Professional Documents
Culture Documents
IPR201600836
U.S. Patent 8,285,648
TABLE OF CONTENTS
Mandatory Notices ...........................................................................................1
I.
A.
Related Matters..............................................................................................1
B.
C.
Counsel ..........................................................................................................2
D.
E.
II.
III.
A.
B.
C.
D.
E.
F.
IV.
V.
Claim Construction...........................................................................................7
A.
B.
A. Ground 1: Claims 13, 57, 916 and 19 are obvious in view of Law
(EX1003). .............................................................................................................10
1.
Law ...........................................................................................................10
2.
3.
4.
5.
6.
IPR201600836
U.S. Patent 8,285,648
7.
8.
9.
10.
11.
12.
13.
B. Ground 2: Claims 13, 57, 916 and 19 are obvious over Blonder in view
of Weller. ..............................................................................................................39
1.
Blonder .....................................................................................................39
2.
Weller .......................................................................................................39
3.
4.
5.
6.
7.
8.
9.
10.
11.
12.
13.
Conclusion ......................................................................................................59
ii
IPR201600836
U.S. Patent 8,285,648
LIST OF EXHIBITS
Exhibit
EX1001
EX1002
EX1003
EX1004
EX1005
EX1006
EX1007
EX1008
EX1009
EX1010
EX1011
Description
U.S. Patent No. 8,285,648 (the 648 Patent)
Unified Patents Inc.s Voluntary Interrogatories
U.S. Pub. 20050184145 to Law (Law)
U.S. Patent 7,827,115 to Weller et al. (Weller)
U.S. Pat. 5,708,422 to Blonder et al. (Blonder)
U.S. Pat. 7,606,560 to Labrou (Labrou)
Verify Smart Corp.s Response to Invalidity Contentions
Declaration of Stephen Gray
U.S. Pat. 8,572,391 to Golan (Golan)
PTO Assignment database record for the 648 Patent
Verify Smart v. Basecamp complaint
iii
IPR201600836
U.S. Patent 8,285,648
I.
MANDATORY NOTICES
A.
Related Matters
The Patent Office Assignment Database shows that the 648 Patent is shown
as assigned to Dan Scammell (see EX1010), but Verify Smart Corp. asserts in its
various patent assertion district court complaints that the patent was assigned to
Verify Smart Corp. (see example in EX1011, Verify Smart v. Basecamp
complaint).
Between May 19, 2014 and March 17, 2016, Verify Smart filed patent
infringement lawsuits in various district courts (i.e., Eastern District of Texas, New
Jersey, Southern District of New York). Verify Smart sued HSBC USA Inc.
(NJD-2-14-cv-03217, dismissed), Bank of America Corporation (NJD-2-14-cv05117, dismissed), Bank of America, NA (NJD-2-15-cv-05348, dismissed),
Microsoft Corporation (NJD-2-15-cv-05596, dismissed), Apple Inc. (NJD-2-15-cv06207, dismissed), Facebook, Inc. (NYSD-1-15-cv-08673, dismissed), Yahoo! Inc.
(NJD-2-15-cv-07965,
dismissed),
Basecamp,
Inc.
(TXED-2-16-cv-00239,
IPR201600836
U.S. Patent 8,285,648
Real PartyinInterest
Under 37 C.F.R. 42.8(b)(1), Unified Patents Inc. (Unified or
Petitioner) certified that Unified is the real party-in-interest, and further certifies
that no other party exercised control or could exercise control over Unifieds
participation in this proceeding or the filing of this petition. In this regard, Unified
has submitted voluntary discovery. See EX1002 (Petitioners Voluntary
Interrogatory Responses).
C.
Counsel
Paul C. Haughey (Registration No. 31,836) will act as lead counsel; Kevin
Jakel (Registration No. 58,790), Jonathan Stroud (Registration No. 72,518), and
Scott Kolassa (Registration No. 55,337) will act as back-up counsel.
D.
Service Information
Unifed consents to electronic service at phaughey@kilpatricktownsend.com
IPR201600836
U.S. Patent 8,285,648
(415) 273-4787 (Paul), or at Unified Patents Inc., 1875 Connecticut Ave. NW,
Floor 10, Washington, D.C., 20009, and by telephone at (650) 999-0899 (Jonathan).
E.
Fee Payment
The required fees are submitted under 37 C.F.R. 42.103(a) and 42.15(a). If any
additional fees are due during this proceeding, the Office may charge such fees to
Deposit Account No. 20-1430.
II.
sought is available for inter partes review, that (1) the petitioner is not the owner
of the 648 patent; (2) the petitioner is not barred or estopped from requesting IPR;
and (3) this Petition is being filed less than a year after service of a complaint
alleging infringement of the 648 patent.
III.
IPR201600836
U.S. Patent 8,285,648
A.
explained below:1
1. U.S. Pub. 2005/0184145 to Law (Law, EX1003), filed Feb. 7, 2005,
published Aug. 25, 2005, which is prior art under 35 U.S.C. 102(b).
