IN THE UNITED STATES PATENT AND TRADEMARK OFFICE
`______________________________
`
`BEFORE THE PATENT TRIAL AND APPEAL BOARD
`______________________________
`
`APPLE, INC.,
`Petitioner,
`
`v.
`
`PROXENSE, LLC
`Patent Owner
`
`______________________________
`
`Case No. IPR2025-00075 (joined with IPR2024-00783)
`U.S. Patent No. 9,679,289
`
`DECLARATION OF MARKUS JAKOBSSON, PH.D
`
`Patent Owner Exhibit 2014, Page 1 of 50
`
`

`

`I.
`
`INTRODUCTION AND SCOPE OF ENGAGEMENT
`
`1.
`
`My name is Markus Jakobsson. I have been retained by counsel for Patent Owner
`
`Proxense, LLC (“Proxense”) to provide my opinions regarding whether claims of U.S. Patent Nos.
`
`9,679,289 (hereafter the “289 Patent”) and 10,073,960 (hereafter the “960 Patent) recite terms
`
`understood by persons of ordinary skill in the art to have a sufficiently definite meaning as the
`
`name for structure enabling an application, function or service, absent an algorithm disclosed in
`
`the Specifications of the respective patents.
`
`II.
`
`QUALIFICATIONS AND COMPENSATION
`
`2.
`
`I make this Declaration based upon my own personal knowledge, information, and
`
`belief, and I would and could competently testify to the matters set forth in this Declaration if
`
`called upon to do so.
`
`3.
`
`Attached hereto as Appendix A is a true and correct copy of my Curriculum Vitae
`
`(CV). I am being compensated at the rate of $875 per hour for my time, plus reasonable out-
`
`of-pocket expenses. My compensation does not depend upon the outcome of the IPR
`
`proceedings, the contents of this Declaration, any testimony that I may provide, or the
`
`ultimate outcome of this litigation.
`4.
`I am currently the Chief Scientist at Artema Labs, a crypto startup concerned with
`
`the security and confidentiality of digital representations of ownership. My research relates to how
`
`to make online transfers of ownership secure against abuses of various types, among other things.
`
`5.
`
`I have founded or co-founded several successful computer security companies. I
`
`am the CEO at ZapFraud, a cybersecurity company that develops techniques to detect deceptive
`
`emails, such as Business Email Compromise emails. At ZapFraud, my re search studies and
`
`addresses abuse, including social engineering, malware and privacy intrusions. My work
`
`primarily
`
`2
`
`Patent Owner Exhibit 2014, Page 2 of 50
`
`

`

`
`
`involves identifying risks, developing protocols and user experiences, and evaluating the security
`
`of proposed approaches.
`
`6.
`
`I am also the founder of Carbyne Biometrics, a biometric authentication company;
`
`Secure Technology, a target advertising company; RavenWhite Security, a device authentication
`
`company; FatSkunk, a mobile malware detection company (acquired by Qualcomm in 2013);
`
`Extricatus, a security consulting company (now defunct); CSExpert, a security consulting
`
`company; and RightQuestion, a telecom security company.
`
`7.
`
`I received a Master of Science degree in Computer Engineering from the Lund
`
`Institute of Technology in Sweden in 1993, a Master of Science degree in Computer Science from
`
`the University of California at San Diego in 1994, and a Ph.D. in Computer Science from the
`
`University of California at San Diego in 1997, specializing in Cryptography. During and after my
`
`Ph.D. studies, I was also a Researcher at the San Diego Supercomputer Center, where I did research
`
`on authentication and privacy.
`
`8.
`
`From 1997 to 2001, I was a Member of Technical Staff at Bell Labs, where I did
`
`research on authentication, privacy, multi-party computation, contract exchange, digital commerce
`
`including crypto payments, and fraud detection and prevention. From 2001 to 2004, I was a
`
`Principal Research Scientist at RSA Labs, where I worked on predicting future fraud scenarios in
`
`commerce and authentication and developed solutions to those problems. During that time I
`
`predicted the rise of what later became known as phishing. I was also an Adjunct Associate
`
`Professor in the Computer Science department at New York University from 2002 to 2004, where
`
`I taught cryptographic protocols.
`
`9.
`
`From 2004 to 2016, I held a faculty position at the Indiana University at
`
`Bloomington, first as an Associate Professor of Computer Science, Associate Professor of
`
`
`
`3
`
`Patent Owner Exhibit 2014, Page 3 of 50
`
`

