UNITED STATES PATENT AND TRADEMARK OFFICE
BEFORE THE PATENT TRIAL AND APPEAL BOARD
DUO SECURITY INC., CENTRIFY CORP.,
AND TRUSTWAVE HOLDINGS, INC.
Petitioner
v.
STRIKEFORCE TECHNOLOGIES, INC.
Patent Owner
U.S. Patent No. 8,484,698
Title: MULTICHANNEL DEVICE UTILIZING A CENTRALIZED OUT-OF-
BAND AUTHENTICATION SYSTEM (COBAS)
Inter Partes Review Case No. IPR2017-01064
PETITION FOR INTER PARTES REVIEW OF CLAIMS 1-17, 19-24, 53 and
54 OF U.S. PATENT NO. 8,484,698 UNDER 35 U.S.C. §§ 311-319 AND 35
C.F.R. § 42.100 ET SEQ.
i
TABLE OF CONTENTS
Mandatory Notices under 37 C.F.R. § 42.8(b) ..................................... 6 I.
A. Real Party-In-Interest under 37 C.F.R. § 42.8(b)(1) .................. 6
B. Related Matters under 37 C.F.R. § 42.8(b)(2) ........................... 6
C. Lead and Back-Up Counsel under 37 C.F.R. § 42.8(b)(3) ........ 7
D. Service Information under 37 C.F.R. § 42.8(b)(4) .................... 8
Grounds for Standing under 37 C.F.R. § 42.104(a) ............................. 9 II.
Identification of Challenge under 37 C.F.R. § 42.104(b) .................... 9 III.
Relevant Information Concerning the Contested Patent .................... 10 IV.
A. Effective Filing Date of the ‘698 Patent .................................. 10
B. Brief Description of the ‘698 Patent ........................................ 10
C. The ‘698 Patent Claims ............................................................ 13
D. Prosecution History of the ‘698 Patent .................................... 14
Proposed Claim Constructions ........................................................... 16 V.
Prior Litigation Involving Patent Owner ............................................ 20 VI.
Discussion of Prior Art ....................................................................... 21 VII.
A. Background of the State of the Relevant Art in 2000 .............. 21
B. Qualification of Prior Art References Under 35 U.S.C. § 102(b)
.................................................................................................. 23
C. Feigen ....................................................................................... 23
D. Flanagan ................................................................................... 26
E. Falk ........................................................................................... 30
ii
Person of Ordinary Skill in the Art .................................................... 33 VIII.
There is a Reasonable Likelihood that the Challenged Claims are IX.
Unpatentable ................................................................................................. 34
A. Ground 1: Claims 1-17, 19-24, 53 and 54 are Obvious over
Feigen in view of Flanagan and Falk ...................................... 34
1. Overview ........................................................................... 34
2. Motivation to Combine Feigen with Flanagan and Falk... 40
3. The Ground 1 Combination Teaches Every Element of
Claims 1-17, 19-24, 53 and 54 .......................................... 45
Conclusion .......................................................................................... 64 X.
iii
PETITIONER’S EXHIBIT LIST1
EXHIBIT
NUMBER
DESCRIPTION
1001 U.S. Patent No. 8,484,698
1003 U.S. Patent No. 5,699,513 (“Feigen”)
1005 U.S. Patent No. 5,668,876 (“Falk”)
1007 Application file history of U.S. Patent No. 8,484,698
1008 Application file history of U.S. Patent No. 7,870,599
1009 Reexamination file history of U.S. Patent No. 7,870,599
1011
Application file history of U.S. Patent Application No.
09/655,297
1012
Report and Recommendation in StrikeForce Technologies,
Inc. v. PhoneFactor, Inc, et al., Civ. A. No. 13-490-RGA-
MPT (DI 168)
1 Certain exhibit numbers are not used in this petition in order to maintain
consistency between exhibit numbering of this petition and another petition,
IPR2017-01041.
iv
1013
Memorandum in StrikeForce Technologies, Inc. v.
PhoneFactor, Inc, et al., Civ. A. No. 13-490-RGA-MPT
(DI 219)
1014
Memorandum Order in StrikeForce Technologies, Inc. v.
PhoneFactor, Inc, et al., Civ. A. No. 13-490-RGA-MPT
(DI 223)
1015 Curriculum Vitae of Dr. Patrick D. McDaniel
1016
RFC2869, June 2000.
(https://www.ietf.org/rfc/rfc2869.txt, Captured March 10,
2017)
1017
RFC2808, April 2000.
(https://tools.ietf.org/pdf/rfc2808.pdf, Captured March 10,
2017)
1018
Lecture on “Web-Based System Security,” Prof. Jerry
Gao, 1999.
(http://www.engr.sjsu.edu/gaojerry/course/cmpe296u/slide
s/security.pdf, Captured March 10, 2017)
1019
SANS Institute, “Global Information Assurance
Certification Paper,” March 29, 2000.
(https://www.giac.org/paper/gsec/16/risks-biometric-
v
based-authentication-schemes/100271, Captured March
10, 2017)
1020
Robb, Guy, “Internet Security: The Business Challenge,”
Telecommunications Online, October
1996. (http://www.telecoms-
mag.com/marketing/articles/oct96/guyrobb.html, Captured
March 10, 2017)
1101 Declaration of Dr. Patrick McDaniel
1102 European Patent Application EP 0444351A2 (“Flanagan”)
1103 Detailed claim charts
IPR2017-01064 – Inter Partes Review of U.S. Patent No. 8,484,698
Petition for Inter Partes Review
6
Mandatory Notices under 37 C.F.R. § 42.8(b) I.
A. Real Party-In-Interest under 37 C.F.R. § 42.8(b)(1)
Duo Security Incorporated (“Duo”), Trustwave Holdings, Inc.
(“Trustwave”), and Centrify Corporation (“Centrify”) (collectively, “Petitioner”)
are the real parties-in-interest for this Petition.
B. Related Matters under 37 C.F.R. § 42.8(b)(2)
StrikeForce Technologies, Inc., the listed assignee of U.S. Patent No.
8,484,698 (“the ‘698 Patent”) is engaged in the following ongoing litigations
where infringement of the ‘698 Patent is alleged:
StrikeForce Techs., Inc. v. Duo Security Inc., No. 2:16-cv-03571-JMV-MF
(D.N.J.);
StrikeForce Techs., Inc. v. Trustwave Holdings, Inc., No. 2:16-cv-03573-
JMV-MF (D.N.J.); and
StrikeForce Techs., Inc. v. Centrify Corp., No. 2:16-cv-03574-JMV-MF
(D.N.J.).
Petitioner is contemporaneously filing another petition requesting inter
partes review of the ‘698 patent, IPR2017-01041. The petition in IPR2017-01041
addresses a different subset of claims of the ‘698 patent. In particular, the present
petition addresses claims 4, 8-14, 16-17 and 19, which are not challenged in
IPR2017-01041. Claims 8-14 recite a “biometric signal,” which is not recited in
IPR2017-01064 – Inter Partes Review of U.S. Patent No. 8,484,698
Petition for Inter Partes Review
7
any of the claims challenged in IPR2017-01041. The present petition cites
different art to address the different claim recitals. Because the art cited in the
present petition is cited for a different teaching (a “biometric signal”) than the art
cited in IPR2017-01041, the petitions are neither horizontally nor vertically
redundant. Liberty Mutual Ins. Co. v. Progressive Casualty Ins. Co., CBM2012-
00003, Paper No. 7 at 3 (Oct. 25, 2012). Further, the combined petitions present
only 3 distinct grounds of unpatentability, of which no more than 2 grounds apply
to any individual claim. As such, the combined petitions do not place an undue
burden on the Patent Owner and the Board. Id. at 2.
C. Lead and Back-Up Counsel under 37 C.F.R. § 42.8(b)(3)
Petitioner provides the following designation of counsel:
IPR2017-01064 – Inter Partes Review of U.S. Patent No. 8,484,698
Petition for Inter Partes Review
8
Lead Counsel Back-up Counsel
John D. Garretson (Reg. No. 39,681)
Postal and Hand-Deliver Address:
Shook, Hardy & Bacon L.L.P.
2555 Grand Blvd.
Kansas City, MO 64108
Telephone: (816) 559-2539
Fax: (816) 421-5547
Counsel for Duo Security, Inc.
Amy M. Foust (Reg. No. 57,782)
Postal and Hand-Deliver Address:
Shook, Hardy & Bacon L.L.P.
Citigroup Center
201 S. Biscayne Blvd., Suite 3200
Miami, Florida 33131
Telephone: (305) 960-6925
Fax: (305) 358-7470
Counsel for Duo Security, Inc.
Back-up Counsel Back-up Counsel
Brian A. Jones (Reg. No. 68,770)
Postal and Hand-Deliver Address:
McDermott Will & Emery
227 W. Monroe Street
Chicago, IL 60606
Telephone: (312) 984-7694
Fax: (312) 984-7700
Counsel for Trustwave Holdings, Inc.
Darren M. Franklin (Reg. No. 51,701)
Postal and Hand-Deliver Address:
Sheppard, Mullin, Richter & Hampton
LLP
333 South Hope Street
Forty-Third Floor
Los Angeles, CA 90071
Telephone: (213) 617-5498
Fax: (213) 620-1398
Counsel for Centrify Corporation
D. Service Information under 37 C.F.R. § 42.8(b)(4)
Petitioner may be served by mail or hand delivery to Lead Counsel’s
address, above. Petitioner consents to service via e-mail at [email protected];
[email protected]; [email protected]; and [email protected].
IPR2017-01064 – Inter Partes Review of U.S. Patent No. 8,484,698
Petition for Inter Partes Review
9
Grounds for Standing under 37 C.F.R. § 42.104(a) II.
Petitioner certifies that it is not barred or estopped from requesting inter
partes review of claims 1-17, 19-24, 53 and 54 of U.S. Patent No. 8,484,698 (“the
‘698 Patent”). Neither Petitioner, nor any party in privity with Petitioner: (i) has
filed a civil action challenging the validity of claims 1-17, 19-24, 53 and 54 of the
‘698 Patent; or (ii) has been served a complaint alleging infringement of the ‘698
Patent more than a year prior to the present date. Also, claims 1-17, 19-24, 53 and
54 of the ‘698 Patent have not been the subject of a prior inter partes review or a
finally concluded district court litigation involving Petitioner.
Identification of Challenge under 37 C.F.R. § 42.104(b) III.