2. U.S. Pat. 5,708,422 to Blonder (Blonder, EX1004) filed May 31, 1995,
issued Jan. 13, 1998, which is prior art under 35 U.S.C. 102(b).
3. U.S. Pat. 7,827,115 to Weller, filed April 24, 2001, issued Nov. 2, 2010
(Weller, EX1005), which is prior art under 35 U.S.C. 102(e).
4. U.S. Pat. 7,606,560 to Labrou, filed March 24, 2006, issued Oct. 20,
2009 (Labrou, EX1006), which is prior art under 35 U.S.C. 102(e).
B.
declaration
of
Stephen
Gray
(Gray
Decl.
(EX1008)),
The 090 Patent issued from a patent application filed prior to enactment of the
IPR201600836
U.S. Patent 8,285,648
demonstrates that there is a reasonable likelihood that Petitioner will prevail with
respect to challenged claims 13, 57, 916 and 19. See 35 U.S.C. 314(a).
Ground
1
2
VI.
C.
Exhibit No.
EX1003
EX1004
EX1005
EX1004
EX1005
EX1006
The 648 Patent was filed March 27, 2009, claiming priority to
PCT/CA2007/001639 filed Sept. 14, 2007. Thus, for this petition, the priority date
is Sept. 14, 2007.
D.
IPR201600836
U.S. Patent 8,285,648
credit card purchase, the verifier-computer opens a communications link and sends
an identity verification request (IVR) to the user (e.g., an SMS text message)
requesting entry of the assigned PIN or password. Id. at 4:3441; 8:1339. In
response, the user enters and sends a PIN or password (putative secure
identifier), Id. at 8:5157, which the verifier-computer compares to the previously
assigned bona fide secure identifier. If they match, the financial transaction is
allowed to proceed. Id. at 9:510.
E.
Prosecution History
The 648 Patent was originally filed as a PCT, and the PCT report indicated
that the claims were novel and had inventive step. Narainsamy WO 2005/001670
(D1) was identified as the closest prior art. It was described as follows: Although
D1 teaches most of the steps of the present method, D1 does not teach that the
IPR201600836
U.S. Patent 8,285,648
mobile number as well as a PIN of the user are preenrolled and stored at a verifier
database for later use.
In a first office action mailed 11/10/2010, the claims were rejected as
indefinite under 112 and obvious over Pierson 20050278543 and Official Notice.
The application was abandoned, and taken over by new counsel. A petition
to revive was filed along with an amendment on 8/23/2011. A series of Statements
were added to the specification corresponding to the original claims. Claim 1 was
not amended, but other claims were canceled and new claims added. New claim
21 [issued claim 5] was characterized as essentially Claim 1 re-written without
the pre-enrolling language.
Claim 1 was
distinguished from Pierson for many reasons, including that the network device
identifier corresponded to a device, not a user. The amendment was found to be
non-compliant, and a revised version was mailed 12/12/2011.
A notice of allowance was mailed 6/8/2012. The Reasons for Allowance
referred to the applicants remarks filed 12/12/2011.
IV.
CLAIM CONSTRUCTION
Claim terms of a patent in inter partes review are normally given the
IPR201600836
U.S. Patent 8,285,648
42.100(b): see also In re Cuozzo Speed Techs., LLC, 778 F.3d 1271, 127981
(Fed. Cir. 2015).
The following discussion proposes constructions and support for those
constructions. Any claim terms not included in the following discussion should be
given their ordinary meaning in light of the specification, as commonly understood
by those of ordinary skill in the art. The broadest reasonable interpretation of a
claim term may be the same as or broader than the construction under the ordinary
meaning standard set forth in Phillips v. AWH Corp, 415 F.3d 1303 (Fed. Cir.
2005), but it cannot be narrower. See Facebook, Inc. v. Pramatus AV LLC, 2014
U.S. App. LEXIS 17678, *11 (Fed. Cir. 2014). The constructions proposed below
should be applied regardless of whether the terms are interpreted under the Phillips
standard or the broadest reasonable interpretation standard.
Patent Owner has defined numerous terms in the Background of the 648
Patent. 648 Patent at 1:102:55. Petitioner adopts those definitions for purposes
of this Petition. The following additional terms are construed (See Gray Decl.
(EX1008) 2734):
A.
IPR201600836
U.S. Patent 8,285,648
device identifier
The 648 Patent doesnt use the term device identifier outside the claims,
IPR201600836
U.S. Patent 8,285,648
A.
Ground 1: Claims 13, 57, 916 and 19 are obvious in view of Law
(EX1003).
1.
Law
Law, titled Secure Wireless Authorization System, was published on
August 25, 2005. The USPTO did not consider Law during the prosecution of the
648 Patent.
Law discloses a secure wireless authorization system by which a user can
employ a wireless device to authorize a request that is initiated by a remote third
party and transmitted to the user by an authorization server. Law (EX1007) at
Abstract. Law describes three authorization models that can be implemented with
the disclosed system:
authorization. Id. at 42. These models can operate individually, in a pair, or all in
unison. Id. Of particular relevance to this Petition is the realtime authorization
model shown in Figure 3, in which a user is authenticated during a financial
10
IPR201600836
U.S. Patent 8,285,648
transaction. Id. at 47, Fig. 3. Figure 6 shows the pre-registration and a variation
of this realtime authorization model in which the authorization server initiates the
connection. Id. 2 at 6162, Fig. 6. Like the claimed invention of the 648 Patent,
the real-time authorization model disclosed in Law (Fig. 3 or 6) can be used to
verify the identity of a buyer in a credit card transaction. 648 Patent (EX1001) at
9:5557; Law at 21.
