`Tel: 571-272-7822
`
`Paper 19
`Entered: March 23, 2018
`
`UNITED STATES PATENT AND TRADEMARK OFFICE
`
`BEFORE THE PATENT TRIAL AND APPEAL BOARD
`
`UNIFIED PATENTSINC.,
`Petitioner,
`
`V.
`
`TEXTILE COMPUTER SYSTEMS, INC.,
`Patent Owner.
`
`Case IPR2017-00296
`Patent 8,505,079 B2
`
`Before JUSTIN T. ARBES, STACEY G. WHITE, and
`SCOTT B. HOWARD,Administrative Patent Judges.
`
`HOWARD,Administrative Patent Judge.
`
`FINAL WRITTEN DECISION
`35 U.S.C. § 318(a) and 37 CFR. § 42.73
`
`
`
`IPR2017-00296
`Patent 8,505,079 B2
`
`I.
`
`INTRODUCTION
`
`Unified Patents Inc. (“Petitioner”) filed a Petition (Paper2, “‘Pet.”) to
`
`institute an inter partes review ofclaims 1, 3, 6-9, 11, 13, and 16-19 of US.
`Patent No. 8,505,079 B2 (Ex. 1001, “the ’079 patent’) pursuant to 35 U.S.C.
`
`§§ 311-19. Textile Computer Systems, Inc. (“Patent Owner”)filed a Patent
`OwnerPreliminary Response. Paper8 (Prelim. Resp.”). We instituted an
`inter partes review ofclaims 1, 3, 6-9, 11, 13, and 16-19 on certain grounds
`
`of unpatentability alleged in the Petition (Paper 9, “Dec.”).
`
`Afterinstitution of trial, Patent Owner filed a Patent Owner Response
`
`(Paper 13, “PO Resp.’”). Petitioner filed a Reply (Paper 17, “Reply”).
`Neither Patent OwnernorPetitioner requested an oral hearing. See
`
`Paper18.
`The Boardhasjurisdiction under 35 U.S.C. § 6(b). This Final Written
`Decision is entered pursuant to 35 U.S.C. § 318(a) as to the patentability of
`the claims for which weinstituted trial. For the reasons that follow, we
`
`conclude that Petitioner has not demonstrated by a preponderanceofthe
`
`evidence that claims 1, 3, 6-9, 11, 13, and 16-19 of the ’079 patent are
`
`unpalentable.
`
`Il.
`
`BACKGROUND
`
`Related Proceedings
`A.
`Theparties identify the following former proceedings' involving the
`"079 patent: Textile Comp. Sys., Inc. v. Fort Worth City Credit Union, No.
`2:16-cv-01048 (E.D. Tex.); Textile Comp. Sys., Inc. v. Sabine Fed. Credit
`
`Union, No. 2:16-cv-01047 (E.D. Tex.); and Textile Comp. Sys., Inc. v.
`
`! We take notice that all of the cases have settled.
`
`
`
`IPR2017-00296
`Patent 8,505,079 B2
`
`E. Tex. Prof’l Credit Union, No. 2:16-cv-00702 (E.D. Tex.). Pet..73;
`
`Paper4, 1.
`
`B.
`
`The ’079 Patent
`
`The ’079 patent “relates to security protocols for use in securing
`and/or restricting access to personal other confidential information, physical
`
`locations and the like.” Ex. 1001, 1:6-8. According to the ’079 patent, the
`
`protection of personal information “is of ever increasing concern” and has
`led to the use of “various security protocols employedforthe protection of
`such resources,” which “almost universally include[] some means for
`
`authenticating the identity of a person, entity, device or the like attempting
`to gain access to a secured resource.” Jd. at 1:16-28. However,“a security
`breach in connection with a single secured resource may jeopardize the
`
`security of all other secured resources.” Jd. at 1:42—44.
`The ’079 patent is directed to improving “the prior art by providing a
`system and related method by which authentication may be more securely
`conducted.” Jd. at 1:45-4Y. ‘he ’U'/Y patent provides “a system andrelated
`methodthatis robust in specific implementation and readily usable” and “‘is
`economical in implementation and therefore readily accessible to virtually
`
`any application.” Jd. at 1:49-56.