Petitioner petitions for inter partes review under 35 U.S.C. §§ 311-319 and
37 C.F.R. § 42.100 et. seq. of claims 1-17, 19-24, 53 and 54 (“Challenged
Claims”) of the ‘698 Patent (Ex. 1001). There exists a reasonable likelihood that
Petitioner will prevail with respect to at least one of the Challenged Claims.
Petitioner requests inter partes review of the Challenged Claims on the
ground set forth in the table below and requests that each of the Challenged Claims
be found unpatentable and cancelled from the ‘698 Patent. A complete explanation
of how these claims are unpatentable is provided in Section IX below. The
accompanying Declaration of Dr. Patrick D. McDaniel (Ex. 1101) supports the
ground of rejection in detail.
IPR2017-01064 – Inter Partes Review of U.S. Patent No. 8,484,698
Petition for Inter Partes Review
10
Ground 35 USC Index of References Claims
1 § 103(a) Feigen (Ex. 1003) in view of
Flanagan (Ex. 1102), and
further in view of Falk (Ex.
1005)
1-17, 19-24, 53 and 54
Relevant Information Concerning the Contested Patent IV.
A. Effective Filing Date of the ‘698 Patent
The ‘698 Patent issued from U.S. Application No. 12/958,126, filed on
December 1, 2010. The ‘698 Patent claims priority as a continuation from U.S.
Patent Application No. 10/970,559, filed on October 21, 2004 and issued as U.S.
Patent No 7,870,599 (“‘599 Patent”). The ‘599 Patent claims priority as a
continuation-in-part to U.S. Patent Application No. 09/655,297 (“‘297
Application”), filed on September 5, 2000 and subsequently abandoned. The
effective filing date of the Challenged Claims as submitted for purposes of this
Petition is not earlier than September 5, 2000. The “critical date” under 35 U.S.C.
§ 102(b) for the Challenged Claims is September 5, 1999, which is one year prior
to the earliest claimed U.S. filing date of September 5, 2000.
B. Brief Description of the ‘698 Patent
The ‘698 Patent relates to a system that determines whether to grant or deny
a user access to a computer over a network, based on authenticating the person
IPR2017-01064 – Inter Partes Review of U.S. Patent No. 8,484,698
Petition for Inter Partes Review
11
attempting to gain access. Ex. 1001 at Abstract. Authentication is a process where
a system determines the identity of an entity attempting to gain access to
something. Ex. 1101 at ¶¶ 48-49. This type of technology, along with the prior art
identified in this Petition, can apply when an employee works outside of the office
and attempts to access a computer at their workplace over the Internet.
As of the September 5, 2000 priority date of the Challenged Claims, many
security solutions for authentication already existed. Ex. 1101 at ¶¶ 50-59. For
example, two-factor authentication, such as requiring a person to correctly input a
password and provide a response through a personal device, like a pager or phone,
emerged as a method to increase the complexity of security and thwart hackers.
Ex. 1101 at ¶ 53.
Similarly, the Challenged Claims cover a technique that controls access to a
“host computer” by intercepting a person’s demand to access the host computer
and using a separate security computer to carry out two authentication measures.
These are (1) verifying the person’s login identification; and (2) receiving a
response from the person via a separate device, such as a phone. Ex. 1001 at 4:36-
42, 6:62-7:4, FIG. 1A, 7:12-17 (describing a control module as part of the security
computer) and 9:45-54 (describing the function of the control module).
Below is an annotated version of Fig. 1A from the ‘698 Patent created by
the Petitioner that illustrates functionality disclosed in the patent.
IPR2017-01064 – Inter Partes Review of U.S. Patent No. 8,484,698
Petition for Inter Partes Review
12
User (24) wants to access host computer (34). From computer (22), user
(24) directs an access demand along with a login identification to host computer
(34). Ex. 1001 at 4:34-39, 6:37-42, 9:24-35. In step 1, interception device (36)
intercepts the access demand requesting access to host computer (34) and the login
identification in an access (or first) channel. Ex. 1001 at 6:37-42, 9:24-35. In step
2, interception device (36) diverts the login identification and access demand to
security computer (40). Ex. 1001 at 6:37-42.
IPR2017-01064 – Inter Partes Review of U.S. Patent No. 8,484,698
Petition for Inter Partes Review
13
Security computer (40) performs authentication in a separate authentication
channel that does not share facilities with the access channel. Ex. 1001 at 1:20-24,
3:14-19, 6:19-23. In step 3, security computer (40) verifies the login identification
by comparing the login identification provided by the user (in step 1) against a
stored password. Ex. 1001 at 7:37-42,7:12-22 (describing a control module as part
of the security computer) and 9:42-54 (describing the function of the control
module); Ex. 1002 at ¶ 65. In step 4, security computer (40) outputs a prompt to
the user’s device in the authentication (or second) channel, and requests data from
the user. For example, security computer (40) may output the prompt by calling
the user via telephone (26) and requesting the user enter a password using the
telephone keypad. Ex. 1001 at 10:20-53. Alternatively, the requested data may be
a biometric signal, such as speech from the user. Ex. 1001 at 11:10-42, Claim 10.
In step 5, security computer (40) receives the data from the user that was
requested in step 4 and performs a comparison against stored information. Ex.
1001 at 10:46-62, 11:26-42. In step 6, based on the comparison in step 5, security
computer (40) determines whether to instruct host computer (34) to grant or deny
access to user (24). Ex. 1001 at 10:62-11:3, 11:43-50, 12:18-24.
C. The ‘698 Patent Claims
The ‘698 Patent includes 54 claims. The Challenged Claims include three
independent claims. Independent claims 1 and 53 are each directed to a software
IPR2017-01064 – Inter Partes Review of U.S. Patent No. 8,484,698
Petition for Inter Partes Review
14
method for employing a multichannel security system to control access to a
computer. Independent claim 54 is directed to an apparatus for implementing a
multichannel security system to control access to a computer.
D. Prosecution History of the ‘698 Patent
During prosecution of the ‘698 Patent, including its parents – the ‘599 Patent
and ‘297 Application – Applicant relied on two themes to gain allowance over the
prior art:
• The multichannel security system in the ‘698 Patent includes two separate
channels – an authentication channel and an access channel as shown in Fig.
1A.
• The host computer that a user is trying to access cannot receive information
from the user attempting to access the host computer until after
authentication is complete.
In response to an Office Action in the ‘599 Patent, Applicant clarified the
nature of the interaction between the authentication channel, access channel, and
interception device. The system includes a “completely separate authentication
channel that relies on an intercept device to pass login and identification
information to the separate channel.” Ex. 1008 at 379. During a subsequent
Reexamination (Control No. 90/011,429) of the ‘599 Patent, Applicant further
defined the relationship between the access and authentication channels. Applicant
IPR2017-01064 – Inter Partes Review of U.S. Patent No. 8,484,698
Petition for Inter Partes Review
15
explained that an “out-of-band” security system included an authentication channel
that is separate from an access channel—the separation of the channels being so
great that “authentication is carried over separate facilities than those used for
actual information transfer.” Ex. 1009 at 60; Ex. 1002 at ¶ 72.
Applicant’s reliance on the isolation of the host computer is demonstrated in
an Office Action response. Applicant argued that a prior art reference did not
disclose claimed elements because the system “assumes that the user already has
permission to accesses a web site (i.e. web server, which is a type of ‘host
computer’)”. Ex. 1008 at 293. In response to another Office Action, Applicant
elaborated that there would be no need to supply an access instruction to the host
computer if the user already has access to the host computer, illustrating that the
host computer is inaccessible prior to authentication in the claimed invention. Ex.
1008 at 157.
In response to a first Office Action in the ‘698 Patent, Applicant added 7
new claims and restated arguments to distinguish over prior art systems that give
users access to the host computer prior to completing authentication. Ex. 1007 at
112, 114. In response to a double patenting rejection in a second Office Action,
Applicant filed a terminal disclaimer with respect to the ‘599 Patent to gain
allowance. Ex. 1007 at 66.
IPR2017-01064 – Inter Partes Review of U.S. Patent No. 8,484,698
Petition for Inter Partes Review
16
Proposed Claim Constructions V.
A claim subject to inter partes review is given its “broadest reasonable
construction in light of the specification of the patent in which it appears.” 37
C.F.R. § 42.100(b). Petitioner submits that the following terms and associated
constructions are the proper construction for use in this proceeding, in light of the
portions of the specification and prosecution history stated above.
“Clear reliance on the preamble during prosecution to distinguish the
claimed invention from the prior art transforms the preamble into a claim
limitation because such reliance indicates use of the preamble to define, in part, the
claimed invention.” Catalina Mktg. Int’l v. Coolsavings.com, Inc., 289 F.3d 801,
808 (Fed. Cir. 2002); Rotatable Techs. LLC v. Motorola Mobility LLC, 567 Fed.
App’x 941, 943 (Fed. Cir. 2014). As explained in Section IV.D, throughout the
prosecution history, Applicant relied on the premise that a multichannel security
system involves two separate channels in order to distinguish the purported
invention over prior art. All of the independent Challenged Claims include the
claim term “multichannel security system.” See Ex. 1001 at Claims 1, 53, 54.
Given Applicant’s reliance on this term in order to overcome the prior art, claims
1, 53, and 54 are limited by the recital of a “multichannel security system” in the
claims’ preambles. Ex. 1012 at 53 (equating “multichannel security system” with
“an out-of-band computer security system”), 23-25 (construing “multichannel
IPR2017-01064 – Inter Partes Review of U.S. Patent No. 8,484,698
Petition for Inter Partes Review
17
security system” and “an out-of-band computer security system”) and 26 (finding
that the recital of an “out-of-band computer security system” and a “multichannel
security system” in the preamble is limiting); Ex. 1013 at 6 (adopting the findings
in Ex. 1012).
intercepting (as a general concept) — preventing the host computer from
receiving.
interception device / a device (claims 1 and 54, and all Challenged Claims
depending therefrom) — a device that prevents the host computer from
receiving [what the interception device received instead].
first channel / access channel (claims 1, 22, 53, and 54, and all Challenged
Claims depending therefrom) — an information channel that is separate
from and does not share any facilities with the authentication channel.
second channel / authentication channel (claims 1, 53, and 54, and all
Challenged Claims depending therefrom) — a channel for performing
authentication that is separate from and does not share any facilities with
the access channel.
security computer (claims 1, 53, and 54, and all Challenged Claims
depending therefrom) — a computer in the authentication channel that can
grant authenticated users access to but is isolated from the host computer.