In this real-time authorization model, a user initiates a transaction with a
third party such as, for example, an online merchant or a retailer with a point-ofsale device. Law at 36. The transaction is put in a pending state while the third
party submits an authorization request to an authorization server. Id. at 47. The
server then sends an authorization request to the users wireless device with the
transaction details. Id. 47, 49. The user authorizes the transaction by entering a
PIN
number,
which
is
transmitted
back
to
the
authorization
server.
Id. at 49. If the PIN provided is correct (i.e., matches one previously stored for
The Figure 6 embodiment is identical to that of the Figure 3 embodiment, but with
the added steps 90, 92, 94 and 96. Cites to one embodiment should be understood
to reference both with the exception of these four steps. Id. at 61.
11
IPR201600836
U.S. Patent 8,285,648
that user), the authorization server sends a response back to the third party to allow
the transaction to proceed. Id. at 50. Fig. 6 of Law is copied below.
12
IPR201600836
U.S. Patent 8,285,648
2.
difference being that Claim 1 groups some of these steps into pre-enrolling submethods (a) and (b), whereas Claim 5 does not. During prosecution claim 21
[issued claim 5] was characterized as essentially Claim 1 re-written without the
pre-enrolling language. File history, 8/23/2011 Amendment at p. 32. Also,
claim 1(g) recites sending through the communication link while claim 5 (h)
recites receiving through the communication link.
addressed together with only the language of claim 1 in the claim chart.
Law shows all the elements by itself, except that certain elements may be
argued to not be explicitly shown, but are inherent in how one of skill in the art
would understand the teachings of Law, or are common knowledge or an obvious
design choice for one of skill in the art. In particular, as set forth below, it is
common knowledge for a PIN as in Law to be designated by the issuing bank or
selected by the user, and to be stored in a database (for the later comparison
described in Law).
13
IPR201600836
U.S. Patent 8,285,648
the user upon receiving the user response requires that the PIN be retrieved from
the database.
These minor differences from the claimed invention are also obvious in view
of the scope of the prior art (Law) as discussed below, in accordance with the level
of ordinary skill in the art discussed above, pursuant to the factors in Graham v.
John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966) as reiterated by the Supreme
Court in KSR International Co. v. Teleflex Inc. (KSR), 550 U.S. 398, 82 USPQ2d
1385 (2007), based on the following factual inquiries:
(A) Determining the scope and content of the prior art; and
(B) Ascertaining the differences between the claimed invention and the prior
art; and
claims are similarly obvious as described in more detail below, also based on being
inherent, common knowledge, obvious design choice and meeting the KSR criteria
as described above.
Preambleverifying user identity during electronic transaction
Law teaches verifying the identity of a user with a PIN by an authorization
server [verifier] during a transaction as shown in the below chart.
14
IPR201600836
U.S. Patent 8,285,648
Claim 1
1. A user identity
verification method for
verifying the identity of
a user by a verifier in
the course of an
electronic transaction,
said user identity
verification method
comprising the steps of:
15
IPR201600836
U.S. Patent 8,285,648
for an authorizing response. The 648 Patent does not describe how the bona fide
secure identifier is assigned to the user or who makes this assignment. This
limitation would be understood by one of skill in the art to include designation by
the issuing bank or selection by the user, since those are common practices. For a
PIN, a bank or financial institution will typically assign a PIN to a user, but allow
the user to change it. This practice existed many years before the priority date of
the 648 Patent. See Gray Decl. (EX1008) 45.
(a) preenrolling the
user, comprising the
steps of: (a1)
assigning to the user
a bona fide secure
identifier; and,
information, which necessarily includes the PIN (bona fide secure identifier) since
Law later describes verification of a user input PIN, which requires a stored PIN to
compare it to. See Law (EX1003) 4950. See Gray Decl. _.
16
IPR201600836
U.S. Patent 8,285,648
Law at 38.
The GUID is
17
IPR201600836
U.S. Patent 8,285,648
18
IPR201600836
U.S. Patent 8,285,648
Element (d) verifier opens communications link with user device using access
number.
Law teaches that the authorization server uses the GUID (access number) to
connect to the wireless device. This connection is a communications link, which
is described in the 648 Patent as any communications technology now existing or
to be implemented in the future. 648 Patent (EX1001) at 11:6612:2.
(d) opening a
communications link
between the verifier and the
user communications
device by using the user
access number retrieved at
Step (c);
Element (e) verifier sends identity verification request (IVR) to user through
communications link.