`

`
`
`Informatics, Associate Professor of Cognitive Science, and Associate Director of the Center for
`
`Applied Cybersecurity Research (CACR) from 2004 to 2008; and then as an Adjunct Associate
`
`Professor from 2008 to 2016. I was the most senior security researcher at Indiana University, where
`
`I built a research group focused on online fraud and countermeasures, resulting in over 50
`
`publications and two books.
`
`10. While a professor at Indiana University, I was also employed by Xerox PARC,
`
`PayPal, and Qualcomm to provide thought leadership to their security groups. I was a Principal
`
`Scientist at Xerox PARC from 2008 to 2010, a Director and Principal Scientist of Consumer
`
`Security at PayPal from 2010 to 2013, a Senior Director at Qualcomm from 2013 to 2015, Chief
`
`Scientist at Agari from 2016 to 2018, Chief of Security and Data Analytics at Amber Solutions
`
`from 2018 to 2020, and Chief Scientist at ByteDance from 2020 to 2021.
`
`11.
`
`Agari is a cybersecurity company that develops and commercializes technology to
`
`protect enterprises, their partners and customers from advanced email phishing attacks. At Agari,
`
`my research studied and addressed trends in online fraud, especially as related to email, including
`
`problems such as Business Email Compromise, Ransomware, and other abuses based on social
`
`engineering and identity deception. My work primarily involved identifying trends in fraud and
`
`computing before they affected the market, and developing and testing countermeasures, including
`
`technological countermeasures, user interaction and education.
`
`12.
`
`Amber Solutions is a cybersecurity company that develops home and office
`
`automation technologies. At Amber Solutions, my research addressed confidentiality, user
`
`interfaces and authentication techniques in the context of ubiquitous and wearable computing, and
`
`involved the tracking of users, for purposes of personalization and emergency response, using
`
`wireless technologies such as Bluetooth and Bluetooth Low Energy (BLE).
`
`
`
`4
`
`Patent Owner Exhibit 2014, Page 4 of 50
`
`

`

`
`
`13.
`
`ByteDance is a media company concerned with secure processing of data, and is
`
`the owner of TikTok. At ByteDance, my research addressed fraud prevention, confidentiality, user
`
`interfaces and authentication techniques in the context of the many products offered by ByteDance.
`
`14.
`
`I have additionally served as a member of the fraud advisory board at LifeLock (an
`
`identity theft protection company); a member of the technical advisory board at CellFony (a mobile
`
`security company); a member of the technical advisory board at PopGiro (a user reputation
`
`company); a member of the technical advisory board at MobiSocial dba Omlet (a social
`
`networking company); and a member of the technical advisory board at Cequence Security (an
`
`anti-fraud company, previously named Stealth Security). I have provided anti-fraud consulting to
`
`KommuneData (a Danish government entity), J.P. Morgan Chase, PayPal, Boku, and Western
`
`Union.
`
`15.
`
`I have authored six books and over 100 peer-reviewed publications, and have been
`
`a named inventor on over 300 patents and patent applications.
`
`16. My work has included research in the area of applied security, mobile security,
`
`cryptographic protocols, authentication, malware, social engineering, usability and fraud.
`
`17.
`
`I have been engaged as a technical expert in over 75 computer-related cases,
`
`including numerous cases involving Internet security, mobile security, encryption and/or
`
`authentication.
`
`III.
`
`SUMMARY OF OPINIONS
`
`18.
`
`As discussed in detail below, I do not believe the terms “RDC communicating
`
`wirelessly with [] at least one external device within [a] proximity zone”, “integrated, wireless
`
`communication interface communicating wirelessly with [] at least one external device within [a]
`
`proximity zone”, “local, secured information stored by [] integrated, secure memory”, and
`
`“enablement signal” are understood by person of ordinary skill in the art to have a sufficiently
`
`
`
`5
`
`Patent Owner Exhibit 2014, Page 5 of 50
`
`

