Friday, August 25, 2017 11:07:19 AM
IPR2017-01041
U.S. Patent No. 8,484,698
UNITED STATES PATENT AND TRADEMARK OFFICE
_______________________________________
BEFORE THE PATENT TRIAL AND APPEAL BOARD
_______________________________________
DUO SECURITY INC., CENTRIFY CORP.,
AND TRUSTWAVE HOLDINGS, INC.,
Petitioner,
v.
STRIKEFORCE TECHNOLOGIES, INC.,
Patent Owner.
_______________________________________
Case IPR2017-01041
U.S. Patent No. 8,484,698
_______________________________________
PATENT OWNER’S PRELIMINARY RESPONSE
UNDER 37 C.F.R. § 42.107
IPR2017-01041
U.S. Patent No. 8,484,698
i
TABLE OF CONTENTS
Page
I. INTRODUCTION ........................................................................................... 1
II. THE ’698 PATENT ......................................................................................... 6
A. Brief Description of the ’698 Patent ..................................................... 6
B. The Patent Office Has Already Considered and Rejected Arguments
Similar to Those in the Petition ........................................................... 11
III. CLAIM CONSTRUCTION .......................................................................... 13
A. Petitioner’s Proposed Claim Constructions Improperly Exclude
Embodiments Disclosed in the ’698 Patent ........................................ 14
B. Petitioner’s Proposed Claim Constructions Improperly Limit “Out-ofBand”
to “Separate Facilities” ............................................................. 19
C. The Preamble’s Recitation of “Multichannel Security System” Is Not
Limiting ............................................................................................... 21
IV. THE CONCLUSORY ASSERTIONS OF PETITIONER’S PROFFERED
EXPERT FAIL TO PROVIDE EVIDENCE OF A MOTIVATION TO
COMBINE THE ASSERTED REFERENCES ............................................ 24
A. Petitioner Fails to Sufficiently Show Why a POSITA Would Have
Been Motivated to Combine Feigen with Bulfer and Falk (Grounds 1
and 2) ................................................................................................... 25
1. Petitioner fails to explain why a POSITA would have turned to
multi-channel authentication to allegedly solve the problem of
implementing a higher security system .................................... 25
2. Petitioner’s proposed combination is based on impermissible
hindsight .................................................................................... 32
3. Petitioner ignores Feigen’s statements that teach away from
Petitioner’s combination ........................................................... 34
B. Petitioner’s Obviousness Arguments Rely Primarily on Its Expert’s
Conclusory Testimony about the State of the Art ............................... 37
C. Petitioner Relies on Expert Testimony that Merely Parrots the Petition
Without Providing Further Elaboration .............................................. 41
IPR2017-01041
U.S. Patent No. 8,484,698
ii
V. THERE IS NO REASONABLE LIKELIHOOD PETITIONER WOULD
PREVAIL ON ITS CONTENTION THAT THE PROPOSED
THREE-REFERENCE COMBINATION OF FEIGEN IN VIEW OF
BULFER AND FALK RENDERS THE CHALLENGED CLAIMS
OBVIOUS UNDER GROUND 1.................................................................. 45
A. Petitioner Fails to Articulate Clearly the Proposed Combination ....... 46
B. Petitioner Fails to Show that the Proposed Combination of Feigen,
Bulfer, and Falk Discloses Every Limitation of the Challenged Claims
under Ground 1 .................................................................................... 50
1. Petitioner fails to establish that the proposed combination
would have disclosed or rendered obvious all the limitations of
Claim 1 ...................................................................................... 51
(a) Petitioner fails to show that the proposed combination would
have disclosed or rendered obvious “receiving at an interception
device in a first channel a login identification demand to access
a host computer also in the first channel” (claim 1) ............ 51
(b) Petitioner fails to articulate clearly what portions of the prior art
it relies on and how these portions are combined to show
“verifying the login identification” (claim 1[c]) ....................... 53
(c) Petitioner fails to show that the proposed combination would
have disclosed or rendered obvious “receiving at a security
computer in a second channel the demand for access and the
login identification” (claim 1[d]) .............................................. 54
2. Petitioner fails to establish that the proposed combination
would have rendered obvious all the limitations of claim 48 ... 56
(a) Petitioner fails to show that the proposed combination would
have disclosed or rendered obvious a “first software module on
an Internet-connected web server” (claim 48) ..................... 56
(b) Petitioner fails to show that the proposed combination would
have disclosed or rendered obvious a “second software module
on a security computer different than the web server, wherein
the security computer is in an authentication channel” (claim
48[e]) ......................................................................................... 58
IPR2017-01041
U.S. Patent No. 8,484,698
iii
(c) Petitioner fails to show that the proposed combination would
have disclosed or rendered obvious a “subscriber database”
(claim 48[g]) ............................................................................. 59
3. Petitioner fails to show that the proposed combination would
have rendered obvious all of the limitations of claim 53. ......... 60
4. Petitioner fails to show that the proposed combination would
have disclosed or rendered obvious the construed structure for
“a component for receiving the transmitted data and comparing
said transmitted data to predetermined data” (claim 54[e])...... 61
VI. THERE IS NO REASONABLE LIKELIHOOD PETITIONER WOULD
PREVAIL ON ITS CONTENTION THAT THE PROPOSED
FOUR-REFERENCE COMBINATION OF FEIGEN IN VIEW OF
BULFER, FALK, AND TURTIANEN RENDERS THE CHALLENGED
CLAIMS OBVIOUS UNDER GROUND 2 ................................................. 62
A. Petitioner Fails to Sufficiently Show Why a POSITA Would Have
Been Motivated to Combine Feigen, Bulfer, and Falk with Turtianen
............................................................................................................. 62
B. Petitioner fails to demonstrate that the proposed four-reference
combination discloses all the limitations of claims 50 and 52 ............ 63
VII. CONSTITUTIONALITY OF INTER PARTES REVIEW ............................ 64
VIII. CONCLUSION .............................................................................................. 64
IPR2017-01041
U.S. Patent No. 8,484,698
iv
TABLE OF AUTHORITIES
Page(s)
Cases
Alcon Research, Ltd. v. Apotex Inc.,
687 F.3d 1362 (Fed. Cir. 2012) .......................................................................... 16
Am. Med. Sys., Inc. v. Biolitec, Inc.,
618 F.3d 1354 (Fed. Cir. 2010) .................................................................... 21, 22
Arendi S.A.R.L. v. Apple Inc.,
832 F.3d 1355 (Fed. Cir. 2016) .......................................................................... 56
Boehringer Ingelheim Int’l GmbH v. Biogen Inc.,
IPR2015-00418, Pap. 14 ............................................................................... 29, 32
Catalina Mktg. Int’l, Inc. v. Coolsavings.com, Inc.,
289 F.3d 801 (Fed. Cir. 2002) ...................................................................... 21, 22
Cisco Sys. Inc. v. C-Cation Techs., LLC,
IPR2014-00454, Pap. 12 ..................................................................................... 59
DePuy Spine, Inc. v. Medtronic Sofamor Danek, Inc.,
567 F.3d 1314 (Fed. Cir. 2009) .......................................................................... 35
DirecTV, LLC v. Qurio Holdings, Inc.,
IPR2015-02006, Pap. 6 ....................................................................................... 24
Dynamic Drinkware, LLC v. Nat’l Graphics, Inc.,
800 F.3d 1375 (Fed. Cir. 2015) .......................................................................... 51
Facebook Inc. v. Software Rights Archive,
IPR2013-00478, Pap. 17 ..................................................................................... 14
Free-Flow Packaging Int’l, Inc. v. Automated Packaging Sys., Inc.,
IPR2016-00447, Pap. 7 ....................................................................................... 44
IPR2017-01041
U.S. Patent No. 8,484,698
v
Fresenius USA, Inc. v. Baxter Int’l, Inc.,
582 F.3d 1288 (Fed. Cir. 2009) .................................................................... 60, 61
Graham v. John Deere Co. of Kansas City,
383 U.S. 1 (1966) ................................................................................................ 34
Grain Processing Corp. v. Am. Maize-Products,
840 F.2d 902 (Fed. Cir. 1988) ............................................................................ 34
Huawei Device USA, Inc. v. SPH Am., LLC,
IPR2015-00221, Pap. 13 ......................................................................... 30, 57, 62
InfoBionic, Inc. v. Braemer Mfg., LLC,
IPR2015-01704, Pap. 11 ............................................................................... 43, 44
InfoBionic, Inc. v. Braemer Mfg., LLC,
IPR2015-01705, Pap. 11 ..............................................................................passim
Intirtool, Ltd. v. Texar Corp.,
369 F.3d 1289 (Fed. Cir. 2004) .......................................................................... 23
Jack Henry & Assocs. v. DataTreasury Corp.,
CBM2014-00056, Pap. 17 .................................................................................. 13
Kinetic Concepts, Inc. v. Smith & Nephew, Inc.,
688 F.3d 1342 (Fed. Cir. 2012) .................................................................... 29, 32
Kinetic Techs., Inc. v. Skyworks Solutions, Inc.,
IPR2014-00529, Pap. 8 ................................................................................. 41, 45
KSR Int’l Co. v. Teleflex Inc.,
550 U.S. 398 (2007) ............................................................................................ 57
Liberty Mutual Ins. Co. v. Progressive Cas. Ins. Co.,
CBM2012-00003, Pap. 8 .............................................................................passim
MCM Portfolio v. Hewlett-Packard Co.,
812 F.3d 1284 (Fed. Cir. 2015), cert. denied, 137 S. Ct. 292 ............................ 63
In re NTP, Inc.,
654 F.3d 1279 (Fed. Cir. 2011) .......................................................................... 32
IPR2017-01041
U.S. Patent No. 8,484,698
vi
In re Oelrich,
666 F.2d 578 (C.C.P.A. 1981) ............................................................................ 59
Oil States Energy Services, LLC v. Greene’s Energy Group, LLC,
2017 WL 2507340 (U.S. June 12, 2017) ............................................................ 63
Par Pharm. v. Twi Pharms., Inc.,
773 F.3d 1186 (Fed. Cir. 2014) .......................................................................... 58
Pers. Web Techs. v. Apple, Inc.,
848 F.3d 987 (Fed. Cir. 2017) .....................................................................passim
Pitney Bowes, Inc. v. Hewlett-Packard Co.,
182 F.3d 1298 (Fed. Cir. 1999) .................................................................... 21, 22
Power Integrations, Inc. v. Lee,
797 F.3d 1318 (Fed. Cir. 2015) .......................................................................... 13
Rowe v. Dror,
112 F.3d 473 (Fed. Cir. 1997) ............................................................................ 22
TRW Auto. US LLC v. Magna Elecs., Inc.,
IPR2014-00257, Pap. 18 ..................................................................................... 31
TRW Auto. US LLC v. Magna Elecs., Inc.,
IPR2014-00258, Pap. 18 ..............................................................................passim
Vivid Techs. v. Am. Sci. & Eng’g,
200 F.3d 795 (Fed. Cir. 1999) ............................................................................ 13
Vizio, Inc. v. Int’l Trade Comm’n,
605 F.3d 1330 (Fed. Cir. 2010) .......................................................................... 21
Wowza Media LLC v. Adobe Sys. Inc.,
IPR2013-00054, Pap. 12 ............................................................................... 41, 45
IPR2017-01041
U.S. Patent No. 8,484,698
1
Pursuant to § 42.107, 1 Patent Owner StrikeForce Technologies, Inc.
(“StrikeForce”) submits this Preliminary Response to the above-captioned Petition
for Inter Partes Review of U.S. Patent No. 8,484,698 (the “’698 patent”)
(“Petition,” Pap. 2), which should be denied in its entirety for failure to show a
reasonable likelihood of prevailing on any asserted ground.
I. INTRODUCTION
The ’698 patent relates to authenticating a user using a novel out-of-band
security system. Ex. 1001, 1:21-26. The claimed systems utilize two different
forms of user-entered information: the first is typically a user’s login information
and the second is additional information used to authenticate that user for access.
Id., 4:36-44. This type of system implements “two-factor authentication” because
the user’s identity is verified using two different forms of information. To further
enhance security, in the ’698 patent, these two forms of information are
communicated using different pathways (or “channels”). Id., 1:21-26. Twochannel
systems like these are referred to as “out-of-band” authentication systems.
