Sunteți pe pagina 1din 75

IPR2017-01514

U.S. Patent 8,799,088


Filed on behalf of Unified Patents Inc.
By: Jason R. Mudd, Reg. No. 57,700
Eric A. Buresh, Reg. No. 50,394
jason.mudd@eriseip.com
eric.buresh@eriseip.com
ERISE IP, P.A.
6201 College Blvd., Suite 300
Overland Park, Kansas 66211
Telephone: (913) 777-5600

Jonathan Stroud, Reg. No. 72,518 Roshan Mansinghani, Reg. No. 62,429
jonathan@unifiedpatents.com roshan@unifiedpatents.com
Unified Patents Inc. Unified Patents Inc.
1875 Connecticut Ave. NW, Floor 10 13355 Noel Road, Suite 1100
Washington, D.C., 20009 Dallas, TX, 75240
Telephone: (202) 805-8931 Telephone: (214) 945-0200

UNITED STATES PATENT AND TRADEMARK OFFICE


____________

BEFORE THE PATENT TRIAL AND APPEAL BOARD


____________

UNIFIED PATENTS INC.


Petitioner

v.

ROTHSCHILD BIOMETRIC SYSTEMS, LLC and


SRR PATENT HOLDINGS, LLC
Patent Owner
____________

IPR2017-01514
Patent 8,799,088
____________

PETITION FOR INTER PARTES REVIEW


OF U.S. PATENT 8,799,088
IPR2017-01514
U.S. Patent 8,799,088
TABLE OF CONTENTS

I. INTRODUCTION............................................................................................... 1
II. U.S. PATENT 8,799,088 ................................................................................... 2
A. Summary ................................................................................................. 2
B. Prosecution History ................................................................................. 3
C. Level of Ordinary Skill in the Art ........................................................... 5
III. REQUIREMENTS FOR INTER PARTES REVIEW UNDER 37 C.F.R.
42.104 .......................................................................................................... 6
A. Grounds for standing under 37 C.F.R. 42.104(a) ................................. 6
B. Identification of challenge under 37 C.F.R. 42.104(b) and relief
requested............................................................................................... 6
C. Claim construction under 37 C.F.R. 42.104(b)(3)................................ 7
1. a plurality of biometric identification data ................................. 7
IV. THERE IS A REASONABLE LIKELIHOOD THAT THE CHALLENGED
CLAIMS ARE UNPATENTABLE................................................................ 9
A. Ground 1: Karthik in view of Robinson renders claims 1-9, 11-19, and
21 obvious under 103(a) .................................................................... 9
i) Claim 1 ......................................................................................... 14
ii) Claim 2: ....................................................................................... 33
iii) Claims 4-9: ................................................................................. 35
iv) Claim 3 ....................................................................................... 37
v) Claim 11: ..................................................................................... 38
vi) Claims 12 and 13: ....................................................................... 39
vii) Claim 14: ................................................................................... 40
viii) Claim 15: ................................................................................... 40
ix) Claim 16: .................................................................................... 42
x) Claim 17: ..................................................................................... 42
xi) Claim 18: .................................................................................... 45
xii) Claim 19: ................................................................................... 45
xiii) Claim 21: ................................................................................... 46

ii
IPR2017-01514
U.S. Patent 8,799,088
B. Ground 2: Karthik in view of Alvarez renders claims 1-9, 11-19, and 21
obvious under 103(a) ....................................................................... 47
i) Claim 1 ......................................................................................... 49
ii) Claims 2, 4-7, 9, 11: .................................................................... 53
iii) Claim 3: ...................................................................................... 54
iv) Claim 8: ...................................................................................... 54
v) Claim 12: ..................................................................................... 55
vi) Claim 13: .................................................................................... 56
vii) Claims 14 and 15: ...................................................................... 56
viii) Claim 16: ................................................................................... 57
ix) Claim 17: .................................................................................... 57
x) Claim 18: ..................................................................................... 59
xi) Claim 19: .................................................................................... 59
xii) Claim 21: ................................................................................... 59
C. Ground 3: Saito renders obvious claim 20 under 103(a) .................... 61
i) Claim 20: ...................................................................................... 62
V. CONCLUSION ............................................................................................... 66
VI. MANDATORY NOTICES UNDER 37 C.F.R. 42.8(A)(1) ....................... 67
A. Real Party-In-Interest ............................................................................ 67
B. Related Matters ...................................................................................... 67
C. Lead and Back-Up Counsel Under 37 C.F.R. 42.8(b)(3) ................... 67
D. Payment of Fees Under 37 C.F.R. 42.103 .......................................... 68

iii
IPR2017-01514
U.S. Patent 8,799,088
I. INTRODUCTION

Petitioner Unified Patents, Inc. (Petitioner) requests Inter Partes Review

(IPR) of claims 1-9 and 11-21 (the Challenged Claims) of U.S. Patent No.

8,799,088 (the 088 Patent) (EX1001). The 088 Patent generally relates to a

system for using biometric identification to verify the identity of users of financial

services provider cards over a network. During enrollment, a user uploads

biometric data to a server via a website for later use. After enrollment, the user

uploads biometric data at a point of sale to the server during a transaction to allow

the server to compare the uploaded data against the previously stored data to verify

the users identity. Such systems were well known before the 088 Patents 2008

priority date.

As revealed by its prosecution history, the 088 Patents purported point of

novelty lies in attempting to prevent identity theft by a server authenticating the

initial biometric data provided. It does so by comparing the uploaded data against

other biometric data for the user stored in a related information repository, such

as that maintained by a government agency or other trusted source. But, as

demonstrated below by the Robinson and Alvarez references, this authentication

against a third-party source was known in the prior art and would have been an

obvious addition to a biometric verification system. See, e.g., Jones Decl. (EX1003)

at 52, 50, 65.

1
IPR2017-01514
U.S. Patent 8,799,088
II. U.S. PATENT 8,799,088

A. Summary

The 088 Patent is generally directed to a method of using biometric

identification data to verify the identity of a user of a financial services card, such

as a credit card or debit card. 088 Patent (EX1001) at Abstract, 1:15-18, 4:31-35.

Examples of biometric identification data include physical features such as face,

fingerprint, iris, retina, or hand geometry, and behavioral features, such as

signature or voice. Id. at 7:28-32, 7:50-63.

Generally, methods taught by the 088 Patent involve a two-part process in

which biometric identification data is first uploaded via a network-connected user

computer and stored in a database server. Id. at 2:11-17. This first step is generally

called enrollment and has long been known in the biometrics industry. Jones

Decl. (EX1003) at 32, 34. Subsequently, biometric data collected during a

transaction is compared with the previously stored biometric identification data to

transmit an identity verification, allowing execution of the transaction. 088 Patent

(EX1001) at 2:18-37. This second step is generally called verification or

identification and has also long been known in the biometrics industry, including

in the context of verification of point-of-sale transactions via a network. Jones

Decl. (EX1003) at 33, 34.

2
IPR2017-01514
U.S. Patent 8,799,088
In some of the patents embodiments, the uploaded biometric identification

data is authenticated through comparison with biometric data stored in a related

information repository, such as a database operated by a government agency (e.g.,

the Department of Motor Vehicles (DMV)) to help prevent identity theft. 088

Patent (EX1001) at 8:15-35.

B. Prosecution History

U.S. Patent Application No. 12/854,598, which issued as the 088 Patent,

was filed as a continuation application on August 11, 2010 with 20 claims.088

Prosecution History (EX1002) at 17-48. The 088 Patent claims priority to a parent

application filed on June 11, 2008, which was abandoned.1 See generally Parent

File History (EX1008).

The examiner initially rejected claims 1-20 as being anticipated by

Houvener (U.S. Patent 5,657,389) (EX1009), which taught a method for

biometrically verifying the identity of a user of a financial services card over a

network for point-of-sale transactions. 088 Prosecution History (EX1002) at 59-

62. Claims 11 and 17-20 also were rejected as being obvious over Houvener in

1
The claims in the parent application were repeatedly rejected based on the

Houvener and Zoka references discussed herein, as well as others, and eventually

abandoned. See EX1008 at 64-67, 121-126, 167-172, 197-203.

3
IPR2017-01514
U.S. Patent 8,799,088
view of Zoka (U.S. Patent 6,591,249) (EX1010). EX1002 at 62-64. Zoka was

found to teach a point-of-sale terminal prompting a user for biometric

identification data. Id.

Following arguments raised by the applicant, the examiner rejected claims 1-

20 as obvious over Houvener in view of Zoka. Id. at 88-96. The applicant argued

that, in Houvener, a human store clerk, rather than a server, compared the

biometric data so that the clerk could be held accountable for the verification. Id. at

106-107. Unpersuaded, the examiner maintained the rejection in a final Office

Action. Id. at 117-126.

The applicant amended claim 1 to add a step of authenticating, by the at

least one server, the uploaded plurality of biometric identification data, with a

similar amendment to claim 17 Id. at 189-191. The applicant argued that in

Houvener, the user, not the server, is the one who authenticates the accuracy of

digital photograph data during enrollment. Id. at 194.

The Examiner continued to reject claims 1-20 over Houvener in view of

Zoka, finding that Zoka teaches authentication of biometric information by the at

least one server. Id. at 199-206. In response, the applicant amended claims 1 and

17 to specify that the server authenticates the uploaded biometric data with

biometric identification data stored in a related information repository. Id. at

209-216 (emphasis in original).

4
IPR2017-01514
U.S. Patent 8,799,088
The examiner initially maintained the rejection (id. at 224-232) but this

rejection was later withdrawn following a pre-appeal conference that focused on

the related information repository limitation. Id. at 252. Specifically, the

applicant argued that this limitation required authenticating the uploaded biometric

data against biometric data stored in a third party information repository, e.g., for

the purpose of preventing identity theft. Id. at 240. The applicant argued that, in

Houvener and Zoka, identity verification is only performed once, i.e., during the

purchase transaction at the point of sale, and not during enrollment using a third-

party database. Id. at 240-241. After withdrawal of the rejection, a Notice of

Allowance was issued with a non-substantive Examiners Amendment clarifying

independent claim 1. Id. 258-266.

As the prosecution history demonstrates, the step of authenticating biometric

data uploaded by the user with biometric identification data stored in a related

information repository was the limitation added by the applicant to ultimately

obtain allowance. As discussed below, however, this limitation was known in the

prior art and would have been obvious to a PHOSITA. See infra, e.g., Secs. IV.A.i

& IV.B.i (limitation 1(d)); see also Jones Decl. at 35, 49-50.

C. Level of Ordinary Skill in the Art

A person having ordinary skill in the art (PHOSITA) at the time of the

alleged invention (i.e., June 11, 2008) of the 088 Patent would have been a person

5
IPR2017-01514
U.S. Patent 8,799,088
having the equivalent of at least a bachelors degree in computer science, electrical

engineering, computer engineering, or a similar discipline, and at least one to two

years of experience with computer networking and biometric identification

technologies, with additional education substituting for experience or additional

experience substituting for education. Jones Decl. (EX1003) at 37.

III. REQUIREMENTS FOR INTER PARTES REVIEW UNDER 37 C.F.R.


42.104

A. Grounds for standing under 37 C.F.R. 42.104(a)

Petitioner certifies that the 088 Patent is available for IPR and that

Petitioner is not barred or estopped from requesting IPR of the 088 Patent.

B. Identification of challenge under 37 C.F.R. 42.104(b) and relief


requested

In view of the prior art, evidence, and arguments herein, claims 1-9 and 11-

21 of the 088 Patent are unpatentable and should be cancelled. 37 C.F.R.