`

`
`
`definite meaning as the names of structures for “enabling one or more of an application, a function
`
`and service.” The terms, rather, connote the general and generic abilities of general purposes
`
`computers or are a completely meaningless nonce defined only by the intended action to be
`
`performed. Absent a control logic or some other type of algorithm executed by a controller or
`
`another type of processor, there would be no structure for the foregoing to perform the function of
`
`“enabling one or more of an application, a function and a service.” The shared specification of the
`
`289 and 960 Patents discloses a control logic that can be used by an “RDC,” “wireless
`
`communication interface,” and “local, secured information” to “enable one or more of an
`
`application, a function and service.” The same control logic generates “an enablement signal
`
`enabling one or more of an application, a function and a service.” Consequently, absent the control
`
`logic disclosed in the shared specification, the claims of the 289 and 960 Patents would be
`
`meaningless.
`
`IV. UNDERSTANDING OF LEGAL PRINCIPLES
`
`19.
`
`I have been advised on certain legal principles as they relate to forming my opinions
`
`presented herein. I set forth my understanding below.
`
`A. Claim Construction
`
`20.
`
`I understand that claims terms should be accorded the plain and ordinary meaning
`
`they would be ascribed by a person of ordinary skill in the art as of the effective filing date of the
`
`application for the patent at issue.
`
`21.
`
`Generally speaking, I understand that to ascertain the meaning of a claim term, one
`
`of ordinary skill in the art primarily looks at intrinsic evidence, such as the words of the claims
`
`themselves, the specification, and the prosecution history. I understand that certain types of
`
`extrinsic evidence—such as general purpose and scientific dictionaries, relevant scientific
`
`principles, and references illustrating the meaning of technical terms and the state of the art—may
`
`
`
`6
`
`Patent Owner Exhibit 2014, Page 6 of 50
`
`

`

`
`
`also be relevant to claim construction.
`
`22.
`
`I further understand that a patentee may choose to define a term differently than the
`
`term’s plain and ordinary meaning in the art and that, under such circumstances, the patentee’s
`
`own definition controls. Additionally, a claim term is not entitled to its plain and ordinary meaning
`
`in the art when the patentee has expressly disclaimed the scope under such plain and ordinary
`
`meaning through descriptions in the specifications or statements made during prosecution of the
`
`patent applications.
`
`23.
`
`I have been informed that a person of ordinary skill in the art is deemed to read a
`
`claim term not only in the context of the particular claim in which the term appears, but also in the
`
`context of the entire patent, including the specification, other claims, and prosecution history.
`
`24.
`
`I further understand that when a claim term recites a function performed by a
`
`general-purpose computer, the corresponding structure is the computer as programmed to perform
`
`an algorithm, such as a control logic, disclosed in the patent for performing the function.
`
`25.
`
`I understand that a dependent claim is a claim that incorporates by reference all
`
`limitations of its independent claim and of any intervening claims. As a general guideline, the
`
`scope of a dependent claim is narrower than that of its independent claim.
`
`26.
`
`For the purpose of my opinions expressed herein, I have been asked to assume the
`
`289 and 960 Patents have an effective filing date of December 6, 2007, which is the filing date of
`
`U.S. Provisional Application No. 60/992,953 to which both Patents claim priority.
`
`B. Person of Ordinary Skill in the Art
`
`27. When interpreting a patent, I understand that it is important to view the disclosure
`
`and claims of that patent from the level of a person of ordinary skill in the relevant art at the time
`
`of the invention. My opinion of the level of ordinary skill in the art of the Asserted Patents is based
`
`on my personal experience working in the fields of electrical engineering and computer science,
`
`
`
`7
`
`Patent Owner Exhibit 2014, Page 7 of 50
`
`

`

`
`
`my knowledge of colleagues and others working in those fields as of and for several years prior to
`
`the applicable time frame applicable to each of those patents, my study of those patents and their
`
`file histories, and my knowledge of:
`
`• The level of education and experience of persons actively working in the above fields
`
`at the time the subject matter at issue was developed;
`
`• The types of problems encountered in the art at the time the subject matter was
`
`developed;
`
`• The rapidity with which innovations are made in those fields;
`
`• Prior art patents and publications;
`
`• The activities of others working in those fields;
`
`• Prior art solutions to the problems addressed by the relevant art; and
`
`• The sophistication of the technology at issue in this case.
`
`28.
`
`I have also been informed that these factors are not exhaustive and are merely a
`
`useful guide to determining the level of ordinary skill in the art.
`
`29. With those factors in mind, in my opinion a Person of Ordinary Skill in the Art
`
`(“POSITA”) with respect to the 289 and 960 Patents would have been a person with a Bachelor of
`
`Science degree in Computer Science, Computer Engineering, or a related discipline, and two years
`
`of experience in designing, developing, implementing, and/or deploying systems or applications
`
`on portable computing devices such as mobile phones and laptops, including programming of
`
`software and/or firmware for such devices.
`
`V.
`
`OVERVIEW OF THE 289 AND 960 PATENTS
`
`30.
`
`The 289 and 960 Patents disclose and claim a technical improvement to solve a
`
`technical problem of not being able to expand proximity systems to new and third-party
`
`
`
`8
`
`Patent Owner Exhibit 2014, Page 8 of 50
`
`