The 648 Patent defines Identity Verification Request (IVR) as an
electronic request initiated by a verifier and sent to a user asking the user to verify
the users identity. 648 Patent at 2:4143. Law teaches that the server will send
out an authorization request to the users wireless device. Law at 49.
(e) sending an identity
verification request
(IVR) from the verifier
to the user through the
communications link
IPR201600836
U.S. Patent 8,285,648
Element (g) a response to the request is sent through the communications link.
Law discloses sending the PIN through an encrypted secure channel. Law at
49.
(g) sending
through the
communications
link opened at
Step (d) a
response to the
IVR of Step (e);
20
IPR201600836
U.S. Patent 8,285,648
Element (h)retrieving the bona fide secure identifier stored during pre
enrolling.
Law discloses verifying the security credentials (PIN) of the user upon
receiving the user response, which one of skill in the art would recognize as
requiring the PIN be retrieved from the database in which it was stored. Gray
Decl. (EX1008) at 48.
(h) retrieving
the bona fide
secure
identifier stored
at Step (a2);
Elements (i) & (j)comparing received and stored secure identifiers and
authorizing the transaction if they match.
Law discloses comparing the putative secure identifier (PIN entered by the
user) with the bona fide secure identifier (previously assigned and stored PIN) and
allowing the transaction to proceed only if the comparison results in a match. Law
at 47, 50.
(i) comparing the
putative secure
identifier input at
Step (f) with the
bona fide secure
identifier
21
IPR201600836
U.S. Patent 8,285,648
retrieved at Step
(h); and, (j)
allowing the
transaction to
proceed only if
the comparison
of Step (i) results
in a match
between the
putative secure
identifier and the
bona fide secure
identifier.
3.
preenrolling steps, and is invalid for the same reasons. Elements af simply set
forth the verifier database and computer, verifier and user communication devices
(Rx/Tx), a user device I/O and a user computer. Element f, subelements i)vi) are
the same steps set forth in elements e)j) of claim 1, with slightly different wording
and details that are inherent, common knowledge and obvious design choices in the
steps of claim 1, such as displaying the request on the user I/O device.
Law discloses the element (a.) verifier database as shown above in claim
1, element a(2). The verifier-computer of element (b.) was shown in claim 1 as
authorization server 24. Element (c.) is a first verifier communications device
22
IPR201600836
U.S. Patent 8,285,648
(2403) which is shown as Tx/Rx in Fig. 6 of the 648 Patent which also defines
communications device to include communications devices of any nature linked
in a communications system. 648 Patent (EX1001) at 2:2127. Law discloses
the communications device in the form of a wireless gateway, which bridges
the authorization server [the verifier] with the wireless network, with the network
connecting with the user wireless device. Law at 40.
The element (d.) user communications device (2303) is shown in Fig. 3 of
the 648 Patent as cell phone 2303. 648 Patent 9:5862. Law discloses a user
cell phone as shown above in claim 1, element (b), as a wireless device. The
Law wireless device is used for communicating with the verifier as shown in the
chart below. The element (e) input/output (I/O) (503) is simply a mobile phone
I/O, or display screen with inputs. The I/O device of the 648 Patent is described as
being the standard input/output components of a conventional cell phone. 648
Patent at 8:5152 (customer enters a putative password into the I/O device of her
mobile phone); 9:1720 (local software in the customers phone . . . displays the
messages on the phones I/O device); 9:5862.
request to the user and receiving a user input, which one of skill in the art would
understand to mean an interactive touch screen display and/or buttons. Law at 63.
23
IPR201600836
U.S. Patent 8,285,648
Law describes a smart phone, which was understood to include a touch screen
display and/or buttons. Law at 41. See Gray Decl. (EX1008) at 49.
The usercomputer (603) of element (f) is described in the 648 Patent as
the standard computing processor of a conventional cell phone:
A customer 103 has a communications device such as cell phone
2303 . . . comprising a wireless transceiver 403, local software is run
by a usercomputer 603, and an I/O device 503 for interfacing the
mobile communications with the customer.
648 Patent 9:5862, Fig. 3. Law describes a mobile phone which one of skill in
the art would understand to include a processor. Also, Law describes the mobile
phone will process the request. See Gray Decl. at 50.
The subelements of element (f.) correspond to the steps shown in claim 1
above. Element i) requires display on said I/O device an incoming identity
verification request (IVR). Claim 1 showed the sending of the request (element
e), and the chart below shows this is displayed to the user. Id at 63. Element ii)
says the user enters the putative secure identifier, shown above in claim 1 element
(f) and below. Element iii) recites the response from the user to the verifier, shown
above in claim 1 element (g) and below. Elements iv) vi) recited the verifier
receiving the putative secure identifier, comparing it to the bona fide secure
24
IPR201600836
U.S. Patent 8,285,648
identifier from the database, and allowing the transaction to proceed upon a match.
This is shown above in claim 1 elements (h) and (i).