42.104(b)(1). Based on the prior art references identified below, IPR of these

claims should be granted. 37 C.F.R. 42.104(b)(2). This review is governed by

pre-AIA 35 U.S.C. 102 and 103.

Exhibit
Proposed Grounds of Unpatentability for the 088 Patent
Nos.
Ground 1: Claims 1-9, 11-19, and 21 are obvious under 103(a)
over U.S. Patent Application No. 2005/0165700 to Karthik
EX1004 and
(Karthik) in view of U.S. Patent No. 7,483,862 to Robinson et al. EX1005
(Robinson)

6
IPR2017-01514
U.S. Patent 8,799,088
Exhibit
Proposed Grounds of Unpatentability for the 088 Patent
Nos.
Ground 2: Claims 1-9, 11-19, and 21 are obvious under 103(a)
over Karthik in view of U.S. Patent No. 7,735,125 to Alvarez et al. EX1004 and
EX1006
(Alvarez)
Ground 3: Claim 20 is obvious under 103(a) over U.S. Patent
EX1007
No. 7,278,025 to Saito et al. (Saito)

Section IV, infra, identifies where each element of the Challenged Claims is

found in the prior art. 37 C.F.R. 42.104(b)(4). The exhibit numbers of the

supporting evidence relied upon to support the challenges are provided above and

the relevance of the evidence to the challenges raised are provided in Section IV.

37 C.F.R. 42.104(b)(5).

C. Claim construction under 37 C.F.R. 42.104(b)(3)

The 088 Patent has not expired. As such, the claim terms should be given

their broadest reasonable construction in light of the specification[.] 37 C.F.R.

42.100(b). Petitioner proposes the following construction. All claim terms not

specifically discussed below should be given their broadest reasonable

interpretation (BRI) in light of the specification.

1. a plurality of biometric identification data

Claim 1 recites the use of a plurality of biometric identification data of the

user. See 088 Patent (EX1001) at claim 1. In contrast, other claims recite

requesting at least one biometric identification data of a user. See id. at claims

7
IPR2017-01514
U.S. Patent 8,799,088
17, 21. The term plurality has a well-understood meaning of two or more.

Dayco Prod., Inc. v. Total Containment, Inc., 258 F.3d 1317, 132728 (Fed. Cir.

2001). Consistent with this meaning, the 088 Patent refers to embodiments that

use two or more biometric identification data, in addition to embodiments that

use just one piece of biometric data. 088 Patent (EX1001) at 9:23-26. The 088

Patent, therefore, uses plurality of biometric identification data to simply refer to

two or more biometric identification data.

The 088 Patent does describe the option of using a combination of two

different types of biometric data. Id. at 7:21-28 (or . . . a combination of biometric

identification data); 9:65-10:4 (e.g. a digital signature and a fingerprint scan).

But the claim language only recites a plurality of biometric identification data,

with no restriction as to type. Importing a limitation from an embodiment to

require a plurality of types of biometric data here would be improper in the absence

of unambiguous language of manifest restriction or exclusion. See, e.g., In re

Bigio, 381 F.3d 1320, 1325 (Fed. Cir. 2004).

8
IPR2017-01514
U.S. Patent 8,799,088
Thus, the BRI of a plurality of biometric identification data is broad

enough to include at least two or more biometric identification data of the same or

different type.2

IV. THERE IS A REASONABLE LIKELIHOOD THAT THE


CHALLENGED CLAIMS ARE UNPATENTABLE

The following prior art references disclose each limitation of the Challenged

Claims and render the Challenged Claims unpatentable. Included below are

exemplary citations to the prior art references.

A. Ground 1: Karthik in view of Robinson renders claims 1-9, 11-19,


and 21 obvious under 103(a)

U.S. Patent Application No. 2005/0165700 by Karthik (Karthik) (EX1004)

was published on July 28, 2005 and therefore qualifies as prior art to the 088

Patent under 35 U.S.C. 102(b) (pre-AIA). See Karthik (EX1004). Karthik was

not cited or discussed during prosecution of the 088 Patent. Karthik teaches a

2
Petitioner proposes this construction to prevent Patent Owner from advancing an

unrebutted improperly narrow construction. The Board may decide this

construction is unnecessary, as the prior art discussed below teaches use of a

plurality of types of biometric data, a concept already well known in the art at the

time. See infra Sec. IV.A.i at [1(b)]; see also Jones Decl. (EX1003) at 31, 42;

Jain (EX1011) at 10-12 (discussing multimodal biometric systems).

9
IPR2017-01514
U.S. Patent 8,799,088
method of verifying the identity of users of financial services, including a process

for enrolling biometric data of a user of a credit card and subsequently verifying

the identity of the user of a credit card during a transaction. Id. at Abstract, 2, 53;

see also Figs. 1, 5, 6.

Specifically, Karthik teaches a web site for verifying the identity of a user of

a financial services provider card (such as a credit card) hosted by a server in

communication with a network that collects biometric identification data from the

user during enrollment and stores it in a database coupled to the server. Id. at 19,

68, 135-138; Figs. 5, 6. After enrollment is completed, verification is performed by

uploading a sample of biometric data collected from the user during a transaction, such

as a credit card transaction, at an ATM, or at a point of sales (POS) system. Id. at 15,

151-152, 166; see also id. at claims 1-3. Karthik then teaches performing a comparison

at the server of the uploaded biometric data to the previously stored data provided

during enrollment to determine a match, and if so, sending a success status validation

signal to the client (such as an electronic commerce application website, POS, or other

client). Id. at 15, 53 (This method has applicability to a number of business

transactions such as in . . . authenticating orders and/or payments in a purchase/sell

transaction), 153, 169-170, see also id. at claims 1-3.

Karthik is in the same field of endeavor as and is reasonably pertinent to the

claimed invention of the 088 Patent. As mentioned above, the 088 Patent uses

10
IPR2017-01514
U.S. Patent 8,799,088
biometric data to verify the identity of a user of a financial services card, such as a

credit card or debit card. 088 Patent (EX1001) at Abstract, 1:15-35, 4:31-34.

Specifically, the 088 Patent uses an online enrollment process where a user

uploads biometric data to a server via a website so the data may be used for

subsequent identity verification during financial transactions to address credit card

fraud and identity theft. Id. at 1:31-67; 4:53-5:2; 7:64-8:11. Like the 088 Patent,

Karthik relates to using biometrics to provide enhanced security for electronic

commercial transactions, including, for example credit card transactions over the

Internet, ATM transactions, and point of sales (POS) transactions to reduc[e]

credit card fraud. Karthik (EX1004) at 2-10, 15, 17-18, 48. Also like the 088

Patent, Karthik provides an online enrollment process where a user uploads biometric

data to a server via a website for later use in verifying the users identity during

transactions, such as a credit card transaction. Id. at 68, 84, 135-136, 151-153, 169-

170. Karthik, therefore, is analogous art to the claimed invention of the 088 Patent.

Karthik teaches that the server component will validate the biometric data

uploaded during enrollment but does not provide further detail regarding this

validation step; nor does Karthik specifically teach that the provided data is

authenticated by the server using data stored in a related information repository,

such as a third-party database (e.g., a Department of Motor Vehicles (DMV)

database, as taught by the 088 Patent). Id. at 80. However, U.S. Patent 7,483,862

11
IPR2017-01514
U.S. Patent 8,799,088
to Robinson et al. (Robinson) (EX1005) teaches authentication during

enrollment using a third-party database, including, for example, a government

drivers license/identification database. Id. at 10:4-9 (describing verifying user

biometric data submitted at the time of pre-purchase by comparing it with

registered user biometric data stored at third-party database); see also id. at 2:62-

3:12, 5:39-44, 6:66-7:28 (describing enrollment of initial biometric data at step 204

at time of pre-purchase). Robinson also teaches that multiple biometric data may be

used, such as by acquiring data from two individual fingers, e.g., a thumb and

index finger, and even teaches that multiple types of biometric data may be used,

such as by acquiring data from a finger and an iris scan; thus, under even an unduly

narrow reading of the claims, Robinson teaches the provision of at least two, i.e.

a plurality, of biometric identification data, whether of the same type or multiple

types. Id. at 3:16-31.

Robinson was filed on July 25, 2005 and issued on January 27, 2009, and

therefore qualifies as prior art to the 088 Patent under 35 U.S.C. 102(e) (pre-

AIA). See Robinson (EX1005). Robinson was not cited or discussed during

prosecution of the 088 Patent. Robinson generally relates to a biometric

authorization system that allows for enrollment of a users biometric data in a

remote database over a network during a pre-purchase or advance purchase and

subsequent verification of the users identity against the stored biometric data

12
IPR2017-01514
U.S. Patent 8,799,088
during a redemption transaction to allow the user to securely redeem pre-paid

goods or services associated with the users account. Id. at Abstract, 1:6-30, 6:66-

7:28 (describing enrollment), 7:29-48 (describing verification for subsequent

redemption), Figs. 1-2. As examples, Robinson teaches that its system could allow

pre-purchase of travel packages, event or venue access, or food and drink. Id. at

7:3-12, 2:5-24, 6:32-36, 7:42-48, 8:12-25.

A user record in the database stores the users enrolled biometric data and

can store other information, such as credit card and debit card information and

information regarding the users pre-purchases. Id. at 3:32-44, 3:64-4:24, 4:45-52,

7:13-28. After enrollment, network-connected authorization stations, which can be

point of sale terminal[s], are used to allow the user to input biometric data to

verify the users identity during redemption transactions. Id. at 5:25-38, 7:29-48.

Redemption may also include a credit card transaction if the redemption value is

exceeded. Id. at 8:21-23. Robinson also teaches that its biometric authorization

system could also be part of a broader system used to conduct financial

transactions, vehicle rentals, or other transactions. Id. at 4:59-63.

Robinson is in the same field of endeavor as and is reasonably pertinent to the

claimed invention of the 088 Patent. Like the 088 Patent, Robinson teaches a

biometric verification system that allows a user to enroll biometric data that is

uploaded over a network and stored in a database for later use in verification of the

13
IPR2017-01514
U.S. Patent 8,799,088
users identity during subsequent transactions. Also like the 088 Patent, Robinson

allows a user to subsequently input biometric data via a point of sale terminal to

be compared to the users stored data to biometrically authorize transactions to

reduce risk of financial loss from theft or fraud. See id. at 2:8-12, 2:34-37,

3:10-12. Robinson, therefore, is analogous art to the claimed invention of the 088

Patent.

i) Claim 1

[1(pre)] 1. A method for verifying the identity of users of financial services


provider cards over a network, the method comprising:
Karthik teaches a method of verifying the identity of users of financial

services cards, such as credit cards, over a network, including a process for

enrolling biometric data of a user of a credit card (Fig. 5) and subsequently

verifying the identity of a user of a credit card during a transaction (Fig. 6), as

shown below:

14
IPR2017-01514
U.S. Patent 8,799,088

Karthik (EX1004) at Figs. 5-6, 2, 15; see also id. at Abstract, 135-170. Karthik

specifically states that its invention relates generally to providing security for

electronic commerce and is applied to use of credit cards, a type of financial

service provider card described by the 088 Patent. Id. at 2, 9, 135-138, 151-155;

see also 088 Patent (EX1001) at 1:57-2:3, 4:31-35. Particularly, Karthik states

that the security solution taught provides authentication to permit world wide

15
IPR2017-01514
U.S. Patent 8,799,088
electronic commercial transactions to be carried out in a highly secured manner

over an open network. Karthik (EX1004) at 18.