`The invention disclosed in the 079 patent is a transaction protocol
`between three parties—the end user (for cxample, a purchaserof an item), a
`service client (for example, a seller of goodsor services), and a service
`provider (for example, a credit card processor)—thatis conducted with six
`messaging steps. See, e.g., id. at Figs. 1, 4, 1:60-2:7, 2:27-38, 4:15-47,
`7:14-8:3. Figure 4 of the ’079 patent, as annotated by Petitioner (Pet. 3), is
`
`shownbelow:
`
`
`
`t
`
`:
`
`‘;' 1
`
`generate
`Authorization Request
`
`Authorization Request
`
`IPR2017-00296
`Patent 8,505,079 B2
`
`|_provide Request Data |
`
`|
`
`
`
`Po
`
`
`
`
`
`generale
`Confirmation
`
`
`
`
`
`
`
`provide Credential
`
`
`
`forward Credential
`
`evaluate
`Curdunitial
`
`Figure 4 shows“various interactions [that] generally take place during the
`operation of the authentication system and method ofthe present invention”
`(Ex. 1001, 3:15-17) in which the six ditferent messaging steps are color
`coded based on the sender—bluefor the service client, yellow for the end
`
`user, and green forthe service provider (see Pet. 2-4).
`
`
`
`IPR2017-00296
`Patent 8,505,079 B2
`
`First, the service client sends data that will be used to generate a
`
`request to the end user. Ex. 1001, Fig. 4, 5:35-45. Second,the end user
`sends a request based on the received data to the service provider.
`/d.at Fig.
`
`4, 5:45-49. Oncethe service provider receives the message,it “determines
`
`whether the end user 34 making the request is authorized or otherwise
`
`permitted to make use of the authentication system 30.” Jd. at 5:50—54; see
`also id. at 13:34-53. The system will continue only if the service provider
`
`authenticates the identity of the end user; otherwise, it will terminate. Id. at
`
`5:54—60, 13:34-53. The ’079 patent states that a critical aspect of the
`present invention is preventing the service client from having accessto the
`commonidentifier of the secured resource that can be used to gain accessto
`
`the secured resource without again gaining authorization from the end user:
`
`In a critical aspect of the authentication system 30 and
`method 46 of the present
`invention, an additional security
`measure is implemented by requiring that the service client 33 be
`restricted from access to the commonidentifier for the secured
`resource, e.g. the account numberfor a credit card or financial
`deposit account; the Social Security Number of a patient; the
`account number of an ATM card; orthe like. ...
`
`In accordance with a critical aspect ofthe present invention,
`however, the automobile fueling station, restaurant or on-line
`retailer cannot be provided with or otherwise be made aware of
`either the consumer’s credit card or checking account number
`and also mustnot be given any information that would allow the
`automobile fueling station, restaurant or on-line retailer to repeat
`the transaction without again obtaining authorization from the
`consumer.
`
`Id. at 8:4—10, 10:29-36 (emphases added); see also id. at 7:14-46
`(emphasizing the importance ofrestricting the service client from having full
`
`access to the secured resource).
`
`
`
`IPR2017-00296
`Patent 8,505,079 B2
`
`Third, after the service provider determinesthat the end useris
`
`authorized to access a secured resource, the service provider sends a
`
`confirmation back to the end user. Jd. at Fig. 4, 6:12-18. Fourth, the end
`
`user sends an authorization credential to the service client, which will allow
`
`limited access to the secured resource. /d. at Fig. 4, 6:18-21, 6:45—7:3.
`
`Fifth, the service client sends a messageto the service provider with the
`
`authentication credential. Jd. at Fig. 4, 6:45—7:3. Sixth, after confirming the
`authentication credential, the service provider sendsthe serviceclientthe
`
`secured resource.
`
`/d. at Fig. 4, 7:4-13, 16:16—40.
`
`The Challenged Claims
`C.
`Weinstituted trial on claims 1, 3, 6-9, 11, 13, and 16-19. Claims1
`
`and 11 are independent claims. Claim1is illustrative of the challenged
`
`claims and is reproduced below:
`1.