Id., 3:14-19. The inventions claimed in the ’698 patent provide a novel solution to
problems caused by the proliferation of data across the Internet and the ease of
1 Section cites are to 35 U.S.C. or 37 C.F.R. as context indicates, and all
emphasis/annotations added and internal quotations/citations omitted unless noted.
IPR2017-01041
U.S. Patent No. 8,484,698
2
access to this data by enhancing the functionality of computer systems through
improved security of different channels used for authentication and access. Id.,
4:52-54.Petitioner challenges claims of the ’698 patent, claiming them to be
obvious in view of three- or four-reference combinations. But on its face,
Petitioner fails to provide the Board with the basic evidence required to institute
inter partes review.2
For example, Petitioner relies on the conclusory assertion that
a person of ordinary skill in the art (“POSITA”) at the time of invention would
have been motivated to combine three, or even four different, single-channel and
single-factor security systems into a single, composite multi-factor, multi-channel
system. Moreover, Petitioner claims a POSITA would have been motivated to
2 If the Board nonetheless institutes trial on any of the challenged claims,
StrikeForce will address in detail in its § 42.120 Response the numerous
substantive errors and shortcomings that underlie each of Petitioner’s arguments
and its purported evidence, together with expert support. In this paper, however,
StrikeForce addresses some fundamental shortcomings of the Petition: in
particular, Petitioner’s failure to demonstrate, as to any of the challenged claims, a
reasonable likelihood of success on any asserted ground of invalidity. Because of
this clear threshold failure, the Petition should be denied and no inter partes review
should be instituted under § 314.
IPR2017-01041
U.S. Patent No. 8,484,698
3
combine these multiple references by cherry-picking select portions of their
disclosure and constructing a new system purportedly in the precise manner set
forth in the challenged claims. Petitioner contends that this POSITA would have
been motivated to do so, all while ignoring the disparaging statements in the prior
art that suggested simple, inexpensive systems were desirable, rather than the
complicated, unwieldy composite system like the one cobbled together by
Petitioner. Namely, Feigen—Petitioner’s primary reference—expressly criticizes
making time-consuming and expensive modifications to improve existing security
systems by adding additional infrastructure and states, in contrast, that its own
invention “may be implemented in a relatively simple configuration of hardware
and software at relatively low cost.” Ex. 1003, 7:64-66. Ultimately, Petitioner’s
obviousness arguments fail for at least four independent reasons—any one of
which is sufficient to justify denying institution.
First, Petitioner fails to provide a sufficient motivation—absent hindsight—
for combining three or four different references to purportedly render the claimed
systems obvious. In particular, Petitioner ignores the fact that the ’698 patent
claims not only recite multifactor authentication—requiring at least two types of
information to authenticate users—but also require two separate channels—an
access channel and an authentication channel. In this way, Petitioner purportedly
IPR2017-01041
U.S. Patent No. 8,484,698
4
provides “evidence” (in the form of conclusory unsupported testimony) that a
POSITA would have known and been motivated to use the asserted references to
create the specific multifactor two-channel authentication system, as claimed,
merely because the asserted references all allegedly relate to multifactor
authentication. But Petitioner fails to offer any explanation why a POSITA,
looking to implement a multifactor authentication system in light of the prior art
presented in the Petition, would have been motivated to combine the references to
create the specific claimed two-channel system of the ’698 patent.
Second, Petitioner and its expert, Dr. McDaniel, fail to properly and
consistently articulate Petitioner’s proposed combinations and the references relied
on to meet each limitation under each ground. For example, in arguing that the
prior art allegedly renders obvious the claimed “security computer” for both
asserted grounds, Petitioner relies inconsistently and without explanation on (1) the
disclosures of Feigen’s “security host” alone, (2) the disclosures of Bulfer’s
“secured system” alone, or (3) Feigen’s “security host [] as augmented by Bulfer.”
In so doing, Petitioner fails to make clear whether and how it would have
combined any particular references to purportedly meet the “security computer”
limitation.
Third, Petitioner fails to establish that even if the complicated three- or four-
IPR2017-01041
U.S. Patent No. 8,484,698
5
reference combinations could be combined, they would, in fact, render obvious
each and every limitation of the challenged claims. For example, as discussed
herein, Petitioner fails to establish that the asserted combinations render obvious
multiple elements from independent claims 1 and 48, including (but not limited to):
the claimed interception device, located in the proper channel and implementing
the necessary functionalities; the step of verifying the login identification; the
claimed security computer, located in a second channel and implementing the
necessary functionalities; and a first software module on an Internet-connected
web server; among others. As such, Petitioner fails to meet its burden of
specifying where each element of the claim is found in the prior art patents relied
upon. § 42.104(b)(4).
Finally, the key “evidence” on which Petitioner relies—the declaration of its
proffered expert, Patrick McDaniel—is in large part not evidence at all. Instead,
Dr. McDaniel’s declaration (Ex. 1002) simply parrots arguments from Petitioner
almost verbatim, in an attempt to “expertize” Petitioner’s otherwise unsupported
assertions. But because Dr. McDaniel fails to provide the facts, basis, and data that
support his testimony, his conclusory assertions are not proper evidence under
§ 42.65(a), and certainly cannot satisfy Petitioner’s burden to move forward to trial.
To justify institution of an inter partes review, Petitioner’s papers must
IPR2017-01041
U.S. Patent No. 8,484,698
6
make a prima facie showing that, as a factual and legal matter for each asserted
ground, Petitioner has a reasonable likelihood of proving at least one challenged
claim unpatentable. See, e.g., § 42.108(c); § 314; 77 Fed. Reg. 48680, 48694 (Aug.
14, 2012). Because the Petition fails to do so for any ground, it must be denied,
and no inter partes review should be instituted.
II. THE ’698 PATENT
A. Brief Description of the ’698 Patent
The ’698 patent generally relates to a security system for computer networks.
Ex. 1001, 1:20-21. In each of the four disclosed embodiments of the ’698 patent
and in each challenged claim, two different forms of user-entered information are
utilized. Id., 4:32-48. The first is typically a user’s login information and the
second is additional information used to authenticate that user. Id. This type of
authentication system provides what is known as “two-factor authentication”
because the user’s identity is verified using two forms of information. But to
further enhance security, the patent teaches communicating the second factor
information using a different pathway (or “channel”) than the channel over which
the secure information is to be transmitted. Such a two-channel system provides
“out-of-band” authentication. Id., 6:17-23.
As the ’698 patent explains, according to an aspect of the Invention, a user
first attempts to access a host computer (e.g., a banking website) and transmits his
IPR2017-01041
U.S. Patent No. 8,484,698
7
or her login credentials (e.g., a user name and password) through an access channel
(e.g., over the Internet). This request to access is intercepted and the user’s
credentials are verified by a security computer. E.g., id., 4:36-44. Once the user
has been verified, the security computer establishes an “out-of-band”
communication channel with the user via an authentication channel (e.g., by
calling the user’s mobile phone). Id. Using that authentication channel, the user
provides additional information that is used to authenticate the user. Id.
The use of separate channels in this way protects against a hacker, for
example, who has gained access to the access channel, but not the authentication
channel. Thus, through implementation of a novel, two-channel system that
utilizes a different channel for authentication than for access, the ’698 patent
provides a more secure system than those known in the art. See generally id.,
3:10-4:19 (discussing inadequacies of prior art systems), 6:2-12 (distinguishing
single-channel prior art systems where “oth the USER ID and the voice
password are sent along the same pathway and any improper accessor into this
channel has the opportunity to monitor and/or enter both identifiers”).
The four exemplary embodiments of the ’698 patent are shown in Figs. 1A,
10, 11, and 13. In the first—referred to herein as the “Fig. 1A WAN
embodiment”—the security system is used within a wide area network (“WAN”),
IPR2017-01041
U.S. Patent No. 8,484,698
8
such as when a remote user uses the Internet to access a host computer located
within an organization’s network. Id., 6:30-59, 9:10-12:26.
In this embodiment, for example, user 24 attempts to access a web page 32 located
at a host computer or web server 34 in a first/access channel in access network 20
using computer 22. Id., Fig. 1A, 6:30-42. In response to that request, the host
computer 34 requests that the user enter a user identification and password. Id.,
9:27-33. This information is diverted by router 36 to out-of-band security network
40 in a second/authentication channel. Id., 9:33-35, 6:40-43. Security computer 40
uses the authentication channel in voice network 42 to authenticate the user. Id.,
IPR2017-01041
U.S. Patent No. 8,484,698
9
Fig. 1A, 6:37-49.
The second embodiment—referred to herein as the “Fig. 10 LAN
embodiment”—is similar to the first embodiment, except that the invention
operates within a local area network (“LAN”).
Here, for example, a user is already within an organization’s internal network, but
seeks access to a secure host computer (or a restricted portion of a computer) on
the same network. Id., 12:27-63. In other words, this embodiment covers the
situation in which the user and user’s computer are within the same internal
network as the host computer (e.g., a corporate network). Id., 6:23-27. “[W]hen
IPR2017-01041
U.S. Patent No. 8,484,698
10
user 224 requests access to a high security database 232 located at a host computer
234 through computer 222, the request-for-access is diverted by a router 236
internal to the corporate network 238 to an out-of-band security network 240.” Id.,
12:44-48. From that point, the security computer authenticates the user in the outof-band
authentication channel in a manner similar to that described for the Fig.
1A WAN embodiment. Id., 12:54-58.
The third embodiment (Fig. 11) includes a cellular telephone in the
authentication channel capable of receiving a biometric identifier (e.g., fingerprint)
from the user. Id., Fig. 11, 5:49-51, 12:64-13:23.
In this example, after initial verification, the user communicates over the
authentication channel and is prompted to enter a password and biometric identifier.
Id., 13:15-19.
In the fourth embodiment (Fig. 13), out-of-band authentication is performed
using a personal digital assistant (PDA) or cellular telephone through a wireless
IPR2017-01041
U.S. Patent No. 8,484,698
11
network as the authentication channel. Id., Fig. 13, 13:55-65.
As described in the ’698 patent, in this example, the security computer can thus
communicate with a PDA over the wireless network in an “authentication channel”
mode for out-of-band authentication and can receive the user’s ID over the Internet
in an “access channel” mode. Id., 14:4-20.
B. The Patent Office Has Already Considered and Rejected
Arguments Similar to Those in the Petition
The ’698 patent claims priority to U.S. Patent No. 7,870,599 (“’599 patent”),
which itself claims priority to U.S. Appl. No. 09/655,297 (“’297 Appl.”). The ’698
patent and its parent applications underwent extensive examination—with a total
of 18 office actions and responses, including a PTO Appeal Brief—spanning
nearly 13 years at the Patent Office. During this time, the Patent Office confirmed
the patentability of the ’599 patent during its initial prosecution (Ex. 1008 at 37),
re-confirmed the patentability of the ’599 patent during Ex Parte Reexamination
IPR2017-01041
U.S. Patent No. 8,484,698
12
and allowed 7 additional claims (Ex. 1009 at 8), and confirmed the patentability of
the ’698 patent (Ex. 1007 at 38). In fact, in its final Office Action prior to
allowance of the ’698 patent, the Patent Office not only withdrew all of its § 103
rejections, but it also allowed Applicant to add 7 additional claims. Ex. 1007 at 73.
During prosecution, Applicant repeatedly addressed and distinguished
multiple prior art references disclosing similar systems implementing the very
same concepts that Petitioner relies upon in these proceedings.3
For example,
during prosecution of the ’599 patent, the Examiner repeatedly (and unsuccessfully)
proposed combining U.S. Patent No. 5,153,918 (“Tuai”), which at least fails to
disclose a separate “authentication channel,” with other references to produce a
purported two-channel system. E.g., Ex. 1008 at 378. Similarly, the Examiner
repeatedly rejected the claims based on U.S. Patent No. 6,012,144 (“Picket”),
which also at least fails to disclose an authentication channel for authenticating a
request to access a host computer, in combination with other references in an
attempt to create the claimed two-channel security system. But as the extensive
prosecution record establishes, none of the references alone or in combination
discloses or renders obvious the combination of limitations recited in the issued
3
Petitioner also filed a second Petition in IPR2017-01064, challenging
additional claims of the ’698 patent.
IPR2017-01041
U.S. Patent No. 8,484,698
13
claims of the ’698 patent.
III. CLAIM CONSTRUCTION
The Board should decline to adopt the constructions set forth in the Petition.
First, no construction of these terms is necessary to reach a decision at this stage,
based on Petitioner’s multiple failures to meet its burden. Vivid Techs. v. Am. Sci.
