UNITED STATES PATENT AND TRADEMARK...
Transcript of UNITED STATES PATENT AND TRADEMARK...
CBM2014-00035
Patent No. 7,051,002
UNITED STATES PATENT AND TRADEMARK OFFICE
___________________________
BEFORE THE PATENT TRIAL AND APPEAL BOARD
___________________________
SECUREBUY, LLC
Petitioner
V.
CARDINALCOMMERCE CORPORATION
Patent Owner
___________________________
Case No. CBM2014-00035
U.S. Patent No. 7,051,002
___________________________
PRELIMINARY PATENT OWNER RESPONSE TO PETITION FOR
COVERED BUSINESS METHOD PATENT REVIEW
CBM2014-00035
Patent No. 7,051,002
i
I. INTRODUCTION ........................................................................................... 1
II. BACKGROUND ............................................................................................. 1
III. OVERVIEW OF THE ’002 PATENT ............................................................ 2
IV. THE ’002 PATENT PROSECUTION HISTORY .......................................... 4
V. SUMMARY OF ARGUMENT ....................................................................... 5
VI. CLAIM CONSTRUCTION .......................................................................... 11
A. “Authentication Protocol” ................................................................... 12
B. “Authentication Determination” ......................................................... 14
C. “Connection Layer” ............................................................................. 15
D. “Plug-in Layer” ................................................................................... 16
E. “Distribution Layer” ............................................................................ 17
VII. RESPONSE TO GROUND 1: CLAIMS 1–14 OF THE ’002
PATENT ARE DIRECTED TO PATENTABLE SUBJECT
MATTER ....................................................................................................... 18
A. 35 U.S.C. § 101 ................................................................................... 18
B. The ’002 Patent Claims Are Directed To A Technical Solution
To A Technical Problem ..................................................................... 20
C. Petitioner’s Attempt to Define the Claims of the ’002 Patent as
an Abstract Idea Is Baseless ................................................................ 27
VIII. RESPONSE TO GROUND 2: THE CLAIMS OF THE ’002
PATENT ARE PATENTABLE UNDER 35 U.S.C. § 102(a) ...................... 33
A. Claims 1, 2, 4, 5, 9, 13 and 14 of the ’002 Patent Are Not
Anticipated by Weller ......................................................................... 33
1. General Description of Weller ..................................................34
2. Weller Does Not Disclose “A Plurality of Authentication
Protocols” as Recited in the ’002 Patent Claims ......................35
CBM2014-00035
Patent No. 7,051,002
ii
3. Weller Does Not Disclose “Determining” or “Selecting”
the Authentication Protocol as Recited in the ’002 Patent
Claims .......................................................................................36
4. Weller Does Not Disclose the Third-Party Server or
Universal Platform Server Recited in the ’002 Patent
Claims .......................................................................................40
B. The Absent Claim Limitations are Not Inherent in Weller ................. 45
C. The Chatterjee Expert Declaration Does Not Save Petitioner’s
Anticipation Arguments ...................................................................... 48
IX. RESPONSE TO GROUND 3: CLAIMS 1–11, 13 and 14 OF THE
’002 PATENT ARE NOT INVALID UNDER 35 U.S.C. § 103(a) ............. 49
A. Claims 1–11, 13 and 14 of the ’002 Patent Are Not Invalid
Under 35 U.S.C. 103(a) over Weller in View of Swain ..................... 52
1. The Scope and Content of Weller and Swain ...........................52
2. The Combination of Weller in view of Swain Does Not
Disclose Each and Every Limitation of any Claims of the
’002 Patent ................................................................................58
3. One of Ordinary Skill Would Not Have Combined or
Modified Weller in view of Swain in the Way Suggested
by the Claims ............................................................................62
B. Claims 1, 10 and 17 Are Not Obvious over the Admitted Prior
Art in view of Kay ............................................................................... 68
1. The Scope and Content of the Admitted Art and Kay ..............68
2. The Combination of the Admitted Prior Art in View of
Kay Does Not Disclose Each and Every Limitation of
Claims 1, 5 and 14 of the ’002 Patent .......................................69
3. One of Ordinary Skill in the Art Would Not Have
Combined or Modified the Alleged Prior Art References
as Recited by the Claims ...........................................................71
CBM2014-00035
Patent No. 7,051,002
iii
C. Claim 1 of the ’002 Patent Is Not Obvious Over the Admitted
Prior Art in view of Gudgin ................................................................ 76
1. The Scope and Content of the Admitted Prior Art and
Gudgin .......................................................................................77
2. The Combination of the Background Prior Art in View of
Gudgin Does Not Disclose Each Limitation of Claim 1 .........77
3. One of Ordinary Skill in the Art Would Not Have
Combined or Modified the Alleged Prior Art Reference
With Gudgin as Recited in Claim 1 ..........................................79
X. CONCLUSION .............................................................................................. 80
CBM2014-00035
Patent No. 7,051,002
iv
TABLE OF AUTHORITIES
Cases
ActiveVideo Networks, Inc. v. Verizon Comm’ns, Inc.,
694 F.3d 1312 (Fed. Cir. 2012) ............................................................................49
Alexsam, Inc. v. IDT Corp.,
715 F.3d 1336 (Fed. Cir. 2013) ............................................................................67
Apple Inc. v. Sightsound Tech., LLC,
CBM2013-19, Doc. 17 (P.T.A.B. Oct. 8, 2013) ..................................... 20, 26, 31
Application of Ratti,
270 F.2d 810 (C.C.P.A. 1959) ....................................................................... 66, 74
August Tech. Corp. v. Camtek, Ltd.,
655 F.3d 1278 (Fed. Cir. 2011) ..................................................................... 59, 61
Bilski v. Kappos,
130 S. Ct. 3218 (2010) .................................................................................. 18, 19
Broadcom Corp. v. Emulex Corp.,
732 F.3d 1325 (Fed. Cir. 2013) ..................................................................... 59, 61
Diamond v. Diehr,
450 U.S. 175 (1981) ...................................................................................... 19, 31
Ecolochem, Inc. v. S. Cal. Edison Co.,
227 F.3d 1361 (Fed. Cir. 2000) ..................................................................... 76, 80
In re Abbott Diabetes Care Inc.,
696 F.3d 1142 (Fed. Cir. 2012) ............................................................................12
In re Bilski,
545 F.3d 943 (Fed. Cir. 2008) ..............................................................................19
In re Fritch,
972 F.2d 1260 (Fed. Cir. 1992) ..................................................................... 67, 76
In re Gordon,
733 F.2d 900 (Fed. Cir. 1984) ....................................................................... 66, 74
CBM2014-00035
Patent No. 7,051,002
v
In re Gurley,
27 F.3d 551 (Fed. Cir. 1994) ................................................................................58
In re Lowry,
32 F.3d 1579 (Fed. Cir. 1994) ..............................................................................51
In re NTP, Inc.,
654 F.3d 1279 (Fed. Cir. 2011) ............................................................................12
In re Omeprazole Patent Lit.,
483 F.3d 1364 (Fed. Cir. 2007) ..................................................................... 46, 48
In re Robertson,
169 F.3d 743 (Fed. Cir. 1999) ..............................................................................45
KSR Int’l Co. v. Teleflex Inc.,
550 U.S. 398 (2007) ...................................................................................... 50, 51
Mayo Collaborative Servs. v. Prometheus Labs., Inc.,
132 S. Ct. 1289 (2012) .........................................................................................19
Mintz v. Dietz & Watson, Inc.,
679 F.3d 1372 (Fed. Cir. 2012) ..................................................................... 76, 80
Motorola Mobility, LLC v. Int’l Trade Comm’n,
737 F.3d 1345 (Fed. Cir. 2013) ..................................................................... 46, 48
Oakley, Inc. v. Sunglass Hut Int’l,
316 F.3d 1331 (Fed. Cir. 2003) ............................................................................49
Phillips v. AWH Corp.,
415 F.3d 1303 (Fed. Cir. 2005) ............................................................................12
Research Corp. Techs., Inc. v. Microsoft Corp.,
627 F.3d 859 (Fed. Cir. 2010) ........................................................... 20, 24, 27, 28
Richardson v. Suzuki Motor Co.,
868 F.2d 1226 (Fed. Cir. 1989) ............................................................................34
Santarus, Inc. v. Par Pharm., Inc.,
694 F.3d 1344 (Fed. Cir. 2012) ............................................................................58
CBM2014-00035
Patent No. 7,051,002
vi
SAP America, Inc. v. Versata Development Group, Inc.,
CBM2012-0001 (P.T.A.B. June 11, 2013) ..........................................................18
Scripps Clinic & Research Found. v. Genentech, Inc.,
927 F.2d 1565 (Fed. Cir. 1991) ............................................................................34
SiRF Tech., Inc. v. Int’l Trade Comm’n,
601 F.3d 1319 (Fed. Cir. 2010) ............................................................................25
St. Jude Med., Inc. v. Access Closure, Inc.,
729 F.3d 1369 (Fed. Cir. 2013) ............................................................... 51, 59, 61
Star Scientific, Inc. v. R.J. Reynolds Tobacco Co.,
655 F.3d 1364 (Fed. Cir. 2011) ............................................................................52
Ultramercial, Inc. v. Hulu, LLC,
722 F.3d 1335 (Fed. Cir. 2013) .................................................................... passim
Verdegaal Bros. v. Union Oil Co. of Cal.,
814 F.2d 628 (Fed. Cir. 1987) ..............................................................................34
W.L. Gore & Assoc., Inc. v. Garlock, Inc.,
721 F.2d 1540 (Fed. Cir. 1983) ......................................................... 51, 58, 67, 76
Statutes
35 U.S.C. § 101 ........................................................................................................18
35 U.S.C. § 103(a) ...................................................................................................50
35 U.S.C. § 325(d) ...................................................................................................68
Rules
37 C.F.R. §§ 42.207(a); 42.300(a) ............................................................................. 1
77 Fed. Reg. 48680, 48702 ......................................................................................68
MPEP § 2131.02 ......................................................................................................34
CBM2014-00035
Patent No. 7,051,002
I. INTRODUCTION
Pursuant to 37 C.F.R. §§ 42.207(a) and 42.300(a), Patent Owner
CardinalCommerce Corporation (“Cardinal”) submits this Preliminary Response to
the Corrected Petition (Paper No. 5) (the “Petition”) filed by SecureBuy, LLC
(“SecureBuy” or “Petitioner”) requesting covered business method review of
claims 1–14 of U.S. Patent No. 7,051,002 (the “’002 Patent,” Ex. 1001). Cardinal
respectfully requests that the Patent Trial and Appeal Board (the “Board”) deny
institution because Petitioner fails to establish that any claim is more likely than
not to be found invalid.
II. BACKGROUND
Cardinal is the owner of the ’002 Patent. It is an industry leader in payment
authentication for e-commerce and mobile commerce. One of Cardinal’s premier
offerings is the Cardinal Centinel® platform, which practices claims of the ’002
Patent. The platform facilitates payment authentication for transactions between
consumers and thousands of merchants and merchant service providers involving
various payment brands, such as Visa and MasterCard. . Cardinal has processed
almost two billion transactions using its patented technology.
On November 1, 2013, SecureBuy filed two declaratory judgment actions
against Cardinal concerning the ’002 Patent, one in the District of Delaware, 13-
cv-1792 (LPS), and one in the Southern District of Mississippi, 13-cv-417. On
CBM2014-00035
Patent No. 7,051,002
2
November 12, 2013, Cardinal filed a counterclaim in the District of Delaware
action against SecureBuy for infringement of the ’002 Patent.
III. OVERVIEW OF THE ’002 PATENT
The ’002 Patent is entitled “Universal Merchant Platform for Payment
Authentication” and generally relates to a novel system for facilitating the
authentication of a consumer during the processing of an Internet transaction. ’002
Patent at 4:46–49.
The ’002 Patent discloses that the “use of standard cards in connection with
e-commerce presents certain difficulties, including difficulties concerning the
authentication or positive identification of the cardholder.” Id. at 1:34–38. To
authenticate a consumer, a merchant’s payment processing system must
communicate with a credit/debit card issuer or its agent using issuer-specific
authentication protocols. A prior-art payment processing solution described in the
Background of the ’002 Patent required a merchant to install software (“plug-ins”)
on its system for each payment brand and authentication initiative that it supported.
Id. at 2:1–43, 2:53–64. That solution, however, was burdensome for merchants
because supporting plug-ins required substantial storage space and computing
power and required frequent maintenance. Id. at 2:48–3:4.
The ’002 Patent overcame those problems by removing the need for
merchants to install a plug-in in their local environment. Instead, the ’002 Patent
CBM2014-00035
Patent No. 7,051,002
3
discloses that plug-ins are installed and maintained on a third party’s centralized
processing system/server(s) that determines and selects the appropriate
authentication protocol to use for a particular transaction based on payment
information received for that transaction. Id. at 4:53–56.
One implementation of the invention uses a “thin-client” (i.e., small-in-size)
software application installed on the merchant’s server. This application allows
the merchant to communicate with the third-party centralized processing system
and use the various payment authentication initiatives that the system supported.
Id. at 6:21–46. Specifically, the thin-client communicates data elements (e.g., card
number, account number or name, and transaction amount) between the merchant’s
website and the centralized payment processing system. See id. at 5:22–51,
Figs. 2–3. The centralized system contains logic for payment authentication. Id.
Thus, using the thin-client allows the merchant to participate in various payment
authentication initiatives (e.g., Verified by Visa, MCS Amex SafeKey, and PayPal)
without any significant reprogramming of the merchant’s server or its website.
’002 Patent at 6:26–43.
The claims of the ’002 Patent are directed to specific solutions to the
problems in the prior-art systems. In particular, claims 1–14 are directed to
systems and methods for authenticating a consumer for an e-commerce transaction
using one of a plurality of authentication protocols supported by a universal
CBM2014-00035
Patent No. 7,051,002
4
platform server that includes specific software layers or steps for performing
particular functions.