`Anauthentication system for authenticating the identity of
`a requester of access by an unauthorized service client to a
`secured resource, said authentication system comprising:
`a messaging gateway havingafirst set of instructions embodied
`in a computer readable medium,said first set of instructions
`operable to receive from a requester purporting to be an
`authorized user of a secured resource a request for access by an
`unauthorized service client to said secured resource;
`
`a server in secure communication with said messaging gateway,
`said server having a second set of instructions embodied in a
`computer readable medium operable to determine a key string
`knownto both said secured resource and the authorized user said
`requestor purports to be, said key string being adaptedto provide
`a basis for authenticating the identity of said requester;
`a service user interface in communication with said server, said
`service user interface having a third set of instructions embodied
`in a computer readable medium operable to receive input from
`said unauthorized service client;
`
`
`
`IPR2017-00296
`Patent 8,505,079 B2
`
`wherein said second set of instructions is further operable to
`receive an authentication credential
`from said unauthorized
`service client associated with said request for access, said
`authentication
`credential
`having been provided to
`said
`unauthorized service client by said requestor; and
`
`wherein said second set of instructions is further operable to
`evaluate said authentication credential
`to authenticate the
`identity of said requester.
`
`Id. at 17:28-57.
`
`D._Instituted Grounds ofUnpatentability
`We instituted inter partes review ofclaim 1, 3, 6-9, 11, 13, and 16-19
`
`
`
`Johnson? and Stambaugh? § 103(a)|1, 6, 7, 9, 11, 16, 17, and 19
`
`
`Johnson, Stambaugh, and Sellars’|§ 103(a)|3, 8, 13, and 18
`
`
`
`
`of the ’079 patent on the following grounds:
`
`
`
`In support ofits challenge, Petitioner relies on the Declaration of
`Stephen Craig Mott (Ex. 1007). Patent Ownerrelies on the Declaration of
`
`Richard Oglesby (Ex. 2004).
`
`* The Leahy-Smith America Invents Act (“ATA”) included revisions to 35
`U.S.C. § 100 et seq. effective on March 16, 2013. Because the ’079 patent
`issued from an application filed before March 16, 2013, we apply the pre-
`AIAversionsofthe statutory bases for unpatentability.
`3 U.S. Patent Application Publication No. 2006/0235796 A1 (publ. Oct. 19,
`2006) (Ex. 1004, “Johnson’’).
`4U.S. Putent No. 7,657,489 B2 (issued Feb. 2, 2010) (Ex. 1005,
`““Stambaugh”’).
`5 U.S. Patent Application Publication No. 2006/0173794 A1 (publ. Aug.3,
`2006) (Ex. 1006,“Sellars”).
`
`
`
`IPR2017-00296
`Patent 8,505,079 B2
`
`Il. ANALYSIS
`
`Constitutionality ofInter Partes Review Proceedings
`A,
`As a preliminary matter, Patent Owner arguesthat inter partes review
`proceedings are unconstitutional. PO Resp. 51-55. AsPetitioner points out,
`however, and as Patent Owner admits, “current binding Federal Circuit
`precedentholdsthat inter partes reviews are not unconstitutional.” Reply 26
`(citing MCMPortfolio LLC v. Hewlett-Packard Co., 812 F.3d 1284 (Fed.
`
`Cir. 2015)); see PO Resp. 52.
`
`B.
`
`Claim Construction
`
`In an inter partes review, claim terms in an unexpired patent are
`interpreted accordingto their broadest reasonable constructionin light of the
`specification of the patent in which they appear. 37 C.F.R. § 42.100(b);
`Cuozzo Speed Techs., LLC v. Lee, 136 S. Ct. 2131, 2142-46 (2016). We
`interpret claim terms using “the broadest reasonable meaning of the words in
`their ordinary usage as they would be understood by oneofordinary skill in
`the art, taking into account whatever enlightenment by wayofdefinitions or
`otherwise that may be afforded by the written description contained in the
`applicant’s specification.” In re Morris, 127 F.3d 1048, 1054 (Fed.Cir.
`1997). “Under a broadest reasonableinterpretation, words of the claim must
`be given their plain meaning, unless such meaning is inconsistent with the
`specification and prosecution history.” Trivascular, Inc. v. Samuels, 812
`
`F.3d 1056, 1062 (Fed. Cir. 2016).
`There are two exceptions to giving a term its plain meaning: “1)
`whenapatentee sets out a definition and acts as his own lexicographer,” and
`“2) when the patentee disavowsthe full scope of'a claim term eitherin the
`specification or during prosecution.” Thorner v. Sony Computer Entm’t Am.
