PTAB

IPR2025-00697

USAA Federal Savings Bank v. PACid Technologies LLC

Log In
Key Events
Petition
petition

1. Case Identification

2. Patent Overview

  • Title: SYSTEM AND METHOD FOR AUTHENTICATING USERS
  • Brief Description: The ’993 patent discloses methods for user authentication where a security application on a computing device generates a "secret" based on a unique user input. When the device receives a communication containing an identifier associated with the secret, it prompts the user for the input, verifies it, and then transmits a second communication encoded with the secret.

3. Grounds for Unpatentability

Ground 1A: Obviousness over Immega-Day - Claims 1-4, 6-7, and 9-12 are obvious over Immega in view of Day.

  • Prior Art Relied Upon: Immega (Application # 2003/0140235) and Day (Application # 2007/0061567).
  • Core Argument for this Ground:
    • Prior Art Mapping: Petitioner argued that Immega disclosed a method for secure biometric messaging using a "modified enrolled fingerprint feature set" (MEFFS) as a "secret" generated from a user's fingerprint ("unique user input"). This secret is used to encrypt and certify messages between users. Day taught a secure email utility that automatically stores public keys ("credentials") in an email client's existing contacts database to simplify encryption. Petitioner asserted that Immega's MEFFS secrets are analogous to Day's public keys, and the combination discloses storing Immega's MEFFS in a directory like Day's contacts database.
    • Motivation to Combine: A POSITA would combine Immega and Day to provide a concrete, efficient, and user-friendly implementation for storing the secrets disclosed in Immega. Day's teaching of using an existing email contacts database offered a known and simple method to organize and manage encryption data, which would simplify the system design and co-locate all necessary information (e.g., email address, keys) for communicating with a contact.
    • Expectation of Success: A POSITA would have an expectation of success because both references address securing email communications with encryption keys. Integrating Immega's biometric key generation method with Day's conventional key storage method was portrayed as a predictable combination of known techniques to improve a similar system.

Ground 1B: Obviousness over Immega-Day-Tomko - Claims 8, 13-15, and 17-22 are obvious over Immega and Day in view of Tomko.

  • Prior Art Relied Upon: Immega (Application # 2003/0140235), Day (Application # 2007/0061567), and Tomko (Patent 6,002,770).
  • Core Argument for this Ground:
    • Prior Art Mapping: This ground builds on the Immega-Day combination by adding Tomko, which taught generating an encrypted decryption key based on a fingerprint signal and storing the key in its encrypted form. Petitioner argued this directly addresses limitations requiring encryption of the secret prior to storage (claim 8). Tomko also explicitly disclosed the necessary hardware components for such a system, such as a processor and memory, which Petitioner mapped to the apparatus claims (e.g., 13, 22).
    • Motivation to Combine: A POSITA would be motivated to incorporate Tomko's teachings to enhance the security of the Immega-Day system. Storing the secret (MEFFS) in an encrypted format, as taught by Tomko, was presented as a known technique to protect sensitive information from being compromised if the device's memory was accessed. Tomko also provided well-understood hardware implementation details that Immega lacked.
    • Expectation of Success: Success would be expected as Tomko, like Immega, is directed to secure data handling between remote stations using fingerprints. A POSITA would naturally look to a similar reference like Tomko to find solutions for improving security and for guidance on hardware implementation.

Ground 2A: Obviousness over Mardikar-Chhabra - Claims 1-4, 6-7, 9-15, 17-18, and 20-22 are obvious over Mardikar-318 in view of Chhabra.

  • Prior Art Relied Upon: Mardikar-318 (Patent 8,108,318) and Chhabra (Patent 8,234,697).
  • Core Argument for this Ground:
    • Prior Art Mapping: Petitioner asserted that Mardikar-318 disclosed a mobile device with a biometric sensor and a secure element (SE) for authenticating financial transactions. A "biometric profile" ("secret") is generated from user input and stored on the SE. Chhabra taught a system for secure mobile internet transactions where a user is redirected from a merchant site to a payment provider's site (e.g., PayPal) and provides biometric input for authorization. The combination allegedly discloses using Chhabra's browser-based transaction flow with Mardikar's secure, device-level biometric authentication architecture.
    • Motivation to Combine: A POSITA would combine these references to create a more convenient and secure end-to-end process for web-based financial transactions. Chhabra's teachings on handling browser redirection and user authorization for an online payment service would supplement Mardikar's system, which focused on the device-side secure element, to create a complete and commercially relevant system.
    • Expectation of Success: The strong similarities in the goals of both references—enabling secure mobile transactions via biometric authentication—would have provided a POSITA with a reasonable expectation of success. Integrating a known web-based authentication flow with a secure hardware token was argued to be a straightforward design choice.
  • Additional Grounds: Petitioner asserted additional obviousness challenges based on combinations including Howard (Application # 2002/0118836) for teaching the use of decoy keys to enhance security, and Duffy (Application # 2004/0111625) for teaching a method to regenerate a private key from a biometric value and a stored mapping key.

4. Arguments Regarding Discretionary Denial

  • Petitioner argued that discretionary denial under Fintiv would be inappropriate. It contended that the Board’s Final Written Decision would likely issue three months before the statistically-indicated trial date in the parallel district court litigation. Petitioner also asserted that it filed the petition at an early stage of the litigation, before claim construction or scheduling orders, and that the petition challenges a material number of claims (1-22) beyond those asserted in the district court case (1-4, 6, 8-12).

5. Relief Requested

  • Petitioner requests institution of IPR and cancellation of claims 1-22 of the ’993 patent as unpatentable.