United Services Automobile Association v. Asghari-Kamrani, Nader

1. Case Identification

• Patent #: 8,266,432
• Filed: May 2, 2016
• Petitioner(s): United Services Automobile Association (USAA)
• Patent Owner(s): Asghari-Kamrani et al.
• Challenged Claims: 1-55

2. Patent Overview

• Title: Centralized Identification and Authentication System and Method
• Brief Description: The ’432 patent describes a system and method for increasing e-commerce security by using a central entity to authenticate users for transactions with external entities. The process involves the central entity generating and providing a dynamic, time-dependent "SecureCode" to a user, which the user then provides to the external entity for verification by the central entity.

3. Grounds for Unpatentability

Ground 1: Anticipation and Obviousness of Independent Claims - Claims 1, 3, 5-8, 12-13, 15-27, 30-42, 44-45, 47-48, 50-52, and 54-55 are anticipated by Norefors under 35 U.S.C. §102 or, in the alternative, are obvious over Norefors in view of Rajasekaran under 35 U.S.C. §103.

• Prior Art Relied Upon: Norefors (Application # US 2006/0094403), Rajasekaran (Application # US 2003/0080183).
• Core Argument for this Ground:
  • Prior Art Mapping: Petitioner argued that Norefors discloses a method for providing a user with login access to an IP network that anticipates the challenged claims. In this mapping, the operator’s authentication and web servers function as the claimed "central-entity," while the WISP/ISP access server is the "external-entity." Norefors allegedly teaches every step of independent claim 1, including the central entity receiving a request for a dynamic code (a one-time password or OTP), generating the OTP, providing it to the user (via SMS), receiving a request to authenticate the user from the external entity based on the OTP, and providing a result back to the external entity.
  • Motivation to Combine (for §103 grounds): Rajasekaran was introduced as an alternative to address the sequence of operations. While Norefors describes a user first contacting the external entity, Rajasekaran teaches a well-known alternative where the user first contacts the central entity (an issuer) to obtain a one-time number. Petitioner asserted a person of ordinary skill in the art (POSITA) would combine Norefors with the known approach in Rajasekaran to create a more scalable and fraud-resistant system, as it was a simple design choice with predictable results.
  • Expectation of Success (for §103 grounds): A POSITA would have a reasonable expectation of success because combining the systems involved implementing a known, alternative transaction flow to achieve the predictable benefits of increased security and scalability.

Ground 2: Obviousness of Dependent Claims - Claims 2, 4, 9-11, 14, 28, 29, 43, 46, 49, and 53 are obvious over Norefors in view of Brown, or alternatively, over Norefors, Rajasekaran, and Brown.

• Prior Art Relied Upon: Norefors (Application # US 2006/0094403), Brown (Patent 5,740,361), and Rajasekaran (Application # US 2003/0080183).
• Core Argument for this Ground:
  • Prior Art Mapping: This ground targets dependent claims requiring additional features, such as combining the dynamic code with user-specific information (claim 2) or generating the code based on user information (claim 14). Petitioner argued that to the extent Norefors does not explicitly teach these security-enhancing steps, Brown does. Brown discloses a Remote Passphrase Authentication system where a central authentication "deity" obscures a session key (dynamic code) by combining it with user-specific information (like a username) using a predetermined algorithm (e.g., an MD5 hash and XORing).
  • Motivation to Combine (for §103 grounds): Petitioner contended that a POSITA would be motivated to supplement the login message in Norefors with the security techniques from Brown to prevent the exposure of login credentials over an insecure network. Combining these known techniques would predictably enhance the security of the Norefors system. The addition of Rajasekaran serves the same purpose as in Ground 1: to show the obviousness of an alternative transaction flow.
  • Expectation of Success (for §103 grounds): A POSITA would expect this combination to succeed because it involved applying a known security method (Brown) to a known authentication architecture (Norefors) to solve the known problem of insecure data transmission.

4. Key Claim Construction Positions

• "Central-Entity" and "External-Entity": Petitioner argued for adopting the explicit definitions provided in the ’432 patent's specification. The specification defines a "Central-Entity" as a party holding the user's data (e.g., a bank) that generates the SecureCode, and an "External-Entity" as a party offering goods or services (e.g., a merchant).
• "First Central-Entity Computer" and "Second Central-Entity Computer": Petitioner asserted that under the Broadest Reasonable Interpretation, these terms should be construed to encompass components on a single server. This construction is based on dependent claims 11 and 36, which explicitly recite that the first and second central-entity computers "are the same."
• "Authenticating": Based on prosecution history, Petitioner proposed this term should include "a process by which the authenticator states [an] individual is who the individual says he is."

5. Key Technical Contentions (Beyond Claim Construction)

• Ineffective Priority Claim: A central argument of the petition was that the ’432 patent is not entitled to the earlier priority dates of its parent or grandparent applications. Petitioner asserted the priority chain is broken because the parent application fails to incorporate the grandparent by reference and lacks written description support for the claims of the ’432 patent. Therefore, the effective filing date of the challenged claims is September 15, 2008, making Norefors, Rajasekaran, and Brown prior art.
• Covered Business Method (CBM) Patent: Petitioner argued the ’432 patent qualifies for CBM review because its claims are directed to methods and apparatus for performing operations used in the management of a financial product or service. It was contended that the patent is not an excluded "technological invention" because it merely recites generic computer components to implement an abstract business concept without solving a technical problem with a technical solution.

6. Arguments Regarding Discretionary Denial

• Petitioner noted that a previous Inter Partes Review (IPR) petition (IPR2015-01842) was denied institution. However, Petitioner argued that discretionary denial under §325(d) would be inappropriate because the current CBM petition is based on "grounds different than those presented in that petition," thereby presenting new arguments and art for the Board’s consideration.

7. Relief Requested

• Petitioner requested institution of a Covered Business Method (CBM) patent review and cancellation of claims 1-55 of the ’432 patent as unpatentable.