Claim 2
Law (emphasis added)
A system for verifying the
See claim 1 above, preamble.
identity of a user by a verifier
during the course of an electronic
transaction, said system
comprising:
a. a verifier-database (703);
b. a verifier-computer (903),
wherein said verifiercomputer
is adapted to write data to and
retrieve data from said verifierdatabase;
c. a first verifier communications
device (2403) for receiving
communications from the user
and transmitting communications
to the user, wherein said first
verifier communications device
is accessible to said verifiercomputer;
d. a user communications device
(2303) for receiving
communications from the
verifier and transmitting
communications to the verifier,
wherein said user
communications device is
accessible to the user;
IPR201600836
U.S. Patent 8,285,648
IPR201600836
U.S. Patent 8,285,648
does
not
teach
at
least
using
the
same
user
27
IPR201600836
U.S. Patent 8,285,648
rather it is the third party, i.e., the bank, that creates the secure
authorization.
Verify Smart Response to Invalidity Contentions (EX1007) at 5. The first
paragraph is incorrect. Law explicitly teaches that the same user communications
device (called a wireless device) both receives an incoming IVR and transmits
the putative secure identifier back to the verifier that sent the IVR:
The wireless device 38 [user communications device] is an entity
which has the ability to notify users of authorization requests [IVR]
and also provide an interface for the user to respond to the
authorization request [response including putative secure identifier].
. . . The wireless device must also be able to store an application that
will process the request [IVR] from the authorization server. This
wireless application will be responsible for setting up the secure
connection
32,
securely
storing
certificates/encryption
keys,
28
IPR201600836
U.S. Patent 8,285,648
instructions to either authorize or deny the third party's request. Law at 47.
However, these claims dont mention authorization at all they simply say the
transaction is allowed to proceed if there is a match of the identifiers, and that is
clearly shown in Law above with respect to element (i) and (j) of claim 1 and
element (vi) of claim 5, where the authorization server of Law, not the user, does
the comparison and allows the transaction to proceed.
4.
29
IPR201600836
U.S. Patent 8,285,648
5.
includes the putative secure identifier input by the user (Step g), and wherein the
comparison to the bona fide secure identifier (Step k) is performed by the verifier.
As shown above in claim 1, elements f and g, Law discloses the user response
including a PIN [putative secure identifier] is sent to the verifier, and is thus
received. Claim 1 above, elements i and j, showed that the authentication server
[verifier] does the comparison to the bona fide secure identifier.
Claim 6
6. The method of claim 5 wherein the response received at
Step (h) includes the putative secure identifier input at Step
(g), and wherein Step (k) is performed by the verifier.
6.
Law
See Claim 1
elements f, g, i and j.
30
IPR201600836
U.S. Patent 8,285,648
performs either sending the response received at Step (h) or comparing (Step k).
Law discloses that the local downloaded software sends the response.
Law
(EX1003) at 70. These messages include the response to the IVR. See Id. 41.
Claim 9
9. The method of claim 7
wherein the local
software downloaded at
Step (m) performs at
least one of: (i) sending
31
IPR201600836
U.S. Patent 8,285,648
8.
receives, formats and displays the IVR (verification request). Law teaches that the
stored application will process the request, and performs displaying the
request. Law (EX1003) at 41. One of ordinary skill in the art would understand
this processing and displaying of the request to necessarily refer to and include
formatting the request for display. The 648 Patent simply says the IVR is
formatted for display, without describing how it is formatted. See, e.g., 648 Patent
at 8:3839. Any message must be formatted for display, as was commonly known
prior to the priority date of the 648 Patent. Gray Decl. (EX1008) at 52.
Claim 10
10. The method of claim 7 wherein
the local software downloaded at
Step (m) performs the steps of:
(n) receiving the IVR sent at Step (f);
(o) formatting the IVR for display;
and,
(p) displaying the IVR formatted at
Step (o) on an input/output (I/O)
device of the user communications
device.
IPR201600836
U.S. Patent 8,285,648
creating
the
Claim 12
depends from Claim 5 and adds that either the IVR (verification request) or the
response is encrypted.
33
IPR201600836
U.S. Patent 8,285,648
Claim 12
12. The method
of claim 5
wherein at least
one of the IVR
of Step (f) and
the response
received at
Step (h) are
encrypted when
sent.
10.
Claim 13 depends from claim 5 and adds that the authorization comprises sending
a request to the user, receiving a response, and allowing the transaction if the
response is to authorize. Law shows all these elements as set forth above under
claim 1, elements (e)(j).
11.
IPR201600836
U.S. Patent 8,285,648
database. One of skill in the art would recognize that the preauthorization would
be stored with the account information in a database, and would constitute a flag.
See Gray Decl. (EX1008) at 54.
Claim 15
15. The method of claim
5 further comprising the
step of: (u) setting a flag
in a database record,
wherein the flag is
associated with an
account of the user and
wherein the flag
indicates whether or not
transaction
authorization is to be
performed.
12.
access information, and storing it where is accessible to the verifier. The 648
Patent describes:
In this embodiment, during the preenrollment phase the user
provides the verifier with account access information and a standing
35
IPR201600836
U.S. Patent 8,285,648
36
IPR201600836
U.S. Patent 8,285,648
13.
the user. Claim 19 requires the verifier to store the device identifier, retrieve it,
compare it to an obtained identifier and allow the transaction to proceed upon a
match.
