Apple Inc v. CardWare Inc

1. Case Identification

• Case #: IPR2025-01150
• Patent #: 11,176,538
• Filed: June 24, 2025
• Petitioner(s): Apple Inc.
• Patent Owner(s): CardWare Inc.
• Challenged Claims: 19-30

2. Patent Overview

• Title: Secure Smart Tokenizing Electronic Payment Devices
• Brief Description: The ’538 patent describes methods for emulating a credit card on an electronic device. The technology focuses on generating limited-duration or limited-use payment numbers to enhance security for online payment transactions conducted via wireless interfaces like near field communications (NFC).

3. Grounds for Unpatentability

Ground 1: Claims 19 and 24 are obvious over Kalgi, Khan, and Varadarajan

• Prior Art Relied Upon: Kalgi (WO 2013/0013499), Khan (Application # 2014/0019367), and Varadarajan (Application # 2011/0184876).
• Core Argument for this Ground:
  • Prior Art Mapping: Petitioner argued that Kalgi taught the foundational method of performing an online payment transaction using an e-wallet application on a mobile electronic device. This included receiving a payment request, displaying selectable payment account options on a touch-screen, and receiving user authorization. Petitioner asserted that while Kalgi disclosed wireless communication, Khan explicitly taught using a wireless interface (WIFI) to transfer payment information, including crypto data, from a portable device. To address the security aspect of generating limited-use numbers, Petitioner pointed to Varadarajan, which taught generating a dynamic card value (DCV) to replace a static value like a PAN or CVV, with the DCV expiring after a limited number of uses.
  • Motivation to Combine: A POSITA would combine Kalgi’s e-wallet system with Khan’s explicit teaching of a WIFI interface to achieve the predictable result of conducting online transactions wirelessly, a ubiquitous configuration for mobile devices. To address the known security vulnerabilities of online transactions, a POSITA would be motivated to incorporate Varadarajan’s DCV generation into the Kalgi system. This would improve security by replacing static, vulnerable payment information with a dynamic, limited-use number, a known technique for fraud prevention.
  • Expectation of Success: Petitioner contended a POSITA would have a high expectation of success, as the combination involved integrating known technologies for their intended purposes. Modifying Kalgi's system, which already contemplated dynamic CVVs, to use Varadarajan's more secure DCV would require only routine software modifications.

Ground 2: Claims 20 and 22 are obvious over Kalgi, Khan, Varadarajan, and Hammad

• Prior Art Relied Upon: Kalgi, Khan, Varadarajan, and Hammad (Patent 7,740,168).
• Core Argument for this Ground:
  • Prior Art Mapping: This ground built upon the combination in Ground 1, adding the teachings of Hammad to address limitations related to generating a cryptogram number. Petitioner argued that Hammad disclosed a method for dynamically generating a dynamic CVV (dCVV) by cryptographically combining multiple data elements. These elements included dynamic data like an application transaction counter (ATC) and static data such as user information, account numbers, and secrets (e.g., a master derivation key) known to a payment processing authority.
  • Motivation to Combine: A POSITA viewing the system of Ground 1 would seek to further enhance its security. Hammad provided a natural and logical extension of Varadarajan by teaching a more robust method of generating a dynamic number. A POSITA would combine Hammad's multi-factor cryptographic method with the base system to make the resulting limited-use number significantly harder to compromise, thus providing a more secure transaction.
  • Expectation of Success: The modification would be a predictable improvement, as it involved enhancing an existing security feature (dynamic number generation) with a more advanced, but conceptually similar, technique.

Ground 3: Claim 21 is obvious over Kalgi, Khan, Varadarajan, and Smith

• Prior Art Relied Upon: Kalgi, Khan, Varadarajan, and Smith (Application # 2010/0125508).
• Core Argument for this Ground:
  • Prior Art Mapping: This ground added Smith to the base combination of Ground 1 to address claim limitations requiring a static, device-specific account number. Petitioner asserted that Smith taught a system for issuing a "mobile PAN" (PPAN)—a tokenized, device-specific account number—that is mapped to the user's actual PAN but stored on the device in its place. This PPAN is static for the specific device and has a limited scope of valid use.
  • Motivation to Combine: A POSITA would be motivated to substitute the standard account number in the Kalgi/Varadarajan combination with Smith's device-specific PPAN to increase security. It was well known that storing a user's actual PAN on a mobile device was risky. Using Smith's tokenized PPAN would predictably remove this risk, as a compromised device would only reveal the PPAN, not the underlying permanent account number.
  • Expectation of Success: A POSITA would have a reasonable expectation of success in implementing this substitution. The PPAN from Smith functioned as a direct replacement for a traditional PAN in a payment transaction, making its integration into the Kalgi system a straightforward substitution of one known element for another to achieve a predictable security benefit.
• Additional Grounds: Petitioner asserted additional obviousness challenges against claims 23 and 25-30. These grounds relied on the core combinations above while adding Bauer (WO 2012/042262) for its teachings on user authentication security (e.g., limiting failed PIN attempts before locking an account) and Kranzley (Application # 2010/0125509) for its teachings on using a device-specific expiration date with a virtual payment number.

4. Relief Requested

• Petitioner requested the institution of an inter partes review and the cancellation of claims 19-30 of the ’538 patent as unpatentable.