IPR2017-01064 – Inter Partes Review of U.S. Patent No. 8,484,698
Petition for Inter Partes Review
18
host computer (claims 1, 53, and 54, and all Challenged Claims depending
therefrom) — a computer to which the accessor is attempting to gain access,
but which no information from an accessor is allowed to enter unless access
is granted by the security computer.
multichannel security system (claims 1, 53, and 54, and all Challenged
Claims depending therefrom) — a system that operates without reference to
a host computer or any database in a network that includes the host
computer.
verifying the login identification (claims 1 and 53, and all Challenged
Claims depending therefrom) — confirming at the security computer that
the information used by an accessor to login to the host computer is valid
demand to access / demand for access / access demand (“The Demand
Terms”) (claims 1, 53, and 54, and all Challenged Claims depending
therefrom) — a request to access the host computer that was sent from an
accessor.
login identification demand to access (claims 1 and 53, and all Challenged
Claims depending therefrom) — login identification and demand for access
IPR2017-01064 – Inter Partes Review of U.S. Patent No. 8,484,698
Petition for Inter Partes Review
19
biometric analyzer (claim 10, and all Challenged Claims depending
therefrom) — This term is governed by 35 U.S.C. §112(6). Function:
analyzing a monitored parameter of the accessor. Structure: monitoring the
particular parameter of the individual person; including (sic) the parameter
to a mathematical representation or algorithm therefore (sic); retrieving a
previously stored sample (biometric data), (sic) thereof from a database and
comparing the stored sample with the input of the accessor. See Ex. 1001 at
6:55-59.
a component for receiving the transmitted data and comparing said
transmitted data to predetermined data (claim 54) — This term is governed
by 35 U.S.C. §112(6). Function: receiving the transmitted data and
comparing said transmitted data to predetermined data. Structure: Ex. 1001
at FIG. 9C, steps 186-196, 10:46-65 and/or ‘698 patent, FIGs. 9C-9D, steps
200-208, 11:24-55.
A software method for employing a multichannel security system to
control access to a computer, comprising the steps of (claim 1 and all
challenged claims depending therefrom) – This preamble is limiting and
requires the construction of “multichannel security system” as set forth
above.
IPR2017-01064 – Inter Partes Review of U.S. Patent No. 8,484,698
Petition for Inter Partes Review
20
A software method for employing a multichannel security system to
control access to a computer, comprising the steps of (claim 53) – This
preamble is limiting and requires the construction of “multichannel security
system,” as set forth above.
Apparatus for implementing a multichannel security system to
control access to a computer, comprising (claim 54) – This preamble is
limiting and requires the construction of “multichannel security system,” as
set forth above.
In the Related Cases listed in Section I.B above, Petitioner seeks to have the
Court adopt the above constructions.
Prior Litigation Involving Patent Owner VI.
The above constructions are consistent with the construction of claim terms
adopted by the court in StrikeForce’s prior litigation with PhoneFactor, titled
StrikeForce Technologies, Inc. v. PhoneFactor, Inc., et. al., Civ. A. No. 13-490-
RGA-MPT (“Prior Litigation”), which settled prior to the filing of the Related
Matters listed above.
In the Prior Litigation, StrikeForce alleged that PhoneFactor infringed
claims of the ‘698 Patent. The Magistrate Judge issued a Report and
Recommendation (Ex. 1012) with constructions for the above claim terms. The
IPR2017-01064 – Inter Partes Review of U.S. Patent No. 8,484,698
Petition for Inter Partes Review
21
District Court Judge subsequently issued a Memorandum Order (Ex. 1013)
overruling objections that StrikeForce raised to the Report and Recommendation.
StrikeForce sought to broaden the scope of the claims beyond the above
constructions. StrikeForce argued that the claims only “require preventing the user
from gaining access to protected data on (not contacting) the host computer until a
separate out-of-band security computer authenticates the user through an
authentication channel.” Ex. 1012 at 11-12.
The court disagreed, pointing to the fact that the “patentee, acting as his own
lexicographer told the PTO ‘[a]n ‘out-of-band’ operation is defined herein as one
conducted without reference to the host computer or any database in the host
network.’” Ex. 1012 at 14. The court also observed that “[t]he asserted claims are
directed to accessing the host computer itself, not ‘protected data’ on the host
computer as plaintiff suggests.” Ex. 1012 at 14.
Discussion of Prior Art VII.
A. Background of the State of the Relevant Art in 2000
The technical area of the ‘698 Patent is secure systems—specifically the
authentication of users accessing services over a network. Authentication is a
process that a system uses to determine the identity of a person attempting to gain
access to something sensitive. Ex. 1101 at ¶¶ 48-49.
Prior to September 5, 2000, as today, there were many ways to perform user
authentication. Generally, you can categorize these approaches into (a) things that
IPR2017-01064 – Inter Partes Review of U.S. Patent No. 8,484,698
Petition for Inter Partes Review
22
the user knows, (b) things that the user has, and (c) things that the user is. Systems
using “things that a user knows” prompt the user for information that only that user
knows, e.g., passwords, PIN numbers, social security numbers, etc. The ability of
that user to produce that secret is deemed sufficient evidence that they are who
they say they are. Ex. 1101 at ¶ 50.
Systems that use “things the user has” require the user to produce a physical
object such as a key-card instead of the secret. It is assumed that because only that
user has the physical object, they are authentic. Systems that use “things that a
user is” are generally referred to as biometric systems. These systems measure a
unique physical characteristic of the user, such as fingerprints, irises, or voice. All
authentication systems have limitations that can impact the security of systems
they protect; passwords can be guessed, keycards can be lost or stolen, and even
the best biometric measurements are subject to subtle changes. Ex. 1101 at ¶¶ 51-
52.
To combat limitations of traditional authentication systems, in the 1990’s the
security community turned to second factor authentication, also known as
multifactor authentication. The idea is simple: you use two forms of authentication
so that if one is compromised or fails, you are protected by the other. This is
particularly helpful when you use multiple categories of authentication such as a
password and a key card, or a password and fingerprint. These systems are more
IPR2017-01064 – Inter Partes Review of U.S. Patent No. 8,484,698
Petition for Inter Partes Review
23
secure, because the hacker adversary has to compromise two entirely different
authentication mechanisms; for example, the need to guess the password and steal
the keycard. Ex. 1101 at ¶ 53.
B. Qualification of Prior Art References Under 35 U.S.C. § 102(b)
Each of the references discussed below qualifies as prior art under pre-AIA
35 U.S.C. § 102(b). Each is a patent or publication that was issued and/or
published before the ‘698 Patent’s critical date of September 5, 1999. The pre-
AIA statutory provision applies, because the earliest effective filing date for the
‘698 Patent predates March 16, 2013, the effective date for post-AIA 35 U.S.C. §
102.
• Feigen (Ex. 1003): U.S. Patent Number 5,699,513 was filed on March 31,
1995 and issued on December 16, 1997.
• Falk (Ex. 1005): U.S. Patent Number 5,668,876 was filed on June 24, 1994
and issued on September 16, 1997.
• Flanagan (Ex. 1102): European Patent Application EP 0444351A2 was
filed on December 4, 1990 and published on September 4, 1991.
C. Feigen
Feigen is titled “Method for Secure Network Access via Message Intercept.”
It discloses securing access to an inside network (e.g., a corporate network) by
intercepting and holding connection requests received from a client in an outside
IPR2017-01064 – Inter Partes Review of U.S. Patent No. 8,484,698
Petition for Inter Partes Review
24
network (e.g., the Internet). Ex. 1003 at Abstract, 2:42-48, and 2:57-61. Source
host (22) in outside network (12) sends a connection request targeted to destination
host (28) in inside network (14). Before the connection request reaches inside
network (14), filter (16) (e.g., a router) intercepts the connection request and routes
it to security host (26), which provides security for inside network (14). Ex. 1003
at Abstract and 3:3-6; Ex. 1101 at ¶¶ 75, 76.
This prevents the connection request from being transmitted into inside
network (14) until security host (26) confirms the user’s authenticity. Ex. 1003 at
Abstract and 2:66-3:3. Once the user is confirmed, the connection request is sent
to destination host server (28) in inside network (14). Ex. 1003 at Abstract; Ex.
1101 at ¶ 77.
The below chart shows how Feigen corresponds to the ‘698 Patent. Ex.
1101 at ¶ 78.
IPR2017-01064 – Inter Partes Review of U.S. Patent No. 8,484,698
Petition for Inter Partes Review
25
‘698 Patent Feigen
FIG. 1
FIG. 1
user (24) wants to access host computer
(34)
user (not shown) of source host (22)
wants to access destination host
(server) (28)2
user computer (22) directs a login
demand and identification from user
(24) to host (34)
source host (22) directs a connection
request from the user to destination
host (server) (28)3
2 Ex. 1003 at Abstract, 2:63-3:15, 3:47-52, 3:60-65, 4:3-11, 4:66-5:14, 5:30-
31, Claim 1, Claim 13, and FIG. 1.
3 Id. and also Ex. 1003 at FIG. 2, FIG. 5 (item 100), and 6:50-55.
IPR2017-01064 – Inter Partes Review of U.S. Patent No. 8,484,698
Petition for Inter Partes Review
26
‘698 Patent Feigen
access channel from user computer (22)
through access network (30) carries the
login demand and identification to
internal router (interception device)
(36)
a channel from source host (22)
through outside network (12) carries
the connection request to filter (16)4
internal router (interception device)
(36) intercepts the login demand and
identification from user computer (22)
and diverts it to security computer (40)
filter (16) intercepts the connection
request from source host (22) and
diverts it to security host (26)5
security computer (40) verifies the
login identification of user (24)
security host (26) verifies a password
from the user of source host (24)6
security computer (40) instructs host
computer (34) to grant access or deny
access to user (22)
security host (26) releases the
intercepted connection request to
destination host (server) (28)7
D. Flanagan
4 Id. and also Ex. 1003 at 2:44-48, 2:50, 1:20-32, FIG. 3, 4:12-18, and Claim
5.
5 Id.
6 Ex. 1003 at FIG. 1, FIG. 5 (items 100 and 102), Abstract, 1:56-59, 4:12-24,
5:27-33, 5:45-49, 6:50-63, Claim 1, Claim 7, and Claim 13.