IV. THE ’002 PATENT PROSECUTION HISTORY
The ’002 Patent issued from U.S. Patent Application Serial No. 10/459,849,
filed on June 12, 2003. It claims priority to Provisional Application
No. 60/386,345, filed on June 12, 2002. On November 4, 2004, the Examiner
issued a non-final office action rejecting claims 1–4, 7, 9, 10 and 15 as anticipated
by U.S. Patent No. 6,560,581; claims 5–6 and 8 as obvious in view of that patent;
and claims 1–3, 10 and 14 as anticipated by “applicant’s Background of Invention
section.” On March 21, 2005, Applicants responded by cancelling claims 1–2 and
15, amending claims 3–4, 7–11 and adding new claims 16 and 17. 3/21/2005
Amendment at 2–6. Applicants amended the “distribution layer” limitation recited
in application claim 11, issued claim 1, to recite how an “authentication program”
is determined based on “payment information.” Id. at 3–4.
On August 15, 2005, the applicants submitted a letter to the Patent Office
explaining the importance and commercial success of the invention:
Notably, the present application relates to an important
invention embodied in commercially successful software products,
services and technology that are currently being made available by the
assignee of record CardinalCommerce Corporation. Moreover, the
commercial significance and uniqueness of the invention is
CBM2014-00035
Patent No. 7,051,002
5
validated by the wide acceptance and recognition that
CardinalCommerce’s technology is receiving in the payment
processing industry, e.g., by industry leaders that have adopted
and/or backed their technology. CardinalCommerce’s partners and
customers include: over 100 issuing banks; over 35 acquirers and/or
merchant service providers ....
8/15/2005 Letter at 2–3. Thereafter, the ’002 Patent issued on May 23, 2006.
V. SUMMARY OF ARGUMENT
A trial should not be instituted because the Petitioner has failed to establish
that any claim of the ’002 Patent is more likely than not invalid. Petitioner
trivializes the patented inventions by characterizing them as “[t]he use of a
separate, non-merchant platform for authentication.” Pet. at 4; Napsky Decl. (Ex.
1008) ¶ 17 (“[T]he claims … are directed toward providing the plug-ins on a
platform of a third party instead of on the platform of the merchant.). In doing so,
Petitioner disregards meaningful claim limitations directed to specific functionality
(either in the form of structural components or method steps) that must be
performed by or included in a universal platform server. Each of Petitioner’s
submitted grounds thus falls flat.
With Ground 1, Petitioner wrongly asserts that the ’002 Patent claims are
invalid under 35 U.S.C. § 101 because the “claim[s] preempt all manner of third
party authentication.” Pet. at 24. Instead, the claims expressly recite systems
CBM2014-00035
Patent No. 7,051,002
6
wherein a third-party server or “universal platform server,” has a specific layered
software architecture to support a transaction conducted between a consumer and a
merchant according to one of a plurality of different authentication protocols
supported by the server or platform, and determines the prescribed authentication
protocol from a plurality of authentication protocols based on received payment
information, and uses that authentication protocol to communicate with an issuer
or service organization (e.g., Visa) to obtain an authentication determination about
a consumer.
Petitioner’s suggestion that the claims “preempt[] all manner of third party
authentication” of a cardholder and are directed to an “abstract idea” (Pet. at 27)
ignores the specific, meaningful claim limitations. Moreover, the universal
platform server is integral to the functionality recited in the ’002 Patent claims,
which are directed to methods and systems that are technological improvements
over the prior art. Thus, the claims are directed to patentable subject matter.
With Ground 2, Petitioner incorrectly asserts that certain claims are invalid
as anticipated by Weller (Ex. 1006).1 Similar to the systems disclosed in the
Background, Weller discloses only a single merchant plug-in located on a
1 If the Board institutes trial based in any part on Weller, then Cardinal intends to
introduce evidence showing that, under 37 C.F.R. § 1.131, Weller is not prior art.
CBM2014-00035
Patent No. 7,051,002
7
merchant’s server. Instead of addressing whether Weller discloses every claim
limitation, Petitioner focuses on whether Weller discloses the abstract idea of third-
party authentication. However, Weller does not disclose the claimed “plurality of
different authentication protocols.” Thus, Weller also fails to disclose both the
claimed “determining” and “selecting” of an authentication protocol from a
plurality of different authentication protocols. Nor does it disclose a universal
platform server or system with the recited layered software architecture.
Chief among Petitioner’s failures is its argument that Weller’s disclosure of
“various authentication methods” is synonymous with the recited “plurality of
authentication protocols.” The claimed “authentication protocol” encompasses
rules for formatting and routing messages between entities used to authenticate a
party. Further, Petitioner fails to establish that Weller discloses determining or
selecting an authentication method from among a plurality of authentication
methods as required by the claims. Petitioner also simply disregards the specific
layered software architecture of claim 1 including the various functions that are
required to be performed by each software layer and the particular arrangement of
those software layers. Indeed, Petitioner at least tacitly concedes that Weller fails
to disclose every limitation recited in the claims by arguing that Weller inherently
discloses numerous limitations. Pet. at 34–36. That argument also fails because
Petitioner does not establish that any limitations are necessarily disclosed in
CBM2014-00035
Patent No. 7,051,002
8
Weller. Therefore, Weller does not anticipate any of the ’002 Patent claims.
With Ground 3, Petitioner argues that certain ’002 Patent claims are invalid
as obvious in view of three separate proposed combinations of alleged prior art
references. Lacking any legitimate reason to make those proposed combinations,
Petitioner improperly uses the claimed invention as a roadmap to selectively cull
disclosures from the prior art to allegedly piece together the claim limitations. For
example, Swain and Kay disclose servers for performing various functions, but
Petitioner—informed by twelve years of seeing the payment authentication
industry develop, not to mention the ’002 Patent—improperly strips the disclosed
servers of their intended purposes disregarding the teachings of the references and
reconstitutes those servers to perform different functions—namely, those claimed
in the ’002 Patent.2 Such blatant hindsight reconstruction is improper.
First, Petitioner asserts that claims 1–11, 13 and 14 of the ’002 Patent are
2 If the Board institutes on Ground 3, Cardinal intends to introduce evidence that
persons of ordinary skill in the art at the time of the invention (1) were moving
away from the claimed inventions and (2) would have been discouraged from
making the proposed combinations and modifications, and (3) that there are factors
evidencing non-obviousness, such as (a) the failure of others, (b) industry
recognition of the patented technology, (c) commercial success and (d) skepticism.
CBM2014-00035
Patent No. 7,051,002
9
invalid as obvious over Weller in view of Swain (Ex. 1005).3 However, the
proposed combination fails to disclose every limitation of any of those claims.
And other than the problem recognized by the inventors about installing plug-ins in
a merchant’s system, Petitioner fails to identify any defect, problem or concern
with the system described in Weller that would have led one of ordinary skill in the
art at the time of the invention to modify that system. Without a legitimate reason
to do so, it would not have been apparent to one of ordinary skill to modify the
Weller system to achieve the systems and methods claimed in the ’002 Patent.
Moreover, Petitioner fails to explain why one of ordinary skill would have ignored
the affirmative teaching in Swain about using a common unifying interface, which
would have led such person to adopt a common authentication protocol and taught
away from a plurality of authentication protocols as required by the ’002 Patent
claims. Further, Petitioner fails to explain why one of ordinary skill would have
positioned the Swain merchant wallet server between the merchant and issuer in
the Weller PAS architecture. Doing so would improperly prevent the Swain
merchant wallet server from performing one of its intended purposes—allowing a
cardholder to authenticate a merchant before a cardholder’s information is sent to
3 If the Board institutes trial based on Swain, Cardinal intends to introduce
evidence showing that, under 37 C.F.R. § 1.131, Swain is not prior art.
CBM2014-00035
Patent No. 7,051,002
10
the merchant.
Petitioner’s second proposed obviousness combination is equally
unsupported. Petitioner asserts that claims 1, 2, 4-8, 10, 13, and 14 are obvious
over the admitted prior art in the ’002 Patent in view of Kay (Ex. 1007). Kay
discloses a front-end proxy server that communicates using a single
communication protocol, not a plurality of communication protocols. The front-
end proxy server acts as a single entry point to a website and is connected to one or
more back-end web servers in a localized environment. Using the Kay front-end
proxy server as the entry point to different back-end authentication systems of
different issuing banks or service organizations while remaining true to the
teaching of Kay that the server acts as a single entry point to a website would
require a different “front-end proxy server” for each issuing bank or service
organization supported. That would result in a plurality of servers each equipped
to format and route messages to accommodate a single protocol to communicate
with a single issuer or service organization, not one server with a “distribution
layer” for communicating with multiple issuers according to a “plurality of
authentication protocols,” as required by claim 1, or a “universal platform server”
as required by claims 5 and 14.
Instead, using the patent as a guide, Petitioner disregards the purpose of the
Kay front-end proxy server and its use in a localized environment and argues that
CBM2014-00035
Patent No. 7,051,002
11
one of ordinary skill in the art would have modified the prior-art system disclosed
in the ’002 Patent to achieve the claimed invention because the prior art system
was “ready for improvement.” However, in coming to that determination,
Petitioner improperly relies on the inventors’ teachings about problems in the prior
art and fails to identify any evidence that one of ordinary skill in the art at the time
of the invention knew of or would have recognized such a need.
Petitioner’s third and final obviousness combination also fails. It involves
combining the prior art disclosed in the patent with Gudgin (Ex. 1010). Petitioner
argues that one of ordinary skill could have used SOAP to communicate with a
third-party server embodying the system of claim 1. That argument is based on a
misunderstanding of SOAP’s functionality, the false premise that such a server
existed in the prior art and a disregard of the specific layered software architecture
of claim 1.
In sum, the Board should deny to institute review because Petitioner fails to
establish that any claim of the ’002 Patent is more likely than not invalid,.
VI. CLAIM CONSTRUCTION
For purposes of this Preliminary Response, Cardinal does not dispute the
broadest reasonable interpretation of the means-plus-function limitations identified
by Petitioner. Below are Cardinal’s proposals for other claim terms Petitioner
identified for construction. As discussed below, each of Cardinal’s proposed
CBM2014-00035
Patent No. 7,051,002
12
constructions is consistent the specification, while Petitioner’s proposals
improperly narrow the claims. Therefore, the Board should adopt Cardinal’s
proposals. Phillips v. AWH Corp., 415 F.3d 1303, 1315 (Fed. Cir. 2005) (“[T]he
specification ‘is always highly relevant to the claim construction analysis. Usually,
it is dispositive; it is the single best guide to the meaning of a disputed term.”); In
re Abbott Diabetes Care Inc., 696 F.3d 1142, 1149–50 (Fed. Cir. 2012) (rejecting
Board’s construction as inconsistent with specification); In re NTP, Inc., 654 F.3d
1279, 1287-90 (Fed. Cir. 2011) (same).
A. “Authentication Protocol”
Term Cardinal’s Proposal Petitioner’s
Proposal
“authentication
protocol”
A prescribed set of rules, including those for
formatting and routing messages, governing
the transmission of messages over a
communications network to verify that a
consumer is likely who he/she claims to be
A process used
to authenticate a
cardholder
Cardinal’s proposal is consistent with the use of the term “authentication
protocol” in the claims and the specification. For example, claim 5 expressly
recognizes that the rules for formatting and routing are part of the authentication
protocol. See, e.g., Claim 5 (“formatting messages and routing the formatted
CBM2014-00035
Patent No. 7,051,002
13
messages over the communications network in accordance with one or more
mandates of the selected authentication protocol”). So too does the specification:
“[A] transaction processing service provider (TPSP) 70 … formats and routes
various messages and takes other defined actions on behalf of the merchant 60 in
accordance with authentication protocols prescribed by the payment processing
network to which the payment instrument being used for the transaction belongs.”
’002 Patent at 5:27–33. The specification also discloses that “the plug-in
component 232 formats and routes messages in accordance with the authentication
protocols prescribed for the determined type of payment instrument or method
being used.” Id. at 10:47–50.
Petitioner’s proposal ignores those clear teachings. Without support or
explanation, Petitioner asserts that a method used to authenticate a consumer, such
as a username and password, is an “authentication protocol.” See Pet. at 37. But
how a person is authenticated, e.g., using passwords, is different from the protocol
used to communicate with the entity that performs the authentication. Only the
latter is disclosed and claimed in the ’002 Patent.
Petitioner’s proposal also improperly attempts to limit the claims to the
authentication of a cardholder. To be sure, the specification states that use of
“standard cards in connection with e-commerce presents certain difficulties,
including difficulties concerning authentication or positive identification of the
CBM2014-00035
Patent No. 7,051,002
14
cardholder.” ’002 Patent at 1:34–38. But the balance of the specification uses the
term “authentication” to refer to consumers in any type of transaction, not just
those involving cards. See id. at 4:63–65(“to authenticate users”), 9:47–50 (the
disclosed system “provides a method for authenticating a consumer”).
B. “Authentication Determination”
Term Cardinal’s Proposal Petitioner’s Proposal
“authentication
determination”
An indication of whether a
consumer has been
authenticated
Verifying the card holder is
authorized to make the
expenditure
Cardinal’s proposal is entirely consistent with the specification. See, e.g.,
’002 Patent at Abstract, 3:25–29, 5:45–51, 11:1–11:10 (“the operative plug-in
component 232 optionally formats and routes a second message to the merchant
such that the consumer/cardholder is redirected to the issuing entity for completing
authentication therewith, whereupon the authentication determination is made. A
response containing the authentication determination made by the issuing entity is
then returned in accordance with routing instructions...”). Petitioner’s proposal is
incorrect because it speaks in terms of authorization to make an expenditure,
which is different from authentication. Authorization concerns “approval to
complete a transaction.” Barron’s Dictionary of Banking Terms at 31 (4th Ed.
CBM2014-00035
Patent No. 7,051,002
15
2000) (defining “authorization” as “issuance of approval to complete a transaction
or pay funds, for example a bank card authorization or payment authorization”)
(Ex. 2001). In contrast, authentication is the “positive identification of a
cardholder” or the process by which “to verify that a consumer is likely who he/she
claims to be.” ’002 Patent at 1:34–38, 4:63–65, 9:47–50. Even where a consumer
is authenticated, he/she may not be authorized to complete a transaction because of
spending limits or the like.