`
`
`
`IPR2017-00296
`Patent 8,505,079 B2
`
`LLC, 669 F.3d 1362, 1365 (Fed. Cir. 2012). In order to act as a
`
`lexicographer, a patentee must “clearly set forth a definition of the disputed
`claim term” and “clearly express an intent to define the term.” Id.; see also
`
`In re Paulsen, 30 F.3d 1475, 1480 (Fed. Cir. 1994) (holding that an
`
`applicant may act as his own lexicographer by providing a definition of the
`term in the specification with “reasonableclarity, deliberateness, and
`precision”). Similarly, disavowal requires that “the specification [or
`prosecution history] make[ ] clear that the invention does notinclude a
`particular feature.” SciMed Life Sys., Inc. v. Advanced CardiovascularSys.,
`Inc., 242 F.3d 1337, 1341 (Fed. Cir. 2001); see also In re Abbott Diabetes
`Care Inc. 696 F.3d 1142, 1149-50 (Fed.Cir. 2012) (holding that the
`
`broadest reasonable interpretation of the claim was limited when the
`specification “‘repeatedly, consistently, and exclusively’ depict[ed] an
`[embodiment] without external cables or wires while simultaneously
`disparaging sensors with external cables or wires”) (quoting /rdeto Access,
`Inc. v. EchostarSatellite Corp., 383 F.3d 1295, 1303 (Fed. Cir. 2004)).
`Weneed only construe those claim limitations “that are in
`controversy, and only to the extent necessary to resolve the controversy.”
`Vivid Techs., Inc. v. Am. Sci. & Eng’g, Inc., 200 F.3d 795, 803 (Fed. Cir.
`
`1999)).
`Petitioner proposes constructions of three terms: “unauthorized
`service client,” “messaging gateway,”and “key string.” Pet. 13-16. Patent
`Ownerproposesexpress constructionsfor“key string,” “secured resource,”
`and “input.” PO Resp. 25-33. In our Decision on Institution, we construed
`the terms“key string,” “secured resource,” and “input” as follows.
`
`
`
`IPR2017-00296
`Patent 8,505,079 B2
`
`
`
`Broad enough to encompass an ordered
`“key string”
`
`
`
`sequenceof any subset of symbols selected
`from a set of symbols wherein each symbol
`
`
`forming the set may be represented in both a
`
`
`format that may be perceived by an end user
`
`
`and a format that may be recognized by
`
`
`software or hardware and is knownto both
`
`
`
`
`said secured resource and the authorized user
`said requestor purports to be and adapted to
`
`
`provide a basis for authenticating the identity
`
`
`ot said requester.°
`
`
`
`Dec. 8—10
`
` “secured resource”
`
`The claims require the authorized user to
`control access to the secured resource, but do
`
`
`not require the authorized user to otherwise
`
`
`control the secured resource.
`
`
`
`Dec. 10-1 |
`
`
`Broad enough to encompass any type of
`input, including input composedofonly the
`
`
`authentication credential.
`
`
`Dec. 11-12
`
`In its Response, Patent Owner argues that we erred in construing those
`terms. PO Resp. 25-33. For the reasons discussed below, we are persuaded,
`
`6 In our Decision, we declined to limit the key string to one that does not
`reveal the commonidentifier of the secured resource, such as the bank
`accountor credit card number,or any other information that would allow the
`unauthorized service client to gain access to the secured resource without
`again obtaining authorization from the authorized user. Dec. 8-10.
`
`10
`
`
`
`IPR2017-00296
`Patent 8,505,079 B2
`
`with the benefit of the full record before us, to alter our construction of the
`claim term “keystring” as argued by Patent Ownerduringtrial.’
`
`“KeyString”
`1.
`Petitioner asserts that the broadest reasonable construction of “key
`
`string” is broad enough to encompass:
`an ordered sequence of any subset of symbolsselected from a set
`of symbols wherein each symbol forming the set may be
`represented in both a format that may be perceived by an end user
`34 and a format that may be recognized by software or hardware
`that may be used to providea basis for authenticating the identity
`of the requester.
`
`Pet. 16 (citing Ex. 1001, 15:29-36).