7 Ex. 1003 at Abstract, 1:56-59, 4:24-30, 4:51-5:11, 7:1-9, 7:36-52, Claim 10,
Claim 13, Claim 16, FIG. 3, and FIG. 5 (items 114, 116, 104 and 106.)
IPR2017-01064 – Inter Partes Review of U.S. Patent No. 8,484,698
Petition for Inter Partes Review
27
Flanagan is titled “Voice password-controlled computer security system.” It
discloses a multifactor authentication system. After a standard password procedure
is successfully completed, it institutes a voice call to a telephone that is associated
with the user and verifies the user’s voice information with pre-stored voice
information associated with the user. Ex. 1102 at Abstract. If the user is
authenticated, access to a requested resource is allowed. Ex. 1102 at Abstract and
4:56-5:11; Ex. 1101 at ¶¶ 80, 81.
The chart below shows how Flanagan corresponds to the ‘698 Patent. Ex.
1101 at ¶ 82.
IPR2017-01064 – Inter Partes Review of U.S. Patent No. 8,484,698
Petition for Inter Partes Review
28
‘698 Patent Flanagan
FIG. 1
FIG. 1
after verifying the login identification
from user (24), security computer (40)
outputs a prompt to telephone (26) over
an authentication channel, including
voice network (42), requesting
transmission of data comprising a
biometric signal from user (24)
after verifying the username and
password of the user (not shown) of
terminal (11), programmed processor
(12) outputs a prompt to telephone (13)
over a voice connection, requesting
transmission of data comprising a
biometric signal (e.g., to speak a
randomly selected series of digits) from
the user (not shown)8
to generate the prompt, security to generate the prompt, programmed
8 Ex. 1102 at Abstract, 2:38-43, 2:47-52, 4:47-5:2, 3:49-55, 4:12-20, 5:44-
6:9, 6:15-36, 6:57-7:12, 8:3-6, FIG. 2, FIG. 3, and FIG. 4.
IPR2017-01064 – Inter Partes Review of U.S. Patent No. 8,484,698
Petition for Inter Partes Review
29
‘698 Patent Flanagan
computer (40) synthesizes an audible
message from a stored message and
plays it over telephone (26)
processor (12) controls voice apparatus
(14) to synthesize an audible message
from a stored message and play it over
telephone (13)9
security computer (40) receives the
biometric signal transmitted from user
(24) through telephone (26) over an
authentication channel, including voice
network (42)
programmed processor (12) receives
the biometric signal transmitted from
the user (not shown) through telephone
(13) over the voice connection10
security system (40) compares the
biometric signal transmitted over the
authentication channel to
predetermined data
programmed processor (12) compares
the biometric signal transmitted over
the voice connection to predetermined
data (e.g., pre-stored voice
information)11
security system (40) includes a
biometric analyzer (not shown) that
receives the biometric signal from user
(24)
programmed processor (12) includes a
biometric analyzer (not shown) that
receives the biometric signal
transmitted from the user (not shown)
9 Ex. 1102 at Abstract, 2:47-52, 4:12-20, 5:54-6:9, 6:5-9, 6:15-36, 6:57-7:12,
FIG. 1, FIG. 2, and FIG. 4.
10 Ex. 1102 at Abstract, 2:47-57, 4:12-20, 5:54-6:40, 6:57-7:12, FIG. 1, FIG.
2, and FIG. 4.
11 Ex. 1102 at Abstract, 2:52-57, 4:20-29, 6:9-14, 6:24-38, and FIG. 4.
IPR2017-01064 – Inter Partes Review of U.S. Patent No. 8,484,698
Petition for Inter Partes Review
30
‘698 Patent Flanagan
through telephone (13) over the voice
connection12
E. Falk
Falk is titled “User Authentication Method and Apparatus.” Falk discloses a
multifactor security system for authorizing a user to use a service. Ex. 1101 at ¶¶
84-85.
The user initiates a request for access via terminal (22) by transmitting a
request over service access network (24) to a service node (26). Ex. 1005 at 5:22-
29, Abstract and 3:44-64. Service node (24) requests that separate authentication
center (30) generate and send a challenge code to the user’s personal unit (20).
The personal unit sends a response code back to authentication center (30), where
the response code is determined from the received challenge code, an appropriate
input security number (e.g. a user PIN), and a secret key. Ex. 1005 at 3:7-9, 4:15-
24, and 4:32-37. The authentication center (30) determines whether the response
code is acceptable and informs service node (26) of the result, indicating whether
12 Ex. 1102 at Abstract, 2:52-57, 4:20-29, 6:9-14, and 6:24-38.
IPR2017-01064 – Inter Partes Review of U.S. Patent No. 8,484,698
Petition for Inter Partes Review
31
to provide the user with the requested access. Ex. 1005 at 5:52-57 and 6:55-56; Ex.
1101 at ¶ 85.
The below chart shows how Falk corresponds to the ‘698 Patent. Ex. 1101
at ¶ 86.
IPR2017-01064 – Inter Partes Review of U.S. Patent No. 8,484,698
Petition for Inter Partes Review
32
‘698 Patent Falk
FIG. 1
FIG. 1
security computer (40) outputs a
prompt to telephone (26) over an
authentication channel, including voice
network (42), requesting transmission
of data from user (24)
authentication center (30) outputs a
prompt to personal unit (20) (e.g., a
telephone) over authentication
challenge network (28) requesting
transmission of data (e.g., a response
code) from the user (not shown) of
personal unit (20)13
security computer (40) receives data
transmitted from user (24) through
telephone (26) over an authentication
channel, including voice network (42)
authentication center (30) receives data
(e.g., a response code) from the user
(not shown) through personal unit (20)
over authentication challenge network
13 Ex. 1005 at 5:22-34, 6:59-7:2, 7:25-35, and FIG. 3 (item S18).
IPR2017-01064 – Inter Partes Review of U.S. Patent No. 8,484,698
Petition for Inter Partes Review
33
‘698 Patent Falk
(28) (e.g., a cellular radio telephone
network)14
security system (40) compares the data
transmitted over the authentication
channel to predetermined data
authentication center (30) compares the
data transmitted over authentication
challenge network (28) (e.g., the
response code) to predetermined data
(e.g., an expected response)15
security computer (40) instructs host
computer (34) to grant access or deny
access to user (22)
authentication center (30) instructs
service node (26) of the comparison
result to grant access or deny access to
the user (not shown)16
Person of Ordinary Skill in the Art VIII.
A person of ordinary skill in the art (or “a skilled artisan”) in the field of the
‘698 Patent at the time of the claimed priority date of September 5, 2000 would
have been someone with at least a B.S. degree from an accredited institution in
14 Ex. 1005 at FIG. 3 (items S22 and S24), 6:44-58, and 7:14-17.
15 Ex. 1005 at 5:59-62, 6:40-48, 3:21-30, 9:31-35, 10:59-65, 11:16-17, 7:14-
17, and FIG. 3 (item S24).
16 Ex. 1005 at 7:14-17, 6:44-58, and FIG. 3 (item S24 and YES/NO paths).
IPR2017-01064 – Inter Partes Review of U.S. Patent No. 8,484,698
Petition for Inter Partes Review
34
computer science, computer engineering, electrical engineering, or an equivalent
degree. This person would also have one or two years of relevant work
experience, such as the design and implementation of security features for
computer systems accessed over a network. A person of ordinary skill in the art
would have had a basic understanding of computers, computer software,
authentication, authorization, networks, and the Internet, including knowledge of
the scientific literature concerning different types of network architectures, traffic
routing, and authentication and authorization protocols and systems. Ex. 1101 at ¶
17.
There is a Reasonable Likelihood that the Challenged Claims are IX.
Unpatentable
A. Ground 1: Claims 1-17, 19-24, 53 and 54 are Obvious over Feigen
in view of Flanagan and Falk
1. Overview
As explained below, and supported in detail in the accompanying
Declaration of Dr. McDaniel, claims 1-17, 19-24, 53 and 54 are obvious over the
combination of references in Ground 1. An illustration combining Feigen with
Flanagan appears below—this is a composite figure that has been generated by
Petitioner for illustrative purposes. Ex. 1101 at ¶ 90.
IPR2017-01064 – Inter Partes Review of U.S. Patent No. 8,484,698
Petition for Inter Partes Review
35
The two factor authentication functionality from Falk (not shown in the
composite) is further combined to teach sending an instruction to the host
computer to grant or deny access. The below chart shows the correspondence
between Ground 1 and the ‘698 Patent. Ex. 1101 at ¶¶ 92-93.
‘698 Patent Ground 1 Combination
FIG. 1
Ground 1
Composite Generated by Petitioner
‘698 Patent Feigen Flanagan/Falk
user (24) wants to
access host computer
(34)
user (not shown) of source
host (22) wants to access
destination host (server)
IPR2017-01064 – Inter Partes Review of U.S. Patent No. 8,484,698
Petition for Inter Partes Review
36
‘698 Patent Ground 1 Combination
(28)17
user computer (22)
directs a login demand
and identification from
user (24) to host (34)
source host (22) directs a
connection request from
the user to destination host
(server) (28)18
access channel from
user computer (22)
through access network
(30) carries the login
demand and
identification to internal
router (interception
device) (36)
a channel from source host
(22) through outside
network (12) carries the
connection request to filter
(16)19
internal router
(interception device)
(36) intercepts the login
demand and
identification from user
filter (16) intercepts the
connection request from
source host (22) and
diverts it to security host
17 Ex. 1003 at Abstract, 2:63-3:15, 3:47-52, 3:60-65, 4:3-11, 4:66-5:14, 5:30-
31, Claim 1, Claim 13, and FIG. 1.
18 Id. and also Ex. 1003 at FIG. 2, FIG. 5 (item 100), and 6:50-55.
19 Id. and also Ex. 1003 at 2:44-48, 2:50, 1:20-32, FIG. 3, 4:12-18, and Claim
5.