`

`
`
`applications, by providing a novel control logic allowing memory to be used as secured local
`
`storage for external applications. The technical problem is highlighted in the Background sections
`
`of the 289 and 960 Patents:
`
`However, most proximity systems and location tracking systems
`have limited capabilities. Typically, the proximity sensor, RFID tag
`or similar device is a dumb device, in the sense that the device is
`designed and has the capability only to report its location. For
`example, such devices typically do not have the capabilities to run
`different applications or to even interact with different applications.
`Furthermore, these systems typically are proprietary and narrowly
`tailored for a specific situation, thus preventing easy expandability
`to other situations or third party applications.
`
`289 Patent, 2:11-20; 960 Patent, 2:19-28.
`
`31.
`
`The 289 and 960 Patents disclose a novel control logic solving the above problem.
`
`The control logic controls “service blocks” within device memory:
`
`The memory 210 also stores the various service blocks 112A-N…
`In other cases, the issuer may allow any third party service 120 to
`use available service blocks 112. If a new service block is created,
`then memory for that service block is allocated.., Regardless of how
`created, once created, external applications (such as applications
`120 in FIG. 1) can gain access to a specific service block 112 by
`proving the corresponding access key 118.
`
`289 Patent, 6:42-60; 960 Patent, 6:49-67.
`
`32.
`
`The control logic controlling the service blocks allows for isolated storage and
`
`selection of different credentials for different applications. This provides improved data security,
`
`as a breach in one third-party application would not affect the keys used by other applications.
`
`This is detailed, for example, with reference to Fig 6 (reproduced below):
`
`
`
`9
`
`Patent Owner Exhibit 2014, Page 9 of 50
`
`

`

`
`
`Also shown is a device 510Y with two applications 120Y1 and
`120Y2, each of which accesses a different service block. In some
`cases, the first application 120Y1 is enabled from a first service
`block 112C, thus allowing a second application 120Y2 to operate
`using a second service block 112F (although the two applications
`need not be on the same device 510.
`
`289 Patent, 6:42-60; 960 Patent, 6:49-67.
`
`
`
`33.
`
`The 289 and 960 Patents further detail how the control logic may be utilized in
`
`various general-purpose computers, such as cell phones, servers, personal computers, and credit
`
`card terminals. For example, again with reference to Fig. 6, the 289 and 960 Patents detail the
`
`simultaneous use of the control logic by different applications as a user accesses the website of his
`
`credit card provider:
`
`[T]he first application 120Y1 might be the auto login/logoff, where
`a user logs in to a personal computer via a service block 112C that
`provides a username and password. Now that the user is logged in,
`the user wishes to attach to his credit card company. The user types
`in the web address of the credit card provider, where the credit card
`provider requests the user's credentials. First, the user may have to
`provide
`some
`live
`biometric
`information.
`
`
`
`10
`
`Patent Owner Exhibit 2014, Page 10 of 50
`
`

