Apple Inc v. CardWare Inc

1. Case Identification

• Case #: IPR2025-01152
• Patent #: 11,620,634
• Filed: June 20, 2025
• Petitioner(s): Apple Inc.
• Patent Owner(s): Cardware Inc.
• Challenged Claims: 1-72

2. Patent Overview

• Title: Generating and Using Limited-Use Payment Information
• Brief Description: The ’634 patent describes systems and methods for emulating a credit card on an electronic device. The technology focuses on generating limited-duration or single-use payment information, such as a temporary payment number or cryptogram, to enhance security during electronic transactions.

3. Grounds for Unpatentability

Ground 1: Obviousness over Collinge, Lin, and Sahota - Claims 1-2, 7-11, 15, 27-28, 39, 41, 44-46, 49-50, 55-56, 60-63, 66-67, and 72 are obvious over Collinge in view of Lin and Sahota.

• Prior Art Relied Upon: Collinge (Application # 2013/0262317), Lin (WO 2010/039337), and Sahota (Application # 2005/0043997).
• Core Argument for this Ground:
  • Prior Art Mapping: Petitioner argued that Collinge taught the foundational method of generating and using single-use payment cryptograms (a form of limited-use payment information) for NFC transactions on a mobile device lacking a secure element. Collinge disclosed a mobile device that, after a user performs a "priming operation" (e.g., entering a PIN), generates a single-use cryptogram (e.g., CVC3) and transmits it to a POS terminal. To address claim limitations not explicitly in Collinge, Petitioner asserted Lin taught a mobile device receiving a payment request from a POS terminal via NFC to initiate a transaction. Petitioner further argued Sahota taught a payment device maintaining its own application transaction counter (ATC), a "per-transaction sequential parameter," to track transactions locally.
  • Motivation to Combine: A POSITA would combine Lin with Collinge to improve transaction security and control. Allowing the POS terminal to initiate the transaction by sending a payment request, as taught by Lin, gives the terminal greater control over the payment session and allows the user to verify the transaction amount before transmitting payment credentials. A POSITA would add Sahota's teaching of a device-side ATC to Collinge's system to enhance fraud protection, as maintaining a synchronized counter on both the device and a remote server was a known technique to prevent replay attacks.
  • Expectation of Success: A POSITA would have had a reasonable expectation of success because combining these known elements—NFC-initiated payment requests and device-side transaction counters—into a mobile payment system involved applying predictable solutions to improve security and functionality.

Ground 2: Obviousness over Collinge, Lin, Sahota, and Smith - Claims 3-6, 17-24, 29-32, 34-38, 40, 42, 47, 57-58, and 64 are obvious over Collinge, Lin, and Sahota in view of Smith.

• Prior Art Relied Upon: Collinge (Application # 2013/0262317), Lin (WO 2010/039337), Sahota (Application # 2005/0043997), and Smith (Application # 2010/0125508).

• Core Argument for this Ground:

  • Prior Art Mapping: This ground built upon the combination in Ground 1 and added Smith to teach the "storing a static device-specific user account information" limitation. Petitioner argued Smith disclosed a system where a temporary or mobile Primary Account Number (PAN), referred to as a PPAN, is issued and assigned to a specific mobile device. This PPAN is a static, device-specific number used in place of the user's actual PAN during transactions, which is then mapped to the actual PAN by the payment network. Petitioner asserted this PPAN constituted the claimed static device-specific account information.
  • Motivation to Combine: A POSITA would be motivated to incorporate Smith's PPAN system into the Collinge/Lin/Sahota framework to significantly enhance security. Collinge's system, designed for devices without a secure element, would be vulnerable if it stored the user's actual PAN. Using a device-specific PPAN as taught by Smith would replace the sensitive PAN with a token, mitigating the risk of compromise if the device's memory were breached. This was a known security-enhancing technique (tokenization).
  • Expectation of Success: A POSITA would expect success in this combination because both Collinge and Smith described systems compatible with MasterCard PayPass standards, making their technologies interoperable. Implementing a PAN alternative like a PPAN was a well-understood method for improving payment system security.

• Additional Grounds: Petitioner asserted additional obviousness challenges based on the core combination of Collinge, Lin, and Sahota, with further additions. Ground 3 added Kranzley (Application # 2010/0125509) for teaching a static device-specific expiration date. Ground 4 added Fadell (Application # 2009/0083850) for teaching user validation via a fingerprint sensor. Ground 5 added Yu (Application # 2009/0320123) for teaching user validation via motion sensor gestures.

4. Key Claim Construction Positions

• For the purposes of the IPR proceeding only, Petitioner adopted the claim constructions proposed by the Patent Owner in concurrent district court litigation to avoid disputes over claim scope.
• Key examples include construing "reduce" to mean "produce" (Claim 4), "Lather" to mean "further" (Claim 5), and "preforming" to mean "performing" (Claim 28).

5. Relief Requested

• Petitioner requests institution of an inter partes review and cancellation of claims 1-72 of Patent 11,620,634 as unpatentable under 35 U.S.C. §103.