C. “Connection Layer”
Term Cardinal’s Proposal Petitioner’s Proposal
“connection
layer”
An software layer interface used
to communicate with external
resources
Software for communicating
over a network
Cardinal’s proposal is consistent with the ordinary meaning of the term and
supported by the specification’s disclosure that MAPS 200 contains two layers for
communicating with external resources—external connection layer 240 and the
connectivity layer 210. Id. at 7:33–38. “The external connection layer 240
provides a generic interface that is used by the MAPS 200 to communicate with
outside resources, e.g., the directory or the like as prescribed by various
authentication protocols.” Id. at 7:35–39. Similarly, “[t]he connectivity layer 210
CBM2014-00035
Patent No. 7,051,002
16
provides a generic layer for external entities such as merchants to connect to and
process a specific payment authentication transaction.” Id. at 7:40–42.
Petitioner’s proposal disregards that the specific connection software interfaces of
the system are part of the layered architecture recited in claim 1 and instead refers
broadly to any software for communicating over a network.
D. “Plug-in Layer”
Term Cardinal’s Proposal Petitioner’s Proposal
“plug-in layer” A software layer
comprising various plug-in
components
A plurality of software components
for authenticating card holders
based on the payment information
Cardinal’s proposal is consistent with the ordinary meaning of the term and
its use in the claim 1, which recites a “plug-in layer including a plurality of plug-in
components.” It also is consistent with the specification which states that “plug-in
layer 230 includes a plurality of individual authentication initiative plug-in
components 232.” See id. at 8:47–63, Fig. 3. Petitioner’s proposal disregards that
the plug-in layer is part of the layered system architecture of claim 1 comprising
plug-in components. Petitioner’s proposal also adds functionality inconsistent with
the plain claim language and the teaching of the ’002 Patent—neither of which
limits the use of a plug-in for authentication of cardholders. Also, the’002 Patent
CBM2014-00035
Patent No. 7,051,002
17
discloses that the plug-ins are used to facilitate communication with the issuer or
service organization—the plug-ins do not authenticate the consumer themselves.
Id. at 11:1–11:10 (“the authentication determination made by the issuing entity”).
E. “Distribution Layer”
Term Cardinal’s Proposal Petitioner’s Proposal
“distribution
layer”
Software layer for routing messages
among other software layers within
the system
Software for routing data
among software
components
Cardinal’s proposal is consistent with the ordinary meaning of the claim
term and supported by the specification, which discloses that “[t]he message
distribution layer 220 is a component within the software architecture [of the
MAPS 200].” ’002 Patent at 8:38–40; see id. at 7:32–39, Fig. 3 (element 220).
Further, the ’002 Patent discloses that distribution layer 220 “is preferably a low
footprint message distribution application configured to route XML or other like
messages to specific plug-in components in the plug-in layer 230 for appropriate
transaction processing.” ’002 Patent at 8:43–46. Petitioner’s proposal, however,
disregards that the distribution “layer” is a part of the layered system architecture
of claim 1 and ignores that it sends messages to other software layers within that
system.
CBM2014-00035
Patent No. 7,051,002
18
VII. RESPONSE TO GROUND 1: CLAIMS 1–14 OF THE ’002 PATENT
ARE DIRECTED TO PATENTABLE SUBJECT MATTER
Petitioner fails to establish that the ’002 Patent claims are more likely than
not unpatentable under 35 U.S.C. § 101. Petitioner alleges that the claims are
patent ineligible because they are drawn to an abstract idea. Pet. at 25–34. In SAP
America, Inc. v. Versata Development Group, Inc., CBM2012-0001 (P.T.A.B. June
11, 2013), the Board explained that a patent claim does not recite an abstract idea if
it incorporates sufficient meaningful limitations. Here, such meaningful
limitations exist in the ’002 Patent claims.
A. 35 U.S.C. § 101
Section 101 controls the inquiry into what constitutes patentable subject
matter. It states “[w]hoever invents or discovers any new and useful process,
machine, manufacture, or composition of matter, or any new and useful
improvement thereof, may obtain a patent therefor, subject to the conditions and
requirements of this title.” 35 U.S.C. § 101. “Underscoring its breadth, § 101 both
uses expansive categories and modifies them with the word ‘any.’ The Supreme
Court has emphasized that, ‘[i]n choosing such expansive terms modified by the
comprehensive ‘any,’ Congress plainly contemplated that the patent laws would be
given wide scope.’” Ultramercial, Inc. v. Hulu, LLC, 722 F.3d 1335, 1341 (Fed.
Cir. 2013), quoting Bilski v. Kappos, 130 S. Ct. 3218, 3226 (2010) (“Bilski II”). Of
CBM2014-00035
Patent No. 7,051,002
19
the three limited, judicially created categories of patent-ineligible subject matter
under § 101—laws of nature, natural phenomena, and abstract ideas, Mayo
Collaborative Servs. v. Prometheus Labs., Inc., 132 S. Ct. 1289, 1293 (2012), only
the “abstract idea” exception is at issue here.
To determine whether a patent claim satisfies § 101 and/or is directed to an
abstract idea, the claim as a whole must be analyzed. Diamond v. Diehr, 450 U.S.
175, 188 (1981). “[I]t is irrelevant that any individual step or limitation of such
processes by itself would be unpatentable under § 101.” In re Bilski, 545 F.3d 943,
958 (Fed. Cir. 2008). As the Supreme Court explained:
It is inappropriate to dissect the claims into old and new elements and
then to ignore the presence of the old elements in the analysis. This is
particularly true in a process claim because a new combination of
steps in a process may be patentable even though all the constituents
of the combination were well known and in common use before the
combination was made.
Diehr, 450 U.S. at 188. Thus, while an abstract idea by itself is not patentable, a
practical application of an abstract idea is deserving of patent protection. Mayo,
132 S. Ct. 1293–94; Bilski II, 130 S. Ct. at 3230; Diehr, 450 U.S. at 187.
“[T]he fact that a claim is limited by a tie to a computer is an important
indication of patent eligibility. This tie to a machine moves it farther away from a
claim to the abstract idea itself. Moreover, that same tie makes it less likely that
CBM2014-00035
Patent No. 7,051,002
20
the claims will pre-empt all practical applications of the idea.” Ultramercial, 722
F.3d at 1348. With method claims, where a “claim recites a specific combination
of computer components, at specific locations, that interact in a specific way to
accomplish the steps,” the claim is not directed to an abstract idea. Apple Inc. v.
Sightsound Tech., LLC, CBM2013-19, Doc. 17, at 18 (P.T.A.B. Oct. 8, 2013).
Finally, a claim is directed to an abstract idea only if that idea “exhibit[s]
itself so manifestly as to override the broad statutory categories of eligible subject
matter and the statutory context that directs primary attention on the patentability
criteria of the rest of the Patent Act.” Research Corp. Techs., Inc. v. Microsoft
Corp., 627 F.3d 859, 868 (Fed. Cir. 2010).
B. The ’002 Patent Claims Are Directed To A Technical Solution To
A Technical Problem
As detailed above, the ’002 Patent claims are directed to a technical solution
to a technical problem in the prior art, and not to an abstract idea. The prior-art
payment authentication solution described in the Background required e-commerce
merchants to install software (“plug-ins”) in their payment processing systems for
each debit or credit card payment brand that it supported and wished to
authenticate. ’002 Patent at 2:56–2:64. The ’002 Patent describes the technical
solution of the prior-art systems, including a description of how “the merchant 20,
via a plug-in 22 installed on their server, passes a verify enrollment request
CBM2014-00035
Patent No. 7,051,002
21
(VEReq) message to a directory 38 on a server, e.g., suitably operated by the credit
card network 34” and the interactions of the directory and issuer in response to
such message. ’002 Patent at 1:64–2:35. One problem that the inventors
recognized with that technical solution was the burden for merchants to maintain
plug-ins corresponding to each authentication initiative the merchant wished to
support. Id.
The ’002 Patent invention overcame those problems by having the merchant
install on its server a simplified thin-client and installing on a third-party server, or
universal platform server (MAPS 200, depicted below in Figure 3), the
complicated plug-ins for a plurality of authentication protocols. Id. at 4:56–62.
That third-party centralized processing system/server(s) is a “core component
within the system” and contains processing logic and functionality for facilitating
the authentication of a consumer during the processing of an e-commerce
transaction. See id. at 7:7–11:31.
CBM2014-00035
Patent No. 7,051,002
22
The claims of the ’002 Patent are directed to a technical solution to the
problems described in the Background. Claim 5, which largely is the only claim
Petitioner addressed, recites that a “first party server” has “software … that sends
payment information … to a universal platform server being equipped to format
and route messages over the communications network in different manners to
accommodate the plurality of different authentication protocols prescribed by the
different payment methods”, a “universal platform server” that “receiv[es]
payment information from the first party,” “determin[es] … which of the different
authentication protocols is prescribed by the payment network”, “select[s] … a
CBM2014-00035
Patent No. 7,051,002
23
particular the authentication protocol from [a] plurality of different authentication
protocols” and “obtain[s] an authentication determination … in accordance with
the selected authentication protocol, including formatting and routing the formatted
messages over the communications network in accordance with one or more of the
mandates of the selected authentication protocol.”
Independent claim 1, which Petitioner largely ignores, requires a specific
layered system architecture, as disclosed in Fig. 3, including a “connection layer”
to receive payment information from a merchant over a communications network,
“a plug-in layer including a plurality of plug-in components, each plug-in
component administering a different one of a plurality of authentication programs
in accordance with the authentication protocols prescribed to obtain an
authentication determination for the transactions”; “a distribution layer residing
between the connection layer and the plug-in layer … [for] determining … which
of the different authentication programs is prescribed … [and] routing
communications between the connection layer and the selected plug-in components
in the plug-in layer.”
When viewed as a whole, the ’002 Patent claims simply are not directed to
an abstract idea. Claim 1 is directed to a particular server for receiving payment
information from a merchant with three processing layers, a particular arrangement
of components, i.e., a “distribution layer residing between the connection layer and
CBM2014-00035
Patent No. 7,051,002
24
the plug-in layer”, and particular limitations directed to how the particular
software/hardware components communicate, e.g., “payment information … is
routed to the plug-in component responsible for administering the authentication
program for the particular payment instrument.” Similarly, claims 5 and 14 are
directed to the “universal merchant platform” and expressly require particular
meaningful limitations to be performed by such platform including the determining
and selecting of an appropriate authentication protocol from a plurality of different
authentication protocols supported by the universal platform server and obtaining
an authentication determination in “accordance with the selected authentication
protocol, including formatting and routing the formatted messages over the
communications network in accordance with one or more of the mandates of the
selected authentication protocol.” Thus, instead of being abstract, the claims are
all directed to a novel technological solution to the problems associated with the
prior-art technological solutions described in the Background. See Research, 627
F.3d at 869 (“[I]nventions with specific applications or improvements to
technologies in the marketplace are not likely to be” directed to abstract ideas.). In
particular, the claims are directed to a technological solution in which the universal
platform server “plays a significant part in permitting” and indeed must perform
the recited functionality of determining from payment information received for a
particular transaction (which requires analysis of the payment information) which
CBM2014-00035
Patent No. 7,051,002
25
of the different authentication protocols is prescribed by the payment network,
selecting the appropriate authentication protocol from the plurality of different
authentication protocols, and obtaining an authentication determination in
accordance with the selected authentication protocol. Such claim elements
necessarily encompass and must be performed using computer and network
components. See SiRF Tech., Inc. v. Int’l Trade Comm’n, 601 F.3d 1319, 1332–33
(Fed. Cir. 2010) (holding inability of claimed method to be “performed without”
computer indicates it is directed to patentable subject matter). Indeed, Petitioner
itself argues that the universal platform server is an important element of the ’002
claims stating “[t]he use of a separate, non-merchant platform for authentication is
the essence of the claimed invention of the ’002 Patent.” Pet. at 4; see also Pet. at
28 (“[E]ach of the steps of claim 5 are performed by ‘layers’ or ‘plug-ins’, which
are disclosed to be software operating on one or more servers, i.e., computers.”),
31 (Claim 1 requires various “connection, plug-in, and distribution layers.”), 31
(Claim 14 requires the computer components of claim 1 and, in addition, a
“verification step … performed by a software component on … [a] third party
server.”). Thus, the ’002 Patent claims are clearly and admittedly “limited by a tie
to a computer,” which is “an important indication of patent eligibility.” See
Ultramercial, 722 F.3d at 1348.
Besides being tied to a computer, as detailed above, the claims are directed
CBM2014-00035
Patent No. 7,051,002
26
to specific components and/or steps performed by specific servers to support
authentication and thus contain meaningful limitations. Petitioner concedes this
point as well, noting that the claims require, among other things, “receiving,
selecting and obtaining various information” by various servers. See Pet. at 33.
There is simply nothing abstract about those actions as they require specific
machines to perform the functions required for an authentication determination.
As the Board explained, a “combination of computer components, at specific
locations, that interact in a specific way to accomplish” a technological
improvement over the prior art results in a claim that is patentable under § 101.
See Apple, CBM2013-19, at 18.
Moreover, the Australian Patent Office rejected a similar argument made by
Visa Corporation during an opposition proceeding to the Australian counterpart to
the ’002 Patent.4 Visa argued that the claims, which were similar to the claims of
the ’002 Patent, were unpatentable because they were directed to an abstract or
arbitrary concept. Ex. 2002, Australian Patent Office Opinion, at ¶¶ 17–19. The
Australian Patent Office rejected that argument:
The claims to my mind clearly set out the functionality and
4 Australian Patent Application No. 2003243523 is a foreign counterpart to U.S.
Patent Application Serial No. 10/459,849, which issued as the ’002 Patent.
CBM2014-00035
Patent No. 7,051,002
27
juxtaposition of tangible, networked features of a method and system
that supports authentication processing in an on-line commercial
transactions environment.
Id. Just like those of the Australian patent application, the ’002 Patent claims are
directed to the juxtaposition of tangible, networked features of a method and
system that supports authentication processing and thus are unlikely to be found
invalid under § 101.