IPR2017-01064 – Inter Partes Review of U.S. Patent No. 8,484,698
Petition for Inter Partes Review
37
‘698 Patent Ground 1 Combination
computer (22) and
diverts it to security
computer (40)
(26)20
security computer (40)
verifies the login
identification of user
(24)
security host (26) verifies a
password from the user of
source host (24)21
after verifying the login
identification from user
(24), security computer
(40) outputs a prompt to
telephone (26) over an
authentication channel,
including voice network
(42), requesting
transmission of data
comprising a biometric
signal from user (24)
Flanagan: after
verifying the username
and password of the user
(not shown) of terminal
(11), programmed
processor (12) outputs a
prompt to telephone (13)
over a voice connection,
requesting transmission
of data comprising a
biometric signal (e.g., to
speak a randomly
selected series of digits)
20 Id.
21 Ex. 1003 at FIG. 1, FIG. 5 (items 100 and 102), Abstract, 1:56-59, 4:12-24,
5:27-33, 5:45-49, 6:50-63, Claim 1, Claim 7, and Claim 13.
IPR2017-01064 – Inter Partes Review of U.S. Patent No. 8,484,698
Petition for Inter Partes Review
38
‘698 Patent Ground 1 Combination
from the user (not
shown)22
to generate the prompt,
security computer (40)
synthesizes an audible
message from a stored
message and plays it
over telephone (26)
Flanagan: to generate
the prompt, programmed
processor (12) controls
voice apparatus (14) to
synthesize an audible
message from a stored
message and play it over
telephone (13)23
security computer (40)
receives the biometric
signal transmitted from
user (24) through
telephone (26) over an
authentication channel,
including voice network
(42)
Flanagan: programmed
processor (12) receives
the biometric signal
transmitted from the user
(not shown) through
telephone (13) over the
voice connection24
22 Ex. 1102 at Abstract, 2:47-52, 4:12-20, 5:54-6:9, 6:15-36, 6:57-7:12, FIG.
1, FIG. 2, and FIG. 4.
23 Ex. 1102 at Abstract, 2:47-52, 4:12-20, 5:54-6:9, 6:5-9, 6:15-36, 6:57-7:12,
FIG. 1, FIG. 2, and FIG. 4.
24 Ex. 1102 at Abstract, 2:47-57, 4:12-20, 5:54-6:40, 6:57-7:12, FIG. 1, FIG.
2, and FIG. 4.
IPR2017-01064 – Inter Partes Review of U.S. Patent No. 8,484,698
Petition for Inter Partes Review
39
‘698 Patent Ground 1 Combination
security system (40)
compares the biometric
signal transmitted over
the authentication
channel to
predetermined data
Flanagan: programmed
processor (12) compares
the biometric signal
transmitted over the
voice connection to
predetermined data (e.g.,
pre-stored voice
information)25
security system (40)
includes a biometric
analyzer (not shown)
that receives the
biometric signal from
user (24)
Flanagan: programmed
processor (12) includes a
biometric analyzer (not
shown) that receives the
biometric signal
transmitted from the user
(not shown) through
telephone (13) over the
voice connection26
security computer (40)
instructs host computer
(34) to grant access or
deny access to user (22)
Falk: authentication
center (30) instructs
service node (26) to
grant access or deny
access to the user (not
shown)27
25 Ex. 1102 at Abstract, 2:52-57, 4:20-29, 6:9-14, 6:24-38, and FIG. 4.
26 Ex. 1102 at Abstract, 2:52-57, 4:20-29, 6:9-14, and 6:24-38.
27 Ex. 1005 at 7:14-17, 6:44-58, and FIG. 3 (item S24 and YES/NO paths).
IPR2017-01064 – Inter Partes Review of U.S. Patent No. 8,484,698
Petition for Inter Partes Review
40
2. Motivation to Combine Feigen with Flanagan and Falk
One of ordinary skill in the art at the time of the alleged invention would
have been motivated to combine the teachings of Feigen, Flanagan, and Falk. The
skilled artisan would have been interested in Feigen's suggestion that the strength
of an authentication process "may vary in accordance with the needs of network
14," and would have logically consulted the well-known practices of multifactor
authentication in Flanagan and Falk, which heighten the strength of authentication
security. See Ex. 1003 at 6:59-62; Ex. 1101 at ¶ 89.
The ‘698 Patent describes a problem that was well-known in the field at the
time of the alleged invention in September 2000—namely, the design of a
multichannel security system for granting access to a host computer. Ex. 1001 at
Abstract; Ex. 1101 at ¶ 94. Feigen discloses the use of secure host (26) to control
access to destination host (28). Feigen teaches additional support for security
systems and specifically suggests that the reader seek out stronger authentication
techniques to use within its invention: “Together tasks 100 and 102 form an
authentication process the strength of which may vary in accordance with the
needs of network 14.” Ex. 1003 at 6:59-62; Ex. 1101 at ¶¶ 94, 96.
Security host (26) in Feigen performs a single factor authentication process
using a one-time password, but states “However, different systems may use
different authentication processes.” Ex. 1003 at 6:50-67 (emphasis added); Ex.
IPR2017-01064 – Inter Partes Review of U.S. Patent No. 8,484,698
Petition for Inter Partes Review
41
1101 at ¶ 99. A skilled artisan would understand that Feigen teaches higher
security environments warrant the use of additional or alternative authentication
technologies in security host (26). Ex. 1101 at ¶ 97.
A skilled artisan would also understand that higher security can be achieved
by combining multiple authentication mechanisms in the same system to achieve a
higher level of security—this principle is known in the art as “defense in depth,”
which is a guiding principle of secure system design. Ex. 1101 at ¶ 97.
Multifactor authentication systems, including a combination of two or more of the
following, were well known in the art before September 5, 2000: (i) something the
user knows, (ii) something the user has, and (iii) something the user is. Ex. 1101 at
¶ 98.
One of ordinary skill in the art interested in implementing the heightened
security taught by Feigen would have consulted references related to the well-
known practice of multifactor authentication, which strengthens authentication.
Flanagan teaches the use of “something the user knows,” “something the user has,”
and “something the user is” to perform multi-factor authentication. Falk teaches
the use of both “something the user knows” and “something the user has” to
perform multifactor authentication. One of ordinary skill in the art would combine
the multi-factor authentication techniques of Flanagan and Falk with Feigen to
address the desire for heightened security taught by Feigen. Ex. 1101 at ¶ 100.
IPR2017-01064 – Inter Partes Review of U.S. Patent No. 8,484,698
Petition for Inter Partes Review
42
Flanagan describes that the use of passwords is “often easily defeated mainly
due to human failings” and that “the security of password-controlled systems is
often breached because interlopers find passwords or are able to quickly guess
passwords with a few intelligent choices.” Ex. 1102 at 1:23–2:6. Flanagan
acknowledges a problem where security systems “allow access by a user without
ascertaining his or her true identity” and that a higher level of security may be
achieved by the voice password-controlled security system described in Flanagan.
Ex. 1102 at 2:7-20; Ex. 1101 at ¶ 101.
These statements from Flanagan highlight the likelihood that one of ordinary
skill in the art would have been motivated to combine Feigen and Flanagan to
achieve Feigen’s suggestion of stronger security by security host (26). Their
combination would only require known techniques of implementing Flanagan’s
“something the user has” and “something the user is” approaches as additional
steps to Feigen’s “something the user knows” password authentication. Ex. 1101
at ¶ 102.
Moreover, Flanagan describes how to combine a “something the user has”
step with a password (something the user knows) authentication mechanism.
Flanagan states: “If the login and password information input by the user, match
pre-stored login and password information maintained in memory by processor 12,
the processor then independently attempts to establish a voice connection to user
IPR2017-01064 – Inter Partes Review of U.S. Patent No. 8,484,698
Petition for Inter Partes Review
43
telephone 13—which ideally is in close physical proximity to user terminal 11.”
Ex. 1102 at 3:49-55; Ex. 1101 at ¶ 103.
“After establishment of the voice connection, processor 12 generates a 4-
digit random number (e.g., 5772) and controls voice apparatus 14 to request the
user to repeat the 4-digit number into the user telephone 13 …” Ex. 1102 at 4:12-
20. “Using a voice recognition technique, the computer matches received voice
information with pre-stored voice information for the user and generates a
confidence recognition factor indicating how closely the received voice matches
the stored voice of the user.” Ex. 1102 at 2:52-57. “If the factor exceeds a preset
threshold, the user is afforded access to the computer.” Ex. 1102 at 2:57-3:1; Ex.
1101 ¶ 103.
This kind of combining of authentication mechanisms was widely practiced
as multifactor systems. Hence, someone skilled in the art would have been
motivated to address the need for enhanced security identified in Feigen by
applying the teachings of Flanagan to arrive at the combination illustrated above.
Ex. 1101 at ¶ 105.
A skilled artisan would be motivated to combine Feigen and Flanagan with
Falk at least because Falk is focused on the same security processes that provide
authentication and authorization of users. For example, Feigen states that the
system provides “[a]uthorization […] which decides which privileges are given to
IPR2017-01064 – Inter Partes Review of U.S. Patent No. 8,484,698
Petition for Inter Partes Review
44
a presumably authentic user.” Ex. 1003 at 1:58-59. Like Flanagan, Falk teaches
two-factor authentication using “something the user knows” and “something the
user has.” Ex. 1101 at ¶ 107.
A user “initiates a service access through terminal 22 by transmitting the
request over a service access network 24 to a service node 26.” Ex. 1005 at 5:22-
24. “[S]ervice node 26 … causes a challenge code to be generated in an
authentication center 30. The challenge code is sent over an authentication
challenge network 28 to the personal unit 20 [something the user has]. When the
personal unit 20 receives an authentication challenge code, it prompts the user to
input a PIN or other identifying information [something the user knows], and
generates a response code by an algorithm having the challenge code, an internal
security code, and the PIN as variable[s].” Ex. 1005 at 5:24-33. “[T]he response
can be transmitted over the authentication network 28 to the authentication center
30 which then may … compare the response to an expected response and forward
the result to the service node 26. If the response code is acceptable, the service
node 26 permits the user to access the services offered.” Ex. 1005 at 5:53-59; Ex.
1101 at ¶ 107.
Feigen, Flanagan, and Falk each describe a system where the security system
grants or denies the user’s access. Their combination would have been obvious to
a skilled artisan seeking to implement the heightened level of authentication in
IPR2017-01064 – Inter Partes Review of U.S. Patent No. 8,484,698
Petition for Inter Partes Review
45
security host (26), as suggested by Feigen. Accordingly, it would have been
obvious to employ the instruction mechanisms used in these references to grant or
deny access to a user. This includes implementing security host (26) to issue an
instruction to destination host (28) to grant or deny access to source host (22). A
skilled artisan could do this in the same way that authentication center (30) in Falk
transmits to service node (26) the result of a comparison of a response code from
personal unit (20) with an expected response. Ex. 1005 at 5:48-57; Ex. 1101 at ¶
108.