[1(a)] providing a web site for verifying the identity of a user of a financial
services provider card, the web site being hosted by at least one server in
communication with the network;
Karthik teaches providing a web site for online enrollment of biometrics data

for new users and/or current users of a credit card. Id. at 68, 135-138, Fig. 5.

Specifically, Karthik describes a process for online enrollment of biometrics data

at a web site that will later be used to verify the authenticity of a user during

subsequent transactions. Id. at 19, 68, 135-138, see also id. generally at 151-170.

The web site disclosed by Karthik resides on a web-server, which is in

communication over an open network. Id. at 18-19, Jones Decl. (EX1003) at

40.

Karthik teaches that a user enters credit card information into the web site

(step 501), after which the web site validates the entered information (step 502) by,

for example, comparing the entered credit card information with the credit card

database. Karthik (EX1004) at 137, Fig. 5; Jones Decl. (EX1003) at 41. These

steps are depicted in Figure 5, shown below:

16
IPR2017-01514
U.S. Patent 8,799,088

Karthik (EX1004) at Fig. 5. If the information is valid, the credit card number or

any other unique identifier (generated or entered by the user) will be sent to the

inventions authentication program, for activating the core process of enrollment.

Id. at 138-139. Karthik notes that the website uses existing authentication

17
IPR2017-01514
U.S. Patent 8,799,088
methods implemented by the website administrator to perform this initial

verification of the identity of the user.3 Id. at Abstract (the server authentication

program being integrated with existing web-applications with the web-service

provider and for receiving existing security parameters entered by the user.),

52, 69-70. Karthik, therefore, teaches verifying the identity of the user of the

financial services provider card via the website and assigning the user a unique

identifier to be used during enrollment. Jones Decl. (EX1003) at 41.

[1(b)] requesting, by the at least one server, a plurality of biometric


identification data of the user;
Karthik teaches collecting biometric identification data of a user such as

fingerprint scanning, iris scanning, retina scanning, handwriting analysis,

handprint recognition, and voice recognition, which Karthik teaches are

biometrics technology that [are] verification/identification of an individuals

unique physical or behavioral traits. Karthik (EX1004) at 17. Specifically,

Karthik teaches that more than one fingerprint of the same person or the

fingerprint of all fingers for easy authentication can be used. Id. at 39. A

PHOSITA would have understood that each of these teachings constitute a

3
This teaching is consistent with the 088 Patents reference to using a known,

conventional identification verification website, such as NetIDme, etc. to initially

verify the users identity. 088 Patent (EX1001) at 4:43-56.

18
IPR2017-01514
U.S. Patent 8,799,088
plurality of biometric identification data of the user under the BRI of this term,

because two or more biometric identification data are being used. 4 Jones Decl.

(EX1003) at 42; see also supra Sec. III.1.

To the extent that a narrower interpretation is adopted, Karthik likewise

explicitly discloses using a plurality of types of biometric data. After referencing

the various [t]ypes of biometrics methods listed above, Karthik teaches that

[t]he invention may also use the combination of all or some biometrics

technology. 5 Karthik (EX1004) at 17 (emphasis added). Indeed, claim 3 of

Karthik explicitly states a plurality of sources of biometric data of a single user is

used, and claim 2 of Karthik explicitly states that the biometrics data is selected

from one or more of the group consisting of a finger print of one or more fingers

of the user, a palm print of the user, an iris scan of the user, a retina scan of the

user and any other optically distinguishable parameter of the user. Id. at claims 2-

4
As Dr. Jones notes, a PHOSITA also would have known that a single fingerprint

scan is comprised of a plurality of minutiae points, which would have been

understood to be a plurality of biometric data. Jones Decl. (EX1003) at 42.


5
Karthiks reference to a combination of biometrics technology is consistent

with the 088 specifications description of a combination of biometric

identification data. See 088 Patent (EX1001) at 7:27-28.

19
IPR2017-01514
U.S. Patent 8,799,088
3 (emphasis added). A PHOSITA, therefore, would have understood that Karthik

also teaches use of a plurality of types of biometric identification data, as well, in

the event plurality of biometric identification data were construed narrowly to

require two or more types of such data (e.g. fingerprint and iris). Jones Decl.

(EX1003) at 42. In addition, Petitioner notes that multimodal biometric systems,

which use two or more types of biometric verification, were already well known at

the time. See Jones Decl. (EX1003) at 31, 42; see also Jain (EX1011) at 10

([T]he only obvious solution for building a highly accurate identification system

for large scale applications appears to be multimodal biometric systems (see

Section VIII).), 11-12.

In addition, Robinson also satisfies either construction by teaching collection

of both a plurality of samples of a single type of biometric data (e.g., fingerprints

of two fingers) and a plurality of distinct types of biometric data (e.g., fingerprint

and iris). Robinson (EX1005) at 3:25-31. And a PHOSITA would have found it

obvious to combine requesting a plurality of biometric identification data as taught

by Robinson into the system taught by Karthik for the benefit of the enhanced

security and accuracy provided by a multimodal biometrics system, as was well

known in the art. Jones Decl. (EX1003) at 43, 31. Such a combination would

have been well within the skill of a PHOSITA to achieve, as it would have merely

required repetition of the biometric enrollment already taught by Karthik. Id. at 43.

20
IPR2017-01514
U.S. Patent 8,799,088
Regarding the claimed server, a PHOSITA would have understood

Karthik teaches or at least renders obvious that the request for the biometric data

from the user is by the at least one server (referring to the server hosting the web

site). Jones Decl. (EX1003) at 44. Specifically, Karthik teaches an online process

for enrollment of biometric data initiated via the web site hosted on the server,

which provides instructions in the form of downloadable client components

compatible with the users web browser (such, as, e.g., ActiveX, a plug-in, or

a Java Applet) to request information from the user. Karthik (EX1004) at 135-

140. After the client component instructions are downloaded in step 504, the

existence of a biometrics scanner is checked and if so, the scanner is activated. Id.

at 137-145; Fig. 5. Then, [i]n [the] case of fingerprint security, the user will be

directed to place their finger on the scanner and in other cases, the user will be

directed to follow the steps provided based on the type of biometrics technology used.

Id. at 146 (emphasis added); see also id. at 77, 110; Figs. 2-3. The biometrics data is

then received by the server, validated, and stored in the database, which resides along

with the website on the server. Id. at 149, 136; see also id. at 80, 68, 115, 100. Any

disconnection with the server will terminate the process. Id. at 149. Because the

enrollment process is conducted online via the website hosted on the server, the

instructions that control this enrollment process, including those that prompt the user to

provide biometric data, are provided by the website hosted on the server, and because a

21
IPR2017-01514
U.S. Patent 8,799,088
disconnection with the server will terminate the process, a PHOSITA would have

understood the request for biometric data during enrollment is by the server, even

though the users browser passes the request on to the user. Jones Decl. (EX1003) at

44. A PHOSITA also would have understood that Karthiks teaching that the

user will be directed to follow the steps provided based on the type of biometrics

technology used (Karthik (EX1004) at 146) to teach a request for any or all

biometrics being used by the server, including, for example, a plurality of fingers

and/or a plurality of different biometrics. Jones Decl. (EX1003) at 46.

Further, it also would have at least been obvious to a PHOSITA based on

their knowledge, experience, and level of ordinary skill for the server in Karthik to

request the biometric data during the online enrollment process conducted via the

website. Jones Decl. (EX1003) at 45. A PHOSITA would have appreciated that

this was a common and well-known way used in the industry to conduct online

biometric enrollment. Id. It would have been a routine design choice with a

reasonable expectation of success from among a finite set of two options (client or

server), which were listed in industry standards, for the server to control the

process and make the request. Id.; KSR Int'l Co. v. Teleflex Inc., 550 U.S. 398, 420

(2007). A PHOSITA would have appreciated that it was beneficial to initiate the

request from the server in an enrollment process that is intended to be standardized

across users and websites, and this would have also eased system configuration and

22
IPR2017-01514
U.S. Patent 8,799,088
updating. Id. A PHOSITA would have also found it beneficial for purposes of

ensuring minimum quality standards for biometric samples and to reduce

vulnerability to spoofing. Id.

[1(c)] uploading the plurality of biometric identification data of the user


requested by the at least one server via a network connected computing device
to the web site;
As discussed above, Karthik teaches that a plurality of biometric

identification data is requested by a web site residing on a server, which is in

communication over an open network. Karthik (EX1004) at 18-19, 68; see

supra Sec. IV.A.i at [1(a)], [1(b)]. A compatible biometrics scanner or reader

gathers the biometric identification data of a user. Karthik (EX1004) at 29, 142-

146. These scanners or readers are configured for collecting biometric

identification data including fingerprints, an iris or retina, a handwriting analysis,

and a handprint or voice recognition, or combinations of biometric types, as

examples. Id. at 17, 29-30. Karthik explicitly discusses a finger scanner, but

teaches that steps for uploading biometric identification data differ based on the

type of biometrics technology used. Id. at 77, 146. After the biometric data is

collected during enrollment, the users computing device transmits the data to the

server for storage. Id. at 140, 148-149 ([T]he processed data will be sent to the

inventions server component at the server.), Fig. 5; see also id. at 79-80. A

PHOSITA, therefore, would have understood from these teachings that Karthik

23
IPR2017-01514
U.S. Patent 8,799,088
discloses that the plurality of biometric data collected during enrollment is

transmitted via a network connected computing device to the website. Jones Decl.

(EX1003) at 47.

[1(d)] authenticating, by the at least one server, the uploaded plurality of


biometric identification data with a biometric identification data stored in a
related information repository;
During prosecution, this limitation was added to obtain allowance. The

related information repository was described during prosecution as a third party

database and the patent describes a government DMV database as an example.

See supra Sec. II.B; see also 088 Patent (EX1001) at 8:15-35.

Karthik expressly teaches that the server will validate the biometric

identification data after it is uploaded during the enrollment process. But Karthik

does not provide further detail regarding how this validation is performed or

whether it involves a third-party database. Karthik (EX1004) at 80, 149. A

PHOSITA would have found it obvious and beneficial, however, to perform this

validation in the manner taught by Robinson, in which uploaded biometric

identification data is compared with biometric identification data previously stored

in a trusted third-party database, such as a government drivers

license/identification database, for authentication. Robinson (EX1005) at 5:39-44,

10:4-9; Jones Decl. (EX1003) at 48-49.

24
IPR2017-01514
U.S. Patent 8,799,088
Robinson explicitly teaches connections between the server and one or

more third party information sources such as a government database. Robinson

(EX1005) at 5:39-44, 10:4-9. Robinson teaches that user biometric data submitted

at the time of pre-purchase, which Robinson teaches can be at the time of

enrollment, can be verified by comparison and matching with registered user

biometric data stored at a third-party database 108, such as a government driver's

license/identification database. Id. at 10:4-9; see also id. at 6:66-7:28 (describing

enrollment of initial biometric data at time of pre-purchase); Jones Decl. (EX1003)

at 48. As seen below in Figure 1, the third-party database 108 is connected via a

network to the central database 104 in which user records are stored and from

which user records are accessed for biometric authorization and to an

authorization station 106a including a biometric input device (BID) for

collecting biometric identification data.

25
IPR2017-01514
U.S. Patent 8,799,088

Robinson (EX1005) at Fig. 1 (circle in original), 5:21-38.

Thus, Robinson teaches authenticating, by the at least one server, the

uploaded plurality of biometric identification data with biometric identification

data stored in a related information repository, such as a government drivers

license database. Id. at 2:62-3:12, 5:39-44, 10:4-9, Fig. 1; Jones Decl. (EX1003) at

48-49.