`Petitioner further argues that Patent Owner’s attemptto limit the
`scope ofthe claim term is premised on “the claims requir[ing] the ‘key
`string’ to be the sameas the ‘authentication credential.’” Reply 3.
`
`According to Petitioner:
`It is well-established that “a particular embodiment appearing in
`the written description may not be read into a claim when the
`claim language is broader than the embodiment.” SuperGuide
`Corp. v. DirectTV Enters., Inc., 358 F.3d 870, 875 (ed Cir.
`2004). Therefore,
`the Board should reject [Patent Owner’s]
`underlying requirement that the “key string” must necessarily be
`the same as the “authentication credential.” Consequently,
`[Patent Owner’s] criticisms of the Board’s construction should
`
`7 As we noted in our Decision, we had not yet “madeafinal determination
`as to... the construction of any claim term.” Dec. 31. Additionally, during
`trial, Petitioner had the opportunity to—anddid in fact—dispute Patent
`Owner’s claim construction arguments and argue howthe claimsallegedly
`are unpatentable under Patent Owner’s proposed construction. See,e.g.,
`Reply 20-21 (Petitioner argues Johnsonteaches the input limitation of
`claims 1 and 11 undcr Patent Owner’s proposed construction).
`
`ll
`
`
`
`IPR2017-00296
`Patent 8,505,079 B2
`
`be disregarded because they are based on this erroneous
`requirement.
`
`Reply 4.
`Petitioner further argues that thereis no need to construe this
`limitation because “[Patent Owner] does not contend Johnson’s payment
`
`token fails to teach [Patent Owner’s] construction of ‘keystring.’” Jd.
`
`Patent Ownerarguesthat “[t]he Board’s conclusionthat the key string
`
`can include the primary account number(sensitive data element) is contrary
`to the specification.” PO Resp. 26. Relying on the sameportion ofthe
`°079 patent as Petitioner, Patent Owner contendsa “string” is “an ordered
`sequence of any subset of symbols selected from a set of symbols wherein
`each symbolformingthe set may be represented in both a format that may
`be perceived by an end user and a format that may be recognized by
`software or hardware.” Jd. (citing Ex. 1001, 15:29-41). Additionally, based
`
`on various examplesin the 079 patent, Patent Owner contendsa “key
`string” must not only provide a basis for authenticating the identity of the
`end user, but mustalsorestrict access of the commonidentifier for the
`
`secure resource to the service client, such as the merchant:
`
`Thespecification also describes the requirements for the content
`of the key string.
`In particular, the content of the ‘key string’
`must provide a basis to authenticate the identity of the end user
`to the service provider and at the sametimerestrict access to the
`commonidentifier for the secured resource to the service client
`(merchant).
`Id. at 26-27 (citing Ex. 1001, 8:4-10). According to Patent Owner,this
`construction of key string “does not improperly import a limitation of a
`specific embodimentinto the claim but rather reads the term consistently
`with explicit requirement in the specification regarding the content of the
`
`12
`
`
`
`IPR2017-00296
`Patent 8,505,079 B2
`
`key string in practicing the invention.” /d. at 28 (emphasis omitted) (citing
`
`Ex. 2004 4¥ 49-52).
`The ’079 patent contains an express definition of the term “string”:
`
`It is now noted that as used herein a “string” shallfor purposes
`ofthepresentinvention be expressly defined to mean “an ordered
`sequenceof any subset of symbols selected from a set of symbols
`wherein each symbolforming the set may be represented in both
`a format that may be perceived by an end user 34 and a format
`that may be recognized by software or hardware,” e.g. the set of
`all alphabetic and numeric characters in the English language.
`Ex. 1001, 15:29-36 (emphasis added). This express definition describes the
`
`format of a “string” as that term is used in the 079 patent. It does not
`describe, however, the content of the claimed “key string” or how it is used.
`
`As to those aspects, independent claims 1 and 11 require that the keystring
`be “knownto both said secured resource and the authorized usersaid
`
`requestor purports to be” and “adapted to provide a basis for authenticating
`the identity of said requester.” Jd. at 17:40-42, 18:48—53.