C. Petitioner’s Attempt to Define the Claims of the ’002 Patent as an
Abstract Idea Is Baseless
A claim is directed to an “abstract idea” only when “th[at] disqualifying
characteristic … exhibit[s] itself so manifestly as to override the broad statutory
categories of eligible subject matter and the statutory context that directs primary
attention on the patentability criteria of the rest of the Patent Act.” Research, 627
F.3d at 868.
Petitioner argues that the “abstract idea” encompassed by the ’002 Patent
claims is “authenticating a credit card holder during an e-commerce transaction
according to known authentication programs.” Pet. at 25. That argument
disregards, however, that a claim is patent ineligible only if it is directed to the
abstract idea itself instead of an application of the idea. Ultramercial, 722 F.3d at
1343–44. As detailed above, the claims contain meaningful limitations directed to
methods and systems that improve upon the prior-art payment authentication
CBM2014-00035
Patent No. 7,051,002
28
solutions described in the Background. See Research, 627 F.3d at 869
(“[I]nventions with specific applications or improvements to technologies in the
marketplace are not likely to be so abstract that they override the statutory
language and framework of the Patent Act.”).
The claims recite a specific technological solution to authenticated payment
processing—one requiring specific hardware (a third-party server or universal
platform server) that contains specific components (plug-in and distribution layers)
and/or performs specific functionality (determining and selecting an authentication
protocol and using that protocol to format and route messages to obtain an
authentication determination). In attempt to avoid the clear implications of the
limitations of the system claims, Petitioner largely addresses only independent
method claim 5 asserting:
Claim 5 recites little more than the abstract concept of determining an
authentication for a transaction between a first party (merchant) and a
second party (buyer/card holder) with … [the] steps to provide
communication software on the merchant’s server to send payment
information constituting the transaction, determining and selecting an
appropriate protocol to guide the authentication for a particular card,
and obtaining and returning the transaction authentication to complete
the transaction.
Pet. at 20. Petitioner’s self-serving description ignores entirely the “universal
CBM2014-00035
Patent No. 7,051,002
29
platform server” of claim 5, the requirement that such server be equipped to
“format and route messages in different manners to accommodate the plurality of
different authentication protocols”, and that the “authentication determination”
must be obtaining in accordance with the formatting and routing of messages
prescribed by the mandated authentication protocol. Further, Petitioner’s self-
serving description of claim 5, recognizes that claim 5 is directed to a
technological solution for authenticated payment processing and does not preclude
the general abstract idea of all third-party authentication: “Claim 5 recites … steps
to provide communication software on the merchant’s server to send payment
information” to a third-party server which “determin[es] and select[s] an
appropriate protocol to guide the authentication” based on the received payment
information. Id.
Also, the plain language of the claims establishes that Petitioner’s suggestion
that the claims preempt “all manner of third party authentication” is simply false.
Pet. at 25. As discussed above, far from precluding all manner of third-party
authentication, as Petitioner alleges, the ’002 Patent claims instead cover one
technological solution that is an improvement over the prior art disclosed in the
Background. Nothing in the claims would prevent the use of a single
authentication protocol, as taught in Weller and discussed below. And nothing
would prevent the determination and selection of the authentication protocol based
CBM2014-00035
Patent No. 7,051,002
30
on something other than the received payment information.
Petitioner attempts to support its argument that the claims preclude “all
manner of third party authentication” by stating that certain credit card
authentication may be performed manually. See Pet. at 27. In particular, Petitioner
asserts that “[a] person could review the buyer’s payment information, look up the
buyer in a directory for the credit card bank, manually review the buyer/credit card
information, and call or email the merchant and provide the results (authenticated
or not).” Pet. at 28. That argument has no bearing on the validity of the claims
because those alleged “mental steps” are neither recited in nor implicated by the
’002 Patent claims. Ultramercial, 722 F.3d at 1350 (finding “[i]t was error for the
district court to strip away the [claim] limitations and instead imagine some ‘core’
of the invention.”). Petitioner never argues that the specific steps or system
limitations recited in the ’002 Patent claims are drawn to a series of mental steps or
were ever done manually before the ’002 Patent. Instead, Petitioner concedes that
all claims of the ’002 Patent claims are directed to a computer. See Pet. at 28
(“each of the steps of claim 5 are performed by … computers”), 31 (recognizing
that claims 1 and 14 require “various layers and plug-ins” operating on servers).
Indeed, Petitioner’s recitation of mental steps ignores entirely the processing
layers required by the claims and the authentication protocols which require
computer understandable messages to be formatted and routed according to pre-
CBM2014-00035
Patent No. 7,051,002
31
determined rules, which must be performed by a computer to comply with the
realities of an e-commerce transaction (such as encryption). The ’002 Patent
claims simply do not recite a series of mental steps and therefore are not invalid
under 35 U.S.C. § 101.
Petitioner’s Section 101 arguments also miss the mark because they confuse
and conflate patent ineligibility with patent invalidity under Sections 102 and 103.
For example, Petitioner alleges that “software layers are known to drive the
function of computers,” the claims are directed “already known steps,” “the idea of
hosting processes was known,” and the claims are not directed to “any technical
leap over the known processes” for performing authentication. Pet. at 26–30. The
focus of the analysis under 35 U.S.C. § 101, however, is on whether each claim as
a whole is directed to an abstract idea, not on whether individual claim elements
were “known.” Diehr, 450 U.S. at 188 (Under § 101, “[i]t is inappropriate to
dissect the claims into old and new elements and then to ignore the presence of the
old elements in the analysis.”); Apple, CBM2013-19, at 19 n.3 (Whether a claim is
directed to an “abstract idea” is a different question from whether it recites a
feature that is “novel and unobvious.”). Petitioner’s analysis under § 101 never
addresses any claim as a whole, i.e., the particular recited combination of
components and their claimed interaction and functionality, and therefore must be
rejected. See Diehr, 450 U.S. at 188; Apple, CBM2013-19, at 18–21.
CBM2014-00035
Patent No. 7,051,002
32
Lastly, Petitioner’s failure to specifically address the system claims of the
’002 Patent (i.e., claims 1–4 and 14)—in particular, the recited computer software
layers, and how they could possibly be abstract—completely undermines its
conclusory assertion (Pet. at 31-32) that the “only difference between the subject
matter of claim 1” and independent claims 5 is claim 1 is presented from the
perspective of an authentication program. Claim 1 expressly requires a layered
system architecture and even Petitioner concedes that each of these layers is
implemented to perform a specific function as part of a computer system. See id.
at 14. It defies logic for Petitioner to fail to address claim 1’s specific layered
system architecture, and the specific function performed by each software layer.
For example, claim 1 expressly requires a “distribution layer” that is adapted
to “determine the authentication protocol … select the plug-in associated with the
authentication protocol … and instruct the selected plug-in … to obtain an
authentication determination in accordance with its associated authentication
protocol.” It also expressly requires that the “distribution layer” is “residing
between the connection layer and the plug-in layer.” See Claim 1. Like the
meaningful limitations of the method claims, this software component of the
invention expressly ties the inventive technological solution to the problems of the
prior art identified in the Background of the ’002 Patent and requires the
“distribution layer” of the system to determine the authentication protocol and
CBM2014-00035
Patent No. 7,051,002
33
select and instruct a “plug-in” associated with authentication protocol, which is an
additional software component part of the “plug-in layer” of the claimed system,
and to use the rules for formatting and routing messages prescribed by the
authentication protocol to obtain an authentication determination. Petitioner’s
failure to address these limitations (other than to wrongly state they are largely the
same as claim 5) renders Petitioner’s assertion that claim 1 is more likely than not
to be found invalid fundamentally untenable.
VIII. RESPONSE TO GROUND 2: THE CLAIMS OF THE ’002 PATENT
ARE PATENTABLE UNDER 35 U.S.C. § 102(a)
Petitioner challenges claims 1, 2, 4, 5, 9, 13 and 14 as anticipated by an
International Publication No. WO 01/82246 to Weller (“Weller”). As discussed
below, Petitioner fails to establish that it is more likely than not to prevail in
establishing that any claim of the ’002 Patent is anticipated by Weller. Petitioner’s
argument that Weller anticipates those claims is also undermined by Visa’s
opposition to Cardinal’s Australian counterpart application, in which Mr. Weller—
a Visa employee and the author of the Weller reference—submitted a supporting
declaration but neither Mr. Weller nor Visa relied on the Weller patent in asserting
that the Australian patent claims were invalid. Ex. 2002.
A. Claims 1, 2, 4, 5, 9, 13 and 14 of the ’002 Patent Are Not
Anticipated by Weller
Weller does not anticipate any claim of the ’002 Patent. “A claim is
CBM2014-00035
Patent No. 7,051,002
34
anticipated only if each and every element as set forth in the claim is found, either
expressly or inherently described, in a single prior art reference.” Verdegaal Bros.
v. Union Oil Co. of Cal., 814 F.2d 628, 631 (Fed. Cir. 1987), see also MPEP §
2131.02. “The identical invention must be shown in as complete detail as is
contained in the ... claim.” Richardson v. Suzuki Motor Co., 868 F.2d 1226, 1236
(Fed. Cir. 1989). Accordingly, “there must be no difference between the claimed
invention and the reference disclosure, as viewed by a person of ordinary skill in
the field of the invention.” Scripps Clinic & Research Found. v. Genentech, Inc.,
927 F.2d 1565, 1576 (Fed. Cir. 1991).
1. General Description of Weller
Weller was filed by Visa International Service Association and published on
November 1, 2001, seven months before the filing date of the provisional
application to which the ’002 Patent claims priority. Similar to the prior-art
systems disclosed in the Background, Weller discloses a system “for authenticating
the identity of a cardholder during an online transaction [that] involves querying an
access control server to determine if a cardholder is enrolled in a payment
authentication service, request[ing] a password from the cardholder, verify[ing] the
password, and notif[ying] the merchant whether the cardholder’s authenticity has
been verified.” Weller at Abstract. Weller discloses a Payer Authentication
Service (PAS) used to authenticate a cardholder. Each issuer, each merchant and
CBM2014-00035
Patent No. 7,051,002
35
each cardholder must enroll in the PAS system for it to operate. Weller at 12. In
particular, Weller teaches that cardholders may be authenticated through a
“merchant plug-in software module [which] identifies the card account number and
queries the directory server 128 to verify that the account number is within a range
of numbers associated with an issuer bank that is a PAS participant.” Weller at 16.
Importantly, just like the system described in the Background, the merchant plug-
in software in Weller is installed at the merchant’s server. Id. at 9 (“merchant
plug-in software module 134 resides at the location of the merchant 132. … The
plug-in software module provides the interface between the PAS and the
merchant’s payment processing software.”). If the cardholder is registered with
PAS, the cardholder is prompted for a password by a database at the issuer’s
domain. See id. at 17, Fig. 1. Assuming entry of the correct password, the
cardholder is authenticated. Id.
2. Weller Does Not Disclose “A Plurality of Authentication
Protocols” as Recited in the ’002 Patent Claims
Every independent claim of the ’002 Patent requires “a plurality of
authentication protocols.” ’002 Patent at Claims 1, 5, 14. Weller fails to disclose
“a plurality of authentication protocols.” In an effort to rectify this defect,
Petitioner relies on Weller’s disclosure of a “variety of different authentication
methods, such as the use of passwords” supported by PAS. Pet. at 39. That
CBM2014-00035
Patent No. 7,051,002
36
argument is illogical for a number of reasons.
As explained above in Section VI.A., an “authentication protocol” is “a
prescribed set of rules, including those for formatting and routing messages,
governing the transmission of messages over a communications network to verify
that a consumer is likely who he/she claims to be.” By contrast, a password is a
credential provided by a user to potentially verify himself/herself. It is not a
construct to format, route and transmit messages over a communications network.
Thus, Weller fails to teach, disclose or suggest “a plurality of authentication
protocols” as recited in the ’002 Patent claims. Further, Weller on its face does not
disclose a layered software architecture with a “plug-in layer” having a plug-in for
each of the plurality of authentication protocols as required by Claim 1.
Claims 1, 5 and 14 (and their dependent claims) are not anticipated by
Weller because Weller fails to teach, disclose or suggest “a plurality of
authentication protocols.”
3. Weller Does Not Disclose “Determining” or “Selecting” the
Authentication Protocol as Recited in the ’002 Patent
Claims
The ’002 Patent claims require either a “distribution layer residing between
the connection layer and plug-in layer” or a “universal platform server” that
“determine[s] from the payment information received [from the merchant] which
of a different authentication program is prescribed.” Claims 1, 5, and 14. Claims 5
CBM2014-00035
Patent No. 7,051,002
37
and 14, further require selecting a particular authentication protocol from the
plurality of protocols supported by the universal platform server. As discussed
above, Weller fails to disclose “a plurality of authentication protocols” so it
necessarily also fails to disclose determining and selecting the appropriate
authentication protocol or program from a plurality of authentication protocols as
required by the claims.
With respect to claim 1, Petitioner relies on three paragraphs in support of its
allegation that a third-party server is disclosed with a distribution layer, residing
between a connection layer and a plug-in layer, that determines an authentication
protocol or program based on information received from a merchant. Pet. at 39.
None of those paragraphs have anything to do with the function required to be
performed by the distribution layer, they do not mention the specific layers and
how they are required to be configured, and, importantly, they do not mention the
determination of anything let alone an authentication protocol (or the
authentication method identified by Petitioner). Pet. at 39-40. With respect to
claims 5 and 14, Petitioner relies on the following passage to support its allegation
that Weller discloses a system that “determin[es] from the payment information
received at a universal platform server … which of the different authentication
protocols is prescribed”:
A description of the two-step process will now be provided. In the
CBM2014-00035
Patent No. 7,051,002
38
first step, the merchant plug-in software module identity the card
account number and queries the directory server 128 to verify that the
account number is within a range of numbers associated with an issuer
bank that is a PAS participant. If the account number does not fall
within a range of account numbers defined on the directory server
128, then the issuer and thereby its card holder are not registered with
the PAS.