& Eng’g, 200 F.3d 795, 803 (Fed. Cir. 1999) (stating that “only those terms need
[to] be construed that are in controversy, and only to the extent necessary to
resolve the controversy”).
Second, Petitioner’s proposed constructions are incorrect as a matter of law.
Indeed, rather than provide any intrinsic support, analysis, or argument supporting
its proposed constructions, Petitioner asks the Board to simply adopt wholesale the
constructions set forth by the District of Delaware. Pet. 15-20. This ignores the
Federal Circuit’s instruction that the Board “is not generally bound by a prior
judicial construction of a claim term” and it is obligated to “assess whether [that
judicial construction] is consistent with the broadest reasonable construction of the
term.” Power Integrations, Inc. v. Lee, 797 F.3d 1318, 1326 (Fed. Cir. 2015); see
also Jack Henry & Assocs. v. DataTreasury Corp., CBM2014-00056, Pap. 17 at 10
(“Petitioner argues that the district court’s interpretation should be adopted, but
provides no persuasive analysis as to how the term is to be interpreted under the
broadest reasonable interpretation standard, which is different from the standard
IPR2017-01041
U.S. Patent No. 8,484,698
14
used by a district court. The district court’s interpretation limits the subsystem to a
particular subsystem…. We decline to read a particular subsystem limitation into
the claim.”); Facebook Inc. v. Software Rights Archive, IPR2013-00478, Pap. 17 at
11 (“Although a district court’s interpretation of the claims of an expired patent
is instructive in a proceeding before the Board, we are not bound by these
constructions. Furthermore, Petitioners have not provided any reasoning
explaining why we should adopt the district court’s constructions; in fact, it is
unclear whether Petitioners even wish for us to do so, as opposed to applying the
ordinary meaning of the terms. As such, for the purposes of this decision, we
decline to adopt the district court’s constructions of the four claim terms.”).
Here, an analysis of the intrinsic evidence shows that the district court made
critical legal errors in construing these terms and the Board should not adopt those
district court constructions.
A. Petitioner’s Proposed Claim Constructions Improperly Exclude
Embodiments Disclosed in the ’698 Patent
The district court concluded that “the relevant asserted claims [of the ’698
patent] cover only the Figure 1A embodiment where the user login identification
verification and authentication are diverted to the security computer prior to
contact with the host computer.” Ex. 1012 at 15. As a result of this, the court
adopted overly narrow constructions (e.g., id., at 52-53 (construing, for example,
IPR2017-01041
U.S. Patent No. 8,484,698
15
“[access/first] channel,” “[authentication/second] channel,” “host computer,” and
“multichannel security system”)) that exclude three of the ’698’s four
embodiments. In reaching its conclusion, the district court focused primarily on
perceived differences between Figs. 1A and 10 and, based on these differences,
erroneously concluded that Fig. 10 was an unclaimed embodiment. Id. at 14, 19
n.77.
Specifically, the district court stated that, in Fig. 1A, “the login identification
and demand for access is diverted to the security computer” and, accordingly, there
is no “initial contact and verification at the host computer.” Id. at 13-14. In
contrast to Fig. 1A, the district court stated that, in Fig. 10, “the user is already on
the host computer’s network and is attempting to access a high security database.”
Id. The court concluded that, as a result, Fig. 10 is different than Fig. 1A because
in Fig. 10 the user “is trying to gain access to protected data on the host computer
while already on the host computer’s network.” Id. at 15 (quoting StrikeForce’s
brief) (emphasis in original). Thus, in the district court’s view, the user in Fig. 1A
has no contact with the host computer prior to being authenticated, whereas the
user in Fig. 10 has contact with the host computer and is seeking access to a more
secured portion of the host computer. Id.
Based on these supposed differences between Figs. 1A and 10, the district
IPR2017-01041
U.S. Patent No. 8,484,698
16
court limited the claims to just the Fig. 1A WAN embodiment (and excluded the
LAN embodiments) because “the asserted claims are directed to accessing the host
computer itself, not ‘protected data’ [e.g., secured database] on the host computer.”
Id. at 14. In doing so, the court noted that the claims are directed to a “method for
accessing a host computer” or a “demand for access to a host computer” (as
opposed to a method for accessing protected data or a demand for access to
protected data). Id. The court’s analysis is flawed for several reasons.
Importantly, the district court’s limitation of the claims to just the Fig. 1A
WAN embodiment contradicts the claims themselves. Dependent claim 22
requires that the first channel of claim 1 “comprises one of a wide area network
[Fig. 1A] and a local area network [Fig. 10].” Ex. 1001, 15:46-48. Thus, claim 1
must cover both the WAN embodiment of Fig. 1A and the LAN embodiment of
Fig. 10. But, the district court narrowed claim 1 to such an extent that it excluded
LAN embodiments and would be narrower than dependent claim 22, rendering that
claim meaningless. Alcon Research, Ltd. v. Apotex Inc., 687 F.3d 1362, 1367 (Fed.
Cir. 2012) (“It is axiomatic that a dependent claim cannot be broader than the
claim from which it depends.”).
Next, the district court’s incorrect conclusion that the user in Fig. 1A has no
contact with the host computer prior to being granted access (Ex. 1012 at 13-14),
IPR2017-01041
U.S. Patent No. 8,484,698
17
directly contradicts the specification. The specification explicitly discloses that the
user of Fig. 1A has contact with the host computer prior to access being granted.
In describing the flowchart of Figs. 9A-9E4
, the ’698 patent states:
The pathway commences at the REQUEST FOR ACCESS block 150
whereby a request to enter the host computer or web server 34 is
received from the user at the remote computer 22. The user
requesting access to the host computer from the remote computer is
immediately prompted to login at the LOGIN SCREEN PRESENTED
block 152. While the login procedure here comprises the entry of
the user identification and password and is requested by the host
computer 34, such information request is optionally a function of
the security computer 40.
Ex. 1001, 9:24-35. Thus, before access is granted, the host computer requests that
the user send login information. See also id., 10:11-19 (disclosing that the host
computer sends a verification message to the user before authentication takes
place), 13:7-12, 14:7-10 (disclosing that the user in Figs. 11 and 13 has contact and,
in fact, exchanges information—including login information—with the web server
4
Figs. 9A-E are described as “a flow diagram of the software program required for
the security system shown in Fig. 1.” Ex. 1001, 5:43-44. The reference to Figure
1 instead of 1A is clearly a mistake. Indeed, the discussion of Figure 9 refers to
components in Figure 1A – not Figure 1.
IPR2017-01041
U.S. Patent No. 8,484,698
18
334, 434 (i.e., the host computer) before access is granted). Thus, the user in all
four embodiments (including Fig. 1A) has contact with the host computer before
access to that computer is granted.
Finally, the district court’s exclusion of Fig. 10 from the scope of the claims
contradicts express statements during prosecution of the ’599 patent where the
Applicant told the Patent Office that Fig. 10 was directed to “accessing a host
computer” and was “illustrative” of the “two-channel authentication system
according to the invention”:
Independent claim 1, for example, is directed to securely accessing ‘a
host computer’ for authentication purposes. … Figure 10 from the
published application … is illustrative of a two-channel
authentication system according to the invention.
Ex. 1008 at 52.5
Applicant again reiterated this position during reexamination of
the ’599 patent. Ex. 1009 at 60-61. Thus, Applicant repeatedly made clear that
both accessing a host computer (e.g., as shown in the Fig. 1A WAN embodiment)
and protected data on a computer (e.g., as shown in the Fig. 10 LAN embodiment)
are claimed aspects of the invention. Thus, the Board should not adopt the district
court’s erroneous constructions.
5
The claim at issue during prosecution mirrors claim 1 of the ’698 patent.
IPR2017-01041
U.S. Patent No. 8,484,698
19
B. Petitioner’s Proposed Claim Constructions Improperly Limit
“Out-of-Band” to “Separate Facilities”
The district court further concluded that “the inventor defined an ‘out-ofband’
system as ‘one having an authentication channel that is separated from the
information channel and therefore is nonintrusive as it is carried over separate
facilities than those used for actual information transfer.” Ex. 1012 at 16. In doing
so, the court ignored the Inventor’s lexicography, which establishes that “out-ofband”
authentication could also occur over separate “frequency channels or time
slots”:
Likewise, an “out-of-band” operation is defined as one using an
authentication channel that is separated from the channel carrying the
information and therefore is nonintrusive as it is carried over separate
facilities, frequency channels, or time slots than those used for actual
information transfer.
See id., 3:10-19. The district court’s construction also directly contradicts the
prosecution history where the Inventor expressly illustrated out-of-band channels
that share facilities (e.g., the “telephone switch” in this example is shared by the
“voice” and “signaling” channels, in purple) (Ex. 1011 at 33-34) (with red, blue,
and purple annotations added for illustration):
IPR2017-01041
U.S. Patent No. 8,484,698
20
To support its improper conclusion, the district court relied on a discussion
in column 6, lines 14-27 of the ’698 Patent. But if anything, this discussion in the
specification relates to an aspect of out-of-band in the context of Fig. 1A. This
cannot be the definition of “out-of-band” at least because immediately following it,
there is a description of a second out-of-band embodiment (i.e., Fig. 10 LAN
embodiment) that makes no mention of separate facilities and explicitly says that
the accessor and host computer are “within the same network”:
The first [embodiment] describes an application to a wide area
network, such as the internet, wherein the person desiring access and
the equipment used thereby are remote from the host computer. In
this description and consistent with Newton’s Telecom Dictionary
(19th Ed.), an “out-of-band” system is defined herein as one having an
authentication channel that is separated from the information channel
and therefore is nonintrusive as it is carried over separate facilities
IPR2017-01041
U.S. Patent No. 8,484,698
21
than those used for actual information transfer. The second
embodiment describes the application of the disclosed invention to a
local area network wherein the person desiring access and the
equipment used thereby are within the same network (referred to as
the “corporate network”) as the host computer.
Ex. 1001, 6:14-27.
C. The Preamble’s Recitation of “Multichannel Security System” Is
Not Limiting
A preamble limits a claim only in certain circumstances. See Am. Med. Sys.,
Inc. v. Biolitec, Inc., 618 F.3d 1354, 1358-59 (Fed. Cir. 2010). To be limiting, the
preamble must be “necessary to give life, meaning, and vitality” to the claim.
Pitney Bowes, Inc. v. Hewlett-Packard Co., 182 F.3d 1298, 1305 (Fed. Cir. 1999).
A preamble is not limiting “where a patentee defines a structurally complete
invention in the claim body and uses the preamble only to state a purpose or
intended use for the invention.” Vizio, Inc. v. Int’l Trade Comm’n, 605 F.3d 1330,
1340 (Fed. Cir. 2010). In making this determination, a court should “review … the
entire … patent to gain an understanding of what the inventors actually invented
and intended to encompass by the claim.” Catalina Mktg. Int’l, Inc. v.
Coolsavings.com, Inc., 289 F.3d 801, 808 (Fed. Cir. 2002).
The Federal Circuit has provided “guideposts” to assist courts in
determining whether language in the preamble limits claim scope. Id. For
IPR2017-01041
U.S. Patent No. 8,484,698
22
example, dependence on a “preamble phrase for antecedent basis may limit claim
scope because it indicates a reliance on both the preamble and claim body to define
the claimed invention.” Id. In addition, if reference to the preamble is necessary
“to understand limitations or terms in the claim body, the preamble limits claim
scope.” Id. The preamble may also be limiting if it recites additional structure or
steps that the specification identifies as important. Id. Here, none of these applies.
Rather, the body of each challenged claim defines a structurally complete
invention and the preamble merely states a purpose or intended use for the
invention. Rowe v. Dror, 112 F.3d 473, 478 (Fed. Cir. 1997) (holding that a
preamble is not limiting “where a patentee defines a structurally complete
invention in the claim body and uses the preamble only to state a purpose or
intended use for the invention”).
The body of the challenged claims makes clear that the claims cover a
“multichannel” system. Specifically, the body of each claim recites an “access
channel” (or “first channel”) and an “authentication channel” (or “second
channel”)—i.e., multiple channels. Thus, the reference to a “multichannel security
system” in the preambles does not give “life, meaning, [or] vitality” to the claims.