A PHOSITA at the time of the 088 Patent would have found it obvious to

combine the teachings of Robinson with Karthik to provide the means of

validation of the users biometric data uploaded during enrollment taught by

Karthik using a trusted, third-party database such as a government drivers

license/identification database, as taught by Robinson. Jones Decl. (EX1003) at

26
IPR2017-01514
U.S. Patent 8,799,088
48-49. Comparison of biometric identification data with pre-stored biometric

data in a related information repository was a well-known validation method of

increasing confidence in a users identity and their provided biometric data at the

time of the 088 Patent. Id. A PHOSITA would have been motivated by Karthiks

teaching of validation of the users biometric data during enrollment to use

known, advantageous methods of initial validation of biometric data, such as

Robinsons process of verification of user biometric data provided during pre-

purchase enrollment by comparing it to registered user biometric data stored in a

third-party database, such as a government drivers license/identification database.

Id. at 50. Government and other third-party databases containing pre-registered

biometric data were well known at the time, and biometrics industry standards for

performing verification using biometric data for drivers licenses had already been

adopted. Id.; see also EX1020 at 35-54. A PHOSITA would have appreciated that

combining Robinsons step of authenticating biometric data provided by a user

against a trusted third-party database of pre-registered biometric data with

Karthiks validation step at the server would have beneficially improved Karthiks

system by enhancing the trustworthiness of the biometric data provided by the user

during enrollment and by furthering Karthiks goal of reducing fraud. Jones Decl.

(EX1003) at 50.

27
IPR2017-01514
U.S. Patent 8,799,088
[1(e)] storing the plurality of biometric identification data in a database
coupled to the at least one server; and
Karthik teaches that the uploaded biometric identification data is stored in a

database that resides along with the web site. Karthik (EX1004) at 149, 136; see

also id. at 68, 80. Specifically, Karthik states, The server component will validate

the data sent and will store the biometrics data sent in the database based on the

unique identifier sent by the web-site application. Id. at 149; see also id. at claims 1-3,

Figs. 1 & 5, 80. Further, Karthik describes transmitting the biometric data to a web

server and then storing it in a database. Id. at 19. A PHOSITA would have understood,

therefore, that the database where the biometric data is stored is coupled to the web

server. Jones Decl. (EX1003) at 51.

[1(f)] uploading biometric identification data provided by the user at a point-


of-sale terminal to the at least one server;
After enrollment is complete, Karthik teaches subsequently uploading

biometric identification data provided by the user to the server during a transaction,

such as during an electronic commerce transaction for credit card users, at a

physical ATM, or at point of sales (POS) systems. Karthik (EX1004) at 9-10

(describing the invented security solution), 15 (describing that [t]he security

solution can be implemented in POS, PC terminals, debit cards, credit cards, etc.),

151-170 (describing credit card transactions), Fig. 6, 193-211 (describing

ATM transactions), Fig. 10; see also id. at claim 1. In a credit card transaction, as

shown below in figure 6, a user wishing to execute a purchase transaction at a

28
IPR2017-01514
U.S. Patent 8,799,088
computer terminal enters credit card details as required by the web-site or other

authentication authorities and the unique identifier for the user, such as their

credit card number, is used to select the appropriate biometric data for the user.

29
IPR2017-01514
U.S. Patent 8,799,088
Id. at Fig. 6, 151-155. After the correct information is retrieved by the server, the

user is directed to place their finger on a biometric scanner, or equivalently

directed to follow the appropriate steps based on the type of biometrics

technology used. Id. at 166. When the biometrics data is obtained from the user

in step 608, the client component will process and compress the data and then send

it to the server. Id. at 167-168. Thus, a PHOSITA would have understood that

Karthik teaches, or at a minimum renders obvious, the uploading of biometric

identification data provided by the user at a point-of-sale terminal for identity

verification during a purchase transaction. Id. at 151-170, 15, Fig. 6; Jones Decl.

(EX1003) at 52. Biometric verification at point-of-sale terminals was already a

well-known way to enhance security and speed up retail purchase transactions.

Jones Decl. (EX1003) at 52.

Robinson likewise teaches uploading biometric identification data received

from a user at a network-connected authorization station, including a point of sale

terminal. Robinson (EX1005) at 5:25-34. A PHOSITA would have found it

obvious to employ the network-connected point of sale terminals, as taught by

Robinson, in the biometric verification methods taught by Karthik for the

predictable result of enhancing security of transactions at point of sale terminals.

Jones Decl. (EX1003) at 53. A PHOSITA would have been motivated by

Karthiks express teaching that its security solution can be extended to provide

30
IPR2017-01514
U.S. Patent 8,799,088
security at point of sales (Karthik (EX1004) at 15) to combine Robinsons

network-connected point of sale terminals for verifying purchase transactions.

Jones Decl. (EX1003) at 53. Mere replacement of the client computing devices

taught by Karthik with the point of sale terminals taught by Robinson would

amount to a simple substitution of known components for their known uses. Id.

Such a combination of Karthik and Robinson would have been within the skill of a

PHOSITA and would not have required undue experimentation, and a PHOSITA

would have appreciated that such a combination would have enhanced both the

security and speed of purchase transactions, which were benefits known in the art.

Id.

[1(g)] determining, by the at least one server, if the biometric identification


data provided by the user at point-of-sale of the terminal matches the
biometric identification data retrieved from the database and sending a
validation signal to the terminal if the biometric identification data provided
by the user at point-of-sale of the terminal matches the biometric
identification data retrieved from the database;
Karthik teaches performing a comparison at the server of the uploaded

biometric identification data to the previously stored data provided by the credit

card user during enrollment to determine a match; and further teaches that if there

is a match, sending from the server a success status validation signal. Karthik

(EX1004) at 169-170, 15, 210-211, Figs. 6, 10; see also id. at claim 1 (status

codes of comparison). In the event of an unsuccessful comparison, an error

message is instead displayed. Id.

31
IPR2017-01514
U.S. Patent 8,799,088
While Karthik teaches sending the success or error status to the electronic

commerce application that requested biometric verification by Karthiks system in

the specific context of an electronic commerce credit card transaction (see id. at

151-153, 169-170), Karthik also states that its teachings can be applied in the

point of sales (POS) context (EX1004 at 15). As a result, a PHOSITA would

have understood that Karthik teaches that the success status signal can be

transmitted to the POS terminal (instead of an e-commerce website) requesting

biometric verification from the server. Jones Decl. (EX1003) at 54. It would have

also been obvious to a PHOSITA based on their knowledge, experience, and level

of ordinary skill to provide the success status signal to the point-of-sale terminal

based on these express teachings of Karthik, because this was the common and

well-known way that such biometric POS systems operated. Id.; see also EX1023

at 15:4-16. And a PHOSITA would have appreciated that a POS terminal that does

not house the database of enrolled biometric data or perform the comparison would

require a notification of a successful match from the server; and it would have

beneficially enhanced security to do so rather than send the enrolled data to the

POS for comparison. Jones Decl. (EX1003) at 54.

[1(h)] receiving the validating signal at the point-of-sale terminal and


executing a purchase transaction at a point-of sale terminal.
For the same reasons as discussed above for [1(g)], Karthik teaches or at

least renders obvious receiving the validation signal (success status) at the point-

32
IPR2017-01514
U.S. Patent 8,799,088
of-sale terminal. Karthik also teaches or at least renders obvious executing a purchase

transaction at the point of sale terminal. See id. at 15 (point of sales (POS)), 53

(This method has applicability to a number of business transactions such as in . . .

authenticating orders and/or payments in a purchase/sell transaction . . . .) (emphasis

added); Jones Decl. (EX1003) at 55. While Karthik does not expressly state that the

purchase transaction is executed, Karthik does explicitly state that further actions are

performed after the success status validation signal is received. Karthik (EX1004) at

170-171, 190-191. A PHOSITA would have understood, or at a minimum found it

exceedingly obvious, that the further actions in a purchase transaction would include

executing the actual purchase transaction at the disclosed point of sale; and such

biometric POS purchase transactions were already well known. Jones Decl. (EX1003)

at 55.

ii) Claim 2:

2. The method as in claim 1, further comprising:


accessing a preselected identification verification web site via the network
connected computing device; and
verifying the users identity using standard verification software to confirm
the users identity as the true user of the financial services card.
The 088 Patent describes claim 2 in the context of a credit card users identity

being initially verified using conventional non-biometric authentication software

provided by a preselected verification website, such as NetIDme. 088 Patent

(EX1001) at 4:43-56. As discussed above, the users personal computer in Karthik

33
IPR2017-01514
U.S. Patent 8,799,088
constitutes a network connected computing device, and it is connected via a network

to a web server. See supra Sec. IV.A.i at [1(c)]. Karthik further teaches that its

inventive server-based biometric authentication system can be integrated with existing

websites that use existing security parameters and existing authentication methods,

which a PHOSITA would have understood teaches or at least renders obvious the

claimed preselected identification verification website using standard verification

software to initially confirm the users identity as the true user of the credit card.

Karthik (EX1004) at Abstract, 50, 52, 69, 137-138, 213-218; see also id. at Claims 1

& 4; see also Jones Decl. (EX1003) at 56.

For example, Karthik teaches using existing methods of authenticating the user

of a credit card through providing credit card information as a unique identifier, which

is validated against the credit card database, and if valid, the identifier is sent to

activate enrollment. Karthik (EX1004) at 136-138. Further, Karthik describes a

process in figure 9 for using a Third-party Web-site to complete an

authentication process that validates the user that is executed on the third-party

web-site and during which the user enters identification information. Id. at 213-

219. After the user is initially authenticated by the third-party website, the third-

party site is then linked to Karthiks inventions authentication server. Id. at 219.

A PHOSITA, therefore, would have understood that Karthik teaches initially

verifying the user is the true user of the credit card through standard verification

34
IPR2017-01514
U.S. Patent 8,799,088
software provided via a preselected identification verification website. Jones Decl.

(EX1003) at 56. Further, a PHOSITA also would have found it obvious and been

motivated to use well-known conventional identity verification methods (which

the 088 Patent itself admits were already standardproviding NetIDme as an

example) based on Karthiks teachings to integrate its invention with existing

websites using existing authentication methods. Id.

iii) Claims 4-9:

4. The method as in claim 1, wherein the requested plurality of biometric


identification data includes a fingerprint of the user.
5. The method as in claim 1, wherein the requested plurality of biometric
identification data includes retina data of the user.
6. The method as in claim 1, wherein the requested plurality of biometric
identification data includes iris data of the user.
7. The method as in claim 1, wherein the requested plurality of biometric
identification data includes hand geometry of the user.
8. The method as in claim 1, wherein the requested plurality of biometric
identification data includes a signature of the user.
9. The method as in claim 1, wherein the requested plurality of biometric
identification data includes a voice pattern of the user.
Karthik teaches a requested plurality of biometric identification data, as

discussed above, and explicitly teaches these six specific common types of data.

See supra Sec. IV.A.i at [1(b)]. Specifically, Karthik teaches:

The invention disclosed herein uses biometrics technology that is


verification/identification of an individuals unique physical or
behavioral traits. Types of biometrics methods include fingerprint

35
IPR2017-01514
U.S. Patent 8,799,088
scanning, iris scanning, retina scanning, handwriting analysis,
handprint recognition and voice recognition. The invention may
also use the combination of all or some biometrics technology.

Karthik (EX1004) at 17 (emphases added). Thus, Karthik explicitly teaches

biometric identification data including a fingerprint, retina data, and iris data

of the user as recited in dependent claims 4-6. Id.