`Moreover, based on the complete record, we agree with Patent Owner
`and Mr. Oglesby that the system (claim 1) and method (claim 11) recited in
`the claims must prohibit the service client from accessing a common
`identifier of the secured resource, suchasthe key string used to authenticate
`
`the identity of the end user. See PO Resp. 26-28; Ex. 2004 {ij 50-53.
`Webegin with the words of the claim. The server limitation recited in
`claim 1 and the determininglimitation recited in claim 11 focus on the
`method and apparatus used bythe serverto authenticate the identity of the
`authorized user who is seeking access to the secured resource. Specifically,
`
`13
`
`
`
`IPR2017-00296
`Patent 8,505,079 B2
`
`the first limitation of claim 1° recites a messaging gatewaythat receives a
`
`request from a requester purporting to be the authorized user seeking to
`6
`
`allow an unauthorized service client access to a secured resource:
`
`“a
`
`. receiv[ing] from a requester purporting to be an
`.
`messaging gateway .
`authorized user of a secured resource a request for access by an unauthorized
`
`service client to said secured resource.” Ex. 1001, 17:31-36.
`
`The claim continues by reciting a server in communication with the
`
`messaging gateway that received the request. Jd. at 17:37-43. The server
`includesa set of instructions for “determin[ing] a key string knownto both
`
`[the] secured resource and the authorized user said request[e]r purports to
`be, [the] key string being adaptedto provide a basis for authenticating the
`identity of [the] requester.” Id. As discussed in the Specification,this refers
`to the secured resource(e.g., service provider) determining whetherthe
`
`authorized user is authorized to use the system: “Once a submitted request
`message 84 is received by the service provider 36, the service provider 36
`preferably determines whether the end user 34 making the requestis
`authorized or otherwise permitted to make such use ofthe authentication
`
`system 30.” Jd. at 5:50-54 (emphasis added).
`According to the portion of the ’079 patent cited by Patent Owner
`(PO Resp. 26-27), preventing the service client, such as a merchant, from
`having access to the commonidentifier that is used to authenticate the
`authorized user when the authorized user requests access of the secured
`
`resource for a service client is a critical aspect of the present invention:
`
`8 We focus our analysis on claim 1. Claim 11 recites substantially the same
`limitations as a method. Compare Ex. 1001, claim 1, with id. claim 11.
`
`14
`
`
`
`IPR2017-00296
`Patent 8,505,079 B2
`
`In a critical aspect of the authentication system 30 and
`method 46 of the present
`invention, an additional security
`measureis implemented by requiring that the service client 33 be
`restricted from access to the commonidentifier for the secured
`resource, e.g. the account numberfor a credit card or financial
`deposit account; the Social Security Number of a patient, the
`account number of an ATM card; orthelike.
`
`Id. at 8:4-10 (emphasis added); see also id. at 10:29-36 (“In accordance
`with a critical aspect ofthe present invention, however, the automobile
`fueling station, restaurant or on-line retailer cannot be provided with or
`otherwise be made awareofeither the consumer’s credit card or checking
`
`account numberand also must not be given any information that would
`
`allow the automobile fueling station, restaurant or on-line retailer to repeat
`
`the transaction without again obtaining authorization from the consumer.”
`(emphasis added)). The ’079 patent further emphasizes the importance of
`restricting the service client from having full access to the secured resource.
`
`Id. at 7:14—46.
`
`Our reviewing court has found disavowalor disclaimer of claim scope
`based on clear and unmistakable statements by the patentee that limit the
`claims, such as “the present invention includes. . .” or “the present invention
`is...” or “all embodiments ofthe present invention are... .” See, é.g.,
`Regents of Univ. ofMinn. v. AGA Med. Corp., 717 F.3d 929, 936 (Fed. Cir.
`2013); Honeywell Int’l, Inc. v. ITT Indus., Inc., 452 F.3d 1312, 1316-19
`(Fed. Cir. 2006); SciMed, 242 F.3d at 1343-44. Similarly, our revicwing
`court also has limited a claim elementto a feature of the preferred
`
`embodiment whenthe specification described that feature as a “very
`important feature .
`.