See Pitney Bowes, 182 F.3d at 1305. In other words, “the claim body describes a
structurally complete invention such that deletion of the preamble phrase does not
IPR2017-01041
U.S. Patent No. 8,484,698
23
affect the structure or steps of the claimed invention.” Am. Med. Sys., 618 F.3d at
1358-59 (quoting Catalina, 289 F.3d at 809). At best, it “merely gives a
descriptive name to the set of limitations in the body of the claim that completely
set forth the invention.” Id. at 1359 (quoting IMS Tech., Inc. v. Haas Automation,
Inc., 206 F.3d 1422, 1434-35 (Fed. Cir. 2000)).
Petitioner—in misguided reliance on the district court’s construction—
suggests that Applicant relied on the language of the preamble during prosecution
to secure allowance of the claims. Pet. 13-14. But Petitioner—and the district
court—have failed to identify any instance of Applicant relying on the preamble of
the claims itself, as opposed to the body of the claims. Indeed, in distinguishing
the prior art, Applicant relied upon the recitation of multiple channels recited in the
limitations in the body of the claims, not the preamble. See id. (citing Ex. 1008
and 1009)); see also Intirtool, Ltd. v. Texar Corp., 369 F.3d 1289, 1295-96 (Fed.
Cir. 2004) (holding that preamble is not limiting where statements from the
prosecution history could be interpreted as relating to the specific structural
limitations set forth in the body of the claim). Indeed, the plain language of the
claim limitations, which require that certain communications be carried over an
authentication channel, rather than the access channel, already encompass the
concept of “out-of-band” authentication, regardless of whether the preamble
IPR2017-01041
U.S. Patent No. 8,484,698
24
includes the phrase “out-of-band” or “multichannel.” Thus, there is no legal basis
for finding the preambles limiting and the Board should decline to rubberstamp the
district court’s incorrect construction.
IV. THE CONCLUSORY ASSERTIONS OF PETITIONER’S
PROFFERED EXPERT FAIL TO PROVIDE EVIDENCE OF A
MOTIVATION TO COMBINE THE ASSERTED REFERENCES
“[A] finding of obviousness ‘cannot be predicated on the mere identification
in [the prior art] of individual components of claimed limitations.’” Pers. Web
Techs. v. Apple, Inc., 848 F.3d 987, 991 (Fed. Cir. 2017) (quoting In re Kotzab,
217 F.3d 1365, 1371 (Fed. Cir. 2000)). Rather, obviousness also requires a
showing that a POSITA “would have been motivated to combine the prior art in
the way claimed by the [challenged patent] claims at issue.” Id. Thus, Petitioner
has the burden to show a reasonable likelihood that a POSITA would have been
motivated to make this combination, without hindsight. See DirecTV, LLC v.
Qurio Holdings, Inc., IPR2015-02006, Pap. 6 at 14 (Apr. 4, 2016). Petitioner
relies—and in many instances exclusively relies—on the declaration of its expert,
Dr. McDaniel, to support Petitioner’s assertions that a POSITA would have been
motivated to combine the asserted references in the manner claimed by the ’698
patent. But Petitioner and Dr. McDaniel make unsupported logical leaps that are
based on impermissible hindsight. Accordingly, Petitioner has failed to meet its
burden for each of the reasons discussed below.
IPR2017-01041
U.S. Patent No. 8,484,698
25
A. Petitioner Fails to Sufficiently Show Why a POSITA Would Have
Been Motivated to Combine Feigen with Bulfer and Falk
(Grounds 1 and 2)
1. Petitioner fails to explain why a POSITA would have turned
to multi-channel authentication to allegedly solve the problem
of implementing a higher security system
It is indisputable that the claims require two separate channels—an access
channel (or “first channel”) and an authentication channel (or “second channel”).
E.g., Ex. 1001, 14:33 (“in a first channel”), 14:37 (“in a second channel”), 18:6
(“in an access channel”), 18:13 (“in an authentication channel”). Notably,
Petitioner never argues or suggests that any of the asserted references disclose a
two-channel system.6
Thus, under Petitioner’s own view of the prior art, Petitioner
contends that a POSITA would have combined three separate and unique security
systems in such a manner that the newly constructed composite system would have
resulted in the two-channel system of the claims. Pet. 36-40. But Petitioner fails
to explain why a POSITA would have been motivated to create such a system.
In arguing that a POSITA would have been motivated to combine Feigen
6
See Pet. 23-26 (discussing Feigen); Pet. 27-29 (discussing Bulfer); and 29-
32 (discussing Falk). Nowhere in these sections does Petitioner argue or suggest
that any one of these references discloses a security system with two separate
channels.
IPR2017-01041
U.S. Patent No. 8,484,698
26
with Bulfer and Falk, Petitioner relies on only two statements in Feigen: “Together
tasks 100 and 102 form an authentication process the strength of which may vary
in accordance with the needs of network 14,” and “[h]owever, different systems
may use different authentication processes.” See Pet. 41 (citing Ex. 1003, 6:59-62,
6:66-67). Petitioner conclusorily suggests that this discussion of different systems,
each with its own stand-alone authentication process, somehow would have
suggested that a POSITA should “combin[e] multiple authentication mechanisms
in the same system.” Id. Starting from this unsupported assertion,7
Petitioner
embarks upon a series of logical leaps that it asserts somehow lead to the proposed
combination:
(i) First, Petitioner argues that because combining multiple authentication
mechanisms achieves a higher level of security, a POSITA would
have consulted references related to multi-factor authentication,
namely Bulfer and Falk. See Pet. 41-42.
(ii) Second, Petitioner argues that, in particular, a POSITA would have
7
As further detailed below, § IV.B, Petitioner’s arguments about the alleged
obviousness of its proposed combinations rely on a fundamental belief about what
was known in the state of the art at the time of invention, but Petitioner and its
expert fail to provide evidence establishing this foundation.
IPR2017-01041
U.S. Patent No. 8,484,698
27
combined Bulfer’s two-factor authentication with Feigen’s system to
create a new two-channel authentication system. See Pet. 43-44.
(iii) Finally, Petitioner argues that a POSITA would have then been
motivated to further modify the combination of Feigen and Bulfer
with Falk “at least because Falk is focused on the same security
processes that provide authentication and authorization of users.” See
Pet. 44.
But Petitioner fails to provide evidence justifying each of these substantial
assumptions.
First, assuming arguendo that a POSITA would have been motivated by two
simple statements in Feigen to employ different higher-security protocols than
those contemplated by Feigen, Petitioner still fails to explain why a POSITA
would have turned to multifactor authentication in particular. Indeed, Petitioner
only asserts that Feigen teaches “single factor authentication.” Pet. 41 (“Security
host (26) in Feigen performs a single factor authentication process using a onetime
password….”). Thus, the Petition fails to establish why a POSITA would
have been motivated to look outside Feigen itself (or to any other reference
IPR2017-01041
U.S. Patent No. 8,484,698
28
disclosing a single-factor system) for multifactor authentication processes.8
Second, even assuming that a POSITA would have been motivated to
modify Feigen to use multifactor authentication, Petitioner still fails to set forth
any reason why a POSITA would have been motivated to combine Feigen and
Bulfer in the manner proposed to create a multichannel multifactor authentication
system as required by the limitations of the ’698 patent claims. Petitioner does
not—and cannot—suggest that all multifactor authentication systems necessarily
include or need multiple channels. There is no evidence in the Petition or Dr.
McDaniel’s declaration from which to conclude that a person allegedly motivated
to enact a multifactor authentication system would have combined it in such a
fashion to yield a multichannel authentication system—much less a multichannel
8
As discussed in § IV.C, Petitioner’s reliance on Dr. McDaniel here is
unhelpful. Dr. McDaniel simply parrots back the language of the Petition without
providing any underlying basis or rationale for his “opinions.” Compare Pet. 41
with Ex. 1002 ¶ 102. Such conclusory testimony is entitled to little or no weight.
TRW Auto. US LLC v. Magna Elecs., Inc., IPR2014-00258, Pap. 18 at 10-11 (Aug.
27, 2014) (giving little to no weight to expert testimony that “did not elaborate on
[Petitioner’s] position because it simply repeated [Petitioner’s] conclusory
statements verbatim.”); § 42.65(a).
IPR2017-01041
U.S. Patent No. 8,484,698
29
system meeting the specific limitations of the ’698 patent claims.
At best, if Feigen and Bulfer were combined to create a multifactor
authentication system, the multifactor authentication would all take place in the
access channel. For example, Feigen indisputably discloses a single-channel
system, so the “security host (26)” must necessarily reside in the access channel,
which is contrary to the requirement of the claims. Ex. 1003, FIG. 1. Similarly,
Bulfer’s “secured system (30)” serves as both the security computer and the host
computer—which means it too resides in, at least, the access channel. Ex. 1004,
2:38-40 (“In the illustrative embodiment shown in FIG. 1 a user 10 requests access
to secured system 30 via communication link 20.”). Petitioner’s alleged
motivation to combine Feigen and Bulfer provides no evidence or explanation for
why a POSITA would have opted to remove the “security host (26)” or the
“secured system (30)” from the access channel and configure a new system such
that these components are placed in a new (authentication) channel that is separate
from the access channel as required by the ’698 patent claims. Boehringer
Ingelheim Int’l GmbH v. Biogen Inc., IPR2015-00418, Pap. 14 at 17-18 (July 13,
2015) (denying institution for insufficient explanation of motivation to combine
where Petitioner failed to explain why the cited disclosures of the references would
have suggested using the specific element of one reference with the specific
IPR2017-01041
U.S. Patent No. 8,484,698
30
element of the second reference); Kinetic Concepts, Inc. v. Smith & Nephew, Inc.,
688 F.3d 1342, 1368 (Fed. Cir. 2012) (“[W]e must still be careful not to allow
hindsight reconstruction of references to reach the claimed invention without any
explanation as to how or why the references would be combined to produce the
claimed invention.”).
Finally, even assuming a POSITA would have been motivated to combine
Feigen and Bulfer to yield a new multichannel authentication system, Petitioner
still fails to justify its proposed three-reference combination. In particular,
Petitioner argues that a POSITA would have been motivated to further modify the
Feigen/Bulfer combination with Falk “at least because Falk is focused on the same9
9
Indeed, Petitioner’s contention that Bulfer and Falk disclose “the same
security processes that provide authentication and authorization of users” (Pet. 44)
raises additional questions as to why a POSITA would have been motivated to
combine both Bulfer and Falk into Feigen. Petitioner never addresses what benefit
Falk allegedly brings to the proposed combination that would not have been
present with Bulfer alone. See Huawei Device USA, Inc. v. SPH Am., LLC,
IPR2015-00221, Pap. 13 at 16–17 (May 28, 2015) (denying institution where
Petitioner’s expert testified that a POSITA could have made the proposed
IPR2017-01041
U.S. Patent No. 8,484,698
31
security processes that provide authentication and authorization of users” and
“[l]ike Bulfer, Falk teaches two-factor authentication.” 10 Pet. 44. Petitioner
further describes Falk’s use of “a challenge code to be generated in an
authentication center 30 [and] sent over an authentication challenge network 28 to
the personal unit 20 [something the user has].” Id. But Petitioner’s proposed
Feigen/Bulfer/Falk combination does not align with its purported motivation to
incorporate Falk into the Feigen/Bulfer system. Specifically, Petitioner does not
propose incorporating Falk’s second-factor authentication “challenge code” into
the combined Feigen/Bulfer system to yield a system with yet another
authentication factor. Instead, Petitioner relies on Falk only for its alleged
substitution, “without sufficiently articulating what the benefit … would have
been”).
10 To the extent Petitioner purports to base its motivation to combine
references on the assertion that all three references are in the same field, this is
insufficient. TRW Auto. US LLC v. Magna Elecs., Inc., IPR2014-00257, Pap. 18 at
4 (Aug. 28, 2014) (“That each reference may be in the field of ‘vehicular vision’ is
insufficient, in and of itself, to provide a reason with rationale underpinning as to
why one of ordinary skill in the art would have sought to combine specific
teachings of such references.”
U.S. Patent No. 8,484,698
UNITED STATES PATENT AND TRADEMARK OFFICE
_______________________________________
BEFORE THE PATENT TRIAL AND APPEAL BOARD
_______________________________________
DUO SECURITY INC., CENTRIFY CORP.,
AND TRUSTWAVE HOLDINGS, INC.,
Petitioner,
v.
STRIKEFORCE TECHNOLOGIES, INC.,
Patent Owner.
