Visa Inc v. Universal Secure Registry LLC

1. Case Identification

• Case #: IPR2018-01350
• Patent #: 8,856,539
• Filed: July 3, 2018
• Petitioner(s): Visa Inc. and Visa U.S.A. Inc.
• Patent Owner(s): Universal Secure Registry LLC
• Challenged Claims: 1-9, 16-31, 37, and 38

2. Patent Overview

• Title: Universal Secure Registry
• Brief Description: The ’539 patent describes a secure registry system for managing transactions while protecting user data. The system uses a time-varying multicharacter code to identify a user, allowing a third-party registry to provide selective access to the user's secure information (e.g., financial data) to complete a transaction without revealing that information to the primary provider (e.g., a merchant).

3. Grounds for Unpatentability

Ground 1: Obviousness over Brener, Weiss, and Desai - Claims 1-9, 16-31, 37, and 38 are obvious over the combination of Brener, Weiss, and Desai under 35 U.S.C. §103.

• Prior Art Relied Upon: Brener (WO 00/14648), Weiss (Patent 4,885,778), and Desai (Patent 6,820,204).
• Core Argument for this Ground:
  • Prior Art Mapping: Petitioner argued that the prior art combination taught every limitation of the challenged claims. Brener disclosed the foundational anonymous e-commerce system where a secure third-party provider stores a user’s identity and financial or shipping information, linking it to a "customer object" (a multicharacter code) used in transactions. This system shielded the user's real data from the vendor and provided role-based access to third parties (e.g., a shipper receives the address, a bank receives account data, but the vendor receives neither). Petitioner contended that Brener taught all elements of the claims except for the "time-varying" nature of the code and certain granular access restrictions.
  • To supply the "time-varying" limitation, Petitioner relied on Weiss, which shares an inventor with the ’539 patent. Weiss taught enhancing security by replacing fixed codes with periodically generated, non-predictable identification codes based on dynamic variables like the time of day. Petitioner asserted that applying this known security enhancement to Brener's static "customer object" would have been a simple and obvious modification.
  • To supply the limitation of determining access based on both the user's code and the provider's identity, Petitioner relied on Desai. While Brener taught role-based access, Desai taught a more granular system where a user could grant access to their stored profile data on an "element-by-element and user-by-user basis." This allowed a user to specifically authorize which vendors could access which pieces of their information, directly teaching the claimed provider-specific access restriction mechanism.
  • Dependent claims were argued to be obvious as they recited additional well-known features of secure e-commerce systems also taught by the combination, such as using encryption (Brener), anonymous delivery services (Brener), and processing credit card transactions (Brener).
  • Motivation to Combine: Petitioner argued a person of ordinary skill in the art (POSITA) would combine these references to achieve a predictable improvement in an anonymous transaction system. A POSITA would combine Brener and Weiss to improve the security of Brener's system, as replacing a static identifier with a time-varying one was a well-known technique to prevent fraud. Similarly, a POSITA would combine the resulting system with Desai's teachings to enhance user privacy and control, which was a primary goal of such systems. Adding Desai's granular, user-defined access controls was a natural extension of the basic role-based restrictions already present in Brener.
  • Expectation of Success: The combination involved applying known techniques (dynamic codes, granular database permissions) to a known type of system (anonymous e-commerce) to achieve the predictable benefits of enhanced security and user control. Petitioner asserted that implementing these complementary features would have been straightforward and would not have presented any significant technical challenges to a POSITA.

4. Key Claim Construction Positions

• “entity”: Petitioner proposed this term should be construed as a "purchasing party to a transaction who has data stored in the secure registry." This construction was argued to be consistent with the claim language and specification, which describes the "entity" as the user or customer whose data requires protection during a transaction.
• “based at least in part on the indication of the provider and the time-varying multicharacter code of the transaction request”: Petitioner argued this claim phrase modifies the element it immediately follows: "completing the transaction." However, Petitioner also contended that even if the Patent Owner argued the phrase modifies the "access restrictions" themselves, the claims would still be obvious over the prior art, as Desai taught access restrictions based on the specific provider (vendor) and user.

5. Relief Requested

• Petitioner requests institution of inter partes review and cancellation of claims 1-9, 16-31, 37, and 38 of the ’539 patent as unpatentable.