Pet. at 31. First, that passage does not even concern “determining” what Petitioner
alleges in Weller is an “authentication protocol”—one of the disclosed
“authentication methods.” There is only one method employed. Second, that
passage provides that the merchant in Weller receives payment information and the
merchant plug-in (which is located at the merchant’s server) automatically
analyzes that information and “queries the directory server 129 to verify that” the
issuer and cardholder are registered with the PAS. Because Weller discloses that a
merchant supports only one plug-in (see Weller at Fig. 1) and that such plug-in is
associated with only one authentication protocol, Weller fails to disclose
determining the authentication protocol from a plurality of protocols. Third, that
passage discloses any prescribed determination of an authentication protocol is
performed by the merchant, and not a third-party server or “universal platform
server” as required by claims 1, 5 and 14 of the ’002 Patent.
Claims 1 recites a distribution layer that “routes payment information … to
CBM2014-00035
Patent No. 7,051,002
39
the plug-in component responsible for administering the authentication program”
and claims 5 and 14 recite “selecting … a particular authentication protocol from
the plurality of different authentication protocols supported by the universal
platform server.” With respect to claim 1, Petitioner asserts that two passages
completely unrelated to the routing of messages and/or plug-in components
disclose this limitation. Pet. at 40. Petitioner provides no explanation anywhere of
how or why these passages, which on their face do not support Petitioner, could
even possibly disclose the functionality of the “distribution layer.” With respect to
claims 5 and 14, Petitioner relies on the following two passages from Weller as
disclosing the required “selecting” claim elements:
The authentication service of the present invention allows a card
issuer to verify a cardholder’s identify using a variety of
authentication methods, such as the use of passwords.
The issuer domain 102 includes an enrollment site 108, an issuer
cardholder system 110, the cardholder client device 122, an
enrollment server 112, an access control server 114, and issuer or
third party identity authentication component 116, and an account
holder file 118.
Pet. at 43–44 (citations omitted). None of those passages concern selecting an
authentication method. Instead, those passages disclose that the PAS single plug-
in system allows for different “authentication methods,” and that the “issuer
CBM2014-00035
Patent No. 7,051,002
40
domain” may include various servers. Petitioner simply fails to identify anything
in Weller that discloses selecting the authentication protocol from a plurality of
protocols as recited in claims 5 and 14. Further, with respect to claim 1, Weller is
not alleged to, and does not, disclose a layered software architecture with a
“distribution layer” for determining an authentication program associated with an
authentication protocol.
Weller’s failure to teach, disclose or suggest the various functions of the
“distribution layer” of claims 1, 2 and 4 and a “universal platform server” for
“determining” an authentication protocol from the payment information received
from a merchant, and selecting the authentication protocol from the plurality of
authentication protocols, as required by claims 5, 9, 13 and 14, is another
independent basis why those claims are not invalid as anticipated by Weller.
4. Weller Does Not Disclose the Third-Party Server or
Universal Platform Server Recited in the ’002 Patent
Claims
Petitioner alleges that “Weller discloses a payment system in which credit
card authentication is performed on behalf of a merchant by a third party system
that comprises a connection layer, a plug-in layer, and a distribution layer.” Pet. at
35. That is incorrect. Weller does not teach, disclose or suggest the servers and/or
systems recited in the ’002 Patent claims.
As recognized by Petitioner, the claims of the ’002 Patent require a third-
CBM2014-00035
Patent No. 7,051,002
41
party system that facilitates, on behalf of a merchant, the authentication of a
consumer by an issuer. See Napsky at¶ 17. Contrary to Petitioner’s assertions, and
as made plain by Figure 1 of Weller (depicted below), Weller discloses the
consumer (not shown); the merchant 132; the service organization, such as Visa,
which operates directory 128; and the issuer, which controls issuer domain 102.
Absent from Weller is any disclosure of the “third party” or universal platform
server recited in the ’ 002 Patent claims. In particular, Weller fails to teach,
disclose or suggest a “universal platform server” that (1) supports “a plurality of
authentication protocols”; (2) “determin[es] an authentication protocol from the
received payment information”; (3) “select[s] the authentication protocol from the
CBM2014-00035
Patent No. 7,051,002
42
plurality of authentication protocols” and (4) uses an authentication protocol to
“obtain[] an authentication determination in accordance with the selected
authentication protocol” as recited in claims 5 and 14 of the ’002 Patent claims.
Weller further wholly fails to suggest the “connection layer”, “plug-in layer” and
“distribution layer” required by claim 1, let alone the “distribution layer residing
between the connection layer and the plug-in layer.” Notwithstanding Petitioner’s
contrary assertion, the closest thing that Weller discloses to the claimed
functionality takes place at the merchant (the party who sends information to the
universal platform server in the ’002 Patent claims): the “merchant plug-in
software module 134 resides at the location of the merchant 132.” Weller at 9.
Petitioner appears to assert that either the service organization (with
directory 128) or issuer disclosed in Weller is the recited “universal platform
server” in the ’002 Patent claims but fails to provide any specific guidance as to its
allegations. See Pet. at 36–37 (identifying “service organization” and “enrollment
server 112” for steps5(a) and 5(d) and directory server 128 for step 5(b)).
Specifically, Petitioner states that “[t]he service organization 128 of Weller
disclose third party authentication implemented by a third party 128 that interacts
between a merchant and an issuer. Weller also discloses an agent 102 of the issuer
that would act as a third party between the merchant and the issuer.” Pet. at 36.
Those allegations simply do not address whether a third-party server exists for
CBM2014-00035
Patent No. 7,051,002
43
performing the claimed functions.
First, contrary to Petitioner’s assertion, Weller does not disclose that “agent
102 of the issuer that would act as a third party between the merchant and the
issuer.” Instead, Weller discloses that “issuer domain 102 … [is] primarily
controlled by an issuer.” Weller at 8:14–15. Alternatively, Weller discloses that
issuer domain 102 may be controlled by a service association or “even an agent
acting for an issuer.” Weller at 8:19–21. As the issuer domain 102 is controlled
by either the issuer itself or an agent acting for the issuer—meaning either can
make an authentication determination—the agent of the issuer in Weller cannot be
operating the claimed universal platform server because the server must “obtain[]
an authentication determination for the transaction in accordance with the selected
authentication protocol.”
Second, Weller never discloses that either the issuer or service organization
(with directory 128) supports a plurality of authentication protocols or performs
any of the other functionality required by the ’002 Patent claims. Indeed,
Petitioner’s allegations regarding some elements recited in the claims point to the
merchant for performing some of those activities while pointing to the issuer or
CBM2014-00035
Patent No. 7,051,002
44
service organization for others.5 That switching back and forth between the
merchant, issuer and service organization as the entity performing the recited steps
belies Weller’s failure to teach, disclose or suggest the recited “third party.”
Third, in Weller neither the service organization nor the issuer is the claimed
“universal platform server.” Weller discloses that “[d]irectory 128 [, which is
operated by a service organization, such as Visa,] routes authentication requests
from merchants to specific access control servers.” Weller 10. Weller further
discloses that “[t]he card issuer or a service organization, such as Visa, on behalf
of the issuer may operate the access control server 114.” Weller at 9. Hence,
either the issuer or service organization (which in this regard is acting on behalf of
the issuer) will make an authentication determination. See Weller at 3 (“The
authentication service of the present invention allows a card issuer to verify a
cardholder's identity using a variety of authentication methods, such as the use of
passwords.”) (emphasis added). Because the ’002 Patent claims provide that the
5 Petitioner relies on servers of “issuer domain 102” for purposes of the selecting
step and functionality recited in the ’002 Patent claims. See Pet. at 43 (element
5e), 46 (element 14c) & 39 (element “distribution layer”). But for purposes of the
determining steps and functionality of the ’002 Patent claims,” Petitioner relies on
the merchant. See Pet. at 39 (“plug-in layer”), 43 (element 5b), 42 (element 14b).
CBM2014-00035
Patent No. 7,051,002
45
“determination” of an authentication protocol is done by the third-party server or
universal platform server, neither the service organization nor the issuer can
operate that server.
Fourth, Weller does not disclose either a distribution layer or a universal
platform server that “determin[es] from the payment information received …
which of the different authentication [methods] is prescribed for the type of
payment instrument identified in the payment information.” Claim 1; see Claims
5 and 14. Weller discloses the same so-called protocol (or authentication method),
i.e., passwords, will be used regardless of the payment option used by the customer
(second party) for the transaction. Weller at Fig. 1.
Weller’s failure to teach, disclose or suggest the “third party” of independent
claims 1, 5 and 14 (and their independent claims is another independent basis why
those claims are not anticipated by Weller.
B. The Absent Claim Limitations are Not Inherent in Weller
Recognizing the deficiencies in Weller, Petitioner tacitly admits that Weller
does not expressly disclose each claim limitation by resorting to alleging that
various claim elements are disclosed inherently. Pet. 35–37. “To establish
inherency, the extrinsic evidence must make clear that the missing descriptive
matter is necessarily present in the thing described in the reference.” In re
Robertson, 169 F.3d 743,745 (Fed. Cir. 1999). “The mere fact that a certain thing
CBM2014-00035
Patent No. 7,051,002
46
may result from a given set of circumstances is not sufficient.” Id. Instead,
“anticipation by inherent disclosure is appropriate only when the reference
discloses prior art that must necessarily include the unstated limitation, or the
reference cannot inherently anticipate the claims.” In re Omeprazole Patent Lit.,
483 F.3d 1364, 1378 (Fed. Cir. 2007); see Motorola Mobility, LLC v. Int’l Trade
Comm’n, 737 F.3d 1345, 1350 (Fed. Cir. 2013) (rejecting inherency argument
where claim element was not established to be “necessarily required”, noting that
“[i]nherency requires more than probabilities or possibilities.”).
Petitioner alleges that the “third party issuers would inherently include:
[(1)] a connection layer (so as to be able to connect to the merchant); [(2)] a plug-
in layer (so as to verify enrollment); and [(3)] a distribution layer (so as to route an
authentication request to a specific access control server).” Pet. at 36. Notably,
Petitioner fails to allege that all the claimed functionality of those layers would
have been inherent. Petitioner fails to even allege that the recited relative
arrangement of those layers—“a distribution layer residing between the connection
layer and the plug-in layer … each transaction is routed to the plug-in
component”—would be inherent. Further, claim 1 recites that the “plug-in layer
include[s] a plurality of plug-in components, each plug-in component
administering a different one of a plurality of authentication programs” but
Petitioner does not allege (and indeed cannot establish) that anything disclosed in
CBM2014-00035
Patent No. 7,051,002
47
Weller necessarily supports “a plurality of authentication protocols.” Nor does
Petitioner allege that the system of Weller necessarily “determine[s] the
authentication protocol” associated with each of the one or more transactions from
payment information received from the merchant as required by the distribution
layer of claim 1 and the language of claims 5 and 14. This is unsurprising because
neither would seem likely as Weller discloses that issuer 102 uses its access control
server to authenticate a consumer and therefore would need only to support the one
authentication protocol that it mandates merchants to use (if an authentication
protocol even is necessary to perform its internal operations). Moreover, as
discussed above in Section VIII.B.4., issuer 102 of Weller does not use or operate
the claimed “universal platform server.”
Petitioner also argues that “because the issuer can include ‘an issuer or third
party identity authentication component 116,’ there is inherently a distribution
layer that routes an authentication request to either the issuer identity
authentication component or the third party authentication component.” Pet. at 36-
37. That is not the function of the distribution layer of claim 1 of the ’002 Patent.
Further, that argument disregards Weller’s disclosure that issuer or third party
identity authentication database 116 is used to enroll or register a cardholder to the
Payment Authentication Service, not to authenticate a consumer engaged in a
transaction with a merchant:
CBM2014-00035
Patent No. 7,051,002
48
Issuer or third party identity authentication database 116 contains
information that the issuer or third party already has on file regarding
cardholders. Database 116 is used by issuer in the process of
enrolling cardholders to verify the identity of the cardholders. For
instance, information entered by cardholders during the PAS
registration process must match the information already on file in the
authentication database 116 in order for cardholders to successfully
register for PAS. Third parties can be companies such as Equifax.
Weller at 10. Thus, it is unclear what Petitioner hopes to gain by relying on this
passage because it concerns functionality (consumer enrollment or registration) not
implicated by the ’002 Patent claims.
Therefore, the Board should reject Petitioner’s inherency argument because
Petitioner failed to establish that the issuer in Weller necessarily performs the steps
recited in independent claims 5 and 14 or necessarily includes the claimed layers
recited in independent claim 1. See Motorola Mobility, 737 F.3d at 1350; In re
Omeprazole Patent Lit., 483 F.3d at 1378.
C. The Chatterjee Expert Declaration Does Not Save Petitioner’s
Anticipation Arguments
Petitioner submitted a declaration from Dr. Sandeep Chatterjee in support of
its Petition. That declaration devotes only four largely conclusory paragraphs to
Petitioner’s anticipation argument—one of which refers to the claim chart in the
Petition. Chatterjee Decl. (Ex. 1009) ¶¶ 93–96. Notably, Dr. Chatterjee fails to
CBM2014-00035
Patent No. 7,051,002
49
explain how any element claimed in the ’002 Patent not expressly disclosed in
Weller is inherently disclosed in the reference. Instead, the declaration merely
rubber stamps “the claim chart found in the [Petition as] set[ting] forth where each
of the limitations of claims 1–14 are found in Weller.” Chatterjee Decl. ¶ 95. As
explained in the preceding sections VIII.B. and C., the paragraphs relied on in the
claim chart fail to teach, disclose or suggest each and every limitation recited in the
’002 Patent claims.
Simply put, because Dr. Chatterjee “fail[s] to explain” how Weller discloses
each and every limitation, his testimony cannot be used to fill the gaping holes in
the Petition in an attempt to establish that it is more likely than not the ’002 Patent
claims are invalid as anticipated by Weller. See ActiveVideo Networks, Inc. v.