As noted above, a device identifier should be construed to include device
identification information that can be used to identify a particular device. Law
discloses the use of a device password/Device key or client certificate as
means for identifying and authenticating the wireless device (user communications
device) independent of the user PIN numbers (secure identifiers). Law (EX1003)
at 67. Because the device password/Device key or client certificate is a
data representation used to identify a device, it is a device identifier as required
by Claim 19. Law further describes the device password/Device key or client
certificate [device identifier] as being stored in a database accessible to the
authorization server [verifier]. Id. at 39. Law additionally describes separately
verifying the identity of the user and the identity of the user communication
device. Id. at 50.
37
IPR201600836
U.S. Patent 8,285,648
Claim 19
19. The method of claim
5 further comprising the
steps of:
(dd) storing a device
identifier of the user
communications device
of Step (c) in a database
that is accessible to the
verifier,
(ee) retrieving the device
identifier stored at Step
(dd);
(ff) obtaining the device
identifier of the user
communications device
of Step (e); and,
(gg) comparing the
device identifier
retrieved at Step (ee)
with the device identifier
obtained at Step (ff);
wherein the transaction
is allowed to proceed
only if the comparison of
Step (gg) results in a
match between the
device identifier
retrieved at Step (ee) and
the device identifier
obtained at Step (ff).
IPR201600836
U.S. Patent 8,285,648
B.
Ground 2: Claims 13, 57, 916 and 19 are obvious over Blonder in
view of Weller.
1.
Blonder
Blonder describes:
An automated method for alerting a customer that a transaction is
being initiated and for authorizing the transaction based on a
confirmation/approval by the customer thereto. A preferred method
of alerting the customer and receiving a confirmation to authorize the
transaction back from the customer is illustratively afforded by
conventional twoway pagers.
Blonder at Abstract. Fig. 3 of Blonder copied below shows the user profile.
2.
Weller
Weller, assigned to Visa, is well summarized in the Abstract:
39
IPR201600836
U.S. Patent 8,285,648
enrollment.
40
IPR201600836
U.S. Patent 8,285,648
3.
except pre-enrolling missing from Claim 5, and thus only claim 1 is charted
below. Blonder describes, during a transaction, the cardholder providing a secret
code [putative secure identifier] that is matched against a similar code [bona fide
secure identifier] previously received [enrolled] from the cardholder. Blonder at
10:3740. Blonder describes a validation database that accesses a user profile
(shown in Fig. 3) with a communications field with a phone number of a
cardholder.
authorization request, with the response containing the secret code. See Claim
chart below. While the database is described as doing various communications,
one of skill in the art would recognize that Blonder is referring to a server or
computer associated with the database.
IPR201600836
U.S. Patent 8,285,648
[customer], which one of skill in the art would understand to mean the customer
needs to register or pre-enroll to provide the profile. Blonder at 2:4360. The
customer has a profile specified by the customer and authorization may be based
on conditions pre-defined by the card owner, which are further evidence of preenrolling. Blonder at 3:1526.
To the extent preenrolling isnt clear from Blonder, it is clearly shown in
Weller. As shown in the claim chart below, Weller describes enrolling a user with a
credit card account, obtaining a password and an email.
It would be obvious to combine Blonder and Weller to add the phone
number and secret code of Blonder to the data enrolled by Weller. Both show
systems for authorizing a transaction in real time by contacting the cardholder and
obtaining a code or password in response in order to authorize the transaction. The
Blonder information is additional user data that would be obvious to add, since it is
needed to later contact the user device and is a detail needed to implement Weller.
See Gray Decl. (EX1008) at 5557.
Any elements of Blonder or Weller not explicitly shown in the quoted
language below are inherent in how one of skill in the art would understand their
teachings, or are common knowledge or an obvious design choice for one of skill
in the art. See Gray Decl. 58 (EX1008). Certain minor features of the dependent
42
IPR201600836
U.S. Patent 8,285,648
claims are similarly obvious as described in more detail below, also based on being
inherent, common knowledge, obvious design choice and meeting the KSR criteria
as described above.
Claim 1
1. A user identity
verification method for
verifying the identity of
a user by a verifier in
the course of an
electronic transaction,
said user identity
verification method
comprising the steps of:
43
IPR201600836
U.S. Patent 8,285,648
IPR201600836
U.S. Patent 8,285,648
access number in a
communications address field 307 [access number]; .
database that is accessible . . . Blonder at 5:4856.
to the verifier;
Whenever a card owner is to be notified of a
conditionbreaching credit card transaction, the
communications address field 308 may be used to
identify a telephone number or an electronic mail
address [access number] at which the card owner can
be reached. Blonder at 6:5054.
(c) retrieving the user
When a profile stores alerting parameters that may
access number stored at
require communications with one or more called
Step (b2);
parties, validation database 106 uses one of the
Automatic Dialing Units (ADU) 1101 to 110N to
dial a telephone number [access number] retrieved
from a profile associated with a card number.