Further, a PHOSITA would have understood that handprint recognition

technology would have enabled or at least rendered obvious hand geometry, as

recited in claim 7, because a PHOSITA would have understood that handprints

were classified and identified based on hand geometry at the time Karthik was filed.

Id.; Jones Decl. (EX1003) at 58. In addition, Robinson expressly discloses using

hand architecture data among its possible biometric data and this also would have

been understood to constitute hand geometry data, as recited in claim 7. Robinson

(EX1005) at 3:28-31; Jones Decl. (EX1003) at 59. It would have been obvious to a

PHOSITA to implement Robinsons hand architecture data as biometric data used in

Karthiks system, because Karthik expressly teaches that any other optically

distinguishable parameter of the user, i.e., image-based biometric data, could be used.

Jones Decl. (EX1003) at 59. Hand geometry/architecture biometric technology was

a well-known image-based biometric parameter and would have been a simple

substitution for a PHOSITA of one well-known image-based biometric data type

36
IPR2017-01514
U.S. Patent 8,799,088
for other image-based biometrics disclosed in Karthik that would not have required

undue experimentation. Id.

Regarding claim 8, a PHOSITA would have further understood that

handwriting analysis teaches or at least renders obvious biometric identification

data including a signature of the user. Jones Decl. (EX1003) at 58. A PHOSITA

would have also understood that voice recognition teaches using a voice pattern

of the user as recited in claim 9. Id.

iv) Claim 3

3. The method as in claim 1, wherein the requested plurality of biometric


identification data includes a face image of the user.
Karthik teaches that its biometrics data may include any other optically

distinguishable parameter of the user. Karthik (EX1004) at claim 2. While

Karthik does not expressly recite facial recognition, it does describe

interchangeable use of numerous common biometrics, and a PHOSITA would have

nonetheless found it obvious and been motivated by these teachings of Karthik to

use a face image of the user, as expressly taught by Robinson. Robinson (EX1005)

at 3:29-31 (teaching use of facial data among other biometric data types); see also

Jones Decl. (EX1003) at 60.

Face recognition technology was a well-known optically distinguishable

image-based biometric parameter well before the 088 Patent, and it would have

been well within the skill of a PHOSITA to incorporate it into the invention of

37
IPR2017-01514
U.S. Patent 8,799,088
Karthik. Id. Because facial data is another form of image-based biometric obtained

optically, like several of Karthiks other expressly disclosed biometric examples,

implementing facial data, as taught by Robinson, would have been a simple

substitution for a PHOSITA of one well-known image-based biometric data type

for another; and such a substitution would not have required undue

experimentation. Id. Facial data would have also been an obvious design choice

from among a finite set of biometric options available at the time. Id.

v) Claim 11:

11. The method as in claim 1, further comprising prompting, by the point-of-


sale terminal, the user to provide at least two biometric identification data to
verify the point-of-sale transaction.
Both Karthik and Robinson each teach or render obvious prompting by a

point-of-sale terminal, a user to provide a plurality of biometric identification data

(whether requiring two or more data or two or more types of data), as discussed

above. See supra Sec. IV.A.i at [1(b)] and [1(f)]. As discussed regarding [1(f)], this

prompt can be for the purpose of verifying a point-of-sale transaction. See supra

Sec. IV.A.i at [1(f)]; see also, e.g., Karthik (EX1004) at claim 3 (stating that a

plurality of sources of biometric data of a single user is used to authenticate the

identi[t]y of the user.).

38
IPR2017-01514
U.S. Patent 8,799,088
vi) Claims 12 and 13:

12. The method as in claim 1, further comprising prompting, by the point-of-


sale terminal, the user to provide a digital signature comparison to verify the
point-of-sale transaction.
As discussed above with respect to claim limitation [1(f)], both Karthik and

Robinson teach or render obvious prompting by the point-of-sale terminal to

provide biometric data to verify a point-of-sale transaction. See supra Sec. IV.A.i

at [1(f)]. As discussed above, the biometric technology used by Karthiks system

can include a handwriting analysis, which a PHOSITA would have understood

teaches or at least renders obvious using a digital signature comparison to verify

the transaction because comparing signatures was a well-known and standard type

of biometric handwriting analysis, which uses the same biometric technology. See

supra Sec. IV.A.iii; see also, e.g., Karthik (EX1004) at 17; Jones Decl. (EX1003)

at 58, 61.

13. The method as in claim 1, further comprising prompting, by the point-of-


sale terminal, the user to provide a digital photographic comparison to verify
the point-of-sale transaction.

As discussed above regarding limitation [1(f)], both Karthik and Robinson

teach and render obvious prompting by the point-of-sale terminal to provide

biometric data to verify a point-of-sale transaction. See supra Sec. IV.A.i at [1(f)].

Further, as discussed, it would have been obvious to combine Robinsons use of

facial data for the biometrics technology employed by Karthiks system. See supra

Sec. IV.A.iv; see also, e.g., Robinson (EX1005) at 3:29-31; Jones Decl. (EX1003) at

39
IPR2017-01514
U.S. Patent 8,799,088
60. A PHOSITA would have understood that a biometric verification using facial

data would teach or at least render obvious a digital photographic comparison, as

recited in claim 13 because facial data comparison would have been understood to be a

type of digital photographic comparison. Jones Decl. (EX1003) at 62.

vii) Claim 14:

14. The method as in claim 1, further comprising accessing, by the at least one
server, the biometric identification data based on an identity of the card.
Karthik teaches that the biometric identification data stored during

enrollment is associated with the users identity using a unique identifier, such as

the users credit card number. Karthik (EX1004) at 136-138, 154; see also id. at

28, 68-71. During a credit card transaction, the credit card number is used by the

server to determine which stored biometric data to access for purposes of

performing verification. Id. at 154 ([T]he credit card number may be used as the

identifier and the biometrics data will be stored based on the identifier, so that

during verification the biometrics data is selected using the identifier.); see also

id. at 155-157, 169.

viii) Claim 15:

15. The method as in claim 14, further comprising presenting the card to the
point-of-sale terminal to be identified so as to access the at least one server
and access the biometric identification data in the database for an identified
card.
As discussed for claim 14, Karthik teaches accessing the biometric

identification data in the database using the identity of the card as the unique

40
IPR2017-01514
U.S. Patent 8,799,088
identifier to access the data. See supra Sec. IV.A.vii. Further, as previously

discussed, Karthik teaches applying its solution to a point-of-sales (POS) system,

and, as also discussed, both Karthik and Karthik in view of Robinson teach and render

obvious a point of sale terminal. See Sec. IV.A.i at [1(f)]; see also, e.g., Karthik

(EX1004) at 15, 9; Jones Decl. (EX1003) at 52, 53. A PHOSITA would have

understood that application of Karthiks solution, which includes using the credit card

identity as the unique identifier, to a point-of-sale terminal, as taught and rendered

obvious by Karthik and Karthik in view of Robinson, would include presenting the card

to the point-of-sale system. Jones Decl. (EX1003) at 63. In addition, a PHOSITA

would have also found it obvious from Karthiks teachings for the card to be presented

to the point-of-sale terminal, e.g. by swiping or inserting it, because this was the most

common way at the time to obtain the credit card identity for use by a server as a unique

identifier needed to access the users acccount. Id. A PHOSITA would have been

motivated to implement Karthik in this way based on Karthiks express teaching to

apply its solution to a POS system, which almost invariably employed card readers at

the time. Id. A PHOSITA would have also been so motivated based on Karthiks

ATM embodiment teachings in which the user inserts an ATM card, the cards identity

is read, and the card identity is then used by the server to access the appropriate stored

biometric data to use for verification. Karthik (EX1004) at 193-197; see also id. at

198-211, Fig. 10; see also Jones Decl. (EX1003) at 63. A PHOSITA would have

41
IPR2017-01514
U.S. Patent 8,799,088
also appreciated that this would have enhanced Karthiks solution by making it broadly

applicable to standard point-of-sale systems, which commonly used card readers to

efficiently obtain credit card information, rather than requiring manual entry of the

credit card number, which was known to be error prone. Jones Decl. (EX1003) at 63.

ix) Claim 16:

16. The method as in claim 1, further comprising verifying each of the


uploaded plurality of biometric identification data of the user with an external
database.
This claim is obvious over Karthik in view of Robinson for the same reasons

as discussed for [1(d)]. See Sec. IV.A.i at [1(d)]. Robinsons third party database,

which can be a government drivers license/identification database, would

constitute an external database, as recited in claim 16. See id.

x) Claim 17:

[17(pre)]17. A system for using biometric identification data to positively


identify users of financial services card, comprising:
Karthik teaches this limitation, to the extent it is limiting. See supra [1(pre)]

in Sec. IV.A.i.

[17(a)] a remote server configured for requesting at least one biometric


identification data of a user associated with a financial services card, the card
being cross associated with a card identity;
Karthik teaches or renders obvious this limitation. See supra Sec. IV.A.i at

[1(a)] and [1(b)] and Sec. IV.A.vii at Claim 14. Further, as discussed for Claim 14,

Karthik teaches that the credit card number is used as the unique identifier for the

42
IPR2017-01514
U.S. Patent 8,799,088
user; thus, the card is cross associated with a card identity as claimed. See Sec.

IV.A.vii at Claim 14.

[17(b)] a network connected personal computing device configured for


uploading the at least one biometric identification data of the user and for
transmitting the at least one biometric identification data to be associated with
the card to the remote server;
Karthik teaches this limitation. See supra Sec. IV.A.i at [1(c)]. As discussed,

a PHOSITA would have understood that the users computing device running the

web browser and uploading the biometric data during enrollment in Karthik is a

network connected personal computing device. Id.; see also Karthik (EX1004) at

140, 148-149, 15; Jones Decl. (EX1003) at 47. Further, as discussed, Karthik

teaches that the credit card number is used as the unique identifier for storing the

users associated biometric data. See supra Sec. IV.A.i at [1(a)]; see also supra Sec.

IV.A.vii at Claim 14.

[17(c)] the remote server further configured for authenticating the uploaded
plurality of biometric identification data with biometric identification data
stored in a related information repository;
Karthik in view of Robinson renders this limitation obvious. See supra Sec.

IV.A.i at [1(d)].

[17(d)] and storing a record of the uploaded at least one biometric


identification data;
Karthik teaches this limitation. See supra Sec. IV.A.i at [1(e)].

43
IPR2017-01514
U.S. Patent 8,799,088
[17(e)] a terminal configured for reading the card identity from the card,
prompting the user to input the at least one biometric identification data and
for transmitting the card identity and the inputted at least one biometric
identification data to the remote server; and
Karthik renders obvious this limitation, and Karthik in view of Robinson

also renders obvious this limitation. See supra Sec. IV.A.i at [1(f)] (POS terminal

prompting user for and then uploading biometric data to remote server); see also

supra Sec. IV.A.vii at Claim 14 (use of card identity) and Sec. IV.A.viii at Claim

15 (POS terminal reading card identity and transmitting it to server). In addition,

Karthik teaches transmitting a unique identifier to the remote server, and Karthik

teaches that this unique identifier can be the card identity. See, e.g., Karthik

(EX1004) at 154-157.

[17(f)] wherein the remote server is configured to verify the biometric


identification data for the card for a transaction by retrieving the record of
the user's biometric identification data record from the database, determining
if the biometric identification data input into the terminal matches the record
of biometric identification data retrieved from the database and sending a
validation to the terminal if the biometric identification data entered into the
terminal matches record of the biometric identification data retrieved from
the database.
Karthik teaches or at least renders obvious this limitation. See supra Sec.