`

`
`
`Application 120Y2 compares this against a biometric stored in a
`second service block 112F on the PDK. After the sensor 108Y
`verifies the correct biometrics, the sensor indicates to the PDK that
`external services may now access their service blocks. The credit
`card provider 120Z1 then sends its service block access key 118A
`to the PDK where this third service block 112A is retrieved and sent
`back to the credit card issuer. The credit card issuer then verifies the
`data and authorizes the user's transaction.
`
`289 Patent, 9:43-63; 960 Patent, 9:56-10:3.
`
`34.
`
`As the above illustrates, when implemented, the control logic generates an
`
`enablement signal enabling one or more of an application, a function and a service by having the
`
`application, function or service to be enabled authenticate by exchanging an access key for the
`
`ability to store, retrieve and/or modify data in a service block of local secured memory.
`
`VI. CLAIMS AT ISSUE
`
`35.
`
`I understand the Petitioner is challenging is challenging claims 1-20 of the 289
`
`Patent and claims 1-20 of the 960 Patent. Claims 1 and 14 of the 289 Patent are independent
`
`claims. Likewise, claims 1 and 14 of the 960 Patent are independent claims.
`
`VII. THE CLAIMS FAIL TO RECITE A STRUCTURE FOR ENABLING ONE OR
`MORE OF AN APPLICATION, A FUNCATION AND A SERVICE
`
`36.
`
`Having reviewed the challenged claims and the shared specification of the 289 and
`
`960 Patents, it is my opinion that the structures recited for performing the function of “enabling
`
`one or more of an application, a function and a service” recited in claims 1 and 14 of the 289 Patent
`
`and claims 1 and 14 of the 960 Patent are not used in common parlance or by persons of skill in
`
`the pertinent art to designate structure or a class of structures recognized for performing the
`
`function. Rather, the structure “local, secured information stored by the integrated, secure
`
`memory,” recited it claims 1 of the 289 Patent and claim 1 of the 960, is nothing more than a
`
`
`
`11
`
`Patent Owner Exhibit 2014, Page 11 of 50
`
`

`

`
`
`computer readable media providing the general and generic ability of general-purpose computers
`
`to securely store information within tamper-proof memory. Likewise, the “integrated wireless
`
`communication interface communicating wirelessly with the at least one external device within a
`
`proximity zone,” recited in claim 1 of the 960 Patent, is nothing more the general ability of general-
`
`purpose computers to receive data using standards protocols such a Bluetooth, Wi-Fi, and the like.
`
`Similarly, the “integrated RDC communicating wirelessly with the at least one external device
`
`within the proximity zone,” recited in claim 1 of the 289 Patent, is nothing more than the general
`
`ability of general-purpose computers to decode encrypted data received via Bluetooth, Wi-Fi, and
`
`similar connection. Finally, the “enablement signal,” recited in claim 14 of the 289 Patent and
`
`claim 14 of the 960 Patent, is a completely meaningless nonce defined only by the intended action
`
`to be performed.
`
`A. Local, Secured Information Stored by the Integrated, Secure Memory
`
`37.
`
`On its face, the term “local, secured information stored by the integrated, secure
`
`memory” recites nothing more than a computer readable media providing the general and generic
`
`ability of general-purpose computers to securely store information within tamper-proof memory.
`
`This ability is commonly employed within computers to securely store data at rest. However, the
`
`secure storage of data does not provide a structure for “enabling one or more of an application, a
`
`function and a service.” Instead, an algorithm or control logic defining how the data is to be
`
`accessed and made usable to application, function, or service would be required. Such an
`
`algorithm is provided within the shared specification of the 289 and 960 Patents.
`
`38.
`
`One instance of the algorithm is provided within the definition of “local secured
`
`information” provided in the shared specification:
`
`“The service block access keys 118 allow the sensor 108 to unlock
`information stored in the corresponding service blocks 112, which
`
`
`
`12
`
`Patent Owner Exhibit 2014, Page 12 of 50
`
`

`

`
`
`information is used as local secured information.”
`
`289 Patent, 3:45-50; 960 Patent, 3:54-57 (emphasis added).
`
`39.
`
`The shared specification explicitly defines “local secured information” with an
`
`algorithm. Per the algorithm, an “access key” is exchanged to “unlock information stored within
`
`a service block.” Accordingly, local, secured information is defined in the specification as
`
`information unlocked in exchange for an access key.
`
`40.
`
`The algorithm defining “local, secured information” is repeated in the shared
`
`specification with reference to “control logic 250,” again clarifying that it means information
`
`unlocked (made accessible) in exchange for (by proving) an access key.
`
`[O]nce created, external applications (such as applications 120 in
`FIG. 1) can gain access to a specific service block 112 by proving
`the corresponding access key 118. In FIG. 2, this is shown
`conceptually by control logic 250.
`
`289 Patent, 6:57-62; 960 Patent, 6:64-7:1.
`
`41.
`
`After summarizing the operation of algorithm of control logic 250 as “external
`
`applications (such as applications 120 in FIG. 1) can gain access to a specific service block 112 by
`
`proving the corresponding access key 118,” the shared specification goes on to state:
`
`The wireless application provides a service block select 226 and a
`
`service block access key 118 in order to store, retrieve and/or
`
`modify data in a service block 112. The selector 252 selects a service
`
`block 112 based on the select signal 226 and the access key 118.…
`
`In an alternate method, the service block 112 may be selected based
`
`on the service block access key 118, eliminating the need for a
`
`separate select signal 226.”
`
`
`
`13
`
`Patent Owner Exhibit 2014, Page 13 of 50
`
`

