Apple Inc v. Universal Secure Registry LLC

1. Case Identification

• Case #: CBM2018-00024
• Patent #: 8,577,813
• Filed: May 3, 2018
• Petitioner(s): Apple Inc.
• Patent Owner(s): Universal Secure Registry, LLC
• Challenged Claims: 1-2, 4-11, 13-20, and 22-26

2. Patent Overview

• Title: Universal Secure Registry
• Brief Description: The ’813 patent describes systems and methods for verifying an account holder's identity before authorizing a financial transaction at a Point-of-Sale (POS) device. The invention uses a central "secure registry" database that stores user authentication data (e.g., biometric information, secret codes) to approve transactions and reduce fraud.

3. Grounds for Unpatentability

Ground 1: Obviousness over Maes and Jakobsson - Claims 1-2, 4-5, 11, 13, 16-20, and 24 are obvious over Maes in view of Jakobsson.

• Prior Art Relied Upon: Maes (Patent 6,016,476) and Jakobsson (WO 2004/051585).
• Core Argument for this Ground:
  • Prior Art Mapping: Petitioner argued that Maes disclosed the core elements of the challenged claims, including a portable electronic ID device (a PDA) that authenticates a user via biometric data or a PIN to conduct financial transactions. The PDA communicates with a remote financial institution server (the claimed "secure registry") via a POS terminal. Petitioner contended that to the extent Maes did not explicitly teach generating a "non-predictable value" for authentication, Jakobsson supplied this missing element. Jakobsson taught a user authentication device that generates a dynamic, non-predictable authentication code by combining a stored secret, a time-varying value, and user data (such as a PIN or biometric information) for verification by a remote server.
  • Motivation to Combine: A POSITA would combine Jakobsson’s advanced encryption method with Maes’s transaction system to improve security against fraud—a problem both references aimed to solve. Petitioner asserted that Maes itself suggested using any "known encryption technique," and Jakobsson provided such a technique. The combination was presented as the application of a known technique (Jakobsson's dynamic authentication code) to a similar, known system (Maes's transaction framework) to achieve the predictable result of enhanced security.
  • Expectation of Success: A POSITA would have a reasonable expectation of success because both systems operated in the same field of handheld authentication devices and involved similar architectures (a user device, an intermediary terminal, and a remote authentication server), making the integration of Jakobsson's security algorithm into Maes's system straightforward.

Ground 2: Obviousness over Maes, Jakobsson, and Maritzen - Claims 6-10 are obvious over Maes and Jakobsson in view of Maritzen.

• Prior Art Relied Upon: Maes (Patent 6,016,476), Jakobsson (WO 2004/051585), and Maritzen (Application # 2004/0236632).

• Core Argument for this Ground:

  • Prior Art Mapping: This ground built upon the combination of Maes and Jakobsson to address claim 6, which added the limitation that the electronic ID device prevents user input if a biometric authentication attempt fails. Petitioner argued that Maes taught prohibiting a transaction upon failed verification, but Maritzen provided a more explicit disclosure. Maritzen described a personal transaction device that remains locked, preventing user input, until a "Biometric control manager" successfully verifies the user's biometric information and unlocks the device.
  • Motivation to Combine: A POSITA would be motivated to incorporate Maritzen’s explicit locking feature into the Maes/Jakobsson system to further enhance local device security, a common goal across all three references. Adding a pre-authentication lock was argued to be a well-known security measure for preventing unauthorized use. This combination involved applying a known security feature from Maritzen to the known transaction system of Maes/Jakobsson to achieve the predictable result of improved access control.
  • Expectation of Success: The combination was presented as predictable because all three references address user authentication for transactions using handheld devices. Integrating Maritzen's specific local security feature (locking the device pre-authentication) into the existing local authentication process of Maes was a simple and expected design choice for enhancing security.

• Additional Grounds: Petitioner asserted an additional obviousness challenge against claims 14, 15, 22, 23, 25, and 26 based on the combination of Maes, Jakobsson, and Labrou (Application # 2004/0107170). This ground relied on Labrou for its teachings on user interfaces for browsing and selecting products for purchase to meet limitations related to displaying and accepting purchase options.

4. Key Claim Construction Positions

• "Biometric Input": Petitioner proposed this term means "information about a user's physical characteristics, such as fingerprint, voice print, signature, iris or facial scan, DNA analysis, or personal photograph." This construction was crucial for distinguishing it from a PIN, which Petitioner argued is "secret information," not biometric data.
• "Secret Information": Proposed as "information known and input by an authorized user, such as a PIN, a phrase, a password, or a passcode of the user." This construction supported mapping prior art PIN/password systems to this limitation.
• "Secure Registry": Proposed as "a database with access restrictions." This broad construction was key to Petitioner's argument that conventional financial institution servers and back-end databases taught in the prior art met this claim limitation without requiring a novel structure.

5. Key Technical Contentions (Beyond Claim Construction)

• Not a "Technological Invention": As part of the threshold requirement for a Covered Business Method (CBM) review, Petitioner dedicated significant argument to contending that the ’813 patent was not directed to a "technological invention." Petitioner argued the patent merely recited the use of conventional, well-known technological components (e.g., general-purpose processors, biometric sensors, user interfaces, databases) to automate a fundamental, non-technical business practice: verifying identity to control access to accounts and authorize financial transactions. It was argued that the patent did not solve a technical problem with a technical solution but rather used generic technology to address an economic or business problem.

6. Relief Requested

• Petitioner requested institution of a Covered Business Method review and cancellation of claims 1-2, 4-11, 13-20, and 22-26 of the ’813 patent as unpatentable under 35 U.S.C. §103.