IV.A.i at [1(g)].

44
IPR2017-01514
U.S. Patent 8,799,088
xi) Claim 18:

18. The system as in claim 17, further comprising a second remote server
configured for verifying the users identity to confirm the users identity as
the true user of the financial services card.
Karthik teaches, or at least renders obvious, this limitation through its teachings

relating to using existing methods of initially verifying the users identity through

providing credit card information during enrollment. See supra Sec. IV.A.ii at Claim

2. Karthik teaches checking the credit card identity against the credit card

companys credit card database (EX1004 at 136-138), and a PHOSITA would

have understood that this credit card database is housed on a second remote server

that is different from the server storing the biometric data. Jones Decl. (EX1003) at

57. In addition, as discussed in the context of claim 2, supra, Karthik discloses a

Third-party Web-Site that can be used to initially authenticate the user as the true user

of the credit card (EX1004 at 213-219, Fig. 9) which would also be understood to

be housed on a second remote server different from the server used for biometric

enrollment and verification. Jones Decl. (EX1003) at 57.

xii) Claim 19:

19. The system as in claim 17, further comprising an external database for
verifying each of the uploaded at least one biometric identification data of the
user.
Karthik in view of Robinson renders this limitation obvious. See supra Sec.

IV.A.ix at Claim 16.

45
IPR2017-01514
U.S. Patent 8,799,088
xiii) Claim 21:
[21(pre)] 21. A computer server configured to:
Karthik teaches this limitation, to the extent it is limiting. See supra Sec.

IV.A.i at [1(a)].

[21(a)] request at least one biometric identification data of a user associated


with a financial services card, the card being cross associated with a card
identity;
Karthik teaches or renders obvious this limitation. See supra Sec. IV.A.x at

[17(a)].

[21(b)] receive, from a user device, the at least one biometric identification
data of the user and for transmitting the at least one biometric identification
data to be associated with the card to the remote server;
Karthik teaches this limitation. See supra Sec. IV.A.i at [1(c)]. Further, as

discussed, Karthik teaches that the credit card number is used as the unique

identifier for storing the users associated biometric data. See supra Sec. IV.A.i at

[1(a)]; see also supra Sec. IV.A.vii at Claim 14.

[21(c)] authenticate the uploaded plurality of biometric identification data


with biometric identification data stored in a related information repository;
Karthik in view of Robinson renders this limitation obvious. See supra Sec.

IV.A.i at [1(d)].

[21(d)] store a record of the uploaded at least one biometric identification data
in a database;
Karthik teaches this limitation. See supra Sec. IV.A.i at [1(e)].

46
IPR2017-01514
U.S. Patent 8,799,088
[21(e)] receive biometric identification data for the card for a transaction
from a point-of-sale terminal;
Karthik teaches or renders obvious this limitation, and Karthik in view of

Robinson renders obvious this limitation. See supra Sec IV.A.i at [1(f)].

[21(f)] verify the biometric identification data for the card for a transaction by
retrieving the record of the users biometric identification data record from
the database, determining if the biometric identification data from the point-
of-sale terminal matches the record of biometric identification data retrieved
from the database and sending a validation to the terminal if the biometric
identification data from the point-of-sale terminal matches record of the
biometric identification data retrieved from the database.
Karthik teaches or renders obvious this limitation. See supra Sec. IV.A.i at

[1(g)].

B. Ground 2: Karthik in view of Alvarez renders claims 1-9, 11-19, and


21 obvious under 103(a)

Regarding the related information repository limitation, as discussed

above, Karthik teaches that the server component will validate the uploaded

biometric data during enrollment, but Karthik does not provide further detail

regarding this limitation. Karthik (EX1004) at 149, 80. However, U.S. Patent

7,735,125 to Alvarez et al. (Alvarez) (EX1006) teaches a system for financial

services including an external verification system for comparing biometric

identification data collected at a kiosk to biometric data previously stored in a

third-party government database 240. Alvarez (EX1006) at 1:17-20, 6:38-45,

6:60-7:15. Alvarez was filed on October 15, 2004, issued on June 8, 2010, and

therefore qualifies as prior art to the 088 Patent under 35 U.S.C. 102(e) (pre-

47
IPR2017-01514
U.S. Patent 8,799,088
AIA). See Alvarez (EX1006). Alvarez was not cited or discussed during

prosecution of the 088 Patent. 6

Alvarez teaches systems and methods of identifying and verifying the

identity of a user of a credit card, debit card, or stored-value card through

previously uploaded biometric identification data. Id. at Abstract, 1:17-20, 2:55-59,

3:35-4:6, Fig. 4. Alvarez further teaches that uploaded biometric identification data

is compared to data previously stored in a third-party government database 240

for authentication. Id. at 6:38-45, 6:60-7:15, Figs. 2-4.

As discussed below, a PHOSITA at the time of the 088 Patent would have

found it obvious to combine the teachings of Karthik and Alvarez to provide the

validation during enrollment taught by Karthik using a trusted government

database as taught by Alvarez. Jones Decl. (EX1003) at 65. As discussed by

Alvarez, such a comparison is suggested by US regulations requiring monitoring

and reporting of suspicious financial activity. Alvarez (EX1006) at 6:64-7:15;

Jones Decl. (EX1003) at 65. Comparison of biometric identification data with

data stored in a related information repository, such as a third-party database, was a

6
Alvarez has an earlier 102(e) date than Robinson and also expressly recites using

a persons signature as biometric data. Id. at 5:59-66, 7:46-52, 8:35-39.

48
IPR2017-01514
U.S. Patent 8,799,088
well-known method of increasing confidence in a determination of a users identity

at the time of the 088 Patent. Id.

Alvarez is in the same field of endeavor as and is reasonably pertinent to the

claimed invention of the 088 Patent. Like the 088 Patent, Alvarez teaches a

biometric verification system that relates to financial services and allows a user

to initially enroll biometric data to obtain a financial services card. Alvarez

(EX1006) at 6:38-45, 6:64-7:15, Figs. 2-4. Alvarez, like the 088 Patent, uses

biometric authorization as a means of enhancing security to reduce risk of financial

loss from fraud losses. See id. at 2:55-59, 3:35-4:6. Alvarez, therefore, is

analogous art to the claimed invention of the 088 Patent.

i) Claim 1

[1(pre)] 1. A method for verifying the identity of users of financial services


provider cards over a network, the method comprising:
[1(a)] providing a web site for verifying the identity of a user of a financial
services provider card, the web site being hosted by at least one server in
communication with the network;
Karthik teaches these limitations. See supra Sec. IV.A.i at [1(pre)] & [1(a)].
[1(b)] requesting, by the at least one server, a plurality of biometric
identification data of the user;
Karthik teaches or renders obvious this limitation. See supra Sec. IV.A.i at

[1(b)]. In addition, Alvarez, like Karthik, teaches that its system can use a plurality

of biometric data or one type or a combination of types of biometric data. Alvarez

(EX1006) at 7:46-54.

49
IPR2017-01514
U.S. Patent 8,799,088
[1(c)] uploading the plurality of biometric identification data of the user
requested by the at least one server via a network connected computing device
to the web site;
Karthik teaches this limitation. See supra Sec. IV.A.i at [1(c)].

[1(d)] authenticating, by the at least one server, the uploaded plurality of


biometric identification data with a biometric identification data stored in a
related information repository;
As discussed above, Karthik teaches that the server will validate uploaded

biometric identification data during the enrollment process, prior to storage of the

data, but does not expressly describe authentication using a related information

repository. See supra Sec. IV.A.i at [1(d)].

Alvarez, however, teaches the same. Particularly, Alvarez teaches an external

verification system that can verify or assist in verifying the identity of a user.

Alvarez (EX1006) at 6:38-45. Particularly, as seen below in Figure 2, the external

verification system may use a government database 240 (related information

repository) linked to a bank system and/or card transaction processing system that

may include fingerprints, voice samples, photo identification, or other personal

data.

50
IPR2017-01514
U.S. Patent 8,799,088

Id. at Fig. 2, 6:64-7:2.

For example, regarding Figure 3, Alvarez describes a process by which

biometric identification data such as a signature is collected from a user to be

associated with a financial services provider card, such as a credit card or stored-

value card. Id. at 7:27-54. The biometric identification data is then verified based

on the comparison of the customer input data with the customer record which was

received from the external verification system or the external system may do the

comparison and transmit a verification result. Id. at 7:66-8:20; Figs. 4-5.

A PHOSITA would have found it obvious to provide the validation during

enrollment taught by Karthik using the verification against a third-party

government database as taught by Alvarez. Id. at 6:38-45, 6:64-7:15, 7:66-8:6, Figs.

51
IPR2017-01514
U.S. Patent 8,799,088
2-4; Jones Decl. (EX1003) at 65. Comparison of biometric identification data

with pre-stored biometric data in a related information repository was a well-

known method of increasing confidence in a users identity and their provided

biometric data. Id. A PHOSITA would have been motivated to make this

combination by Karthiks teaching of validation of the users biometric data

during enrollment. Id. Third-party biometric databases, such as government

databases, were well known at the time, and biometrics industry standards for the

same had already been adopted. Id.; see also EX1020 at 35-54. A PHOSITA

would have appreciated that this combination would have beneficially improved

Karthiks system by enhancing the trustworthiness of the biometric data provided

by the user during enrollment and by furthering Karthiks goal of reducing fraud.

Jones Decl. (EX1003) at 65.

[1(e)] storing the plurality of biometric identification data in a database


coupled to the at least one server; and
Karthik teaches this limitation. See supra Sec. IV.A.i at [1(e)].

[1(f)] uploading biometric identification data provided by the user at a point-


of-sale terminal to the at least one server;
Karthik teaches or renders obvious this limitation. See supra Sec. IV.A.i at

at [1(f)].

52
IPR2017-01514
U.S. Patent 8,799,088
[1(g)] determining, by the at least one server, if the biometric identification
data provided by the user at point-of-sale of the terminal matches the
biometric identification data retrieved from the database and sending a
validation signal to the terminal if the biometric identification data provided
by the user at point-of-sale of the terminal matches the biometric
identification data retrieved from the database;
[1(h)] receiving the validating signal at the point-of-sale terminal and
executing a purchase transaction at a point-of sale terminal.
Karthik teaches or renders obvious these limitations. See supra Sec. IV.A.i

at [1(g)] & [1(h)].

ii) Claims 2, 4-7, 9, 11:


2. The method as in claim 1, further comprising:
accessing a preselected identification verification web site via the network
connected computing device; and
verifying the user's identity using standard verification software to confirm
the user's identity as the true user of the financial services card.
4. The method as in claim 1, wherein the requested plurality of biometric
identification data includes a fingerprint of the user.
5. The method as in claim 1, wherein the requested plurality of biometric
identification data includes retina data of the user.
6. The method as in claim 1, wherein the requested plurality of biometric
identification data includes iris data of the user.
7. The method as in claim 1, wherein the requested plurality of biometric
identification data includes hand geometry of the user.
9. The method as in claim 1, wherein the requested plurality of biometric
identification data includes a voice pattern of the user.
11. The method as in claim 1, further comprising prompting, by the point-of-
sale terminal, the user to provide at least two biometric identification data to
verify the point-of-sale transaction.

53
IPR2017-01514
U.S. Patent 8,799,088
Karthik teaches or renders obvious these limitations. See supra Sec. IV.A.ii,

iii, & v at Claims 2, 4-7, 9, & 11.

iii) Claim 3:

3. The method as in claim 1, wherein the requested plurality of biometric


identification data includes a face image of the user.
Alvarez teaches biometric identification data including an image analysis.