Blonder at 5:4348.
. . . validation database 106 [verifier] uses one of the
(d) opening a
Automatic Dialing Units (ADU) 1101 to 110N to
communications link
between the verifier and dial [opening a communications link] a telephone
number [access number] retrieved from a profile
the user
communications device associated with a card number. Blonder at 5:4348.
by using the user access
number retrieved at Step
(c);
If so, validation database 106 [verifier] fetches the
(e) sending an identity
communications address of the credit card owner and
verification request
(IVR) from the verifier to any other appropriate information to format an
authorization request [IVR] and/or alert message
the user through the
that is transmitted to the card owner. Blonder at
communications link
7:2832.
opened at Step (d);
(f) inputting by the user a Optionally, the cardholder may be required to provide
putative secure
[input] a secret code [putative secure identifier] that
identifier;
matches a similar code [bona fide secure identifier]
included in the response received from the card owner
before the transaction is authorized. Blonder at
10:3740.
45
IPR201600836
U.S. Patent 8,285,648
enrolling steps, and is invalid for the same reasons. Elements af simply set forth
the verifier database and computer (Blonders verification database), verifier and
user communication devices (Blonders communication networks), a user device
46
IPR201600836
U.S. Patent 8,285,648
I/O (the keypad and display of Blonders pager) and a user computer. One of skill
in the art would recognize a pager has a processor (user computer), and it would
also be obvious to substitute a cell phone, which the 648 Patent says includes a
user computer. 648 Patent at 9:5862. Element f, sub-elements i) vi) are the
same steps set forth in elements e) j) of claim 1, with slightly different wording
and details that are inherent in the steps of claim 1, such as displaying the request
on the user I/O device. See Gray Decl. (EX1008) at 59.
Claim 2
A system for verifying the
identity of a user by a
verifier during the course of
an electronic transaction,
said system comprising:
a. a verifier-database (703);
b. a verifier-computer (903),
wherein said verifiercomputer is adapted to write
data to and retrieve data
from said verifierdatabase;
c. a first verifier
communications device
(2403) for receiving
communications from the
user and transmitting
communications to the user,
wherein said first verifier
communications device is
accessible to said verifiercomputer;
IPR201600836
U.S. Patent 8,285,648
d. a user communications
device (2303) for receiving
communications from the
verifier and transmitting
communications to the
verifier, wherein said user
communications device is
accessible to the user;
e. an input/output (I/O)
(503) device that accepts
input from the user and
displays output to the user;
and,
f. a user-computer (603)
coupled to said user
communication device and
coupled to said I/O device,
wherein said user computer
is adapted to:
IPR201600836
U.S. Patent 8,285,648
IPR201600836
U.S. Patent 8,285,648
5.
includes the putative secure identifier input by the user (Step g), and wherein the
comparison to the bona fide secure identifier (Step k) is performed by the verifier.
As shown above in claim 1, elements f and g, Blonder discloses the user response
including a secret code [putative secure identifier] is sent to the verifier, and thus
received. Claim 1 above, elements i and j, showed that the authorization database
[verifier] does the comparison to the bona fide secure identifier.
50
IPR201600836
U.S. Patent 8,285,648
7.
user communications device. As noted under claim construction above, the 648
Patent uses this term to cover both initially installing at manufacture and later
downloading software. As construed under Claim Construction above, this means
loading software on a user communication device by any means. Accordingly, this
simply refers to the software on the device.
Weller describes: The second method involves the ACS dynamically
downloading the software onto the additional client device to be used by the
cardholder. Weller at 6:6365. Blonder describes substituting a cell phone or
computer for the pager. It would be obvious to use the downloaded software of
Weller on the pager or substitute computer or cell phone of Blonder. Also, it
would be obvious that the pager of Blonder, or a substitute cell phone, would have
software installed at the time of manufacture. See Gray Decl. (EX1008) at 60.
8.
performs either sending the response received at Step (h) or comparing (Step k).
As noted above, the software downloaded is simply the software on the device.
51
IPR201600836
U.S. Patent 8,285,648
Blonder discloses that the pager, and thus its software, sends the response.
Blonder at 9:1822.
Claim 9
9. The method of claim 7
wherein the local software
downloaded at Step (m)
performs at least one of: (i)
sending the response
received at Step (h) and, (ii)
Step (k).
9.
receives, formats and displays the IVR (verification request). As noted above, the
software downloaded is simply the software on the device. Blonder teaches
receiving and displaying the message. Blonder at 9:1114. One of ordinary skill
in the art would understand that displaying the request necessarily includes
formatting the request for display, as discussed above with respect to Law. See
Gray Decl. (EX1008) at 61.
Claim 10
10. The method of claim 7 wherein the local
software downloaded at Step (m) performs
the steps of:
(n) receiving the IVR sent at Step (f);
(o) formatting the IVR for display; and,
52
IPR201600836
U.S. Patent 8,285,648
10.