_______________________________________
Case IPR2017-01041
U.S. Patent No. 8,484,698
_______________________________________
PATENT OWNER’S PRELIMINARY RESPONSE
UNDER 37 C.F.R. § 42.107
IPR2017-01041
U.S. Patent No. 8,484,698
i
TABLE OF CONTENTS
Page
I. INTRODUCTION ........................................................................................... 1
II. THE ’698 PATENT ......................................................................................... 6
A. Brief Description of the ’698 Patent ..................................................... 6
B. The Patent Office Has Already Considered and Rejected Arguments
Similar to Those in the Petition ........................................................... 11
III. CLAIM CONSTRUCTION .......................................................................... 13
A. Petitioner’s Proposed Claim Constructions Improperly Exclude
Embodiments Disclosed in the ’698 Patent ........................................ 14
B. Petitioner’s Proposed Claim Constructions Improperly Limit “Out-ofBand”
to “Separate Facilities” ............................................................. 19
C. The Preamble’s Recitation of “Multichannel Security System” Is Not
Limiting ............................................................................................... 21
IV. THE CONCLUSORY ASSERTIONS OF PETITIONER’S PROFFERED
EXPERT FAIL TO PROVIDE EVIDENCE OF A MOTIVATION TO
COMBINE THE ASSERTED REFERENCES ............................................ 24
A. Petitioner Fails to Sufficiently Show Why a POSITA Would Have
Been Motivated to Combine Feigen with Bulfer and Falk (Grounds 1
and 2) ................................................................................................... 25
1. Petitioner fails to explain why a POSITA would have turned to
multi-channel authentication to allegedly solve the problem of
implementing a higher security system .................................... 25
2. Petitioner’s proposed combination is based on impermissible
hindsight .................................................................................... 32
3. Petitioner ignores Feigen’s statements that teach away from
Petitioner’s combination ........................................................... 34
B. Petitioner’s Obviousness Arguments Rely Primarily on Its Expert’s
Conclusory Testimony about the State of the Art ............................... 37
C. Petitioner Relies on Expert Testimony that Merely Parrots the Petition
Without Providing Further Elaboration .............................................. 41
IPR2017-01041
U.S. Patent No. 8,484,698
ii
V. THERE IS NO REASONABLE LIKELIHOOD PETITIONER WOULD
PREVAIL ON ITS CONTENTION THAT THE PROPOSED
THREE-REFERENCE COMBINATION OF FEIGEN IN VIEW OF
BULFER AND FALK RENDERS THE CHALLENGED CLAIMS
OBVIOUS UNDER GROUND 1.................................................................. 45
A. Petitioner Fails to Articulate Clearly the Proposed Combination ....... 46
B. Petitioner Fails to Show that the Proposed Combination of Feigen,
Bulfer, and Falk Discloses Every Limitation of the Challenged Claims
under Ground 1 .................................................................................... 50
1. Petitioner fails to establish that the proposed combination
would have disclosed or rendered obvious all the limitations of
Claim 1 ...................................................................................... 51
(a) Petitioner fails to show that the proposed combination would
have disclosed or rendered obvious “receiving at an interception
device in a first channel a login identification demand to access
a host computer also in the first channel” (claim 1) ............ 51
(b) Petitioner fails to articulate clearly what portions of the prior art
it relies on and how these portions are combined to show
“verifying the login identification” (claim 1[c]) ....................... 53
(c) Petitioner fails to show that the proposed combination would
have disclosed or rendered obvious “receiving at a security
computer in a second channel the demand for access and the
login identification” (claim 1[d]) .............................................. 54
2. Petitioner fails to establish that the proposed combination
would have rendered obvious all the limitations of claim 48 ... 56
(a) Petitioner fails to show that the proposed combination would
have disclosed or rendered obvious a “first software module on
an Internet-connected web server” (claim 48) ..................... 56
(b) Petitioner fails to show that the proposed combination would
have disclosed or rendered obvious a “second software module
on a security computer different than the web server, wherein
the security computer is in an authentication channel” (claim
48[e]) ......................................................................................... 58
IPR2017-01041
U.S. Patent No. 8,484,698
iii
(c) Petitioner fails to show that the proposed combination would
have disclosed or rendered obvious a “subscriber database”
(claim 48[g]) ............................................................................. 59
3. Petitioner fails to show that the proposed combination would
have rendered obvious all of the limitations of claim 53. ......... 60
4. Petitioner fails to show that the proposed combination would
have disclosed or rendered obvious the construed structure for
“a component for receiving the transmitted data and comparing
said transmitted data to predetermined data” (claim 54[e])...... 61
VI. THERE IS NO REASONABLE LIKELIHOOD PETITIONER WOULD
PREVAIL ON ITS CONTENTION THAT THE PROPOSED
FOUR-REFERENCE COMBINATION OF FEIGEN IN VIEW OF
BULFER, FALK, AND TURTIANEN RENDERS THE CHALLENGED
CLAIMS OBVIOUS UNDER GROUND 2 ................................................. 62
A. Petitioner Fails to Sufficiently Show Why a POSITA Would Have
Been Motivated to Combine Feigen, Bulfer, and Falk with Turtianen
............................................................................................................. 62
B. Petitioner fails to demonstrate that the proposed four-reference
combination discloses all the limitations of claims 50 and 52 ............ 63
VII. CONSTITUTIONALITY OF INTER PARTES REVIEW ............................ 64
VIII. CONCLUSION .............................................................................................. 64
IPR2017-01041
U.S. Patent No. 8,484,698
iv
TABLE OF AUTHORITIES
Page(s)
Cases
Alcon Research, Ltd. v. Apotex Inc.,
687 F.3d 1362 (Fed. Cir. 2012) .......................................................................... 16
Am. Med. Sys., Inc. v. Biolitec, Inc.,
618 F.3d 1354 (Fed. Cir. 2010) .................................................................... 21, 22
Arendi S.A.R.L. v. Apple Inc.,
832 F.3d 1355 (Fed. Cir. 2016) .......................................................................... 56
Boehringer Ingelheim Int’l GmbH v. Biogen Inc.,
IPR2015-00418, Pap. 14 ............................................................................... 29, 32
Catalina Mktg. Int’l, Inc. v. Coolsavings.com, Inc.,
289 F.3d 801 (Fed. Cir. 2002) ...................................................................... 21, 22
Cisco Sys. Inc. v. C-Cation Techs., LLC,
IPR2014-00454, Pap. 12 ..................................................................................... 59
DePuy Spine, Inc. v. Medtronic Sofamor Danek, Inc.,
567 F.3d 1314 (Fed. Cir. 2009) .......................................................................... 35
DirecTV, LLC v. Qurio Holdings, Inc.,
IPR2015-02006, Pap. 6 ....................................................................................... 24
Dynamic Drinkware, LLC v. Nat’l Graphics, Inc.,
800 F.3d 1375 (Fed. Cir. 2015) .......................................................................... 51
Facebook Inc. v. Software Rights Archive,
IPR2013-00478, Pap. 17 ..................................................................................... 14
Free-Flow Packaging Int’l, Inc. v. Automated Packaging Sys., Inc.,
IPR2016-00447, Pap. 7 ....................................................................................... 44
IPR2017-01041
U.S. Patent No. 8,484,698
v
Fresenius USA, Inc. v. Baxter Int’l, Inc.,
582 F.3d 1288 (Fed. Cir. 2009) .................................................................... 60, 61
Graham v. John Deere Co. of Kansas City,
383 U.S. 1 (1966) ................................................................................................ 34
Grain Processing Corp. v. Am. Maize-Products,
840 F.2d 902 (Fed. Cir. 1988) ............................................................................ 34
Huawei Device USA, Inc. v. SPH Am., LLC,
IPR2015-00221, Pap. 13 ......................................................................... 30, 57, 62
InfoBionic, Inc. v. Braemer Mfg., LLC,
IPR2015-01704, Pap. 11 ............................................................................... 43, 44
InfoBionic, Inc. v. Braemer Mfg., LLC,
IPR2015-01705, Pap. 11 ..............................................................................passim
Intirtool, Ltd. v. Texar Corp.,
369 F.3d 1289 (Fed. Cir. 2004) .......................................................................... 23
Jack Henry & Assocs. v. DataTreasury Corp.,
CBM2014-00056, Pap. 17 .................................................................................. 13
Kinetic Concepts, Inc. v. Smith & Nephew, Inc.,
688 F.3d 1342 (Fed. Cir. 2012) .................................................................... 29, 32
Kinetic Techs., Inc. v. Skyworks Solutions, Inc.,
IPR2014-00529, Pap. 8 ................................................................................. 41, 45
KSR Int’l Co. v. Teleflex Inc.,
550 U.S. 398 (2007) ............................................................................................ 57
Liberty Mutual Ins. Co. v. Progressive Cas. Ins. Co.,
CBM2012-00003, Pap. 8 .............................................................................passim
MCM Portfolio v. Hewlett-Packard Co.,
812 F.3d 1284 (Fed. Cir. 2015), cert. denied, 137 S. Ct. 292 ............................ 63
In re NTP, Inc.,
654 F.3d 1279 (Fed. Cir. 2011) .......................................................................... 32
IPR2017-01041
U.S. Patent No. 8,484,698
vi
In re Oelrich,
666 F.2d 578 (C.C.P.A. 1981) ............................................................................ 59
Oil States Energy Services, LLC v. Greene’s Energy Group, LLC,
2017 WL 2507340 (U.S. June 12, 2017) ............................................................ 63
Par Pharm. v. Twi Pharms., Inc.,
773 F.3d 1186 (Fed. Cir. 2014) .......................................................................... 58
Pers. Web Techs. v. Apple, Inc.,
848 F.3d 987 (Fed. Cir. 2017) .....................................................................passim
Pitney Bowes, Inc. v. Hewlett-Packard Co.,
182 F.3d 1298 (Fed. Cir. 1999) .................................................................... 21, 22
Power Integrations, Inc. v. Lee,
797 F.3d 1318 (Fed. Cir. 2015) .......................................................................... 13
Rowe v. Dror,
112 F.3d 473 (Fed. Cir. 1997) ............................................................................ 22
TRW Auto. US LLC v. Magna Elecs., Inc.,
IPR2014-00257, Pap. 18 ..................................................................................... 31
TRW Auto. US LLC v. Magna Elecs., Inc.,
IPR2014-00258, Pap. 18 ..............................................................................passim
Vivid Techs. v. Am. Sci. & Eng’g,
200 F.3d 795 (Fed. Cir. 1999) ............................................................................ 13
Vizio, Inc. v. Int’l Trade Comm’n,
605 F.3d 1330 (Fed. Cir. 2010) .......................................................................... 21
Wowza Media LLC v. Adobe Sys. Inc.,
IPR2013-00054, Pap. 12 ............................................................................... 41, 45
IPR2017-01041
U.S. Patent No. 8,484,698
1
Pursuant to § 42.107, 1 Patent Owner StrikeForce Technologies, Inc.
(“StrikeForce”) submits this Preliminary Response to the above-captioned Petition
for Inter Partes Review of U.S. Patent No. 8,484,698 (the “’698 patent”)
(“Petition,” Pap. 2), which should be denied in its entirety for failure to show a
reasonable likelihood of prevailing on any asserted ground.
I. INTRODUCTION
The ’698 patent relates to authenticating a user using a novel out-of-band
security system. Ex. 1001, 1:21-26. The claimed systems utilize two different
forms of user-entered information: the first is typically a user’s login information
and the second is additional information used to authenticate that user for access.
Id., 4:36-44. This type of system implements “two-factor authentication” because
the user’s identity is verified using two different forms of information. To further
enhance security, in the ’698 patent, these two forms of information are
communicated using different pathways (or “channels”). Id., 1:21-26. Twochannel
systems like these are referred to as “out-of-band” authentication systems.
Id., 3:14-19. The inventions claimed in the ’698 patent provide a novel solution to
problems caused by the proliferation of data across the Internet and the ease of
1 Section cites are to 35 U.S.C. or 37 C.F.R. as context indicates, and all
emphasis/annotations added and internal quotations/citations omitted unless noted.