Alvarez (EX1006) at 4:47-53. Further, Alvarez discloses one type of biometric

capture mechanism may be a video capturing device such as a video camera.

Id. at 5:57-6:11, 7:46-54, Fig. 1. A PHOSITA would have understood that either of

these disclosures, alone or in combination, teach or at least render obvious

biometric identification data including a face image of the user. Jones Decl.

(EX1003) at 66. At a minimum, a PHOSITA would have found it obvious, based

on the disclosure of Alvarez, to request a face image of the user as a type of

biometric identification data. Id. A PHOSITA would have found it obvious to

combine this type of biometric identification data with Karthik based on Karthiks

teaching of the use of any other optically distinguishable parameter of the user,

i.e., image-based biometric data. Id. And it would have amounted to a mere

substitution of one well-known image-based biometric for another given that

Karthik discloses numerous image-based parameters. Id.

iv) Claim 8:

8. The method as in claim 1, wherein the requested plurality of biometric


identification data includes a signature of the user.

54
IPR2017-01514
U.S. Patent 8,799,088
Alvarez teaches using a users signature as biometric data. Alvarez

(EX1006) at 4:47-53. Further, Alvarez discloses one type of biometric capture

mechanism may be a signature capturing device such as a signature scanner. Id. at

5:57-6:11, Fig. 1. A PHOSITA, therefore, would have understood Alvarez teaches

using a signature of the user as biometric data. Jones Decl. (EX1003) at 67. A

PHOSITA would have found it obvious to combine this type of biometric based on

Karthik teaching use of any other optically distinguishable parameter of the user.

Id. Signature recognition technology was well known at the time of the 088 Patent,

and would have been mere substitution of one well known image-based biometric

for another that would not have required undue experimentation. Id.

v) Claim 12:

12. The method as in claim 1, further comprising prompting, by the point-of-


sale terminal, the user to provide a digital signature comparison to verify the
point-of-sale transaction.
Karthik teaches or renders obvious prompting by the point-of-sale terminal

to provide biometric data, including a digital signature, to verify a point-of-sale

transaction. See supra Sec. IV.A.i at [1(f)]. Additionally, Alvarez teaches biometric

identification data including a digital signature. See supra Sec. IV.A.iii at Claim 8.

Based on these teachings, A PHOSITA would have found it obvious to

prompt a user to provide a signature for verification at a point-of-sale. Jones Decl.

(EX1003) at 68. Such a process would have yielded the predictable result of an

55
IPR2017-01514
U.S. Patent 8,799,088
instructed workflow for a signature to verify a transaction, and would have been

within the skill of a PHOSITA to achieve without undue experimentation, for the

same reasons as discussed for claim 8. Id.

vi) Claim 13:

13. The method as in claim 1, further comprising prompting, by the point-of-


sale terminal, the user to provide a digital photographic comparison to verify
the point-of-sale transaction.
Karthik teaches or renders obvious prompting by the point-of-sale terminal

to provide biometric data in the form of a digital photographic comparison, to

verify a point-of-sale transaction. See supra Sec. IV.A.i at [1(f)]. Additionally,

Alvarez teaches biometric identification data obtained using a video capturing

device, such as a video camera. See supra Sec. IV.B.iii at Claim 3.

Based on these teachings, a PHOSITA would have found it obvious to

prompt a user to provide a digital photograph comparison for verification at a

point-of-sale. Jones Decl. (EX1003) at 69. Such a process would have yielded the

predictable result of an instructed workflow for an image verification of a

transaction, and would have been a mere substitution of one known image-based

biometric for another that would not have required undue experimentation. Id.

vii) Claims 14 and 15:

14. The method as in claim 1, further comprising accessing, by the at least one
server, the biometric identification data based on an identity of the card.
Karthik teaches this limitation. See supra Sec. IV.A.vii at Claim 14.

56
IPR2017-01514
U.S. Patent 8,799,088
15. The method as in claim 14, further comprising presenting the card to the
point-of-sale terminal to be identified so as to access the at least one server
and access the biometric identification data in the database for an identified
card.
Karthik teaches or renders obvious this limitation. See Sec. IV.A.viii at

Claim15.

viii) Claim 16:

16. The method as in claim 1, further comprising verifying each of the


uploaded plurality of biometric identification data of the user with an external
database.
This claim is obvious over Karthik in view of Alvarez for the same reasons

as discussed for [1(d)]. See Sec. IV.B.i at [1(d)]. Alvarezs government database

240 would constitute an external database, as recited in claim 16. See id.

ix) Claim 17:

17. A system for using biometric identification data to positively identify users
of financial services card, comprising:
Karthik teaches this limitation. See supra Sec. IV.A.x at [17(pre)].

[17(a)] a remote server configured for requesting at least one biometric


identification data of a user associated with a financial services card, the card
being cross associated with a card identity;
Karthik teaches or renders obvious this limitation. See supra Sec. IV.A.i at

[1(a)-1(b)] & Sec. IV.A.x at 17[(a)].

57
IPR2017-01514
U.S. Patent 8,799,088
[17(b)] a network connected personal computing device configured for
uploading the at least one biometric identification data of the user and for
transmitting the at least one biometric identification data to be associated with
the card to the remote server;
Karthik teaches or renders obvious this limitation. See supra Sec. IV.A.i at

[1(c)] & Sec. IV.A.x at [17(b)].

[17(c)] the remote server further configured for authenticating the uploaded
plurality of biometric identification data with biometric identification data
stored in a related information repository;
Karthik in view of Alvarez renders obvious this limitation. See supra Sec.

IV.B.i at [1(d)].

[17(d)] and storing a record of the uploaded at least one biometric


identification data;
Karthik teaches this limitation. See supra Sec. IV.A.i at [1(e)].

[17(e)] a terminal configured for reading the card identity from the card,
prompting the user to input the at least one biometric identification data and
for transmitting the card identity and the inputted at least one biometric
identification data to the remote server; and
Karthik teaches or renders obvious this limitation. See supra Sec. IV.A.x at

[17(e)].

58
IPR2017-01514
U.S. Patent 8,799,088
[17(f)] wherein the remote server is configured to verify the biometric
identification data for the card for a transaction by retrieving the record of
the user's biometric identification data record from the database, determining
if the biometric identification data input into the terminal matches the record
of biometric identification data retrieved from the database and sending a
validation to the terminal if the biometric identification data entered into the
terminal matches record of the biometric identification data retrieved from
the database.
Karthik teaches or renders obvious this limitation. See supra Sec. IV.A.i at

[1(g)].

x) Claim 18:

18. The system as in claim 17, further comprising a second remote server
configured for verifying the user's identity to confirm the user's identity as the
true user of the financial services card.
Karthik teaches or renders obvious this limitation. See supra Sec. IV.A.xi at

Claim 18.

xi) Claim 19:

19. The system as in claim 17, further comprising an external database for
verifying each of the uploaded at least one biometric identification data of the
user.
Karthik teaches or renders obvious this limitation. See supra Sec. IV.A.ix at

Claim 16.

xii) Claim 21:

21. A computer server configured to:


Karthik teaches this limitation, to the extent it is limiting. See supra Sec.

IV.A.i at [1(a)].

59
IPR2017-01514
U.S. Patent 8,799,088
[21(a)] request at least one biometric identification data of a user associated
with a financial services card, the card being cross associated with a card
identity;
Karthik teaches or renders obvious this limitation. See supra Sec. IV.A.x at

[17(a)].

[21(b)] receive, from a user device, the at least one biometric identification
data of the user and for transmitting the at least one biometric identification
data to be associated with the card to the remote server;
Karthik teaches this limitation. See supra Sec. IV.A.xiii at [21(b)].

[21(c)] authenticate the uploaded plurality of biometric identification data


with biometric identification data stored in a related information repository;
Karthik in view of Alvarez renders obvious this limitation. See supra Sec.

IV.B.i at [1(d)].

[21(d)] store a record of the uploaded at least one biometric identification data
in a database;
Karthik teaches this limitation. See supra Sec. IV.A.i at [1(e)].
[21(e)] receive biometric identification data for the card for a transaction
from a point-of-sale terminal;
Karthik teaches or renders obvious this limitation. See supra Sec. IV.A.i at

[1(f)].

60
IPR2017-01514
U.S. Patent 8,799,088
[21(f)] verify the biometric identification data for the card for a transaction by
retrieving the record of the user's biometric identification data record from
the database, determining if the biometric identification data from the point-
of-sale terminal matches the record of biometric identification data retrieved
from the database and sending a validation to the terminal if the biometric
identification data from the point-of-sale terminal matches record of the
biometric identification data retrieved from the database.
Karthik teaches or renders obvious this limitation. See supra Sec. IV.A.i at

[1(g)].

C. Ground 3: Saito renders obvious claim 20 under 103(a)

U.S. Patent No. 7,278,025 to Saito et al. (Saito) (EX1007) was filed

September 10, 2003 and issued on October 2, 2007 and therefore qualifies as prior

art to the 088 Patent under 35 U.S.C. 102(e) (pre-AIA). See Saito (EX1007).

Saito was not cited or discussed during prosecution of the 088 Patent.

Saito generally teaches biometrically verifying the identity of a user of an

identification card, which contains an on-board memory for stored biometric data

of the user. Id. at Abstract, 2:1-13. The users identity can be verified using biometric

data, such as fingerprint data, provided at a client terminal, that can be sent to a remote

server for comparison to previously-stored biometric data. Id. at 2:1-13, 2:66-3:4, 8:6-

12, 10:18-30. Saito, therefore, is analogous art to the 088 Patent.

61
IPR2017-01514
U.S. Patent 8,799,088
i) Claim 20:

[20(pre)] 20. A method for verifying the identity of users of financial services
provider cards over a network, the method comprising:
Saito teaches a method of biometrically verifying the identity of smart card

users over a transactional network including a financial institution and a separate

authentication server. Id. at 2:1-13, 2:66-3:4, Fig. 3. Saito states that among the

applications contemplated for the invention is an electronic wallet, and, as such,

Satios card can store Visa, MasterCard, American Express, etc. credit card

information. Id. at 17:26-53, 17:54-18:2.

[20(a)] uploading biometric identification data provided by the user at a


point-of-sale terminal to the at least one server wherein the biometric
identification data [is] stored on a user card;
Saito teaches a system for biometric verification of the identity of a person

presenting a smart card at a client terminal for completing a secure transaction,

such as a financial transaction. See, e.g., id. at 7:5-17, 7:38-49, 2:66-3:22, Fig. 3.

Specifically, Saito teaches the collection of fingerprint data at a client terminal

200, which sends the data to an authentication server (e.g., authentication server

204, such as a Fingerprint Authentication Server) that compares the data with

stored data for previously registered users. Id. at 7:6-18, 7:38-49, 8:6-12, 10:18-30,

Fig. 3; see also id. at 10:31-59. Saito teaches that the biometric data can be stored

on the user card for comparison against locally stored biometric data prior to

62
IPR2017-01514
U.S. Patent 8,799,088
transmission to the remote authentication system for verification. Id. at Abstract,

2:1-22, 5:42-46, 18:3-18:9.

The client terminal includes a fixed card reader into which the card is

inserted, and the card includes a magnetic stripe for backwards compatibility with

older magnetic stripe based terminals. Id. at 4:11-24, 7:50-60. Saito also teaches

that the card can be used as an electronic wallet, that it can store credit card

information, and that the users biometric data can be input to a transactional network

including a financial institution and a separate authentication server prior[] to . . . any

automated process for completing a secure transaction. Id. at 17:26-53, 17:54-18:2,

2:66-3:4. And a conventional Personal Identification Number (PIN) entry

process is used. Id. at 2:33-38, 3:58-4:10. Based on these disclosures of Saito, a

PHOSITA would have understood Saito to disclose a point-of-sale client terminal.