`. in an aspect of the present invention,” or as a “critical
`aspect of the present invention.” J/npro Ll Licensing, 8.A.K.L. v. T-Mobile
`
`15
`
`
`
`IPR2017-00296
`Patent 8,505,079 B2
`
`USA Inc., 450 F.3d 1350, 1354-55 (Fed. Cir. 2006); Curtiss-Wright Flow
`Control Corp. v. Velan, Inc., 438 F.3d 1374, 1379-80 (Fed. Cir. 2006); see
`
`also Andersen Corp. v. Fiber Composites, LLC, 474 F.3d 1361, 1367-68
`(Fed. Cir. 2007) (limiting the scopeofall of the claims based on a “critical
`element” described in the specification); Izumi Prods. Co. v. Koninklijke
`
`Philips Elecs. N.V., 140 F. App’x 236, 243-44 (Fed. Cir. 2005) (non-
`precedential) (limiting the scope of the claims based onthe specification
`“defining a critical aspect of the invention itself’).
`Based on the ’079 patent’s discussionofthe “critical aspect”of “the
`present invention,” we are persuaded by Patent Owner’s argument and
`further limit the “key string” in the server limitation (claim 1) and the
`determining step (claim 11) to onethat does not reveal a commonidentifier
`
`of the secured resourceto the service client. Notably, the ’079 patent
`
`describes this need to prevent the discovery of a commonidentifier of the
`secured resource as the only “critical aspect” of “the present invention.”
`According, we concludethat the patentee has disavowed or disclaimed claim
`scope based on clear and unmistakable statements describingthe critical
`aspect of the present invention.
`Weare not persuaded by Petitioner’s argument that because Patent
`Ownerdoes not argue that Johnson does not teachthe “key string”
`limitation, we do not need to address the proper construction of“key string.”
`See Reply 4. First, the burden of persuasion to prove unpatentability is
`always onPetitioner and nevershifts to Patent Owner. Jn re Magnum Oil
`Tools Int’l, Ltd., 829 F.3d 1364, 1375 (Fed. Cir. 2016); see also 35 U.S.C.
`§ 316(e). Similarly, the burden of production never switches from Petitioner
`
`16
`
`
`
`IPR2017-00296
`Patent 8,505,079 B2
`
`to Patent Owner with regard to the Graham factors, such as the differences
`
`between the scope of the claim andthepriorart:
`
`Where, as here, the only question presented is whether due
`consideration of the four Graham factors renders a claim or
`claims obvious, no burden shifts from the patent challenger to
`the patentee. This is especially true where the only issues to be
`considered are what the prior art discloses, whether there would
`have been a motivation to combinethe prior art, and whether that
`combination would render the patented claims obvious.
`Magnum,829 F.3d at 1376. Accordingly, whether or not Patent Owner
`argues a prior art reference does not teach a limitation, Petitioner retains the
`burden to provethat the prior art teaches or suggests all of the limitations
`
`recited in the claim. Moreover, in determining whether Petitioner has met
`
`that burden, it is proper for us to interpret the challenged claims based on the
`
`full record developed duringtrial, not based on how any terms were
`interpreted preliminarily in the Decision onInstitution. See Trivascular, 812
`F.3d at 1068 (holding that “the Board is considering the matter preliminarily
`without the benefit of a full record”at the institution stage, and “[t]he Board
`
`is free to change its view of the merits after further developmentofthe
`record, and should do so if convincedits initial inclinations were wrong”).
`
`Second, contrary to Petitioner’s argument, Patent Ownerassertsthat
`
`Johnson doesnot teach a “key string” under Patent Owner’s proposed
`definition. For example, Patent Ownerasserts that “Johnson does not show
`a single-paymenttransaction systemlike the ‘079 system which allowsthe
`buyer to authorize the merchant’s access to the buyer’s credit card account
`to pay for a giventransaction without having to give any credit card details
`to the merchant.” PO Resp. 36. Similarly, in summarizing its arguments,
`
`Patent Ownerstates Johnson doesnotteachorsuggest, inter alia,
`
`17
`
`
`
`IPR2017-00296
`Patent 8,505,079 B2
`
`“determining a key string knownto both said secured resource and the
`
`authorized user said requestor purportsto be, said key string being adapted
`
`to provide a basis for authenticating the identity of said requester.” Jd. at 43
`
`(emphasis omitted). The fact that Patent Owner does not include any further
`
`argumentregarding that contention in the Patent Owner Responseis
`
`immaterial, as we must determine whetherPetitioner has metits burden to
`
`prove unpatentability by a preponderance ofthe evidence.