3. The Ground 1 Combination Teaches Every Element of
Claims 1-17, 19-24, 53 and 54
a. Independent Claim 1
(1a) A software method for employing a multichannel
security system to control access to a computer,
comprising the steps of:
Feigen describes a security system that controls access to computers within a
network. It states, “The present invention may be implemented in a relatively
simple configuration of hardware and software at relatively low cost.” Ex. 1003 at
7:65-68. Security host (26) operates in concert with filter (16) to intercept
connection request messages sent from source hosts (22) in outside network (12) –
preventing the requests from being transmitted on inside network (14) to
destination host (28). Ex. 1003 at Abstract, 3:25-50, 3:60-65, FIG. 1, and FIG. 2;
Ex. 1101 at ¶¶ 115-116.
IPR2017-01064 – Inter Partes Review of U.S. Patent No. 8,484,698
Petition for Inter Partes Review
46
After receiving the intercepted connection request, security host (26)
authenticates source host (22). In one embodiment, this includes verifying a one-
time password. Ex. 1003 at 6:50-63, FIG. 1, and FIG. 5. Feigen describes that
security host (26) operates without reference to destination host (28) or any
database in the inside network (14). Ex. 1003 at Abstract, 5:5-9, and FIG. 1; Ex.
1101 at ¶ 117.
Flanagan describes multifactor authentication security for controlled access
systems. “If the login and password information input by the user, match pre-
stored login and password information maintained in memory by processor 12, the
processor then independently attempts to establish a voice connection to user
telephone 13—which ideally is in close physical proximity to user terminal 11.”
Ex. 1102 at 3:49-55. “After establishment of the voice connection, processor 12
generates a 4-digit random number (e.g., 5772) and controls voice apparatus 14 to
request the user to repeat the 4-digit number into the user telephone 13 …” Ex.
1102 at 4:12-20. “Using a voice recognition technique, the computer matches
received voice information with pre-stored voice information for the user and 55
generates a confidence recognition factor indicating how closely the received voice
matches the stored voice of the user.” Ex. 1102 at 2:52-57. “If the factor exceeds
a preset threshold, the user is afforded access to the computer.” Ex. 1102 at 2:57-
3:1; Ex. 1101 at ¶ 118.
IPR2017-01064 – Inter Partes Review of U.S. Patent No. 8,484,698
Petition for Inter Partes Review
47
When Flanagan is combined with Feigen, security host (26) in Feigen is
augmented to include Flanagan’s second form of authentication – voice
recognition via telephone (13) over a channel extending through telephone central
switch (15). This occurs on a telephone channel completely separate from the
channel between Feigen’s source host (22) and destination host (28) – teaching the
multichannel security system called for in claim 1 to control access to a computer
(destination host (28)). Ex. 1101 at ¶¶ 119-120.
(1b) receiving at an interception device in a first
channel a login identification demand to access a
host computer also in the first channel;
Feigen’s filter (16) is an interception device that intercepts a connection
request (access demand) sent from source host (22) in a first (access) channel to an
application service on destination host (28) – preventing the connection request
from being transmitted inside network (14) to destination host (28). Ex. 1003 at
2:63-3:15, 4:3-11, 4:66–5:14, FIG. 1, FIG. 2, and FIG. 3. Filter (16) routes the
user’s login identification to security host (26), which performs an authentication
process for source host (22) before any information can enter destination host (28),
which serves as the host computer in claim 1. Ex. 1003 at 6:50-55 and FIG. 5
(item 100); Ex. 1101 at ¶¶ 121-122.
IPR2017-01064 – Inter Partes Review of U.S. Patent No. 8,484,698
Petition for Inter Partes Review
48
Flanagan also describes using a typical user login procedure, such as a
normal password procedure, as well as separate voice verification. Ex. 1102 at
2:15-20, 2:35-38, 3:26-49, 4:39-47, Claim 3, and FIG. 3; Ex. 1101 at ¶ 123.
(1c) verifying the login identification;
Feigen teaches confirming login identification at a security computer,
namely security host (26). Ex. 1003 at 4:12-24, 6:56-59, FIG. 1, FIG. 5 (item 102),
and claims 1, 7, and 13. Security host (26) performs authentication to grant or
deny the user of source host (22) access to destination host (28). “[A]t a task 100
process 88 sends an appropriate prompting message to the source to elicit user
identification data. … [A] query task 102 authenticates the user. In other words,
task 102 determines whether the user identification obtained in task 100 indicates
that the user is an authentic user or a hacker. … In the preferred embodiment, a
one-time password process is recommended.” Ex. 1003 at 6:50-63; Ex. 1101 at ¶¶
124-125.
Security host (26) is a security computer located in a second authentication
channel and isolated from the host computer (destination host 28). Ex. 1003 at
FIG. 1. When combined with Flanagan, as described above, security host (26)
operates in a second channel (authentication channel) over telephone network (15).
In this second channel, it performs a second factor authentication of the user of
IPR2017-01064 – Inter Partes Review of U.S. Patent No. 8,484,698
Petition for Inter Partes Review
49
source host (22) through a voice verification process over telephone network (15).
Ex. 1101 at ¶ 126.
(1d) receiving at a security computer in a second
channel the demand for access and the login
identification;
As described above for claim element (1c) – verifying – Feigen combined
with Flanagan teaches a security computer (Feigen’s security host 26). Ex. 1003 at
Abstract, 2:63-64, and FIG. 1; Ex. 1005 at FIG. 1. Security host (26) receives the
connection request (demand for access) and login identification from filter (16).
Ex. 1003 at 2:63-3:15, 3:47-52, 3:60-65, 4:3-11, 4:66-5:14, 6:50-55, FIG. 3, and
FIG. 5 (item 100). Flanagan’ programmed processor that controls user access
receives the demand for access and login identification. Ex. 1102 at 2:38-47, 3:49-
4:4, 5:28-36, and FIG. 5 (item 61); Ex. 1101 at ¶ 127.
(1e) outputting from the security computer a prompt
requesting transmission of data;
Feigen’s security host (26) combined with Flanagan teaches a security
computer outputting a prompt requesting transmission of data. Flanagan teaches
that a prompt requesting transmission of data can be output from a security
apparatus, such as a security computer. For example, Flanagan describes
prompting the user via a message sent over a voice connection. Ex. 1102 at FIG.
2, FIG. 4 (item 42), Abstract, 2:47-52, 4:12-20, 5:54-6:9, 6:15-36, and 6:57-7:12;
Ex. 1101 at ¶ 128.
IPR2017-01064 – Inter Partes Review of U.S. Patent No. 8,484,698
Petition for Inter Partes Review
50
(1f) receiving the transmitted data at the security
computer;
Feigen’s security host (26) combined with Flanagan teaches a security
computer receiving the transmitted data requested in claim element (1e) above.
Flanagan describes receiving the voice information from the voice line. Ex. 1102 at
Abstract, 2:52-57, 6:9-14, 6:36-40, FIG. 4 (items 42 and 43); Ex. 1101 at ¶ 129.
(1g) comparing the transmitted data to
predetermined data; and
Feigen’s security host (26) combined with Flanagan teaches a security
computer that compares transmitted data received in claim element (1f) to
predetermined data. Flanagan describes that the voice information received over
the voice line (15) from telephone (13) is compared with voice information that is
pre-stored and associated with the purported user. Ex. 1102 at Abstract, 2:52-57,
6:9-49, and FIG. 4; Ex. 1101 at ¶ 130.
(1h) depending on the comparison of the transmitted
and the predetermined data, outputting an
instruction from the security computer to the host
computer to grant access to the host computer or
deny access thereto.
Feigen’s security host (26) augmented by Flanagan teaches a security
computer, Feigen’s destination host (28) is a host computer that cannot be accessed
until the user of source host (22) is successfully authenticated by security host (26).
Ex. 1003 at Abstract, 1:56-59, 4:24-30, 4:51-5:11, 7:36-52, FIG. 3, FIG 5 (item
116), and claims 13 and 16; Ex. 1101 at ¶ 131. The portion of Flanagan integrated
IPR2017-01064 – Inter Partes Review of U.S. Patent No. 8,484,698
Petition for Inter Partes Review
51
into Feigen’s security host (26) describes that, based on the comparison of the
voice within a preset threshold, the computer grants or denies access to the user.
Ex. 1102 at Abstract, 2:52-3:1, 6:45-56, FIG. 4; Ex. 1101 at ¶ 131.
Ground 1 includes the integration of Falk into Feigen’s security host (26).
Falk describes sending a message to a separate service node 26 (to which a user is
requesting access) to inform the service node whether or not the user was
authenticated. Ex. 1005 at 7:14-17. Falk teaches that the authenticated or not
authenticated message should result in a granting or denial of access, respectively.
Ex. 1005 at FIG. 3 and 6:44-58. Using this functionality from Falk, security host
(26) in Feigen can issue an instruction to destination host (28) to grant or deny
access based on the comparison of voice information received from telephone (13)
via telephone central switch (15). Ex. 1101 at ¶ 132.
b. Dependent Claim 2
Claim 2 depends from Claim 1 and adds “the security computer receives the
demand and login identification from the interception device.” Feigen’s filter 16
(the interception device) routes the connection request messages and the user’s
login identification to the security host 26. Ex. 1003 at FIG. 1 (items 16, 32, and
26), FIG. 3, FIG. 5 (item 100), 3:47-52, 3:60-65, 4:3-11, 4:66-5:14, and 6:50-55;
Ex. 1101 at ¶ 133.
c. Dependent Claim 3
IPR2017-01064 – Inter Partes Review of U.S. Patent No. 8,484,698
Petition for Inter Partes Review
52
Claim 3 depends from Claim 1 and adds “the demand is received from a
client computer, and the host computer is a web server.” Feigen teaches that the
connection request message (access demand) is received from a client computer
(source host 22) and that the host computer (destination host 28) is a web server
servicing Internet requests. Ex. 1003 at FIG. 1 (items 22 and 28), FIG. 3, Abstract,
2:44-48, 2:63-3:15, and 4:3-11; Ex. 1101 at ¶ 134.
d. Dependent Claim 4
Claim 4 depends from Claim 1 and adds “the step of verifying comprises
retrieving from a database having at least one address record a record
corresponding to the login identification.” Flanagan describes that the verifying
step includes retrieving a record (e.g., a user’s login and password) from where
they are stored (e.g., table 61 of FIG. 5). Ex. 1102 at FIG. 5 and 4:43-56.
