Askeladden LLC v. Jabaa LLC

1. Case Identification

• Case #: IPR2024-00916
• Patent #: 7,480,637
• Filed: May 24, 2024
• Petitioner(s): Askeladden, L.L.C.
• Patent Owner(s): Jabaa, L.L.C.
• Challenged Claims: 7-20

2. Patent Overview

• Title: Customer Authentication Apparatus and Method
• Brief Description: The ’637 patent discloses a customer authentication apparatus, such as a USB dongle or wireless card, designed to secure online transactions. The apparatus authenticates both the user, via a fingerprint sensor, and the website to improve transaction security.

3. Grounds for Unpatentability

Ground 1: Claims 7-9 and 20 are obvious over Rescorla in view of Mathiassen.

• Prior Art Relied Upon: Rescorla (“SSL and TLS: Designing and Building Secure Systems,” a 2001 book) and Mathiassen (Application # 2004/0123113).
• Core Argument for this Ground:
  • Prior Art Mapping: Petitioner argued that Rescorla taught the use of SSL/TLS handshake protocols for mutual authentication between a client and a server (website) in a secure online transaction. This protocol, initiated by the server, constitutes the “website-initiated transaction authentication request” of independent claim 7. Mathiassen taught a portable customer authentication apparatus—a USB device with a fingerprint sensor—that biometrically authenticates a user and encrypts communications. The combination allegedly met the claim limitations by implementing Rescorla’s widely-used authentication protocol on Mathiassen’s portable hardware. Mathiassen’s device would receive the server’s certificate (per Rescorla) to confirm the website's identity and use its fingerprint sensor to biometrically authenticate the user before generating and transmitting a cryptographically secure response, as required by the claims.
  • Motivation to Combine: A person of ordinary skill in the art (POSITA) would combine the ubiquitous and highly adaptable SSL/TLS protocols from Rescorla with Mathiassen’s portable biometric device. The motivation was to improve security—as biometrics are superior to passwords—and enhance interoperability by using a well-established security standard for a convenient hardware token.
  • Expectation of Success: A POSITA would have had a reasonable expectation of success because both references described flexible handshake protocols. Mathiassen’s device was designed for compatibility with various secure communication rules, and Rescorla explained that implementing SSL protocols involved routine skill.

Ground 2: Claims 10-14 are obvious over Rescorla in view of Mathiassen and Ryan.

• Prior Art Relied Upon: Rescorla, Mathiassen, and Ryan (Application # 2005/0109841).
• Core Argument for this Ground:
  • Prior Art Mapping: This ground built upon the combination in Ground 1 by adding teachings from Ryan. Ryan disclosed a compact personal token (“smart fob”) with features directly corresponding to the limitations of claims 10-14. Specifically, Ryan taught incorporating a wireless transceiver (e.g., RF antenna) for wireless communication, as required by claim 10. For claims 11-14, which require various user indicators, Mathiassen taught using LEDs (visual cue) and a beeper (audible cue), while Ryan taught using an LCD screen (displayed indicator cue) to provide messages, symbols, and other visual information to the user.
  • Motivation to Combine: A POSITA would have been motivated to add Ryan’s features to the Rescorla/Mathiassen device for predictable benefits. Adding a wireless interface would increase convenience, enabling contactless transactions. Incorporating an LCD screen would provide more specific and flexible user feedback (e.g., detailed error messages) compared to the simple LEDs and beepers disclosed in Mathiassen.
  • Expectation of Success: The combination was argued to be a predictable integration of known technologies. Ryan’s smart fob was highly similar to Mathiassen’s portable device, and adding a wireless interface or an LCD screen were common, well-understood improvements for such devices at the time.

Ground 3: Claims 15-20 are obvious over Mathiassen in view of Rescorla and Ryan.

• Prior Art Relied Upon: Mathiassen, Rescorla, and Ryan.
• Core Argument for this Ground:
  • Prior Art Mapping: This ground asserted that Mathiassen, as the primary reference, taught the core method of independent claim 15: a customer-initiated transaction. In Mathiassen, the user initiated the process by inserting the device and providing a fingerprint. Mathiassen further taught biometrically authenticating the user, processing and encrypting an assertion of successful authentication, and transmitting the resulting request. Rescorla’s teachings were added to provide a specific, widely-used protocol (SSL/TLS) for authenticating the receiving website and for including a time-varying parameter (a unique key for each session) to prevent replay attacks, as recited in the claims. The indicator cue limitations of dependent claims 16-19 were met by the combined teachings of Mathiassen (LEDs, beeper) and Ryan (LCD screen), as argued in Ground 2.
  • Motivation to Combine: The motivation to combine Mathiassen with Rescorla was to enhance the security and interoperability of Mathiassen’s device by implementing the industry-standard SSL/TLS protocol, enabling robust website authentication. The motivation to add Ryan’s teachings was to improve the user interface with more descriptive feedback via an LCD screen.
  • Expectation of Success: The combination would have yielded the predictable result of a secure, user-friendly authentication device. A POSITA would have been capable of integrating the standard software protocols of Rescorla with the hardware of Mathiassen and adding common user interface features from Ryan.

4. Arguments Regarding Discretionary Denial

• Petitioner argued against discretionary denial under §325(d) because none of the asserted prior art references (Rescorla, Mathiassen, Ryan) were cited or considered during the original prosecution of the ’637 patent.
• Petitioner also argued that discretionary denial under §314(a) would be inappropriate. The petition asserted that the ’637 patent had not been challenged in a previous IPR and was no longer subject to active litigation in any district court, thus the Fintiv factors weighed against denial.

5. Relief Requested

• Petitioner requests the institution of an inter partes review and the cancellation of claims 7-20 of Patent 7,480,637 as unpatentable.