USAA Federal Savings Bank v. PACid Technologies LLC

1. Case Identification

• Case #: IPR2025-00752
• Patent #: 10,044,689
• Filed: March 27, 2025
• Petitioner(s): USAA Federal Savings Bank
• Patent Owner(s): Guy Fielder
• Challenged Claims: 1-21

2. Patent Overview

• Title: System and Method for Authenticating Users
• Brief Description: The ’689 patent relates to a method for authenticating users on a mobile device by generating and storing a "secret" based on a unique user input. This secret is subsequently used to encode communications with a remote computing device to verify the user's identity.

3. Grounds for Unpatentability

Ground 1A: Obviousness over Immega-Day - Claims 1-4 and 6-8 are obvious over Immega in view of Day.

• Prior Art Relied Upon: Immega (Application # 2003/0140235) and Day (Application # 2007/0061567).
• Core Argument for this Ground:
  • Prior Art Mapping: Petitioner argued that Immega discloses a method for secure electronic messaging using biometric certification. In Immega, a mobile device with a fingerprint sensor generates a "secret"—a modified enrolled fingerprint feature set (MEFFS)—from a user's unique biometric input. This MEFFS is used to encrypt and certify communications between a sender and receiver. Day discloses a secure email utility, such as an extension for MS Outlook, that simplifies email encryption by automatically storing public credentials (keys) within the user’s existing contacts database. The combined teachings, Petitioner asserted, disclose all limitations of claim 1, including an application on a mobile device that generates a secret from a user input, stores it with an identifier, and uses it to verify the user to a remote device.
  • Motivation to Combine: A Person of Ordinary Skill in the Art (POSITA) would combine the references because Day provides a concrete and advantageous implementation for the storage of secrets described more generally in Immega. Storing Immega’s MEFFS within Day’s contacts database would be a predictable design choice to simplify system administration and co-locate all information needed for secure communication (e.g., email address and biometric key) in a single, easily managed record.
  • Expectation of Success: A POSITA would have had a reasonable expectation of success in this combination, as it involved applying a known data storage and management technique from Day to improve the functionality of a similar biometric security system from Immega, yielding the predictable benefit of a more streamlined and user-friendly system.

Ground 1B: Obviousness over Immega-Day-Tomko - Claims 5, 9-21 are obvious over Immega and Day in view of Tomko.

• Prior Art Relied Upon: Immega (Application # 2003/0140235), Day (Application # 2007/0061567), and Tomko (Patent 6,002,770).
• Core Argument for this Ground:
  • Prior Art Mapping: This combination addresses claims requiring the secret to be stored in an encrypted format (claim 5) and specifying device components like a processor and memory (claims 9-21). Petitioner argued that Tomko, which describes secure data handling between two remote stations using fingerprints, explicitly discloses systems with a processor, memory, and an input device. Critically, Tomko teaches enhancing security by generating and storing a decryption key in memory in an encrypted format.
  • Motivation to Combine: A POSITA would have been motivated to incorporate Tomko’s teachings into the Immega-Day system to provide well-known hardware components and to add a crucial layer of security. Storing the MEFFS secret in an encrypted form, as taught by Tomko, would be an obvious and important step to protect the secret if the mobile device were compromised.
  • Expectation of Success: Success was expected because adding standard hardware and implementing the known security technique of encrypting stored sensitive data would predictably improve the robustness of the Immega-Day system without altering its fundamental operation.

Ground 2A: Obviousness over Mardikar-Chhabra - Claims 1-4 and 6-7 are obvious over Mardikar-318 in view of Chhabra.

• Prior Art Relied Upon: Mardikar-318 (Patent 8,108,318) and Chhabra (Patent 8,234,697).
• Core Argument for this Ground:
  • Prior Art Mapping: Petitioner argued that Mardikar-318 discloses methods for securing financial transactions on an electronic device (e.g., a mobile phone) equipped with a biometric sensor and a secure element (SE) for storing secrets like a user’s biometric profile. Chhabra describes a system for secure online payment where a user is redirected from a merchant website to a payment provider’s page and authorizes the transaction using a fingerprint sensor. The combination, Petitioner asserted, teaches an application on a mobile device that receives a communication from a remote payment server, prompts for biometric input, generates a secret (biometric profile), stores it, and uses it to verify the user.
  • Motivation to Combine: A POSITA would combine these systems to leverage Chhabra’s convenient browser-based authentication flow within Mardikar-318’s robust SE-based security architecture. This would provide a user with a more seamless and secure process for completing web-based financial transactions.
  • Expectation of Success: A POSITA would expect success due to the strong similarities in the goals and components of the two systems. Combining them would predictably enhance user convenience and security for mobile payments.

Ground 2B: Obviousness over Mardikar-Chhabra-Duffy - Claims 1-21 are obvious over Mardikar-318 and Chhabra in view of Duffy.

• Prior Art Relied Upon: Mardikar-318 (Patent 8,108,318), Chhabra (Patent 8,234,697), and Duffy (Application # 2004/0111625).
• Core Argument for this Ground:
  • Prior Art Mapping: This combination addresses all challenged claims, particularly those requiring the secret to comprise a cryptographic key with static and dynamic portions. Petitioner argued that Duffy teaches a method to mitigate vulnerabilities from storing cryptographic keys. Instead of storing the full private key, Duffy stores a static "mapping key" generated during enrollment. This mapping key is then combined with a dynamic biometric value, captured fresh for each transaction, to regenerate the full private key only when needed.
  • Motivation to Combine: A POSITA would integrate Duffy’s key regeneration technique to further harden the security of the Mardikar-Chhabra system. By avoiding the permanent storage of the complete private key on the device, the combined system would be significantly less vulnerable to malicious actors, representing a clear security improvement.
  • Expectation of Success: Success was expected as Duffy provides a known and effective method for enhancing cryptographic security. Applying this technique to the Mardikar-Chhabra financial transaction system would predictably result in a more secure authentication process.

4. Arguments Regarding Discretionary Denial

• Petitioner argued that discretionary denial under Fintiv is unwarranted. The petition was filed at a very early stage of the parallel district court litigation, before significant discovery, infringement contentions, or claim construction briefing had occurred. Petitioner contended that the Board’s Final Written Decision (FWD) would likely issue months before the statistically-indicated trial date. Furthermore, the petition challenges all 21 claims of the ’689 patent, whereas the co-pending litigation involves only a subset (claims 1-2 and 4-8), meaning the IPR would address patentability issues more efficiently and completely.

5. Relief Requested

• Petitioner requests institution of an inter partes review and cancellation of claims 1-21 of the ’689 patent as unpatentable.