Flanagan also describes that the database includes at least one address record (e.g.,
a “preassigned voice number”) associated with the user ID (also shown in table 61
of FIG. 5). Ex. 1102 at FIG. 5, 5:28-36, 2:47-52, and 3:55-4:4; Ex. 1101 at ¶ 135.
e. Dependent Claim 5
Claim 5 depends from Claim 1 and adds “the transmitted data is received
from a peripheral device.” Flanagan describes that the transmitted data is received
from a telephone. Ex. 1102 at FIG. 1 (item 13) and 6:24-38; Ex. 1101 at ¶ 136.
f. Dependent Claim 6
IPR2017-01064 – Inter Partes Review of U.S. Patent No. 8,484,698
Petition for Inter Partes Review
53
Claim 6 depends from Claim 1 and adds “the peripheral device is one of a
wired telephone, a wireless telephone, and a PDA.” Flanagan describes that the
transmitted data is received from a wired telephone. Ex. 1102 at FIG. 1 (item 13)
and 6:24-38; Ex. 1101 at ¶ 137.
g. Dependent Claim 7
Claim 7 depends from Claim 1 and adds “the step of outputting the prompt
comprises outputting an audible message.” In Flanagan, a voice connection is
established with the purported user, and voice apparatus 14 orally requests the user
repeat information into the telephone. Ex. 1102 at 2:47-52, 4:12-20, 6:5-9, 6:15-
36, FIG. 2 (item 14 and voice connection path), and FIG. 1 (items 13-15 and voice
connection path). A person skilled in the art would have understood that
Flanagan’s voice apparatus requests would be audible. Ex. 1101 at ¶ 138.
h. Dependent Claim 8
Claim 8 depends from Claim 1 and adds “the step of outputting the prompt
comprises requesting a biometric signal.” Flanagan describes that the user is
queried to repeat a series of digits or a phrase so that a voice match may be
determined. Ex. 1102 at Abstract, 2:47-52, 4:12-20, 6:15-36, FIG. 2, and FIG. 1;
Ex. 1101 at ¶ 139. Biometrics, as used in the ‘698 patent, include voice samples.
Ex. 1001 at Abstract, 2:13-15.
i. Dependent Claim 9
IPR2017-01064 – Inter Partes Review of U.S. Patent No. 8,484,698
Petition for Inter Partes Review
54
Claim 9 depends from Claim 8 and adds “the audible message comprises an
audible instruction to speak a statement using a peripheral device, and wherein the
biometric signal is the spoken statement transmitted by the peripheral device.”
Flanagan teaches that the audible message includes an instruction for the user to
repeat a randomly selected series of digits or a phrase (e.g., “After the tone, please
speak the following numbers in sequence: five, seven, seven, two”), and the user’s
voice response transmitted by the telephone is the biometric signal. Ex. 1102 at
Abstract, 2:47-52, 4:12-20, 5:54-6:9, 6:15-38, and 6:57-7:12; Ex. 1101 at ¶ 140.
j. Dependent Claim 10
Claim 10 depends from Claim 8 and adds “receiving in a biometric analyzer
the biometric signal.” The term “biometric analyzer” is governed by 35 U.S.C.
§112(6). It has a function “analyzing a monitored parameter of the accessor” and a
structure “monitoring the particular parameter of the individual person; including
(sic) the parameter to a mathematical representation or algorithm therefore (sic);
retrieving a previously stored sample (biometric data), (sic) thereof from a
database and comparing the stored sample with the input of the accessor”.
Flanagan describes that the computer monitors the voice information from
the user received over the telephone, retrieves pre-stored voice information, and
compares the voice information from the user with pre-stored voice information,
IPR2017-01064 – Inter Partes Review of U.S. Patent No. 8,484,698
Petition for Inter Partes Review
55
and a match is determined within a pre-determined threshold value. Ex. 1102
Abstract, 2:52-57, 4:20-29, 6:9-14, 6:24-38; Ex. 1101 at ¶ 142.
“Digits spoken by a user are detected by digit recognizer 23, which includes
an analog to digital convertor for converting received spoken digits into a digital
format and for conveying the digital information, upon request to processor 12 via
bus 21.” Ex. 1102 at 6:9-14. “Processor 12 also retrieves binary information from
table 63 representing the phrase ‘After the tone, please speak the following number
in sequence’ and routes it over bus 21 to voice response unit 22, which converts
the binary information to speech. The binary information representing each of the
four digits of the randomly chosen number ‘9102’ is also retrieved from table 63
and conveyed in sequence over bus 21 to unit 22 where it is also converted to
speech. Thus user AFC4, (step 42, FIG. 4) is asked over the voice connection in
FIG. 1 to repeat the digits ‘9102’ into user telephone 13. User AFC4 then repeats
the digits ‘9102’ into telephone 13 for conveyance over the voice connection.” Ex.
1102 at 6:24-38. “Processor 12 then compares the speech embodied in the
received 4-digit number with the user's stored reference speech for the 4-digit
number. A confidence recognition factor indicating the closeness of the match of
the received speech patterns with the stored reference patterns is assigned to the
received speech. This factor is then compared with a pre-determined threshold
IPR2017-01064 – Inter Partes Review of U.S. Patent No. 8,484,698
Petition for Inter Partes Review
56
value established to identify valid ‘voice passwords.’” Ex. 1102 at 4:20-29; Ex.
1101 at ¶ 143.
k. Dependent Claim 11
Claim 11 depends from Claim 10 and adds “the biometric analyzer
comprises one of a voice recognition program, a fingerprint verification program,
or both.” Flanagan teaches that the biometric analyzer includes a voice recognition
program that determines a voice match between the voice information received
over the voice line and the pre-stored voice information. Ex. 1102 at Abstract, 2:7-
12, 2:52-57, and 6:57-7:12; Ex. 1101 at ¶ 144.
l. Dependent Claim 12
Claim 12 depends from Claim 8 and adds “retrieving a previously registered
sample corresponding to the login identification and comparing the same to the
biometric signal.” Flanagan describes retrieving a pre-stored voice sample
corresponding to the user’s login identification (e.g., from table 62 in FIG. 5) and
comparing the pre-stored voice sample to the user’s voice signal received over the
telephone. Ex. 1102 at Abstract, 2:52-57, 4:20-29, 6:38-56, 6:57-7:12, 8:16-21, and
FIG. 5 (item 62); Ex. 1101 at ¶ 145.
m. Dependent Claim 13
Claim 13 depends from Claim 12 and adds “the previously registered sample
is stored in a biometric parameter database.” Flanagan describes that the pre-
stored voice sample is stored in a database (e.g., item 62 of FIG. 5). Ex. 1102 at
IPR2017-01064 – Inter Partes Review of U.S. Patent No. 8,484,698
Petition for Inter Partes Review
57
4:20-29, 6:38-56, 6:57-7:12, 7:55-57, 8:16-21, and FIG. 5 (item 62); Ex. 1101 at ¶
146.
n. Dependent Claim 14
Claim 14 depends from Claim 12 and adds “the previously registered sample
comprises one of a speech sample and a fingerprint sample.” Flanagan teaches that
the pre-stored sample is a voice (speech) sample. Ex. 1102 at 2:7-12, 4:20-29,
6:38-56, 6:57-7:12, 7:55-57, 8:16-21, and FIG. 5 (item 62); Ex. 1101 at ¶ 147.
o. Dependent Claim 15
Claim 15 depends from Claim 1 and adds “the step of outputting the prompt
comprises transmitting a message.” Flanagan teaches outputting a prompt that is
transmitted from the voice apparatus 14 over a voice connection to the user’s
telephone. Ex. 1102 at FIG. 1 (items 13, 14, and voice connection), Abstract, 2:47-
52, 4:12-20, 5:54-6:9, and 6:15-38. This functionality in Flanagan would be
implemented in security host (26) of Feigen in Ground 1. Ex. 1101 at ¶ 148.
p. Dependent Claim 16
Claim 16 depends from Claim 1 and adds the limitation of “connecting or
disconnecting the security computer to and from a peripheral device.” Flanagan
teaches that a user is called in order to obtain voice information to compare to a
pre-stored voice sample. Ex. 1102 at Abstract, 2:38-52, 3:55-4:4, 5:28-36, 5:50-
53. This telephone call setup and tear down would include the steps of both
connecting and disconnecting to and from the telephone device. Further, Flangan
IPR2017-01064 – Inter Partes Review of U.S. Patent No. 8,484,698
Petition for Inter Partes Review
58
expressly discusses dropping the voice connection to telephone 13 once it is no
longer needed. Ex. 1102 at 3:1-2 and 4:34-35; Ex. 1101 at ¶ 149.
q. Dependent Claim 17
Claim 17 depends from Claim 1 and adds the limitation of ““wherein the
step of outputting the prompt comprises retrieving from an announcement database
a prerecorded audible message that requests entry of the transmitted data and
playing the message using a peripheral device.” Flanagan teaches “Processor 12
also retrieves binary information from table 63 representing the phrase ‘After the
tone, please speak the following number in sequence’ and routes it over bus 21 to
voice response unit 22, which converts the binary information to speech. The
binary information representing each of the four digits of the randomly chosen
number ‘9102’ is also retrieved from table 63 and conveyed in sequence over bus
21 to unit 22 where it is also converted to speech. Thus user AFC4, (step 42, FIG.
4) is asked over the voice connection in FIG. 1 to repeat the digits ‘9102’ into user
telephone 13. User AFC4 then repeats the digits ‘9102’ into telephone 13 for
conveyance over the voice connection.” Ex. 1102 at 6:24-38. “Processor 12 then
compares the speech embodied in the received 4-digit number with the user's
stored reference speech for the 4-digit number. A confidence recognition factor
indicating the closeness of the match of the received speech patterns with the
stored reference patterns is assigned to the received speech. This factor is then
IPR2017-01064 – Inter Partes Review of U.S. Patent No. 8,484,698
Petition for Inter Partes Review
59
compared with a pre-determined threshold value established to identify valid
‘voice passwords.’” Ex. 1102 at 4:20-29; Ex. 1101 at ¶ 150.
r. Dependent Claim 19
Claim 19 depends from Claim 1 and adds “synthesizing an audible message
from a stored message and playing the synthesized message over a telephone.”