`Petitioner further argues that Patent Owner’s proposed construction
`
`“assumesthat the claims require the ‘key string’ to be the sameas the
`
`‘authentication credential.’” Reply 3. Accordingto Petitioner, although
`
`“the ’079 Patent specification discloses an embodiment wherethe
`
`‘authentication credential’ can comprise a ‘key string,’ the claims are not so
`
`limited.” Jd.; see also Ex. 1017, 57:10—20, 61:3-11 (Mr. Oglesby opining
`
`that claim 1 is silent as to whether to not the key string and authentication
`
`credential are the same). We agree with Petitioner that the specific “key
`
`string” recited in the claim is not the same thing as the claimed
`“authentication credential.” The claims recite both a “key string” and an
`
`“authentication credential” and no limitation recited in the claims requires
`
`that they must be—or even can be—the same thing. Because twodifferent
`wordsare used, we are not persuadedthat the limitations are synonymous.
`See Ethicon Endo—Surgery, Inc. v. U.S. Surgical Corp., 93 F.3d 1572, 1579
`(Fed. Cir. 1996) (“If the terms ‘pusher assembly’ and ‘pusher bar’ described
`a single element, one would expect the claim to consistently refer to this
`element as either a ‘pusher bar’ or a ‘pusher assembly,’ but not both,
`especially not within the same clause. Therefore,in our view, the plain
`
`18
`
`
`
`IPR2017-00296
`Patent 8,505,079 B2
`
`meaningofthe claim will not bear a reading that ‘pusher assembly’ and
`
`‘pusher bar’ are synonyms.”).
`
`However, our construction maintains a difference between the “key
`
`string” and the “authentication credential.” As properly construed, the key
`
`string is used by the requester to request that a service client be able to have
`
`access to a secured resource. On the other hand, the authentication
`
`credential is used by the service client to access that secured resource. That
`
`is, although we have construed the “key string” suchthat it precludes
`
`systems and methodsin which the keystring, with its identifying
`
`information, is provided to the unauthorized service client, the
`
`“authentication credential” is given to the unauthorized service client to use
`
`for authentication. Jd. at 17:37-43, 51-57. Because the “key string” cannot
`
`be knownto the “unauthorized service client” and the “authentication
`
`credential” must be given to the “unauthorized serviceclient,” consistent
`with Petitioner’s argument and Mr. Oglesby’s testimony, the construction
`
`drawsa distinction between the “key string” and the “authentication
`credential.’”?
`.
`
`As explained above, a “string” in the context of the ’079 patentis “an
`ordered sequence of any subset of symbols selected from a set of symbols
`wherein each symbol forming the set may be represented in both a format
`that may be perceived by an end user and a format that may be recognized
`
`° For clarity we note that although the authentication credential is not the key
`string recited in the server limitation (claim 1) or the determining step (claim
`11), that is not to say that the authentication credential cannot have the
`attributes of a keystring, except for the disclaimer. For example, the
`authentication credential may meet the definition of a “string” set forth in
`column 15 of the ’?079 patent.
`
`19
`
`
`
`IPR2017-00296
`Patent 8,505,079 B2
`
`by software or hardware.” Ex. 1001, 15:29-36. Additionally, independent
`
`claims 1 and 11 further require that the “key string” be “known to both said
`
`secured resource and the authorized user said request[e]r purports to be” and
`
`“adapted to provide a basis for authenticating the identity of said requester.”
`
`Id. at 17:40-42, 18:48-53. Moreover, based on the disclaimer explained
`
`above, we agree with Patent Owner and Mr. Oglesbythat the claimed
`
`system and method must operate in a mannerso that the “key string” does
`
`not reveal a commonidentifier of the secured resource to the unauthorized
`
`service client. See PO Resp. 26-28; Ex. 2004 f§ 50-53. Stated differently,
`
`becausethe key string is adapted to provide a basis for authenticating the
`
`identity of the requester and providing access to the secured resource, the
`disclaimer acts to exclude systems and methodsin whichthe keystring, with
`
`its identifying information, is provided to the unauthorized serviceclient.
`
`No further interpretation is necessary.
`
`“Secured Resource” and “Input”
`2.
`Having consider