`

`
`
`289 Patent, 6:63-7:6; 960 Patent, 7:3-13.
`
`
`
`42.
`
`The operation of the algorithm of control logic 250 is graphically represented in the
`
`above figure. When executed, the algorithm exchanges an “access key” provided by an application
`
`for the information held within “service block”. The detailed function of the “access key” is
`
`consistent with its plain and ordinary meaning. “Access” means “[t]o store data on and retrieve
`
`data from a disk or other peripheral device.” The algorithm thus describes exchanging an access
`
`key provided by an application to retrieve, store and/or modify data. A POSITA would recognize
`
`that this as being similar to a database key, which along with an access control mechanism is a key
`
`used to determine what records of the database to allow access to. Such keys are also referred to
`
`
`
`14
`
`Patent Owner Exhibit 2014, Page 14 of 50
`
`

`

`
`
`as “data access keys,” or as in the specification of the 289 and 960 patents, simply “access keys”.
`
`43.
`
`The algorithm is further repeated in the shared specification with reference to
`
`Figures 1 and 4-6. With reference to Figure 1, the shared specification details use of the algorithm
`
`in which an access key held by an external application is exchanged to unlock biometric
`
`information held within a service block to enable function of biometric authentication.
`
`In one example, a biometric is required in order to access specific
`service blocks 112 in the PDK102. Verification of the biometric is
`achieved by using service block 112A. The sensor 108 stores the
`corresponding service block access key 118A and uses this key to
`unlock the biometric service block 112A, which stores a valid
`biometric. A current biometric is received using biometric input
`104. The sensor 108 then verifies the stored biometric (from service
`block 112A) against the recently acquired biometric (from input
`104). Upon proper Verification, various applications 120 are per
`mitted to connect to the PDK102 via the sensor 108 and/or to gain
`access to other service blocks 112.
`
`The system 100 can be used to address applications 120 where it is
`important to authenticate an individual for use. Generally, the sensor
`108 wirelessly receives information stored in the PDK 102 that
`uniquely identifies the PDK 102 and the individual carrying the
`PDK102. The sensor 108 can also receive a biometric input 104
`from the individual. Based on the received information, the sensor
`108 determines if access to the application 120 should be granted.
`In this example, the system 100 provides authentication without the
`need for PINs or passwords (although PINs and passwords may be
`used in other implementations).”
`
`289 Patent, 3:51-4:6; 960 Patent 3:58-4:13.
`
`44.
`
`The flow of such a process is shown in the figure below.
`
`
`
`15
`
`Patent Owner Exhibit 2014, Page 15 of 50
`
`

`

`
`
`45.
`
`As the above shows, the biometric authentication by sensor 108 is enabled by the
`
`sensor exchanging an access key to unlock and retrieve a biometric held within a service block.
`
`46. With reference to Figure 4, the shared specification details how the algorithm of
`
`exchanging an access to retrieve information held within service block enables an auto login/logoff
`
`
`
`application.
`
`An example of a local application (FIG. 4) is an auto login/logoff of
`a personal computer. When a PDK 102 is within the proximity of
`
`
`
`16
`
`Patent Owner Exhibit 2014, Page 16 of 50
`
`

`

`
`
`the personal computer 510, the PDK 102 is detected and the sensor
`108 attaches to the PDK 102 (using service block112A). The
`login/logoff application 120 then sends the service block access key
`118B along with a request for the contents of the service block 112B
`to the PDK 102 via the sensor 108. For example, a standard may
`specify that particular service block 112B contains username and
`password. These are returned to the application 120, allowing
`automatic login to the personal computer 510
`
`289 Patent, 8:55-65; 960 Patent, 8:62-9:5
`
`47.
`
`The flow is shown in the figure below.
`
`48.
`
`The flow begins by “the sensor 108 attach[ing] to the PDK 102 within its microcell,
`
`
`
`
`
`17
`
`Patent Owner Exhibit 2014, Page 17 of 50
`
`

