Samsung Electronics America Inc v. RFCyber Corp

1. Case Identification

• Case #: IPR2021-00981
• Patent #: 9,240,009
• Filed: June 15, 2021
• Petitioner(s): Samsung Electronics America, Inc. and Samsung Electronics Co., Ltd.
• Patent Owner(s): RFCyber Corp.
• Challenged Claims: 1-17

2. Patent Overview

• Title: Mobile Device for Conducting a Secured Transaction Over a Network
• Brief Description: The ’009 patent discloses techniques for personalizing a secure element (SE), such as a smart card embedded in a mobile device, and provisioning applications (e.g., an electronic purse) onto the SE for use in secure commercial transactions.

3. Grounds for Unpatentability

Ground 1: Claims 1-6 and 13-17 are obvious over Dua in view of GlobalPlatform.

• Prior Art Relied Upon: Dua (Application # 2006/0165060) and GlobalPlatform (GlobalPlatform Card Specification Version 2.1.1, Mar. 2003).
• Core Argument for this Ground:
  • Prior Art Mapping: Petitioner asserted that Dua discloses a mobile device with an embedded smart card and a "wallet application" capable of hosting "extensions" (e.g., a stored-value card) for financial transactions. However, Dua lacks specific implementation details for managing and securing the smart card. Petitioner argued that GlobalPlatform, a well-known industry standard for secure chip card technology, supplies these missing details. The combination taught a mobile device (Dua) with a processor, memory, and an interface to a secure element (Dua's smart card implemented per GlobalPlatform). The claimed "module" was equated to GlobalPlatform's "Card Manager," and the claimed "application" to Dua's "extensions." GlobalPlatform's standard procedures for establishing secure channels, loading applications, and using application identifiers (AIDs) were argued to meet the limitations for sending identifiers, establishing secured channels with a server (Dua's Wireless Credential Manager, or WCM), and associating applications with the secure element.
  • Motivation to Combine: A person of ordinary skill in the art (POSITA) implementing Dua's system would have been motivated to use the GlobalPlatform standard. Dua explicitly referenced the need to meet standards defined by card organizations, and GlobalPlatform was the de facto industry standard for this purpose. Furthermore, Dua’s disclosure of Java-based applets would have directed a POSITA to GlobalPlatform, which is designed to manage Java Card applications. The combination represented a predictable implementation of Dua's conceptual framework using a standard, off-the-shelf solution.
  • Expectation of Success: A POSITA would have had a high expectation of success in combining the references because it involved applying a mature industry standard (GlobalPlatform) to its intended environment—a smart card in a mobile device (Dua)—to achieve the predictable result of a secure, manageable application environment.

Ground 2: Claims 7-10 are obvious over Dua, GlobalPlatform, and Smart Card Handbook.

• Prior Art Relied Upon: Dua (Application # 2006/0165060), GlobalPlatform, and Smart Card Handbook (Third Edition, 2003).
• Core Argument for this Ground:
  • Prior Art Mapping: This ground built upon the combination of Dua and GlobalPlatform to address the specific personalization process limitations in claims 7-10. Petitioner contended that these claims recite generating and receiving keys in a Trusted Service Management (TSM) server based on device information. While Dua and GlobalPlatform provided the framework, the Smart Card Handbook provided the explicit, "text-book" knowledge for these detailed implementation steps. The Handbook taught a typical method for key generation where a server (TSM) uses a unique card identifier (e.g., card number) and a master key to derive a card-specific key. This key is then used to encrypt personalization data sent to the card. The Handbook also disclosed that device information on smart cards routinely included manufacturer and batch numbers.
  • Motivation to Combine: When implementing the secure personalization of the Dua/GlobalPlatform system, a POSITA would have naturally turned to a standard, authoritative text like the Smart Card Handbook for well-known and reliable techniques for key derivation and management. Applying this known technique was an obvious design choice to achieve secure personalization.
  • Expectation of Success: A POSITA would have reasonably expected success because this ground involved applying a conventional key generation method from a standard handbook to a standard smart card architecture (GlobalPlatform) to perform a routine task.

Ground 3: Claims 11-12 are obvious over Dua, GlobalPlatform, Smart Card Handbook, and Thibadeau.

• Prior Art Relied Upon: Dua (Application # 2006/0165060), GlobalPlatform, Smart Card Handbook, and Thibadeau (Application # 2006/0174352).
• Core Argument for this Ground:
  • Prior Art Mapping: This ground addressed claims 11 and 12, which require the secure element to be a software module installed in a secure memory space accessible only by a distributor. Petitioner argued that Thibadeau taught this precise implementation. Thibadeau described "virtual smart cards" managed by a Card Operating System (COS) that runs in a device's secure memory. This COS was explicitly designed to interface with standard environments like GlobalPlatform, and the virtual cards were stored in an "externally inaccessible area" of storage, making them hidden from unauthorized access.
  • Motivation to Combine: A POSITA would combine Thibadeau with the other references to increase the flexibility and storage capacity of the secure element beyond that of a physical smart card. Thibadeau provided a known method to achieve a predictable result: hosting more applications on the mobile device in a secure, GlobalPlatform-compliant manner by leveraging the device's larger secure memory instead of a physical chip's limited memory.
  • Expectation of Success: The combination had a high expectation of success because Thibadeau's virtual smart card system was designed to integrate with the very standards (GlobalPlatform) used in the primary combination, representing a predictable evolution of the technology.

4. Arguments Regarding Discretionary Denial

• Petitioner argued that discretionary denial would be unwarranted.
• General Plastic Factors: Petitioner asserted its challenge was substantively distinct from a parallel IPR filed by Google, as it relied on different primary prior art (Dua vs. Staib). It also argued that as co-defendants in litigation, Samsung and Google did not have a sufficiently significant relationship to justify denial, and this petition was filed promptly.
• Fintiv Factors: Petitioner argued that the co-pending district court case was in its earliest stages, with discovery having just begun and a trial date many months after the Board's institution decision deadline. Petitioner also filed a stipulation under Sotera, agreeing not to pursue in litigation any invalidity ground that was raised or could have been reasonably raised in the IPR, which it argued weighed strongly against discretionary denial.

5. Relief Requested

• Petitioner requested institution of an inter partes review (IPR) and cancellation of claims 1-17 of the ’009 patent as unpatentable under 35 U.S.C. §103.