Verizon Comm’ns, Inc., 694 F.3d 1312, 1328–30 (Fed. Cir. 2012) (finding claims
not anticipated as a matter of law where expert “failed to explain” how alleged
prior art disclosed claim limitation”); Oakley, Inc. v. Sunglass Hut Int’l, 316 F.3d
1331, 1343 (Fed. Cir. 2003) (finding anticipation argument “facially deficient”
where expert affidavit contained oncly conclusory statements and did not explain
the expert’s basis for his opinion that each claim limitation was met).
IX. RESPONSE TO GROUND 3: CLAIMS 1–11, 13 AND 14 OF THE ’002
PATENT ARE NOT INVALID UNDER 35 U.S.C. § 103(a)
Petitioner argues that claims 1–14 of the ’002 Patent are invalid as obvious
CBM2014-00035
Patent No. 7,051,002
50
based on a collection of markedly deficient prior art. In particular, Petitioner
alleges that claims 1–11, 13 and 14 of the ’002 Patent are obvious over Weller in
view of International Patent Publication WO 2002/25604 by Swain (“Swain”).
Petitioner further alleges that claims 1, 2, 4–8, 10, 13 and 14 are obvious over the
admitted prior art in the ’002 Patent, most of which is described in the Background
of the ’002 Patent (“Admitted Prior Art”), in view of U.S. Patent No. 6,262,492 to
Kay (“Kay”). Finally, Petitioner alleges that claim 1 of the ’002 Patent is invalid
over the Admitted Prior Art in view of SOAP Version 1.2 Specification by Gudgin
et al. (“Gudgin”). As discussed below, Petitioner fails to establish that it is more
likely than not that any claim of the ’002 Patent is invalid.
Obviousness is a question of law, based on four factual inquiries: (1) the
scope and content of the prior art, (2) the differences between the prior art and the
claimed invention, (3) the level of ordinary skill in the field of the invention, and
(4) any relevant objective considerations. KSR Int’l Co. v. Teleflex Inc., 550 U.S.
398, 406 (2007). An obviousness “rejection[] cannot be sustained by mere
conclusory statements; instead, there must be some articulated reasoning with
some rational underpinning to support the legal conclusion of obviousness.” See
KSR, 550 U.S. at 418. The articulated reasoning must take into account all claim
limitations in order to evaluate the “invention as a whole” as the statute mandates.
35 U.S.C. § 103). Further, it is well settled that all words in a claim must be
CBM2014-00035
Patent No. 7,051,002
51
considered in judging the patentability of that claim against the prior art. In re
Lowry, 32 F.3d 1579, 1582 (Fed. Cir. 1994) (all claim limitations must be
considered); see also M.P.E.P. §§ 2141.02 (“The Claimed Invention as a Whole
Must be Considered”), 2143.03.
A determination of obviousness cannot be based on the hindsight
combination of components selectively culled from the prior art to fit the
parameters of the patented invention. KSR, 500 U.S. at 420; St. Jude Med., Inc. v.
Access Closure, Inc., 729 F.3d 1369, 1381 (Fed. Cir. 2013) (rejecting obviousness
argument because “[e]ven under … expansive and flexible of obviousness analysis,
we must guard against ‘hindsight bias’ and ‘ex post reasoning’”). Indeed, the
Federal Circuit has emphasized the insidious effect that hindsight can have in an
obviousness analysis and the need to take great care to avoid it. W.L. Gore &
Assoc., Inc. v. Garlock, Inc., 721 F.2d 1540, 1553 (Fed. Cir. 1983) (“To imbue one
of ordinary skill in the art with knowledge of the invention in suit, when no prior
art reference or references of record convey or suggest that knowledge, is to fall
victim to the insidious effect of a hindsight syndrome wherein that which only the
inventor taught is used against its teacher.”) (Markey, C.J.).
Instead, to render a patent claim invalid as being obvious from a
combination of references, there must be some evidence within the prior art as a
whole to suggest the desirability, and thus the obviousness, of initially making the
CBM2014-00035
Patent No. 7,051,002
52
combination in a way that would produce the patented invention. Id. Thus, “even
when all claim limitations are found in prior art references, the fact-finder must not
only determine what the prior art teaches, but [also] whether the prior art teaches
away from the claimed invention and whether there is a motivation to combine
teachings from separate references.” Star Scientific, Inc. v. R.J. Reynolds Tobacco
Co., 655 F.3d 1364, 1374–75 (Fed. Cir. 2011) (citations and quotations omitted).
A. Claims 1–11, 13 and 14 of the ’002 Patent Are Not Invalid Under
35 U.S.C. 103(a) over Weller in View of Swain
Petitioner challenges claims 1–11, 13 and 14 of the ’002 Patent as obvious
over Weller in view of Swain. As discussed, Petitioner fails to establish that it is
more likely than not that it will prevail on this ground.
1. The Scope and Content of Weller and Swain
Weller: The scope and content of Weller—in particular, those claim
elements recited in the ’002 Patent that Weller fails to disclose—is discussed in
detail above in Sections VIII.B.–VIII.C.
Swain: Swain was published on March 28, 2002, three months before the filing
date of the provisional application to which the ’002 Patent claims priority. Swain
is directed to a system and method for unifying payment transactions between a
customer and merchant that uses “customer information in one or more electronic
CBM2014-00035
Patent No. 7,051,002
53
wallets” for the transaction.6 Swain at Abstract. Swain discloses that “[t]here are
three components to the generic wallet server architecture: the cardholder, the
client wallet sever, and the merchant website,” where the cardholder is the owner
of a particular client wallet server account. Swain at 2:25–27. Swain also
discloses that a cardholder uses its cardholder wallet server account to conduct a
transaction with a merchant. Swain at 2:27–3:11, 6:12–25.
The particular system and method disclosed in Swain addresses some
disadvantages with prior client wallet solutions such as compatibility between the
client wallet servers and merchant systems and the need to ensure that client
personal information is transmitted to a verified merchant. In particular, Swain
discloses that a disadvantage with the client wallet system was that each client
wallet server used a proprietary interface (API), so a merchant that wanted to
support multiple client wallet servers had to conform to the differing APIs used by
6 An electronic wallet, like the one disclosed in Swain, is a virtual wallet in which a
consumer may store his/her personal and payment information, such as billing and
shipping addresses, credit card information, bank account information. The wallet
may be used at various web merchants and saves the consumer time by avoiding
the need to fill out forms requesting personal and payment information during
checkout and instead transmits his/her wallet information to the merchant.
CBM2014-00035
Patent No. 7,051,002
54
the various client wallet servers. Swain at 3:13–17. Another disadvantage
disclosed in Swain is that “the client is not assured that the merchant entity asking
for cardholder credentials is an authentic and trusted merchant or that the system
being used by the merchant is an authentic and trusted system.” Swain at 6:21–31.
To overcome those limitations, Swain discloses a trusted merchant wallet
server (MWS) that uses a common unifying interface or API to communicate with
client wallet servers from various vendors. Swain at 5:5–6, 7:1–5, 6:24–26.
Instead of the merchant interacting directly with a client wallet server, the
merchant wallet server communicates with both the client wallet server and
merchant website to process the payment transaction. Swain at 7:12–20. The
merchant wallet server shares the cardholder secret encryption key before the
cardholder gives final authorization (i.e., approval) to proceed with any payment,
which assures the cardholder “that he/she is dealing with a trusted system and a
trusted merchant prior to providing final authorization to proceed with the
transaction as only a trusted merchant using a trusted system would have” the
cardholder’s secret key. Swain 12:11–24.
As recognized by Petitioner (Pet. at 51 and 61), Swain does not disclose “a
plurality of authentication protocols prescribed for the respective different types of
payment instruments.” Petitioner further concedes that Swain fails to teach a
“plurality of different payment instrument types having different authentication
CBM2014-00035
Patent No. 7,051,002
55
protocols prescribed therefor by their respective payment networks” as required by
Claims 5 and 14. Pet. at 54. Despite Petitioner’s admission, Petitioner relies on a
single passage in Swain disclosing that “[t]he merchant wallet server has the ability
to engage in payment transaction through an SSL payment gateway[, which] …
provides a good level of security making use of keys for message encryption and
certificates for bi-directional authentication” for many of the claim limitations.
Pet. at 50–61. SSL or Secure Sockets Layer is a security technology for
establishing an encrypted link between a server and a client—typically a web
server (website) and a browser—which verifies via digital certificates the
computers/servers used to conduct a transaction. Importantly, however, SSL is not
alleged to and does not “authenticate” the person (i.e., the consumer) conducting
the transaction and it does not do so. Simply, SSL is not “a prescribed set of rules,
including those for formatting and routing messages, governing the transmission of
messages over a communications network to verify that a consumer is who he/she
claims to be.” Even assuming SSL is an authentication protocol, it is only one
authentication protocol, not “a plurality of different authentication protocols” as
conceded by Petitioner, and there is no disclosure of selecting or determining
whether to use SSL as opposed to a different protocol based on the consumer
financial information.
Consequently, Swain also fails to disclose “a plug-in layer …[wherein] each
CBM2014-00035
Patent No. 7,051,002
56
plug-in component administer[s] a different one of a plurality of authentication
programs in accordance with the authentication protocols”, as required by claim 1
of the ’002 Patent, and “determining from the information received at the universal
platform server … which of the different authentication protocols is prescribed,”
as required by claims 5 and 14.
Further, Swain fails to disclose a “distribution layer residing between the
connection layer and the plug-in layer … determining from the payment
information received … which of the different authentication program is
prescribed … and routing communications between the connection layer and
selected plug-in components in the plug-in layer,” as required by claim 1, and the
“determining” and “selecting” steps of claims 5 and 14. Petitioner quotes a single
passage from Swain about the merchant wallet server providing a common
unifying interface as allegedly disclosing these limitations. Pet. at 52-53, 55-56.
That passage provides as follows:
The MWS is designed such that it is independent of the specific client
wallet server and of the merchant website. That is, the MWS is coded
with specific adapters to available client wallet servers. Furthermore,
the MWS provides a common unifying interface (or API's) to the
merchant for performing payment processing and connectivity to
client wallets. This alleviates the cost overhead of having to add new
API’s for each new client wallet being supported, by the merchant.
CBM2014-00035
Patent No. 7,051,002
57
Swain at 7:22–27. Contrary to Petitioner’s assertion, nothing in that passage
discloses the various software layers required by claim 1, let alone the routing of
communications between software layers, and nothing discloses the “determining”
and/or “selecting” steps required by claims 5 and 14. As explained above, the
merchant wallet server admittedly does not disclose a “plurality of authentication
protocols” and, therefore, it plainly does not disclose determining or selecting an
authentication protocol from among a plurality of authentication protocols. That
passage from Swain discloses that the merchant wallet server may, through
“specific adaptors,” receive messages from the client wallet servers that use
different protocols but uses one “common unifying interface” to send messages to
the merchant.
If anything, Swain discloses an affirmative teaching away from a server
being equipped to format and route messages or to send messages according to a
plurality of different authentication protocols. Swain discloses that the merchant
wallet server receives messages from a client wallet server, which may use
different protocols, but the merchant wallet server sends messages using only a
single API thereby “alleviat[ing] the cost overhead of having to add new API’s for
each new client wallet being supported[] by the merchant.” Id. at 7:22–27. As
with the system disclosed in Weller, that is a teaching that the best approach is the
adoption of a unified, one size-fits all, approach for sending messages. That
CBM2014-00035
Patent No. 7,051,002
58
teaching would suggest to one of ordinary skill in the art at the time of the
invention to use a common unifying authentication protocol for all issuing
networks and payment brands instead of supporting a plurality of different
authentication protocols. See Santarus, Inc. v. Par Pharm., Inc., 694 F.3d 1344,
1354 (Fed. Cir. 2012) (“A reference ‘teaches away’ when it ‘suggests that the line
of development flowing from the reference’s disclosure is unlikely to be
productive of the result sought by the [inventor].’”); In re Gurley, 27 F.3d 551, 553
(Fed. Cir. 1994) (“A reference may be said to teach away when a person of
ordinary skill, upon reading the reference, would be discouraged from following
the path set out in the reference, or would be led in a direction divergent from the
path that was taken by the applicant.”); W.L. Gore, , 721 F.2d at 1552 (“He
proceeded contrary to the accepted wisdom of the prior art by … That fact is strong
evidence of nonobviousness.”) (Markey, C.J.). Accordingly, there are significant
differences between the system disclosed in Swain and the systems and methods
recited in the ’002 Patent claims.
2. The Combination of Weller in view of Swain Does Not
Disclose Each and Every Limitation of any Claims of the
’002 Patent
Neither Swain nor Weller disclose the various software layers of claim 1 and
the juxtaposition of such layers, and/or the plurality of authentication protocols,
determining an authentication protocol, or selecting an authentication protocol
CBM2014-00035
Patent No. 7,051,002
59
from among a plurality of authentication protocols in the manner claimed by the
claims of the ’002 Patent.
The inability to show that each and every claim limitation is disclosed or
taught by the asserted combination of prior art references or elsewhere in the
relevant art, suggests that the claim is nonobvious. See Broadcom Corp. v. Emulex
Corp., 732 F.3d 1325, 1334–35 (Fed. Cir. 2013) (claim not obvious where prior art
reference failed to disclose a “data path” limitation as claimed, and there was no
apparent reason to modify the prior art reference to include the “data path” as the
prior art reference was directed to solving a different problem than that solved by
the claimed invention); St. Jude, 729 F.3d at 1381 (claim not obvious where
“[n]either Takayasu nor Smiley discloses a balloon configured to operate as a
positioning device to prevent a plug from entering a blood vessel as claimed in the
Fowler patents.”); August Tech. Corp. v. Camtek, Ltd., 655 F.3d 1278, 1287 (Fed.
Cir. 2011) (claim not obvious because the alleged combination failed to disclose all
the claim limitations).