IPR2017-01041
U.S. Patent No. 8,484,698
2
access to this data by enhancing the functionality of computer systems through
improved security of different channels used for authentication and access. Id.,
4:52-54.Petitioner challenges claims of the ’698 patent, claiming them to be
obvious in view of three- or four-reference combinations. But on its face,
Petitioner fails to provide the Board with the basic evidence required to institute
inter partes review.2
For example, Petitioner relies on the conclusory assertion that
a person of ordinary skill in the art (“POSITA”) at the time of invention would
have been motivated to combine three, or even four different, single-channel and
single-factor security systems into a single, composite multi-factor, multi-channel
system. Moreover, Petitioner claims a POSITA would have been motivated to
2 If the Board nonetheless institutes trial on any of the challenged claims,
StrikeForce will address in detail in its § 42.120 Response the numerous
substantive errors and shortcomings that underlie each of Petitioner’s arguments
and its purported evidence, together with expert support. In this paper, however,
StrikeForce addresses some fundamental shortcomings of the Petition: in
particular, Petitioner’s failure to demonstrate, as to any of the challenged claims, a
reasonable likelihood of success on any asserted ground of invalidity. Because of
this clear threshold failure, the Petition should be denied and no inter partes review
should be instituted under § 314.
IPR2017-01041
U.S. Patent No. 8,484,698
3
combine these multiple references by cherry-picking select portions of their
disclosure and constructing a new system purportedly in the precise manner set
forth in the challenged claims. Petitioner contends that this POSITA would have
been motivated to do so, all while ignoring the disparaging statements in the prior
art that suggested simple, inexpensive systems were desirable, rather than the
complicated, unwieldy composite system like the one cobbled together by
Petitioner. Namely, Feigen—Petitioner’s primary reference—expressly criticizes
making time-consuming and expensive modifications to improve existing security
systems by adding additional infrastructure and states, in contrast, that its own
invention “may be implemented in a relatively simple configuration of hardware
and software at relatively low cost.” Ex. 1003, 7:64-66. Ultimately, Petitioner’s
obviousness arguments fail for at least four independent reasons—any one of
which is sufficient to justify denying institution.
First, Petitioner fails to provide a sufficient motivation—absent hindsight—
for combining three or four different references to purportedly render the claimed
systems obvious. In particular, Petitioner ignores the fact that the ’698 patent
claims not only recite multifactor authentication—requiring at least two types of
information to authenticate users—but also require two separate channels—an
access channel and an authentication channel. In this way, Petitioner purportedly
IPR2017-01041
U.S. Patent No. 8,484,698
4
provides “evidence” (in the form of conclusory unsupported testimony) that a
POSITA would have known and been motivated to use the asserted references to
create the specific multifactor two-channel authentication system, as claimed,
merely because the asserted references all allegedly relate to multifactor
authentication. But Petitioner fails to offer any explanation why a POSITA,
looking to implement a multifactor authentication system in light of the prior art
presented in the Petition, would have been motivated to combine the references to
create the specific claimed two-channel system of the ’698 patent.
Second, Petitioner and its expert, Dr. McDaniel, fail to properly and
consistently articulate Petitioner’s proposed combinations and the references relied
on to meet each limitation under each ground. For example, in arguing that the
prior art allegedly renders obvious the claimed “security computer” for both
asserted grounds, Petitioner relies inconsistently and without explanation on (1) the
disclosures of Feigen’s “security host” alone, (2) the disclosures of Bulfer’s
“secured system” alone, or (3) Feigen’s “security host [] as augmented by Bulfer.”
In so doing, Petitioner fails to make clear whether and how it would have
combined any particular references to purportedly meet the “security computer”
limitation.
Third, Petitioner fails to establish that even if the complicated three- or four-
IPR2017-01041
U.S. Patent No. 8,484,698
5
reference combinations could be combined, they would, in fact, render obvious
each and every limitation of the challenged claims. For example, as discussed
herein, Petitioner fails to establish that the asserted combinations render obvious
multiple elements from independent claims 1 and 48, including (but not limited to):
the claimed interception device, located in the proper channel and implementing
the necessary functionalities; the step of verifying the login identification; the
claimed security computer, located in a second channel and implementing the
necessary functionalities; and a first software module on an Internet-connected
web server; among others. As such, Petitioner fails to meet its burden of
specifying where each element of the claim is found in the prior art patents relied
upon. § 42.104(b)(4).
Finally, the key “evidence” on which Petitioner relies—the declaration of its
proffered expert, Patrick McDaniel—is in large part not evidence at all. Instead,
Dr. McDaniel’s declaration (Ex. 1002) simply parrots arguments from Petitioner
almost verbatim, in an attempt to “expertize” Petitioner’s otherwise unsupported
assertions. But because Dr. McDaniel fails to provide the facts, basis, and data that
support his testimony, his conclusory assertions are not proper evidence under
§ 42.65(a), and certainly cannot satisfy Petitioner’s burden to move forward to trial.
To justify institution of an inter partes review, Petitioner’s papers must
IPR2017-01041
U.S. Patent No. 8,484,698
6
make a prima facie showing that, as a factual and legal matter for each asserted
ground, Petitioner has a reasonable likelihood of proving at least one challenged
claim unpatentable. See, e.g., § 42.108(c); § 314; 77 Fed. Reg. 48680, 48694 (Aug.
14, 2012). Because the Petition fails to do so for any ground, it must be denied,
and no inter partes review should be instituted.
II. THE ’698 PATENT
A. Brief Description of the ’698 Patent
The ’698 patent generally relates to a security system for computer networks.
Ex. 1001, 1:20-21. In each of the four disclosed embodiments of the ’698 patent
and in each challenged claim, two different forms of user-entered information are
utilized. Id., 4:32-48. The first is typically a user’s login information and the
second is additional information used to authenticate that user. Id. This type of
authentication system provides what is known as “two-factor authentication”
because the user’s identity is verified using two forms of information. But to
further enhance security, the patent teaches communicating the second factor
information using a different pathway (or “channel”) than the channel over which
the secure information is to be transmitted. Such a two-channel system provides
“out-of-band” authentication. Id., 6:17-23.
As the ’698 patent explains, according to an aspect of the Invention, a user
first attempts to access a host computer (e.g., a banking website) and transmits his
IPR2017-01041
U.S. Patent No. 8,484,698
7
or her login credentials (e.g., a user name and password) through an access channel
(e.g., over the Internet). This request to access is intercepted and the user’s
credentials are verified by a security computer. E.g., id., 4:36-44. Once the user
has been verified, the security computer establishes an “out-of-band”
communication channel with the user via an authentication channel (e.g., by
calling the user’s mobile phone). Id. Using that authentication channel, the user
provides additional information that is used to authenticate the user. Id.
The use of separate channels in this way protects against a hacker, for
example, who has gained access to the access channel, but not the authentication
channel. Thus, through implementation of a novel, two-channel system that
utilizes a different channel for authentication than for access, the ’698 patent
provides a more secure system than those known in the art. See generally id.,
3:10-4:19 (discussing inadequacies of prior art systems), 6:2-12 (distinguishing
single-channel prior art systems where “oth the USER ID and the voice
password are sent along the same pathway and any improper accessor into this
channel has the opportunity to monitor and/or enter both identifiers”).
The four exemplary embodiments of the ’698 patent are shown in Figs. 1A,
10, 11, and 13. In the first—referred to herein as the “Fig. 1A WAN
embodiment”—the security system is used within a wide area network (“WAN”),
IPR2017-01041
U.S. Patent No. 8,484,698
8
such as when a remote user uses the Internet to access a host computer located
within an organization’s network. Id., 6:30-59, 9:10-12:26.
In this embodiment, for example, user 24 attempts to access a web page 32 located
at a host computer or web server 34 in a first/access channel in access network 20
using computer 22. Id., Fig. 1A, 6:30-42. In response to that request, the host
computer 34 requests that the user enter a user identification and password. Id.,
9:27-33. This information is diverted by router 36 to out-of-band security network
40 in a second/authentication channel. Id., 9:33-35, 6:40-43. Security computer 40
uses the authentication channel in voice network 42 to authenticate the user. Id.,
IPR2017-01041
U.S. Patent No. 8,484,698
9
Fig. 1A, 6:37-49.
The second embodiment—referred to herein as the “Fig. 10 LAN
embodiment”—is similar to the first embodiment, except that the invention
operates within a local area network (“LAN”).
Here, for example, a user is already within an organization’s internal network, but
seeks access to a secure host computer (or a restricted portion of a computer) on
the same network. Id., 12:27-63. In other words, this embodiment covers the
situation in which the user and user’s computer are within the same internal
network as the host computer (e.g., a corporate network). Id., 6:23-27. “[W]hen
IPR2017-01041
U.S. Patent No. 8,484,698
10
user 224 requests access to a high security database 232 located at a host computer
234 through computer 222, the request-for-access is diverted by a router 236
internal to the corporate network 238 to an out-of-band security network 240.” Id.,
12:44-48. From that point, the security computer authenticates the user in the outof-band
authentication channel in a manner similar to that described for the Fig.
1A WAN embodiment. Id., 12:54-58.
The third embodiment (Fig. 11) includes a cellular telephone in the
authentication channel capable of receiving a biometric identifier (e.g., fingerprint)
from the user. Id., Fig. 11, 5:49-51, 12:64-13:23.
In this example, after initial verification, the user communicates over the
authentication channel and is prompted to enter a password and biometric identifier.
Id., 13:15-19.
In the fourth embodiment (Fig. 13), out-of-band authentication is performed
using a personal digital assistant (PDA) or cellular telephone through a wireless
IPR2017-01041
U.S. Patent No. 8,484,698
11
network as the authentication channel. Id., Fig. 13, 13:55-65.
As described in the ’698 patent, in this example, the security computer can thus
communicate with a PDA over the wireless network in an “authentication channel”
mode for out-of-band authentication and can receive the user’s ID over the Internet
in an “access channel” mode. Id., 14:4-20.
B. The Patent Office Has Already Considered and Rejected
Arguments Similar to Those in the Petition
The ’698 patent claims priority to U.S. Patent No. 7,870,599 (“’599 patent”),
which itself claims priority to U.S. Appl. No. 09/655,297 (“’297 Appl.”). The ’698
patent and its parent applications underwent extensive examination—with a total
of 18 office actions and responses, including a PTO Appeal Brief—spanning
nearly 13 years at the Patent Office. During this time, the Patent Office confirmed
the patentability of the ’599 patent during its initial prosecution (Ex. 1008 at 37),
re-confirmed the patentability of the ’599 patent during Ex Parte Reexamination
IPR2017-01041
U.S. Patent No. 8,484,698
12
and allowed 7 additional claims (Ex. 1009 at 8), and confirmed the patentability of
the ’698 patent (Ex. 1007 at 38). In fact, in its final Office Action prior to
allowance of the ’698 patent, the Patent Office not only withdrew all of its § 103
rejections, but it also allowed Applicant to add 7 additional claims. Ex. 1007 at 73.
During prosecution, Applicant repeatedly addressed and distinguished
multiple prior art references disclosing similar systems implementing the very
same concepts that Petitioner relies upon in these proceedings.3
For example,
during prosecution of the ’599 patent, the Examiner repeatedly (and unsuccessfully)
proposed combining U.S. Patent No. 5,153,918 (“Tuai”), which at least fails to
disclose a separate “authentication channel,” with other references to produce a
purported two-channel system. E.g., Ex. 1008 at 378. Similarly, the Examiner
repeatedly rejected the claims based on U.S. Patent No. 6,012,144 (“Picket”),
which also at least fails to disclose an authentication channel for authenticating a
request to access a host computer, in combination with other references in an
attempt to create the claimed two-channel security system. But as the extensive
prosecution record establishes, none of the references alone or in combination
discloses or renders obvious the combination of limitations recited in the issued
3
Petitioner also filed a second Petition in IPR2017-01064, challenging
additional claims of the ’698 patent.
IPR2017-01041
U.S. Patent No. 8,484,698
13
claims of the ’698 patent.
III. CLAIM CONSTRUCTION
The Board should decline to adopt the constructions set forth in the Petition.
First, no construction of these terms is necessary to reach a decision at this stage,
based on Petitioner’s multiple failures to meet its burden. Vivid Techs. v. Am. Sci.
& Eng’g, 200 F.3d 795, 803 (Fed. Cir. 1999) (stating that “only those terms need
[to] be construed that are in controversy, and only to the extent necessary to
resolve the controversy”).
Second, Petitioner’s proposed constructions are incorrect as a matter of law.