Jones Decl. (EX1003) at 70.

Alternatively, a PHOSITA at the time of the 088 Patent would have found

it obvious and been motivated by the above express disclosures of Saito to use

Saitos client terminal at a point-of-sale for completing purchase transactions,

because Saitos client terminal possesses the common features of point-of-sale

terminals (magnetic strip reader, PIN entry, communication with financial

institutions for completing transactions, etc.). Id. Thus, such a minor modification,

63
IPR2017-01514
U.S. Patent 8,799,088
if any, would not have required undue experimentation, and a PHOSITA would

have appreciated the benefit of enhancing security at point-of-sale terminals. Id.

[20(b)] determining, by the at least one server, if the biometric identification


data provided by the user card matches the biometric identification data
retrieved from the database and sending a validation signal to the terminal if
the biometric identification data provided by the user matches the biometric
identification data retrieved from the database;
Saito teaches that a Fingerprint Authentication Server compares the

fingerprint data to a Fingerprint File for the user, and if the data is matched the

Authentication Server sends an enabling instruction to the Application Server.

Saito (EX1007) at 10:25-30, see also id. at 10:31-59, 16:46-66. Saito also teaches

that the Fingerprint Authentication Server can validate[] the Users identity to

both the Client Terminal 200 and to the Application Server 202 in response to a

successful match. Id. at 11:3-7. Thus, Saito teaches or at least renders obvious

sending a validation signal from the server to the client terminal if the uploaded

biometric data matches the biometric data previously stored at the server. Jones

Decl. (EX1003) at 71.

[20(c)] receiving the validating signal at the point-of-sale terminal and


executing a purchase transaction at a point-of sale terminal.
Because Saito teaches or renders obvious sending a validation signal to the

client terminal, it would be understood by a PHOSITA that the validation signal

would also be received at the client terminal. Jones Decl. (EX1003) at 71. The

client terminal is in secure communication with the application server, which

64
IPR2017-01514
U.S. Patent 8,799,088
includes functionality for conducting a transaction after the users identity has

been verified by the authentication server. Saito (EX1007) at 7:10-17, 7:37-41; see

also id. at 7:61-8:5 (the application server includes a transactional application

module 216); 10:28-30 ([I]f the data is matched the Authentication Server sends

an enabling instruction to the Application Service Server.). Further, Saito teaches

that the captured biometric data and cardholder identity is input to a transactional

network including a financial institution and a separate authentication server prior[]

to any . . . automated process for completing a secure transaction. Id. at 2:66-3:4.

As discussed, Saito also teaches that its card may be used as an electronic wallet

and can store Visa, MasterCard, American Express, etc. credit card information. Id.

at 17:13-38, 17:65-18:2. For these reasons and those discussed with regard to limitation

[20(a)] above, a PHOSITA would have understood that the user can execute a purchase

transaction at a point-of-sale terminal after the validation signal is sent by the

authentication server. See supra Saito as applied to [20(a)]; Jones Decl. (EX1003) at

72.

65
IPR2017-01514
U.S. Patent 8,799,088
V. CONCLUSION

Petitioners respectfully request that claims 1-9 and 11-21 of the 088 Patent

be canceled.

Respectfully submitted,

/s/ Jason R. Mudd


Jason R. Mudd, Reg. No. 57,700
Eric A. Buresh, Reg. No. 50,394
Jonathan Stroud, Reg. No. 72,518
Roshan Mansinghani, Reg. No. 62,429

ATTORNEYS FOR PETITIONER

66
IPR2017-01514
U.S. Patent 8,799,088
VI. MANDATORY NOTICES UNDER 37 C.F.R. 42.8(A)(1)

A. Real Party-In-Interest

Petitioner is the real party-in-interest. 37 C.F.R. 42.8(b)(1). No other party

exercised control or could exercise control over Petitioners participation in this

proceeding, the filing of this petition, or the conduct of any ensuing trial.

B. Related Matters

The 088 Patent has been the subject of the following patent infringement

lawsuit: Rothschild Biometric Systems, LLC v. USAA Savings Bank, 2:17-cv-

00061-RWS-RSP (E.D. Tex.).7 37 C.F.R. 42.8(b)(2).

C. Lead and Back-Up Counsel Under 37 C.F.R. 42.8(b)(3)

Petitioner provides the following designation and service information for

lead and back-up counsel. 37 C.F.R. 42.8(b)(3) and (b)(4). Jason Mudd will serve

as lead counsel. Roshan Mansinghani will serve as primary back-up counsel. Eric

Buresh and Jonathan Stroud will serve as additional back-up counsel. Please direct

all correspondence regarding this proceeding to counsel at their respective email

7
Rothschild Biometric Systems, LLC purports to hold itself out as the current

assignee of the 088 Patent, however, USPTO assignment records still list SRR

Patent Holdings, LLC as the current assignee. Petitioner, therefore, has identified

both entities as Patent Owner in this petition out of an abundance of caution.

67
IPR2017-01514
U.S. Patent 8,799,088
addresses: jason.mudd@eriseip.com, eric.buresh@eriseip.com, ptab@eriseip.com,

jonathan@unifiedpatents.com, and roshan@unifiedpatents.com. 37 C.F.R.

42.8(b)(4).

Lead Counsel Back-Up Counsel


Jason R. Mudd (Reg. No. 57,700) Roshan Mansinghani (Reg. No. 62,429)
jason.mudd@eriseip.com roshan@unifiedpatents.com
ptab@eriseip.com Postal and Hand-Delivery Address:
Postal and Hand-Delivery Address: Unified Patents Inc.
ERISE IP, P.A. 13355 Noel Road, Suite 1100
6201 College Blvd., Suite 300 Dallas, TX, 75240
Overland Park, Kansas 66211 Telephone: (214) 945-0200
Telephone: (913) 777-5600
Eric A. Buresh (Reg. No. 50,394)
eric.buresh@eriseip.com
ptab@eriseip.com
Postal and Hand-Delivery Address:
ERISE IP, P.A.
6201 College Blvd., Suite 300
Overland Park, Kansas 66211
Telephone: (913) 777-5600

Jonathan Stroud (Reg. No. 72,518)


jonathan@unifiedpatents.com
Postal and Hand-Delivery Address:
Unified Patents Inc.
1875 Connecticut Ave. NW, Floor 10
Washington, D.C., 20009
Telephone: (202) 805-8931

D. Payment of Fees Under 37 C.F.R. 42.103

The undersigned submitted payment by deposit account with the filing of

this Petition authorizing the Office to charge fees required under 37 C.F.R.

42.103(a) and 42.15(a).

68
IPR2017-01514
U.S. Patent 8,799,088
APPENDIX OF EXHIBITS

EX1001 U.S. Patent 8,799,088 B2 to Rothschild (088 Patent)


EX1002 File History of U.S. Patent 8,799,088 B2 to Rothschild (088 File
History)
EX1003 Expert Declaration of Dr. Creed Jones (Jones Decl.)
EX1004 U.S. Patent App. No. 2005/0165700 A1 to Karthik (Karthik)
EX1005 U.S. Patent No. 7,483,862 to Robinson et al. (Robinson)
EX1006 U.S. Patent No. 7,735,125 to Alvarez et al. (Alvarez)
EX1007 U.S. Patent No. 7,278,025 to Saito et al. (Saito)
EX1008 File History of Parent Application No. 12/157,576 (Parent File
History)
EX1009 U.S. Patent No. 5,657,389 to Houvener (Houvener)
EX1010 U.S. Patent No. 6,591,249 to Zoka (Zoka)
EX1011 Jain, A. et al., An Introduction to Biometric Recognition, IEEE
Transactions On Circuits And Systems For Video Technology,
Vol. 14, No. 1, January 2004 (Jain)
EX1012 RESERVED
EX1013 Sasi, S. & Vangala, R., Biometric Authentication for E-
Commerce Transaction, IEEE IST 2004 International Workshop
on Imaging Systems and Techniques, May 14, 2004 (Sasi)
EX1014 Frye, M., The Body as a Password: Considerations, Uses, and
Concerns of Biometric Technologies, Georgetown University,
April 27, 2001 (Frye)
EX1015 The Role of Biometrics in IT Security and Continuous
Authentication (Role of Biometrics)
EX1016 Tilton, C., The Role of Biometrics in Enterprise Security, Dell
Power Solutions, February 2006 (Tilton)
EX1017 U.S. Patent Application Publication No. 2001/0051924 to Uberti
(Uberti)
EX1018 Agulla, E. et al., An Open Source Java Framework for Biometric
Web Authentication based on BioAPI, Knowledge-Based
Intelligent Information and Engineering Systems
11th International Conference, KES 2007, XVII Italian Workshop
on Neural Networks, Vietri sul Mare, Italy, September 12-14,
2007, pp.809-815 (Agulla)
IPR2017-01514
U.S. Patent 8,799,088
EX1019 U.S. Patent Application Publication No. 2002/0091646 to Lake et
al. (Lake)
EX1020 AAMVA DL/ID-2000-06-30, US National Standard for the
Driver License/Identification Card, 2000 (National Standard)
EX1021 INCITS 358-2002 (R2007), American National Standard for
Information Technology, The BioAPI Specification (BioAPI
Specification)
EX1022 The Federal Financial Institutions Examination Council,
Authentication in an Internet Banking Environment, October
12, 2005 (FFIEC 2005 Guidance)
EX1023 U.S. Patent No. 6,366,682 to Hoffman et al. (Hoffman)
IPR2017-01514
U.S. Patent 8,799,088

CERTIFICATE OF COMPLIANCE

Pursuant to 37 C.F.R. 42.24(d), I hereby certify that this Petition complies


with the type-volume limitation of 37 C.F.R. 42.24(a)(1)(i) because it contains
13,963 words, as determined by the Microsoft Office Word word-processing
program used to prepare this document, excluding the parts of the document
exempted by 37 C.F.R. 42.24(a)(1).

/s/ Jason R. Mudd


Jason R. Mudd, Reg. No. 57,700
IPR2017-01514
U.S. Patent 8,799,088

CERTIFICATE OF SERVICE ON PATENT OWNER


UNDER 37 C.F.R. 42.105(a)

Pursuant to 37 C.F.R. 42.6(e) and 42.105(b), the undersigned certifies


that on June 16, 2017, a complete and entire copy of this Petition for Inter Partes
Review and the accompanying exhibits were provided via Federal Express to the
Patent Owner by serving the correspondence address of record for the 088 Patent:

Greer, Burns and Crain -AD


Attn: Steven Fallon & Atanu Das
300 S. Wacker Drive
Suite 2500
Chicago, IL 60606

Further, a courtesy copy of this Petition for Inter Partes Review was sent via
e-mail to Patent Owners litigation counsel:

Hao Ni
hni@nilawfirm.com
Timothy T. Wang
twang@nilawfirm.com
Neal G. Massand
nmassand@nilawfirm.com
Stevenson Moore V
smoore@nilawfirm.com
Krystal L. McCool
kmccool@nilawfirm.com
NI, WANG & MASSAND, PLLC
8140 Walnut Hill Ln., Ste. 500
Dallas, TX 75231

BY: /s/ Jason R. Mudd


Jason R. Mudd, Reg. No. 57,700

S-ar putea să vă placă și