The proposed combination of Weller and Swain fails to disclose a
“plurality of authentication protocols” supported by a third-party server, or a
universal platform server, as required by the ’002 Patent claims. Petitioner
argues that “[t]he MWS entity in Swain … can be incorporated into the
authentication system of Weller,” and that the combined “entity would provide a
CBM2014-00035
Patent No. 7,051,002
60
unifying interface for the ‘variety of authentication methods’ and protocols in
Weller.” Pet. at 49. As explained above in SectionsVIII.B.2, the “authentication
methods” disclosed in Weller are not the claimed “authentication protocols.” As
further explained above, at best, Weller discloses one authentication protocol
associated with one merchant plug-in installed at the merchant location. See
Weller at 10:25–30, Fig. 1. Swain admittedly does not disclose the claimed
“plurality of authentication protocols.” Section VIII.A.1. Thus, because both
Weller and Swain each disclose one authentication protocol, the combination of
those references would yield a system with one authentication protocol as well.
Even assuming that Weller disclosed a “plurality of authentication protocols,”
changing to “a unifying interface for the ‘variety of authentication methods’ and
protocols,” as Petitioner suggests (Pet. at 49), would lead to one protocol being
used by the system, not a plurality of protocols.
The proposed combination fails to disclose the “connection layer for
connecting with the merchants”, the “plug-in layer … a different one of a
plurality of authentication programs in accordance with the authentication
protocols”, and a distribution layer residing between the connection layer and
the plug-in layer … routing communications between the connection layer
and … the plug-in layer” recited in claim 1. Section VIII.B.3 establishes that
Weller fails to disclose each of these various components of the system claims.
CBM2014-00035
Patent No. 7,051,002
61
And as discussed in Section IX.A.2., the single paragraph of Swain relied on by
Petitioner fails to disclose the functionality of each of these components.
The proposed combination also fails to disclose a third-party server as
required by claims 1 and 5, see Claim 1 (“a connection layer for connecting
with the merchant”) and Claim 5 (“universal platform server”), that
“determin[es] the authentication protocol from the received payment
information” and “routes” communications either between the various
software layers based on the determined protocol or to the issuer. Section
VIII.B.3 establishes that Weller fails to disclose the various software/hardware
layers of claims 1 and 5 and the “determining” steps required by all of the claims.
And as discussed in Section IX.A.2., Swain too fails to disclose these limitations.
Lastly, Petitioner fails to address the layered system architecture required by
claim 1 let alone why it would be obvious to use the particular layered system
architecture. Presumably, this is why Petitioner’s constructions of the various
software “layers” read out any requirement that they have to be software layers.
Because Weller in view of Swain fails to disclose the limitations of the asserted
claims, and Petitioner fails to address these deficiencies, the claims of the ’002
Patent are not obvious over Weller in view of Swain. See Broadcom, 732 F.3d at
1335; St. Jude, 729 F.3d at 1381; August Tech., 655 F.3d at 1287–90 (claim not
obvious because the alleged combination failed to disclose all the claim
CBM2014-00035
Patent No. 7,051,002
62
limitations).
3. One of Ordinary Skill Would Not Have Combined or
Modified Weller in view of Swain in the Way Suggested by
the Claims
Petitioner alleges that it would have been obvious to incorporate the features
of Swain into the system of Weller because Swain teaches providing a common
interface to a wallet server that “‘alleviates the cost overhead of having to add new
API’s for each new client wallet being supported, by the merchant” and performs
authentication. Pet. at 49; Chatterjee Decl. ¶¶ 113-4. Petitioner also alleges that a
reason to combine Weller and Swain is that Swain “supports Secure Electronic
Transactions, which was an initiative started by Visa and MasterCard [and] … the
system in Weller was … developed by Visa.” Pet. at 46–47.
Petitioner’s expert Dr. Chatterjee does not even rely on Swain’s disclosure
of SET as a reason to combine Weller and Swain. Chatterjee Decl. ¶¶ 112–14.
“Secure Electronic Transaction” or “SET” is a decentralized authentication
protocol where authentication occurs by inference based on the receipt by the
issuer of multiple digital certificates, which is fundamentally different from the
centralized processing system/server(s) operated by the issuer disclosed in Weller
and the third-party centralized processing system/server disclosed and claimed in
the ’002 Patent. Contrary to providing a reason to combine the references, if any,
one of ordinary skill in the art at the time of the invention would have understood
CBM2014-00035
Patent No. 7,051,002
63
Swain’s disclosure of SET as another reason to avoid a combination with Weller
because the use of SET is incompatible with the system disclosed in Weller.
Notably, Petitioner’s expert Dr. Chatterjee does not appear to agree that this is a
legitimate reason to combine Weller and Swain, as it is not mentioned in his
obviousness analysis. Chatterjee Decl. ¶¶ 113–15.
Moreover, notwithstanding Petitioner’s allegations about SET, absent from
the Petition is any legitimate reason why one of ordinary skill in the art at the time
of the invention would have combined Weller in view of Swain and modified that
combination to arrive at the claimed invention. Dr. Chatterjee’s declaration suffers
from the same failure. Chatterjee Decl. ¶¶ 113–15.
That is a glaring omission because Weller discloses a complete alternative
technological solution to payment authentication—i.e., one that authenticates a
consumer in an e-commerce transaction. Indeed, Petitioner fails to identify any
defect, problem or concern raised as to the Weller system other than the problem
identified by the inventors and solved and claimed in the ’002 Patent. Without a
reason to modify the Weller system, it would not have been apparent to one of
ordinary skill in the art at the time of the invention to modify the Weller system to
achieve the system and method claimed in the ’002 Patent.
At best, Weller discloses a system using a single merchant plug-in software
module installed at a merchant site that is associated with a single authentication
CBM2014-00035
Patent No. 7,051,002
64
protocol. Swain discloses a trusted merchant wallet server that is able to
communicate with client wallet servers that use different protocols to send
messages. Swain at 7:2–5. The merchant wallet server “is positioned between the
client wallet server and the merchant web site and effects transactions directly with
a financial host,” performing the payment processing obligations of the merchant.
Id. at 7:8–20. The merchant wallet server receives messages from the client wallet
server which may use different protocols but the merchant wallet server teaches
sending messages using a single API, “alleviat[ing] the cost overhead of having to
add new API’s for each new client wallet being supported[] by the merchant.” Id.
at 7:22–27. Given the teaching in Swain about the importance of compatibility of
the Swain merchant wallet server with different protocols used by various client
wallet servers and the use of a common unifying interface for communicating (see
Swain at 3:13–17, 7:22–27), one of ordinary skill in the art at the time of the
invention tasked with combining the Weller system with the Swain merchant
wallet server would set out to build a system that supports only one authentication
protocol that would be used to communicate with each issuer/service organization
to obtain an authentication determination. This is not only what is suggested by
Swain but it is also what is expressly taught in Weller.
Contrary to Petitioner’s allegation (Pet. at 49), the resulting combination of
Weller of Swain would not “include an entity that is located between a merchant’s
CBM2014-00035
Patent No. 7,051,002
65
server and a card issuer’s server.” Swain expressly discloses that the merchant
wallet server “is an entity positioned between the client wallet server and the
merchant web site and effects transactions directly with a financial host.” Swain at
7:7–10. Indeed, Petitioner recognizes this point. Pet. at 48 (“The MWS is
positioned between a client wallet server and a merchant web site.”). Despite this
express disclosure, Petitioner alleges that “[t]he resulting combination [of Weller
and Swain] would include an entity that is located between a merchant’s server and
the card issuer’s server.” Pet. at 49 (emphasis added). Petitioner cites nothing for
this sleight of hand. Of course, the only logical conclusion for one of ordinary skill
in the art when combining Weller in view of Swain would have been to place the
Swain merchant wallet sever between the cardholder and merchant website in the
Weller PAS architecture.
Further, by rewriting the references to place the merchant wallet server
between the merchant and the issuer, Petitioner ignores that a purpose of the Swain
merchant wallet server is to allow a cardholder to authenticate a merchant before
sending its card information to the merchant. See Swain at 12:11–24. Placing the
merchant wallet server between the merchant and the card issuer would destroy the
system taught in the Swain reference and deprive the cardholder of the
“assur[ance] that he/she is dealing with a trusted system and a trusted merchant
prior to providing final authorization to proceed with the transaction, i.e., before
CBM2014-00035
Patent No. 7,051,002
66
forwarding the merchant the cardholder’s information.” See Swain at 12:21–24.
That alone suggests that one of ordinary skill in the art would not have made the
proposed modification of the combined Weller and Swain system that Petitioner
advocates here. See In re Gordon, 733 F.2d 900, 902 (Fed. Cir. 1984) (reversing
Board’s obviousness conclusion where prior art reference “would be rendered
inoperable for its intended purpose” by proposed modification); Application of
Ratti, 270 F.2d 810, 813 (C.C.P.A. 1959) (no motivation to make suggested
combination of references because it “would require a substantial reconstruction
and redesign of the elements shown in [the prior art reference] as well as a change
in the basic principles under which [that reference’s] construction was designed to
operate”). Petitioner’s conclusory argument on obviousness is not supported by
evidence and completely fails to address why one of skill in the art would ignore
the intended purpose of the Swain merchant wallet server and/or modify the Swain
wallet server by moving it to a different location in the proposed combination.
Petitioner’s failure to provide a legitimate reason why one of ordinary skill
would have modified the combined Weller and Swain systems to achieve the
claimed invention strongly suggests that Petitioner has engaged in a hindsight
reconstruction using the teachings of the ’002 Patent (and the decade of knowledge
gained from seeing this aspect of the payments industry develop) as a roadmap to
modify the prior art to arrive at the claimed invention. That is improper. In re
CBM2014-00035
Patent No. 7,051,002
67
Fritch, 972 F.2d 1260, 1266 (Fed. Cir. 1992) (“It is impermissible to use the
claimed invention as an instruction manual or ‘template’ to piece together the
teachings of the prior art so that the claimed invention is rendered obvious.”); W.L.
Gore, 721 F.2d at 1553.
Dr. Chatterjee’s declaration suffers from the same failures. Specifically,
Dr. Chatterjee fails to explain how or why one of skill in the art at the time of the
invention would have modified the combined Weller and Swain system to achieve
the claimed invention.
Because both Petitioner and Dr. Chatterjee fail to recognize the differences
between the prior art and the claimed inventions and provide no legitimate reason
why one of ordinary skill in the art would have combined and modified the Weller
and Swain systems to achieve the claimed inventions, the conclusory statements in
the Chatterjee declaration are insufficient to establish that the claims are likely to
be held invalid. See Alexsam, Inc. v. IDT Corp., 715 F.3d 1336, 1347–48 (Fed.
Cir. 2013) (holding claims non-obvious where “[e]xpert testimony was required
not only to explain what the prior-art references disclosed, but also to show that a
person skilled in the art would have been motivated to combine them in order to
achieve the claimed invention.”).
CBM2014-00035
Patent No. 7,051,002
68
B. Claims 1, 10 and 17 Are Not Obvious over the Admitted Prior Art
in view of Kay
Petitioner challenges claims 1, 5 and 14 of the ’002 Patent as obvious over
the Admitted Prior Art in view of Kay. As discussed below, Petitioner fails to
establish that it is more likely than not that any claim is invalid on that ground.
1. The Scope and Content of the Admitted Art and Kay
Admitted Prior Art: The Background of the ’002 Patent discloses a
particular prior art payment processing system that conducts e-commerce
transactions between a merchant and consumer. That prior art system required
installing a merchant plug-in on a merchant’s payment system for each debit and
credit card that the merchant wished to support. Id. at 2:63–3:4. Each merchant
plug-in is associated with an issuer-specific authentication protocol used to
communicate with the issuer or its agent, who authenticates the consumer.
The Admitted Prior Art was before the USPTO during prosecution of the
application that issued as the ’002 Patent. This argument involves both the same
prior art and the same or substantially similar arguments previously presented to
the Patent Office during the initial examination of the ’002 Patent. For that reason
alone, the Board should deny Petitioner’s obviousness argument based on the prior
art described in the ’002 Patent. See 77 Fed. Reg. 48680, 48702; 35 U.S.C.
§ 325(d).
CBM2014-00035
Patent No. 7,051,002
69
KAY: Kay discloses that a problem with prior art website management
systems related to their inability “to add functional enhancements to a website that
requires no modification or replacement of the content-storing servers and is
transparent to web browser software.” Kay at 1:19–34. To address this need, Kay
discloses a website 100 with a front-end proxy server 104 and a back-end web
server 102—the arrangement of which allows for functional enhancements to be
added that require no modification or replacement of the content-storing servers
and is transparent to the web browser software. Id. at 1:37–41, 2:32–37. The
front-end proxy server supports only a single communication protocol (e.g.,
HTTP), not a plurality of communication protocols. See id. at 2:37–41. The front-
end proxy server provides an end user (or visitor to a website) a single entry point
to a website and its back-end web servers and typically includes no content on its
own. Id. at 2:66–3:7. Kay discloses that the front-end proxy server can connect to
more than one back-end web server in a localized environment. Id. at 3:8–12.
2. The Combination of the Admitted Prior Art in View of Kay
Does Not Disclose Each and Every Limitation of Claims 1, 5
and 14 of the ’002 Patent
The combination of the Admitted Prior Art in view of Kay does not render
claims 1, 5 or 14 obvious. First, neither the Admitted Prior Art nor Kay discloses
“a plurality of authentication protocols” supported by a third party as required by
the ’002 Patent claims. Although Petitioner recognizes that “the claims … are
CBM2014-00035
Patent No. 7,051,002
70
directed toward providing the plug-ins on a platform of a third party instead of on
the platform of the merchant” (Napsky Decl. ¶ 17), Petitioner relies on the
disclosure in the ’002 Patent that, in the prior art, merchants installed a plug-in into
their processing systems and any such plug-in was associated with an issuer-
specific authentication protocol. See Pet. at 67, 71 and 76. Petitioner simply
asserts that Kay discloses “a plurality of authentication protocols” and a plug-in
layer (without insight into how those elements are disclosed).