`

`
`
`using the service block access key 118(A) and service block 112(A).” While this entails the
`
`exchange of an access key 118(A) for a derivation of information held within the service block
`
`112(A), such a session key generated from the access key, it does not enable the login/logoff
`
`application 120. Rather, it merely creates a wireless link between the sensor 108 and the PDK 102
`
`facilitating wireless communication between the sensor 108 and PDK 102. As the example makes
`
`clear, the link itself does not enable login/logoff application 120 because subsequent steps are
`
`required after establishing wireless communication between sensor 108 and PDK 102. Rather,
`
`application 120 is not enabled until it exchanges an access key 118(B) to unlock and retrieve a
`
`username and password held within service block 112(B).
`
`49.
`
`The shared specification also details how the algorithm of exchanging an access to
`
`retrieve information held within a service block enables service of using a credit card to purchase
`
`goods. With reference to Figure 5, the shared specification states:
`
`An example of a remote application (FIG.5) is a credit card
`transaction. The sensor 108 in this case could be a credit card
`terminal. When the PDK 102 is brought in close proximity, the
`credit card terminal 108 attaches to the PDK 102 (using service
`block112A). The terminal 108 then sends the PDKID 212 to the
`credit card issuer (the external service) for identification. The credit
`card issuer may then send a service block access key 118B back to
`the sensor 108, where it is passed on to the PDK102 to unlock a
`specific service block 112B. The contents of the service block 112B
`could then be sent back to the credit card issuer where further
`decryption could occur and the credit cardholder could be verified.
`Once verified, the credit card terminal displays that the transaction
`is approved.
`
`289 Patent, 8:66-9:12; 960 Patent, 9:6-19.
`
`
`
`18
`
`Patent Owner Exhibit 2014, Page 18 of 50
`
`

`

`
`
`figure.
`
`50.
`
`The flow for enabling the service of charging a credit card is shown in the below
`
`
`
`51.
`
`As with the enabling login/logoff application 120, the flow begins by “credit card
`
`terminal 108 attach[ing] to the PDK 102 (suing service block 112A).” While this entails the
`
`exchange of an access key 118(A) for a derivation of information held within the service block
`
`112(A), such a session key generated from the access key, it does not enable the service of using
`
`the credit card to complete the transaction. Rather, it merely creates a wireless link between the
`
`credit card terminal 108 and the PDK 102 facilitating wireless communication between the credit
`
`card terminal 108 and PDK 102. As the example makes clear, the link itself does not enable service
`
`of charging the credit card because subsequent steps are required after establishing wireless
`
`
`
`19
`
`Patent Owner Exhibit 2014, Page 19 of 50
`
`

`

`
`
`communication between credit card terminal 108 and PDK 102. Rather, the service of charging
`
`the credit card is not enabled until credit card issuer sends an access key 118B to unlock and
`
`retrieve the contents of service block 112B.
`
`52.
`
`“FIGS. 4 and 5 illustrate a basic case where a single application accesses a single
`
`service block on a single PDK via a single sensor.” 289 Patent, 9:20-22; 960 Patent, 9:27-29.
`
`However, as noted above, the algorithm of control logic 250 defining local, secured memory is not
`
`limited to use with single applications. Rather, as detailed with reference Figure 6, the algorithm
`
`can be used with multiple applications, sensors, and service blocks.
`
`FIG. 6 illustrates a case with multiple applications, sensors, and
`service blocks. This illustrates the sharing of service blocks. As
`shown, service blocks may be limited to a single service or source
`or may be shared across multiple services and Sources. A service
`block 112 is a protected memory element which allows an
`application 120 with the right credentials to access it. In this
`example, applications 120W. 120X and 120Y1 can each access
`service block 112C since each application has access to service
`block access key 118C. Similarly, applications 120V, 120Z2 and
`120Z3 can each access service block 112B. Although not shown in
`FIG. 6, it is also possible for an application to access more than one
`service block. FIG. 6 also shows a situation where applications
`120Z1-3 running on different devices 510Z1-3 all access the PDK
`102 through the same sensor 108Z. Each sensor 108 covers a certain
`proximity Zone (i.e., microcell). The presence of the PDK 102
`within a microcell indicates proximity of the PDK to that particular
`sensor.
`
`Also shown is a device 510Y with two applications 120Y1 and
`120Y2, each of which accesses