Indeed, rather than provide any intrinsic support, analysis, or argument supporting
its proposed constructions, Petitioner asks the Board to simply adopt wholesale the
constructions set forth by the District of Delaware. Pet. 15-20. This ignores the
Federal Circuit’s instruction that the Board “is not generally bound by a prior
judicial construction of a claim term” and it is obligated to “assess whether [that
judicial construction] is consistent with the broadest reasonable construction of the
term.” Power Integrations, Inc. v. Lee, 797 F.3d 1318, 1326 (Fed. Cir. 2015); see
also Jack Henry & Assocs. v. DataTreasury Corp., CBM2014-00056, Pap. 17 at 10
(“Petitioner argues that the district court’s interpretation should be adopted, but
provides no persuasive analysis as to how the term is to be interpreted under the
broadest reasonable interpretation standard, which is different from the standard
IPR2017-01041
U.S. Patent No. 8,484,698
14
used by a district court. The district court’s interpretation limits the subsystem to a
particular subsystem…. We decline to read a particular subsystem limitation into
the claim.”); Facebook Inc. v. Software Rights Archive, IPR2013-00478, Pap. 17 at
11 (“Although a district court’s interpretation of the claims of an expired patent
is instructive in a proceeding before the Board, we are not bound by these
constructions. Furthermore, Petitioners have not provided any reasoning
explaining why we should adopt the district court’s constructions; in fact, it is
unclear whether Petitioners even wish for us to do so, as opposed to applying the
ordinary meaning of the terms. As such, for the purposes of this decision, we
decline to adopt the district court’s constructions of the four claim terms.”).
Here, an analysis of the intrinsic evidence shows that the district court made
critical legal errors in construing these terms and the Board should not adopt those
district court constructions.
A. Petitioner’s Proposed Claim Constructions Improperly Exclude
Embodiments Disclosed in the ’698 Patent
The district court concluded that “the relevant asserted claims [of the ’698
patent] cover only the Figure 1A embodiment where the user login identification
verification and authentication are diverted to the security computer prior to
contact with the host computer.” Ex. 1012 at 15. As a result of this, the court
adopted overly narrow constructions (e.g., id., at 52-53 (construing, for example,
IPR2017-01041
U.S. Patent No. 8,484,698
15
“[access/first] channel,” “[authentication/second] channel,” “host computer,” and
“multichannel security system”)) that exclude three of the ’698’s four
embodiments. In reaching its conclusion, the district court focused primarily on
perceived differences between Figs. 1A and 10 and, based on these differences,
erroneously concluded that Fig. 10 was an unclaimed embodiment. Id. at 14, 19
n.77.
Specifically, the district court stated that, in Fig. 1A, “the login identification
and demand for access is diverted to the security computer” and, accordingly, there
is no “initial contact and verification at the host computer.” Id. at 13-14. In
contrast to Fig. 1A, the district court stated that, in Fig. 10, “the user is already on
the host computer’s network and is attempting to access a high security database.”
Id. The court concluded that, as a result, Fig. 10 is different than Fig. 1A because
in Fig. 10 the user “is trying to gain access to protected data on the host computer
while already on the host computer’s network.” Id. at 15 (quoting StrikeForce’s
brief) (emphasis in original). Thus, in the district court’s view, the user in Fig. 1A
has no contact with the host computer prior to being authenticated, whereas the
user in Fig. 10 has contact with the host computer and is seeking access to a more
secured portion of the host computer. Id.
Based on these supposed differences between Figs. 1A and 10, the district
IPR2017-01041
U.S. Patent No. 8,484,698
16
court limited the claims to just the Fig. 1A WAN embodiment (and excluded the
LAN embodiments) because “the asserted claims are directed to accessing the host
computer itself, not ‘protected data’ [e.g., secured database] on the host computer.”
Id. at 14. In doing so, the court noted that the claims are directed to a “method for
accessing a host computer” or a “demand for access to a host computer” (as
opposed to a method for accessing protected data or a demand for access to
protected data). Id. The court’s analysis is flawed for several reasons.
Importantly, the district court’s limitation of the claims to just the Fig. 1A
WAN embodiment contradicts the claims themselves. Dependent claim 22
requires that the first channel of claim 1 “comprises one of a wide area network
[Fig. 1A] and a local area network [Fig. 10].” Ex. 1001, 15:46-48. Thus, claim 1
must cover both the WAN embodiment of Fig. 1A and the LAN embodiment of
Fig. 10. But, the district court narrowed claim 1 to such an extent that it excluded
LAN embodiments and would be narrower than dependent claim 22, rendering that
claim meaningless. Alcon Research, Ltd. v. Apotex Inc., 687 F.3d 1362, 1367 (Fed.
Cir. 2012) (“It is axiomatic that a dependent claim cannot be broader than the
claim from which it depends.”).
Next, the district court’s incorrect conclusion that the user in Fig. 1A has no
contact with the host computer prior to being granted access (Ex. 1012 at 13-14),
IPR2017-01041
U.S. Patent No. 8,484,698
17
directly contradicts the specification. The specification explicitly discloses that the
user of Fig. 1A has contact with the host computer prior to access being granted.
In describing the flowchart of Figs. 9A-9E4
, the ’698 patent states:
The pathway commences at the REQUEST FOR ACCESS block 150
whereby a request to enter the host computer or web server 34 is
received from the user at the remote computer 22. The user
requesting access to the host computer from the remote computer is
immediately prompted to login at the LOGIN SCREEN PRESENTED
block 152. While the login procedure here comprises the entry of
the user identification and password and is requested by the host
computer 34, such information request is optionally a function of
the security computer 40.
Ex. 1001, 9:24-35. Thus, before access is granted, the host computer requests that
the user send login information. See also id., 10:11-19 (disclosing that the host
computer sends a verification message to the user before authentication takes
place), 13:7-12, 14:7-10 (disclosing that the user in Figs. 11 and 13 has contact and,
in fact, exchanges information—including login information—with the web server
4
Figs. 9A-E are described as “a flow diagram of the software program required for
the security system shown in Fig. 1.” Ex. 1001, 5:43-44. The reference to Figure
1 instead of 1A is clearly a mistake. Indeed, the discussion of Figure 9 refers to
components in Figure 1A – not Figure 1.
IPR2017-01041
U.S. Patent No. 8,484,698
18
334, 434 (i.e., the host computer) before access is granted). Thus, the user in all
four embodiments (including Fig. 1A) has contact with the host computer before
access to that computer is granted.
Finally, the district court’s exclusion of Fig. 10 from the scope of the claims
contradicts express statements during prosecution of the ’599 patent where the
Applicant told the Patent Office that Fig. 10 was directed to “accessing a host
computer” and was “illustrative” of the “two-channel authentication system
according to the invention”:
Independent claim 1, for example, is directed to securely accessing ‘a
host computer’ for authentication purposes. … Figure 10 from the
published application … is illustrative of a two-channel
authentication system according to the invention.
Ex. 1008 at 52.5
Applicant again reiterated this position during reexamination of
the ’599 patent. Ex. 1009 at 60-61. Thus, Applicant repeatedly made clear that
both accessing a host computer (e.g., as shown in the Fig. 1A WAN embodiment)
and protected data on a computer (e.g., as shown in the Fig. 10 LAN embodiment)
are claimed aspects of the invention. Thus, the Board should not adopt the district
court’s erroneous constructions.
5
The claim at issue during prosecution mirrors claim 1 of the ’698 patent.
IPR2017-01041
U.S. Patent No. 8,484,698
19
B. Petitioner’s Proposed Claim Constructions Improperly Limit
“Out-of-Band” to “Separate Facilities”
The district court further concluded that “the inventor defined an ‘out-ofband’
system as ‘one having an authentication channel that is separated from the
information channel and therefore is nonintrusive as it is carried over separate
facilities than those used for actual information transfer.” Ex. 1012 at 16. In doing
so, the court ignored the Inventor’s lexicography, which establishes that “out-ofband”
authentication could also occur over separate “frequency channels or time
slots”:
Likewise, an “out-of-band” operation is defined as one using an
authentication channel that is separated from the channel carrying the
information and therefore is nonintrusive as it is carried over separate
facilities, frequency channels, or time slots than those used for actual
information transfer.
See id., 3:10-19. The district court’s construction also directly contradicts the
prosecution history where the Inventor expressly illustrated out-of-band channels
that share facilities (e.g., the “telephone switch” in this example is shared by the
“voice” and “signaling” channels, in purple) (Ex. 1011 at 33-34) (with red, blue,
and purple annotations added for illustration):
IPR2017-01041
U.S. Patent No. 8,484,698
20
To support its improper conclusion, the district court relied on a discussion
in column 6, lines 14-27 of the ’698 Patent. But if anything, this discussion in the
specification relates to an aspect of out-of-band in the context of Fig. 1A. This
cannot be the definition of “out-of-band” at least because immediately following it,
there is a description of a second out-of-band embodiment (i.e., Fig. 10 LAN
embodiment) that makes no mention of separate facilities and explicitly says that
the accessor and host computer are “within the same network”:
The first [embodiment] describes an application to a wide area
network, such as the internet, wherein the person desiring access and
the equipment used thereby are remote from the host computer. In
this description and consistent with Newton’s Telecom Dictionary
(19th Ed.), an “out-of-band” system is defined herein as one having an
authentication channel that is separated from the information channel
and therefore is nonintrusive as it is carried over separate facilities
IPR2017-01041
U.S. Patent No. 8,484,698
21
than those used for actual information transfer. The second
embodiment describes the application of the disclosed invention to a
local area network wherein the person desiring access and the
equipment used thereby are within the same network (referred to as
the “corporate network”) as the host computer.
Ex. 1001, 6:14-27.
C. The Preamble’s Recitation of “Multichannel Security System” Is
Not Limiting
A preamble limits a claim only in certain circumstances. See Am. Med. Sys.,
Inc. v. Biolitec, Inc., 618 F.3d 1354, 1358-59 (Fed. Cir. 2010). To be limiting, the
preamble must be “necessary to give life, meaning, and vitality” to the claim.
Pitney Bowes, Inc. v. Hewlett-Packard Co., 182 F.3d 1298, 1305 (Fed. Cir. 1999).
A preamble is not limiting “where a patentee defines a structurally complete
invention in the claim body and uses the preamble only to state a purpose or
intended use for the invention.” Vizio, Inc. v. Int’l Trade Comm’n, 605 F.3d 1330,
1340 (Fed. Cir. 2010). In making this determination, a court should “review … the
entire … patent to gain an understanding of what the inventors actually invented
and intended to encompass by the claim.” Catalina Mktg. Int’l, Inc. v.
Coolsavings.com, Inc., 289 F.3d 801, 808 (Fed. Cir. 2002).
The Federal Circuit has provided “guideposts” to assist courts in
determining whether language in the preamble limits claim scope. Id. For
IPR2017-01041
U.S. Patent No. 8,484,698
22
example, dependence on a “preamble phrase for antecedent basis may limit claim
scope because it indicates a reliance on both the preamble and claim body to define
the claimed invention.” Id. In addition, if reference to the preamble is necessary
“to understand limitations or terms in the claim body, the preamble limits claim
scope.” Id. The preamble may also be limiting if it recites additional structure or
steps that the specification identifies as important. Id. Here, none of these applies.
Rather, the body of each challenged claim defines a structurally complete
invention and the preamble merely states a purpose or intended use for the
invention. Rowe v. Dror, 112 F.3d 473, 478 (Fed. Cir. 1997) (holding that a
preamble is not limiting “where a patentee defines a structurally complete
invention in the claim body and uses the preamble only to state a purpose or
intended use for the invention”).
The body of the challenged claims makes clear that the claims cover a
“multichannel” system. Specifically, the body of each claim recites an “access
channel” (or “first channel”) and an “authentication channel” (or “second
channel”)—i.e., multiple channels. Thus, the reference to a “multichannel security
system” in the preambles does not give “life, meaning, [or] vitality” to the claims.
See Pitney Bowes, 182 F.3d at 1305. In other words, “the claim body describes a
structurally complete invention such that deletion of the preamble phrase does not
IPR2017-01041
U.S. Patent No. 8,484,698
23
affect the structure or steps of the claimed invention.” Am. Med. Sys., 618 F.3d at
1358-59 (quoting Catalina, 289 F.3d at 809). At best, it “merely gives a
descriptive name to the set of limitations in the body of the claim that completely
set forth the invention.” Id. at 1359 (quoting IMS Tech., Inc. v. Haas Automation,
Inc., 206 F.3d 1422, 1434-35 (Fed. Cir. 2000)).
