Apple Inc v. Universal Secure Registry LLC

1. Case Identification

• Case #: IPR2018-00809
• Patent #: Patent 9,530,137
• Filed: April 4, 2018
• Petitioner(s): Apple Inc.
• Patent Owner(s): Universal Secure Registry, LLC
• Challenged Claims: 1, 2, and 5-12

2. Patent Overview

• Title: System for User Authentication and Transaction Approval
• Brief Description: The ’137 patent relates to systems for authenticating a user to approve a transaction. The system uses a first device to perform local authentication based on secret information (e.g., a PIN) and biometric information, then generates and transmits a one-time token using a time-varying value to a second, remote device for final authentication and transaction approval.

3. Grounds for Unpatentability

Ground 1: Obviousness over Jakobsson and Maritzen

• Claims 1, 2, 6, 7, 9, 10, and 12 are obvious over Jakobsson in view of Maritzen.
  • Prior Art Relied Upon: Jakobsson (International Publication No. WO 2004/051585) and Maritzen (Application # 2004/0236632).
  • Core Argument for this Ground:
    • Prior Art Mapping: Petitioner argued that Jakobsson teaches the core authentication system recited in independent claims 1 and 12. Jakobsson’s “user authentication device 120” was mapped to the claimed “first device” which authenticates a user via a PIN (“secret information”) and biometrics, includes a wireless transceiver, and generates an authentication code. This code was argued to be a signal including first authentication information, an indicator of biometric authentication (Jakobsson’s “event state E,” such as the strength of a biometric match), and a time-varying value (Jakobsson’s “dynamic value T”). This signal is transmitted to a remote “verifier 105,” which is the claimed “second device.” Petitioner asserted that to the extent Jakobsson’s disclosure of enabling access to “financial services” was insufficient, Maritzen was cited to explicitly teach applying such an authentication system for “conducting a financial transaction.”
    • Motivation to Combine: A POSITA would combine the references as they are in the same field of secure electronic transactions, address the identical problem of electronic fraud, and disclose similar system architectures (a user device, an intermediary, and a remote server). Petitioner argued it would have been an obvious and simple step to apply Jakobsson’s robust authentication method to the specific financial transaction context explicitly described by Maritzen to improve security.
    • Expectation of Success: Combining these known elements would predictably result in a secure financial transaction system, as it amounts to using a known authentication technique for its intended purpose.

Ground 2: Obviousness over Jakobsson, Maritzen, and Niwa

• Claim 5 is obvious over Jakobsson in view of Maritzen and Niwa.
  • Prior Art Relied Upon: Jakobsson (WO 2004/051585), Maritzen (Application # 2004/0236632), and Niwa (Patent 6,453,301).
  • Core Argument for this Ground:
    • Prior Art Mapping: This ground challenged dependent claim 5, which adds the limitation that the processor is configured to “compare stored authentication information with the authentication information of the user.” The combination of Jakobsson and Maritzen provides the base system as in Ground 1. Petitioner added Niwa to explicitly teach this comparison step. While Jakobsson teaches storing user data, Petitioner argued Niwa expressly discloses a fingerprint identification device that produces an authentication code only "when a fingerprint of the customer matches a stored fingerprint." This teaching was mapped directly to the comparison limitation of claim 5.
    • Motivation to Combine: A POSITA would combine Niwa because its teachings are expressly incorporated by reference into Maritzen, making it part of the same disclosure. Furthermore, all three references address securing financial transactions. Implementing the general authentication of Jakobsson using Niwa's specific comparison-based method was argued to be an obvious design choice to achieve a functional and secure system. Petitioner added it would have been obvious to try, as comparing a received value to a stored value is one of a finite number of predictable solutions for user authentication.

Ground 3: Obviousness over Jakobsson, Maritzen, and Schutzer

• Claims 8 and 11 are obvious over Jakobsson in view of Maritzen and Schutzer.
  • Prior Art Relied Upon: Jakobsson (WO 2004/051585), Maritzen (Application # 2004/0236632), and Schutzer (European Application # EP 1028401).
  • Core Argument for this Ground:
    • Prior Art Mapping: This ground adds Schutzer to the base Jakobsson/Maritzen combination to teach the limitations of dependent claims 8 and 11. For claim 8’s “multidigit public ID code for a credit card,” Petitioner pointed to Schutzer’s disclosure of an “anonymous or alternate card number” used in place of the real card number, which is then mapped to the proper account by the issuer. For claim 11’s “networked credit card validation-information entity,” Petitioner mapped Schutzer’s “card issuer’s server,” which receives authorization requests for the alternate card number and validates the transaction.
    • Motivation to Combine: A POSITA would combine Schutzer’s teachings via simple substitution of known elements. The base combination discloses a generic remote authentication server, while Schutzer teaches a specific implementation of such a server (a credit card validation server) for the same purpose. Petitioner argued it would have been obvious to substitute Schutzer's specialized server and alternate number system into the Jakobsson/Maritzen framework to gain the well-understood benefit of obscuring a user's actual credit card number during a transaction, a known solution to a known problem.

4. Key Claim Construction Positions

• "biometric information": Petitioner argued this term should be construed as "information about a user's physical characteristics, such as fingerprint, voice print, signature..." This construction was asserted as critical to maintain a distinction from "secret information" (like a PIN). Petitioner noted that while the ’137 patent contains one inconsistent passage listing a PIN as biometric, the overwhelming context of the specification and the understanding of a POSITA requires biometrics to be physical traits.
• "secret information": Proposed as "information known and input by an authorized user, such as a PIN, a phrase, a password, or a passcode of the user." This construction complements the proposed construction of "biometric information" by clearly delineating knowledge-based authenticators from physical-trait-based authenticators.
• "authentication information": Proposed as "information used by the system to verify the identity of an individual." This broad construction was used to support Petitioner’s mapping of various data packets and codes from the prior art references to this claim limitation, arguing the patent uses the terms "verification," "identification," and "authentication" interchangeably.

5. Relief Requested

• Petitioner requests institution of an inter partes review and cancellation of claims 1, 2, and 5-12 of Patent 9,530,137 as unpatentable under 35 U.S.C. §103.