies on the same analysis presented for claim 1.
`
`Pet. 37–40. Therefore, we conclude the information presented does not
`
`demonstrate a reasonable likelihood that Petitioner would prevail in
`
`establishing that claims 1, 5, and 9 of the ’990 patent are unpatentable under
`
`35 U.S.C. § 103(a) for obviousness over the combination of Gazdic and
`
`Ryan.
`
`E. Asserted Obviousness over Gazdic, Ryan, and Diamant
`
`Petitioner contends that claims 1, 5, and 9 of the ’990 patent are
`
`unpatentable under 35 U.S.C. § 103 as obvious over Gazdic, Ryan, and
`
`21
`
`
`
`IPR2020-01218
`Patent 8,095,990 B2
`
`Diamant. Pet. 5–40. In this asserted obviousness ground, Petitioner relies
`
`on Diamant in combination with Gazdic/Ryan to teach a “mutual
`
`authentication program” as recited in the claims. E.g., id. at 17–20 (citing,
`
`e.g., Ex. 1003 ¶¶ 314–328). For the reasons discussed below, we conclude
`
`that Petitioner has not demonstrated a reasonable likelihood it would prevail
`
`in showing that claims 1, 5, and 9 are unpatentable on this asserted ground.
`
`1. Overview of Diamant
`
`Diamant discloses a device and method for authenticating software
`
`using two verification programs. Ex. 1006, code (57). Figure 1, reproduced
`
`below, is a schematic diagram of components of a device disclosed in
`
`Diamant:
`
`
`
`Id. ¶ 10. As shown in Figure 1, device 10 includes processor 12 connected
`
`to electrical erasable read only memory (EEPROM) 17, read only memory
`
`(ROM) 14, random access memory (RAM) 15, and memory device 16 via
`
`one or more buses 18. Id. The memory device may store functional code or
`
`firmware 20, OEM certificate 26, and integrity checking algorithm 22.
`
`22
`
`
`
`IPR2020-01218
`Patent 8,095,990 B2
`
`Id. ¶ 12. The OEM certificate includes a digital signature result, which
`
`indicates to other components of the