Flanagan describes that a digital to analog converter generates speech from stored
text in a digital format. Ex. 1102 at 5:54-6:9; Ex. 1101 at ¶ 151.
s. Dependent Claim 20
Claim 20 depends from Claim 1 and adds “the security computer comprises
an authentication program for authenticating access to the host computer.”
Feigen’s security host (26) includes an authentication program for authenticating a
user’s access to destination host (28). Ex. 1003 at Abstract, 1:56-59, 3:60-65,
4:12-24, 6:56-59, and FIG. 5 (items 100 and 102); Ex. 1101 at ¶ 152.
t. Dependent Claim 21
Claim 21 depends from Claim 1 and adds “the interception device is a
router.” Feigen’s filter (16), which intercepts connection request messages from
source host (22) to destination host (28) and routes them to the security host 26,
can be a router. Ex. 1003 at 2:63-3:15; Ex. 1101 at ¶ 153.
u. Dependent Claim 22
Claim 22 depends from Claim 1 and adds “the first channel comprises one of
a wide area network and a local area network.” Feigen’s outside network (12) over
IPR2017-01064 – Inter Partes Review of U.S. Patent No. 8,484,698
Petition for Inter Partes Review
60
which the user sends the connection request message toward the destination host
(28) can be the Internet (a wide area network). Ex. 1003 at Abstract and 2:44-48.
Flanagan describes that the user can establish a data connection with the computer
over a wide area network. Ex. 1102 at 3:26-35 and FIG. 1. Flanagan also
describes that the data connection can be established over a local area network.
Ex. 1102 at 3:26-35 and FIG. 1; Ex. 1101 at ¶ 154.
v. Dependent Claim 23
Claim 23 depends from Claim 1 and adds “the transmitted data is a dual tone
multi frequency (DTMF) personal identification number.” Falk describes that the
transmitted data (e.g., a PIN) is entered into the telephone keypad with a DTMF
transmitter to input the PIN into the microphone of the telephone. Ex. 1005 at
6:19-25, 7:36-39, 2:23-29, and 4:8-15. Ex. 1101 at ¶ 155.
w. Dependent Claim 24
Claim 24 depends from Claim 23 and adds “the dual tone multi frequency
(DTMF) personal identification number is a password.” A person of skill in the art
would understand that Falk’s PIN called out for Claim 23 could be a password that
was generated for or by the user and entered as “something the user knows.” Ex.
1005 at 6:19-22, 7:36-39, 2:23-29, and 4:8-15; Ex. 1101 at ¶ 156.
x. Independent Claim 53
(53a) A software method for employing a
multichannel security system to control access to a
computer, comprising the steps of:
IPR2017-01064 – Inter Partes Review of U.S. Patent No. 8,484,698
Petition for Inter Partes Review
61
See claim element (1a) in Ground 1. Ex. 1101 at ¶¶ 115-120, 157-164.
(53b) receiving in a first channel a login identification
demand to access a host computer also in the first
channel;
See claim element (1b) in Ground 1. Ex. 1101 at ¶¶ 121-123, 165-167.
(53c) verifying the login identification;
See claim element (1c) in Ground 1. Ex. 1101 at ¶¶ 124-126, 168-170.
(53d) receiving at a security computer in a second
channel the demand for access and the login
identification;
See claim element (1d) in Ground 1. Ex. 1101 at ¶¶ 127, 171.
(53e) outputting from the security computer a prompt
requesting a transmission of data;
See claim element (1e) in Ground 1. Ex. 1101 at ¶¶ 128, 172.
(53f) receiving the transmitted data at the security
computer;
See claim element (1f) in Ground 1. Ex. 1101 at ¶¶ 129, 173.
(53g) comparing the transmitted data to
predetermined data; and
See claim element (1g) in Ground 1. Ex. 1101 at ¶¶ 130, 174.
(53h) depending on the comparison of the transmitted
and the predetermined data, outputting an
instruction from the security computer to the host
computer to grant access to the host computer or
deny access thereto.
See claim element (1h) in Ground 1. Ex. 1101 at ¶¶ 131-132, 175-176.
IPR2017-01064 – Inter Partes Review of U.S. Patent No. 8,484,698
Petition for Inter Partes Review
62
y. Independent Claim 54
(54a) Apparatus for implementing a multichannel
security system to control access to a computer,
comprising:
See claim element (1a) in Ground 1. Ex. 1101 at ¶¶ 115-120, 177-184.
(54b) a device for receiving a login identification and
demand to access a host computer, wherein the
device and the host computer are in a first
channel; and
See claim element (1b) in Ground 1. Ex. 1101 at ¶¶ 121-123, 185-187.
(54c) a security computer in a second channel for
receiving the login identification and the access
demand and
See claim elements (1c) and (1d) in Ground 1. Ex. 1101 at ¶¶ 124-127, 188-
191.
(54d) outputting a prompt requesting a transmission
of data once said login identification is verified by
said security computer,
See claim elements (1c) and (1e) in Ground 1. See claim element (1d) in
Ground 1. Ex. 1101 at ¶¶ 124-126, 128, 192.
(54e) wherein said security computer comprises a
component for receiving the transmitted data and
comparing said transmitted data to
predetermined data,
“Component for receiving the transmitted data and comparing it to
predetermined data” is governed by 35 U.S.C. §112(6). It is construed as having a
function of “receiving the transmitted data and comparing said transmitted data to
IPR2017-01064 – Inter Partes Review of U.S. Patent No. 8,484,698
Petition for Inter Partes Review
63
predetermined data” (see, Section V, above) and a structure of “‘698 patent at FIG.
9C, steps 186-196, 10:46-65 and/or ‘698 patent, FIGs. 9C-9D, steps 200-208,
11:24-55.” Id.
Step 200 is “Prompt user and collect speech password.” Step 202 is “User
voices speech password.” Step 204 is “Speech module retrieves speech password
associated with login ID.” Step 206 is “Speech module verifies speech password.”
Step 208 is “Does the speech password match?”
As described above, Feigen combined with Flanagan teaches a security
computer. The portion of Flanagan integrated into Feigen’s security host (26) in
Ground 1 teaches receiving the transmitted data requested in claim element (54e)
above. Flanagan describes prompting the user via a message sent over a voice
connection and receiving the voice information from the voice line. Ex. 1102 at
FIG. 2, FIG. 4 (item 42 and 43), Abstract, 2:47-57, 4:12-20, 5:54-6:9, 6:9-36, 6:36-
40 and 6:57-12. Flanagan further describes that the voice information received
over the voice line (15) from telephone (13) is compared with voice information
that is pre-stored and associated with the purported user. Ex. 1102 at Abstract,
2:52-57, 6:9-14, and FIG. 4; Ex. 1101 at ¶¶ 193-195.
In more detail, Flanagan states: “If the login and password information input
by the user, match pre-stored login and password information maintained in
memory by processor 12, the processor then independently attempts to establish a
IPR2017-01064 – Inter Partes Review of U.S. Patent No. 8,484,698
Petition for Inter Partes Review
64
voice connection to user telephone 13—which ideally is in close physical
proximity to user terminal 11.” Ex. 1102 at 3:49-55. “After establishment of the
voice connection, processor 12 generates a 4-digit random number (e.g., 5772) and
controls voice apparatus 14 to request the user to repeat the 4-digit number into the
user telephone 13 …” Ex. 1102 at 4:12-20. “Using a voice recognition technique,
the computer matches received voice information with pre-stored voice
information for the user and 55 generates a confidence recognition factor
indicating how closely the received voice matches the stored voice of the user.”
Ex. 1102 at 2:52-57. “If the factor exceeds a preset threshold, the user is afforded
access to the computer.” Ex. 1102 at 2:57-3:1; Ex. 1101 at ¶ 196.
(54f) such that, depending on the comparison of the
transmitted and the predetermined data, said
security computer outputs an instruction to the
host computer to grant access to the host
computer or deny access thereto.
See claim element (1h) in Ground 1. Ex. 1101 at ¶¶ 131-132, 197-198.
Conclusion X.
Petitioner respectfully requests institution of inter partes review and
cancellation of the Challenged Claims based upon each of the grounds presented
herein.
IPR2017-01064 – Inter Partes Review of U.S. Patent No. 8,484,698
Petition for Inter Partes Review
65
The fee specified by 37 C.F.R. §42.15(a) is electronically submitted
herewith. The Director is authorized to charge any additional fees (or credit any
overpayments) to Deposit Account 19-2112.
Respectfully submitted,
Date: March 14, 2017 By: /John D. Garretson/
John D. Garretson
Reg. No. 39,681
Lead Counsel for Petitioner
IPR2017-01064 – Inter Partes Review of U.S. Patent No. 8,484,698
Petition for Inter Partes Review
Attachment A: Certification of Word Count
1
CERTIFICATION OF WORD COUNT
Pursuant to 37 C.F.R. § 42.24(d), the undersigned certifies that the foregoing
Petition includes 11,291 words, which is less than the 14,000 words allowed under
37 C.F.R. § 42.24(a)(1)(i). As provided by 37 C.F.R. § 42.24(a)(1)(i), this word
count does not include the table of contents, table of authorities, grounds for
standing, mandatory notices, certificate of service, this certificate of word count, or
appendix of exhibits or claim listing. In making this certification, the undersigned
has relied on the word count of the word-processing system used to prepare the
foregoing Petition, which is in accordance with 37 C.F.R. § 42.24(d).
Date: March 14, 2017 By: /John D. Garretson/
John D. Garretson
Reg. No. 39,681
Lead Counsel for Petitioner
IPR2017-01064 – Inter Partes Review of U.S. Patent No. 8,484,698
Petition for Inter Partes Review
Attachment B: Proof of Service Petition
1
CERTIFICATE OF SERVICE
Pursuant to 37 C.F.R. §§ 42.6(e) and 42.105, the undersigned certifies that
on this March 14, 2017, a complete and entire copy of the foregoing Petition for
Inter Partes Review and all support exhibits were provided via FedEx Priority
Overnight, costs prepaid, to the Patent Owner by serving the correspondence
address of record as follows:
Attn: Michael Greenbaum
Blank Rome LLP
1825 Eye Street NW
Washington, DC 20006-5403
With a courtesy copy provided electronically to: Salvatore P. Tamburo,
Blank Rome LLP, at [email protected].
Date: March 14, 2017 By: /John D. Garretson/
John D. Garretson
Reg. No. 39,681
Lead Counsel for Petitioner