Apple Inc v. RFCyber Corp

1. Case Identification

• Case #: IPR2022-00413
• Patent #: 9,240,009
• Filed: January 14, 2022
• Petitioner(s): Apple Inc.
• Patent Owner(s): RFCyber Corp.
• Challenged Claims: 1-17

2. Patent Overview

• Title: Mobile Device for Secure Transactions
• Brief Description: The ’009 patent discloses techniques for personalizing a secure element (SE), such as a smart card within a mobile device, and provisioning applications like an electronic purse (e-purse) for conducting secure commercial transactions over a network.

3. Grounds for Unpatentability

Ground 1: Obviousness over Dua and GlobalPlatform - Claims 1-6 and 13-17 are obvious over Dua in view of GlobalPlatform.

• Prior Art Relied Upon: Dua (Application # 2006/0165060) and GlobalPlatform (GlobalPlatform Card Specification Version 2.1.1, Mar. 2003).
• Core Argument for this Ground:
  • Prior Art Mapping: Petitioner argued that Dua disclosed a mobile device with an embedded smart card and a "wallet application" for conducting financial transactions, such as paying for subway fare. Dua taught that applications (called "extensions") could be downloaded from a server (a Wireless Credential Manager or WCM) to the device. However, Dua lacked specific implementation details for securing and managing the smart card. Petitioner asserted that GlobalPlatform, a well-known industry standard for smart card infrastructure, supplied these details. A person of ordinary skill in the art (POSITA) would have implemented Dua’s system using GlobalPlatform’s standardized "Card Manager" (the claimed "module") and its architecture for establishing secure channels, managing application lifecycles (installing, personalizing, deleting), and using Application Identifiers (AIDs) to identify applications.
  • Motivation to Combine: A POSITA would combine Dua’s mobile payment system with the GlobalPlatform standard because Dua explicitly referenced the need for systems to meet standards developed by card organizations. GlobalPlatform was the de facto standard for this purpose, providing a common security and card management architecture. Furthermore, Dua's mention of Java would lead a POSITA to Java Card, for which GlobalPlatform provides the standard management and security layer.
  • Expectation of Success: The combination was presented as a predictable integration of a conceptual system (Dua) with a well-defined, standardized implementation framework (GlobalPlatform) to achieve the known benefits of secure and interoperable smart card management.

Ground 2: Obviousness over Dua, GlobalPlatform, and Smart Card Handbook - Claims 7-10 are obvious over Dua in view of GlobalPlatform and Smart Card Handbook.

• Prior Art Relied Upon: Dua (Application # 2006/0165060), GlobalPlatform (Mar. 2003 specification), and Smart Card Handbook (Third Edition, 2003).
• Core Argument for this Ground:
  • Prior Art Mapping: This ground augmented the combination of Ground 1 with the Smart Card Handbook to address limitations in dependent claims 7-10 concerning specific personalization processes. Petitioner argued that the handbook taught textbook techniques for key generation, such as deriving a card-specific key from a unique identifier like a "card number" or "chip number." The personalization process claimed in claims 7-10, including retrieving device information, generating keys based on that information, and storing them on the secure element, was allegedly a "typical" procedure described in the handbook. The handbook also disclosed that standard device information included manufacturer and batch numbers.
  • Motivation to Combine: A POSITA implementing the system of Dua and GlobalPlatform would have naturally consulted a standard reference like the Smart Card Handbook for well-established techniques for key management and generation. Applying this known, "typical" technique was a logical step to secure the personalization data for applications on the smart card.
  • Expectation of Success: Implementing a textbook method for key derivation was argued to be a straightforward task with a high expectation of success, as it applied a known technique for its intended purpose.

Ground 3: Obviousness over Dua, GlobalPlatform, Smart Card Handbook, and Thibadeau - Claims 11-12 are obvious over the combination of Ground 2 and Thibadeau.

• Prior Art Relied Upon: Dua (Application # 2006/0165060), GlobalPlatform (Mar. 2003 specification), Smart Card Handbook (2003), and Thibadeau (Application # 2006/0174352).
• Core Argument for this Ground:
  • Prior Art Mapping: This ground added Thibadeau to address claim 11’s limitation requiring the secure element to be a "software module installed in a secure memory space only accessible by a distributor." Petitioner contended that while Dua taught an "embedded smart card," Thibadeau explicitly taught implementing "virtual smart cards" as software modules within a device's secure storage. These virtual cards were managed by a Card Operating System (COS) designed to interface with standard environments like GlobalPlatform, and Thibadeau taught that the virtual card data was stored in an "externally inaccessible area" of storage.
  • Motivation to Combine: A POSITA would have been motivated to replace the physical embedded smart card of Dua with Thibadeau’s virtual smart card implementation to gain the known benefits of increased storage capacity and greater flexibility. This would allow more applications to be hosted on the device than a physical smart card with limited memory would permit.
  • Expectation of Success: Integrating a virtualized smart card into a GlobalPlatform-managed system was presented as a predictable use of known technologies to achieve the predictable result of overcoming the storage limitations of physical hardware.

4. Arguments Regarding Discretionary Denial

• Petitioner argued that discretionary denial under the Fintiv factors was unwarranted. The petition sought to join an already-instituted IPR proceeding (IPR2021-00981), which promotes administrative efficiency. Furthermore, Petitioner asserted that the parallel district court litigation was in its earliest possible stage, with no scheduling conference held or trial date set, ensuring that the Board’s Final Written Decision would issue long before any potential trial.

5. Relief Requested

• Petitioner requests the institution of an inter partes review and the cancellation of claims 1-17 of Patent 9,240,009 as unpatentable under 35 U.S.C. §103.