Petitioner—in misguided reliance on the district court’s construction—
suggests that Applicant relied on the language of the preamble during prosecution
to secure allowance of the claims. Pet. 13-14. But Petitioner—and the district
court—have failed to identify any instance of Applicant relying on the preamble of
the claims itself, as opposed to the body of the claims. Indeed, in distinguishing
the prior art, Applicant relied upon the recitation of multiple channels recited in the
limitations in the body of the claims, not the preamble. See id. (citing Ex. 1008
and 1009)); see also Intirtool, Ltd. v. Texar Corp., 369 F.3d 1289, 1295-96 (Fed.
Cir. 2004) (holding that preamble is not limiting where statements from the
prosecution history could be interpreted as relating to the specific structural
limitations set forth in the body of the claim). Indeed, the plain language of the
claim limitations, which require that certain communications be carried over an
authentication channel, rather than the access channel, already encompass the
concept of “out-of-band” authentication, regardless of whether the preamble
IPR2017-01041
U.S. Patent No. 8,484,698
24
includes the phrase “out-of-band” or “multichannel.” Thus, there is no legal basis
for finding the preambles limiting and the Board should decline to rubberstamp the
district court’s incorrect construction.
IV. THE CONCLUSORY ASSERTIONS OF PETITIONER’S
PROFFERED EXPERT FAIL TO PROVIDE EVIDENCE OF A
MOTIVATION TO COMBINE THE ASSERTED REFERENCES
“[A] finding of obviousness ‘cannot be predicated on the mere identification
in [the prior art] of individual components of claimed limitations.’” Pers. Web
Techs. v. Apple, Inc., 848 F.3d 987, 991 (Fed. Cir. 2017) (quoting In re Kotzab,
217 F.3d 1365, 1371 (Fed. Cir. 2000)). Rather, obviousness also requires a
showing that a POSITA “would have been motivated to combine the prior art in
the way claimed by the [challenged patent] claims at issue.” Id. Thus, Petitioner
has the burden to show a reasonable likelihood that a POSITA would have been
motivated to make this combination, without hindsight. See DirecTV, LLC v.
Qurio Holdings, Inc., IPR2015-02006, Pap. 6 at 14 (Apr. 4, 2016). Petitioner
relies—and in many instances exclusively relies—on the declaration of its expert,
Dr. McDaniel, to support Petitioner’s assertions that a POSITA would have been
motivated to combine the asserted references in the manner claimed by the ’698
patent. But Petitioner and Dr. McDaniel make unsupported logical leaps that are
based on impermissible hindsight. Accordingly, Petitioner has failed to meet its
burden for each of the reasons discussed below.
IPR2017-01041
U.S. Patent No. 8,484,698
25
A. Petitioner Fails to Sufficiently Show Why a POSITA Would Have
Been Motivated to Combine Feigen with Bulfer and Falk
(Grounds 1 and 2)
1. Petitioner fails to explain why a POSITA would have turned
to multi-channel authentication to allegedly solve the problem
of implementing a higher security system
It is indisputable that the claims require two separate channels—an access
channel (or “first channel”) and an authentication channel (or “second channel”).
E.g., Ex. 1001, 14:33 (“in a first channel”), 14:37 (“in a second channel”), 18:6
(“in an access channel”), 18:13 (“in an authentication channel”). Notably,
Petitioner never argues or suggests that any of the asserted references disclose a
two-channel system.6
Thus, under Petitioner’s own view of the prior art, Petitioner
contends that a POSITA would have combined three separate and unique security
systems in such a manner that the newly constructed composite system would have
resulted in the two-channel system of the claims. Pet. 36-40. But Petitioner fails
to explain why a POSITA would have been motivated to create such a system.
In arguing that a POSITA would have been motivated to combine Feigen
6
See Pet. 23-26 (discussing Feigen); Pet. 27-29 (discussing Bulfer); and 29-
32 (discussing Falk). Nowhere in these sections does Petitioner argue or suggest
that any one of these references discloses a security system with two separate
channels.
IPR2017-01041
U.S. Patent No. 8,484,698
26
with Bulfer and Falk, Petitioner relies on only two statements in Feigen: “Together
tasks 100 and 102 form an authentication process the strength of which may vary
in accordance with the needs of network 14,” and “[h]owever, different systems
may use different authentication processes.” See Pet. 41 (citing Ex. 1003, 6:59-62,
6:66-67). Petitioner conclusorily suggests that this discussion of different systems,
each with its own stand-alone authentication process, somehow would have
suggested that a POSITA should “combin[e] multiple authentication mechanisms
in the same system.” Id. Starting from this unsupported assertion,7
Petitioner
embarks upon a series of logical leaps that it asserts somehow lead to the proposed
combination:
(i) First, Petitioner argues that because combining multiple authentication
mechanisms achieves a higher level of security, a POSITA would
have consulted references related to multi-factor authentication,
namely Bulfer and Falk. See Pet. 41-42.
(ii) Second, Petitioner argues that, in particular, a POSITA would have
7
As further detailed below, § IV.B, Petitioner’s arguments about the alleged
obviousness of its proposed combinations rely on a fundamental belief about what
was known in the state of the art at the time of invention, but Petitioner and its
expert fail to provide evidence establishing this foundation.
IPR2017-01041
U.S. Patent No. 8,484,698
27
combined Bulfer’s two-factor authentication with Feigen’s system to
create a new two-channel authentication system. See Pet. 43-44.
(iii) Finally, Petitioner argues that a POSITA would have then been
motivated to further modify the combination of Feigen and Bulfer
with Falk “at least because Falk is focused on the same security
processes that provide authentication and authorization of users.” See
Pet. 44.
But Petitioner fails to provide evidence justifying each of these substantial
assumptions.
First, assuming arguendo that a POSITA would have been motivated by two
simple statements in Feigen to employ different higher-security protocols than
those contemplated by Feigen, Petitioner still fails to explain why a POSITA
would have turned to multifactor authentication in particular. Indeed, Petitioner
only asserts that Feigen teaches “single factor authentication.” Pet. 41 (“Security
host (26) in Feigen performs a single factor authentication process using a onetime
password….”). Thus, the Petition fails to establish why a POSITA would
have been motivated to look outside Feigen itself (or to any other reference
IPR2017-01041
U.S. Patent No. 8,484,698
28
disclosing a single-factor system) for multifactor authentication processes.8
Second, even assuming that a POSITA would have been motivated to
modify Feigen to use multifactor authentication, Petitioner still fails to set forth
any reason why a POSITA would have been motivated to combine Feigen and
Bulfer in the manner proposed to create a multichannel multifactor authentication
system as required by the limitations of the ’698 patent claims. Petitioner does
not—and cannot—suggest that all multifactor authentication systems necessarily
include or need multiple channels. There is no evidence in the Petition or Dr.
McDaniel’s declaration from which to conclude that a person allegedly motivated
to enact a multifactor authentication system would have combined it in such a
fashion to yield a multichannel authentication system—much less a multichannel
8
As discussed in § IV.C, Petitioner’s reliance on Dr. McDaniel here is
unhelpful. Dr. McDaniel simply parrots back the language of the Petition without
providing any underlying basis or rationale for his “opinions.” Compare Pet. 41
with Ex. 1002 ¶ 102. Such conclusory testimony is entitled to little or no weight.
TRW Auto. US LLC v. Magna Elecs., Inc., IPR2014-00258, Pap. 18 at 10-11 (Aug.
27, 2014) (giving little to no weight to expert testimony that “did not elaborate on
[Petitioner’s] position because it simply repeated [Petitioner’s] conclusory
statements verbatim.”); § 42.65(a).
IPR2017-01041
U.S. Patent No. 8,484,698
29
system meeting the specific limitations of the ’698 patent claims.
At best, if Feigen and Bulfer were combined to create a multifactor
authentication system, the multifactor authentication would all take place in the
access channel. For example, Feigen indisputably discloses a single-channel
system, so the “security host (26)” must necessarily reside in the access channel,
which is contrary to the requirement of the claims. Ex. 1003, FIG. 1. Similarly,
Bulfer’s “secured system (30)” serves as both the security computer and the host
computer—which means it too resides in, at least, the access channel. Ex. 1004,
2:38-40 (“In the illustrative embodiment shown in FIG. 1 a user 10 requests access
to secured system 30 via communication link 20.”). Petitioner’s alleged
motivation to combine Feigen and Bulfer provides no evidence or explanation for
why a POSITA would have opted to remove the “security host (26)” or the
“secured system (30)” from the access channel and configure a new system such
that these components are placed in a new (authentication) channel that is separate
from the access channel as required by the ’698 patent claims. Boehringer
Ingelheim Int’l GmbH v. Biogen Inc., IPR2015-00418, Pap. 14 at 17-18 (July 13,
2015) (denying institution for insufficient explanation of motivation to combine
where Petitioner failed to explain why the cited disclosures of the references would
have suggested using the specific element of one reference with the specific
IPR2017-01041
U.S. Patent No. 8,484,698
30
element of the second reference); Kinetic Concepts, Inc. v. Smith & Nephew, Inc.,
688 F.3d 1342, 1368 (Fed. Cir. 2012) (“[W]e must still be careful not to allow
hindsight reconstruction of references to reach the claimed invention without any
explanation as to how or why the references would be combined to produce the
claimed invention.”).
Finally, even assuming a POSITA would have been motivated to combine
Feigen and Bulfer to yield a new multichannel authentication system, Petitioner
still fails to justify its proposed three-reference combination. In particular,
Petitioner argues that a POSITA would have been motivated to further modify the
Feigen/Bulfer combination with Falk “at least because Falk is focused on the same9
9
Indeed, Petitioner’s contention that Bulfer and Falk disclose “the same
security processes that provide authentication and authorization of users” (Pet. 44)
raises additional questions as to why a POSITA would have been motivated to
combine both Bulfer and Falk into Feigen. Petitioner never addresses what benefit
Falk allegedly brings to the proposed combination that would not have been
present with Bulfer alone. See Huawei Device USA, Inc. v. SPH Am., LLC,
IPR2015-00221, Pap. 13 at 16–17 (May 28, 2015) (denying institution where
Petitioner’s expert testified that a POSITA could have made the proposed
IPR2017-01041
U.S. Patent No. 8,484,698
31
security processes that provide authentication and authorization of users” and
“[l]ike Bulfer, Falk teaches two-factor authentication.” 10 Pet. 44. Petitioner
further describes Falk’s use of “a challenge code to be generated in an
authentication center 30 [and] sent over an authentication challenge network 28 to
the personal unit 20 [something the user has].” Id. But Petitioner’s proposed
Feigen/Bulfer/Falk combination does not align with its purported motivation to
incorporate Falk into the Feigen/Bulfer system. Specifically, Petitioner does not
propose incorporating Falk’s second-factor authentication “challenge code” into
the combined Feigen/Bulfer system to yield a system with yet another
authentication factor. Instead, Petitioner relies on Falk only for its alleged
substitution, “without sufficiently articulating what the benefit … would have
been”).
10 To the extent Petitioner purports to base its motivation to combine
references on the assertion that all three references are in the same field, this is
insufficient. TRW Auto. US LLC v. Magna Elecs., Inc., IPR2014-00257, Pap. 18 at
4 (Aug. 28, 2014) (“That each reference may be in the field of ‘vehicular vision’ is
insufficient, in and of itself, to provide a reason with rationale underpinning as to
why one of ordinary skill in the art would have sought to combine specific
teachings of such references.”
Recent ZRFY News
- Partnership to Offer Enhanced Cybersecurity Solutions • AllPennyStocks.com • 05/22/2023 02:45:00 PM
NanoViricides Reports that the Phase I NV-387 Clinical Trial is Completed Successfully and Data Lock is Expected Soon • NNVC • May 2, 2024 10:07 AM
ILUS Files Form 10-K and Provides Shareholder Update • ILUS • May 2, 2024 8:52 AM
Avant Technologies Names New CEO Following Acquisition of Healthcare Technology and Data Integration Firm • AVAI • May 2, 2024 8:00 AM
Bantec Engaged in a Letter of Intent to Acquire a Small New Jersey Based Manufacturing Company • BANT • May 1, 2024 10:00 AM
Cannabix Technologies to Deliver Breath Logix Alcohol Screening Device to Australia • BLO • Apr 30, 2024 8:53 AM
Hydromer, Inc. Reports Preliminary Unaudited Financial Results for First Quarter 2024 • HYDI • Apr 29, 2024 9:10 AM
Start posting your company's news
Only $200 per official company press release!