Claim 12
depends from Claim 5 and adds that either the IVR (verification request) or the
response is encrypted. Weller describes using encryption for all the channels in the
transaction and approval process. Weller at 14:5915:13. Such use of encryption
was standard before the priority date of the 648 Patent. It would be obvious to
add the encryption of Weller to Blonder, or add the additional information of
Blonder to Weller as described above. One of skill in the art would be motivated
to combine the references to provide protection for sensitive financial data. See
Gray Decl. (EX1008) at 62.
Claim 11
11. The method of claim 7
wherein the local software
downloaded at Step (m) performs
at least one of:
(i) decrypting information received
by the user communications
device, and
IPR201600836
U.S. Patent 8,285,648
Claim 12
12. The method of claim 5 wherein at least
one of the IVR of Step (f) and the response
received at Step (h) are encrypted when sent.
11.
sending a request to the user, receiving a response, and allowing the transaction if
the response it to authorize. Blonder shows all these elements as set forth above
under claims 1 and 5, elements (e) (j).
12.
54
IPR201600836
U.S. Patent 8,285,648
Claim 15
15. The method of claim 5 further
comprising the step of:
(u) setting a flag in a database
record, wherein the flag is
associated with an account of the
user and wherein the flag indicates
whether or not transaction
authorization is to be performed.
13.
55
IPR201600836
U.S. Patent 8,285,648
information for
an account of
the user; and,
(w) storing the
account access
information on a
database that is
accessible to the
verifier.
C.
Ground 3: Claim 19 is obvious over Blonder in view of Weller and
Labrou.
Claim 19 depends from Claim 5 and recites verifying a device in addition to
verifying the user. Claim 19 requires the verifier to store the device identifier,
retrieve it, compare it to an obtained device identifier and allow the transaction to
proceed upon a match.
As noted above, a device identifier should be construed to include device
identification information that can be used to identify a particular device. Labrou
discloses the use of two-factor authentication for a transaction, with the two factors
being a user personal identification entry (PIE) and a mobile device ID. Labrou
at Abstract. Labrou thus verifies the device, in addition to verifying the user
through the PIE, which can be a password or PIN. One of skill in the art would be
motivated to look to Labrou to add the device identifier to the verification of
56
IPR201600836
U.S. Patent 8,285,648
Blonder and Weller. It was common before the priority date of the 648 Patent, for
fraud detection purposes, to consider various parameters identifying a user in a
transaction. One of many examples is U.S. Pat. 8,572,391 to Golan (Golan,
EX1009), filed Sept. 13, 2003, issued Oct. 29, 2013, which describes a device ID
as one of many factors used to verify a user for risk assessment:
In certain embodiments of the current invention Transaction risk
assessment is based on any of the following criteria, or similar
criteria; other suitable criteria may be used.. Such information may
include, but is not limited to: IP addresses and their derived
information (location, organization etc), source, address, user, account
information, product type, transaction amount, time in day, day in
week, type of account, date of birth, velocity of Transactions, account
number, device ID/fingerprint; Hijacked computer/Trojan infected
computer indicator, or other suitable information, as well as any
combination of such criteria.
Golan at 9:556:2. It would be obvious to use all the parameters in Blonder,
Weller and Labrou since all of them related to authorizing transactions. Blonder
and Labrou both describe using a customer PIN to authorize a transaction, and it
would be obvious to add other standard fraud detection information, such as the
device identifier of Labrou, to Blonder. Just as it would be obvious to include
57
IPR201600836
U.S. Patent 8,285,648
other user information, such as name, address, etc., a device identifier would be
obvious to add. See Gray Decl. (EX1008) at 6364.
Claim 19
19. The method of claim 5
further comprising the steps of:
(dd) storing a device identifier
of the user communications
device of Step (c) in a database
that is accessible to the verifier,
(ee) retrieving the device
identifier stored at Step (dd);
(ff) obtaining the device
identifier of the user
communications device of Step
(e); and,
(gg) comparing the device
identifier retrieved at Step (ee)
with the device identifier
obtained at Step (ff);
wherein the transaction is
allowed to proceed only if the
comparison of Step (gg) results
in a match between the device
identifier retrieved at Step (ee)
and the device identifier
obtained at Step (ff).
58
IPR201600836
U.S. Patent 8,285,648
VI.
CONCLUSION
Based on the foregoing, the challenged claims of the 648 Patent recite
59
IPR201600836
U.S. Patent 8,285,648
CERTIFICATE OF SERVICE
The hereby certify that on April 13, 2016, I caused a true and correct copy of the
foregoing materials:
Petition for Inter Partes Review of U.S. Patent No. 8,285,648 Under 35
U.S.C. 312 and 37 C.F.R. 42.10
Exhibits for Petition for Inter Partes Review of U.S. Patent No. 8,285,648
(EX100110011)
To be served via Overnight Express Mail at the following correspondent of record
as listed on PAIR:
DAN SCAMMELL
1729 Hampton Drive
Coquitlam, BC, Canada V3E 3C9
VERMETTE & CO.
1177 West Hastings Street, Suite 320
Vancouver, BC, V6E 2K3 CANADA
Respectfully