Second, neither the Admitted Prior Art nor Kay discloses the universal
platform server, nor the server that receives payment information from a merchant,
as required by the’002 Patent claims. Further, neither the Admitted Prior Art nor
Kay disclose the particular software layers required by the claims of the ’002
Patent. The Admitted Prior Art discloses an issuer or service organization—
neither of which can be the third party of the ’002 Patent claims because they do
not even allegedly contain a server programmed with the specific layers required
by claim 1 and/or they do not allegedly perform the steps of the “universal
platform server” required by claims 5 and 14. Further, Petitioner does not allege
that Kay discloses the claimed third party.
Third, Petitioner fails to address the layered software architecture required
by Claim 1 let alone why it would be obvious to use the particular layered software
architecture of claim 1. There is no disclosure in the Background of the required
CBM2014-00035
Patent No. 7,051,002
71
software architecture and no such architecture is alleged to be disclosed in Kay.
Petitioner glosses over those deficiencies by alleging that the combination of
the Admitted Prior Art system with the Kay front-end proxy server would result in
“a front-end proxy server that acts as a unifying interface between various backend
authentication systems and a merchant’s website.” Pet. at 64. As detailed below,
that argument is illogical on its face. Further, such a combination fails to disclose
each and every element of the claims.
3. One of Ordinary Skill in the Art Would Not Have
Combined or Modified the Alleged Prior Art References as
Recited by the Claims
Plainly, the combination of the Kay “front-end proxy server 104” with the
Admitted Prior Art would result in the use of a front-end proxy server that sits
between the end user (i.e., the consumer accessing web browser 114) and the
merchant’s back-end web server (102).
Kay at Figure 1(a). Indeed, the only web site remotely relevant to the claimed e-
CBM2014-00035
Patent No. 7,051,002
72
commerce transaction is the merchant’s website. Also, the only entity accessing
the merchant’s website is the consumer not the issuer. Indeed, because the Kay
“front-end proxy server” is intended to sit in front of a website and serve as the
single entry point to the website thereby controlling the website visitor’s access to
the back-end web server in a local environment, it is antithetical to the teachings of
Kay to de-couple the front-end proxy server from the back-end web server(s) and
move it to a location between the merchant and the issuer where in it no longer
serves its purpose as an entry point for a single website or a localized environment.
Petitioner fails to explain why one of skill in the art at the time of the invention
would have chosen not to use the “front-end server 104” for its intended purpose
and instead place the front-end server between a merchant’s back-end server and
the issuer’s processing system.
It is also contrary to the teachings of Kay to suggest that “the front-end
proxy server … acts as a unifying interface between various back-end
authentication systems and a merchant website.” Pet. at 64. Kay discloses that the
front-end proxy server 104 may be coupled to multiple back-end severs 202. Kay
at 4:40–53. Those back-end servers 202a and 202b are distributed back-end
servers for web site 200 coupled to the front-end proxy server by a communication
link. Id. at 4:40–45. Web site 200 may be distributed across multiple back-end
servers; however, the “front-end proxy server 204 still acts as the entry point to
CBM2014-00035
Patent No. 7,051,002
73
web site 200. This allows organizations that have servers that maintain different
types of information or have different owners to unify these servers to project a
single end-user entry point” Id. at 4:54–58. Thus, it is irrelevant whether multiple
entities own a server that supports an organization’s website because the front-end
proxy server acts as the entry point for the web site.
Using the Kay front-end proxy server as the entry point to different back-end
authentication systems supported by different issuing banks or service
organizations (e.g., Visa, MasterCard and American Express) while still remaining
true to the teaching of Kay that the front-end proxy server acts as a single entry
point to a web site would require a different “front-end proxy server” for each
issuing bank or service organization supported. Further, in that arrangement the
individual “front-end proxy servers” would not determine or select the particular
authentication protocol from the plurality of different authentication protocols as
required by the claims because the “front-end proxy server” would be a point of
entry for a single issuer and thus each “front-end proxy server” would only need or
use a single authentication protocol.
Lastly, even if one of ordinary skill in the art at the time of the invention
would have chosen to use the front-end proxy server disclosed in Kay as the entry
point for communication between a merchant and multiple card issuers, it would
have required the front-end proxy server to be repurposed to serve as the entry
CBM2014-00035
Patent No. 7,051,002
74
point to multiple different back-end systems, thus improperly destroying the
reference. See In re Gordon, 733 F.2d at 902 (reversing Board’s obviousness
conclusion where prior art reference “would be rendered inoperable for its intended
purpose” by proposed modification); Application of Ratti, 270 F.2d at 813 (no
motivation to make suggested combination of references under § 103 because it
“would require a substantial reconstruction and redesign of the elements shown in
[the prior art reference] as well as a change in the basic principles under which
[that reference’s] construction was designed to operate”). Petitioner’s conclusory
obviousness argument is unsupported by evidence and fails to address why one of
ordinary skill in the art at would have ignored the intended purpose of the Kay
front-end proxy server or provide a legitimate reason why one of ordinary skill in
the art would have moved the Kay front-end proxy server to a different location in
the proposed combination. Moreover, it is illogical to suggest that the Kay “front-
end proxy server” would be owned or controlled by an entity other than the
merchant.
Petitioner alleges that it would have been obvious to one of ordinary skill in
the art to combine the Admitted Prior Art with Kay because the ’002 Patent
discloses that in the prior art system “merchants … are responsible for updating
and/or changing their plug-in components to reflect” any changes mandated by the
issuers. Pet. at 64. Petitioner alleges that under the proposed modification, the
CBM2014-00035
Patent No. 7,051,002
75
client, i.e., merchant, would be “free[] .. from having to track all the modifications
made to the back-end server.” Pet. at 64. But the merchant would not be free from
having to track all the authentication protocol changes made by the issuer under
this proposed modification. Instead, the merchants would still be responsible for
updating and/or changing the plug-in components at the front-end proxy server(s)
used by the modified system because the merchant would necessarily own and
control those front-end proxy servers.
Petitioner also argues that Kay provides the motivation to combine because
it “provides a unified interface between a client device and a back-end server and
frees the client device from having to track all the modifications made to the back-
end server.” Pet. at 64. That argument ignores that a merchant’s use of the Kay
front-end proxy server is simply different from the use of a third-party server that
facilitates the authentication of a consumer in an e-commerce transaction because
the ’002 Patent claims require that the third-party server (as opposed to the
merchant) must determine, select and use the authentication protocol.
Further, Petitioner alleges that the combination “is merely applying a well-
known technique of using proxy servers to a known authentication system that is
ready for improvement in order to extract predictable results.” However, Petitioner
cites no support for arguing that the alleged Admitted Prior Art was “ready for
improvement” except for the inventor’s teachings and disclosure of the ’002
CBM2014-00035
Patent No. 7,051,002
76
Patent. See Pet. at 64-65. That is improper. See Mintz v. Dietz & Watson, Inc.,
679 F.3d 1372, 1377 (Fed. Cir. 2012) (“The district court has used the invention to
define the problem that the invention solves. Often the inventive contribution lies
in defining the problem in a new revelatory way. In other words, when someone is
presented with the identical problem and told to make the patented invention, it
often becomes virtually certain that the artisan will succeed in making the
invention.”); Ecolochem, Inc. v. S. Cal. Edison Co., 227 F.3d 1361, 1372–75 (Fed.
Cir. 2000) (reversing obviousness holding because district court engaged in
hindsight analysis in using the solution the inventor found to provide the
motivation to combine the references in a manner to make the claimed invention).
Accordingly, Petitioner clearly has used the teachings of the ’002 Patent as a
roadmap to modify the proposed combination of the Admitted Prior Art and Kay to
achieve the claimed invention. Such a hindsight reconstruction of the claimed
invention is improper. In re Fritch, 972 F.2d at 1266; The Gillette Co., 919 F.2d at
726; W.L. Gore, 721 F.2d at 1553.
C. Claim 1 of the ’002 Patent Is Not Obvious Over the Admitted
Prior Art in view of Gudgin
Petitioner fails to establish that it is more likely than not to prevail in arguing
that claim 1 of the ’002 Patent is invalid on this ground.
CBM2014-00035
Patent No. 7,051,002
77
1. The Scope and Content of the Admitted Prior Art and
Gudgin
Admitted Prior Art: The scope and content of the Admitted Prior Art is
detailed above in Section IX.B.1.
Gudgin: Gudgin is a specification for SOAP, which is a communication
protocol. Chatterjee Decl. ¶ 69.7 As Dr, Chatterjee explained, “SOAP, which
together with HTTP, is the communications protocol used in Web Services.”
Chatterjee Decl. ¶ 71. “SOAP version 1.2 is a lightweight protocol for exchange of
information in a decentralized, distributed environment.” Gudgin, abstract.
2. The Combination of the Background Prior Art in View of
Gudgin Does Not Disclose Each Limitation of Claim 1
Combining the Admitted Prior Art with Gudgin does not result in the
invention recited in claim 1 of the ’002 Patent. As discussed above in Section
IX.B.1., various elements recited in claim 1 are not disclosed in the Admitted Prior
Art. In particular, in the Admitted Prior Art the recited steps take place at the
merchant server but claim 1 contains layers adapted to connect with the merchant
and is plainly not a merchant system. See Claim 1 (“a connection layer for
connecting with the merchants to exchange communications therewith”); Pet. at 4
(“The use of a separate, non-merchant platform for authentication is the essence of
the claimed invention of the ’002 Patent …”); Napsky Decl. at ¶ 17 (“[T]he claims
7 SOAP is the acronym for Simple Object Access Protocol.
CBM2014-00035
Patent No. 7,051,002
78
… are directed toward providing the plug-ins on a platform of a third party instead
of on the platform of the merchant.). Despite recognizing that a third-party server
is required, Petitioner fails to identify anything in Gudgin that teaches, discloses or
suggests an intermediary third-party server between the merchant and issuer, much
less one that contains the specific processing layers as required by claim 1.
Petitioner’s argument primarily is based on the remote procedure call (RPC)
functionality of SOAP, which allows a client to call and execute a software module
located on a remote server. That argument necessarily presumes that a server of
the claimed third party exists in the system resulting from the combination of
Gudgin’s version of SOAP with the Admitted Prior Art. Pet. at 77–78. That is not
so. Rather, combining Gudgin’s version of SOAP with the Admitted Prior Art
would result in the prior-art system described in the ’002 Patent—in particular, the
merchant—using SOAP (and its remote procedure calls) to send messages to
external resources, such as the issuing bank or service organization. The issuing
bank or service organization cannot operate the claimed third-party server, which
obtains an authentication determination in accordance with the selected
authentication protocol because they actual make the authentication determination.
Further, there is simply no disclosure of the various processing layers of claim 1 in
either the Admitted Prior Art or SOAP. As Gudgin and the Admitted Prior Art in
combination do not disclose the “connection layer” for communicating with the
CBM2014-00035
Patent No. 7,051,002
79
merchant or the “distribution layer … residing between the connection layer and
the plug-in layer … routing communications between the connection layer and
selected plug-in components in the plug-in layer”, and there is no rationale
provided for why the a combined system would include such limitations, they do
not render Claim 1 obvious. See Pet. at 77-79.
3. One of Ordinary Skill in the Art Would Not Have
Combined or Modified the Alleged Prior Art Reference
With Gudgin as Recited in Claim 1
Petitioner alleges that it would have been obvious at the time of the
invention to combine the Admitted Prior Art with Gudgin in the manner recited in
claim 1 of the ’002 because (1) “[d]oing so is merely applying the well-known
technique of remote procedure calls to the well-known authentication system that
is ready for improvement to yield predictable results” and (2) the teachings “found
in the background of the ’002 Patent, which states that as authentication protocols
are updated, the merchants would need to update them as well.” Pet. at 78.
Just like with its argument concerning the Admitted Prior Art in view of
Kay, Petitioner cites no support for arguing that the alleged Admitted Prior Art
was “ready for improvement” except for the inventor’s own identification of a
problem in the prior art and the disclosure of the technological solution for that
problem found in the ’002 Patent. See Pet. at 78. That is improper. The Federal
Circuit has emphasized that “[o]ften the inventive contribution lies in defining the
CBM2014-00035
Patent No. 7,051,002
80
problem in a new revelatory way. In other words, when someone is presented with
the identical problem and told to make the patented invention, it often becomes
virtually certain that the artisan will succeed in making the invention.” Mintz, 679
at 1377; Ecolochem, 227 F.3d at 1372–75.
X. CONCLUSION
In view of the above, Cardinal respectfully submits that Petitioner has failed
to establish that it is more likely than not that it will prevail as to at least one claim.
Accordingly, Cardinal respectfully requests that the Board decline to institute
Covered Business Method review of the ’002 Patent.
Respectfully Submitted,
/ Mark J. Abate /
Mark J. Abate (Reg. No. 32,527)
GOODWIN PROCTER LLP
The New York Times Building
620 Eighth Avenue
New York, NY 10018-1405
Telephone: 212-813-8800
Facsimile: 212-355-3333
E-mail: [email protected]
Jennifer A. Albert (Reg. No. 32,012)
GOODWIN PROCTER LLP
901 New York Avenue NW
Washington, D.C. 20001
Telephone: 202-346-4000
Facsimile: 202-346-4444
E-mail: [email protected]
CBM2014-00035
Patent No. 7,051,002
CERTIFICATE OF SERVICE
I certify that a copy of the foregoing Preliminary Patent Owner Response to
Petition for Covered Business Method Review was served on February 21, 2014 by
electronic service via e-mail and First Class Mail to counsel for petitioner at the
following address:
Brian A. Tollefson
William N. Hughet
ROTHWELL, FIGG, ERNST
& MANBECK, P.C.
607 14th Street, N.W., Suite 800
Washington, D.C. 20005
E-mail: [email protected]
/s/ Mark J. Abate
Mark J. Abate
ACTIVE/71587806.1
APPENDIX 1
LIST OF EXHIBITS RELIED UPON IN SUPPORT OF THIS
PATENT OWNER PRELIMINARY RESPONSE TO CORRECTED
PETITION FOR COVERED BUSINESS METHOD REVIEW
Exhibit 2001 Excerpt from Barron’s Dictionary of
Banking Terms (4th Ed. 2000)
Exhibit 2002 Decision of Delegate of the
Commissioner of Patents re: Australian
Patent Application No. 2003243523
(Australian Patent Office May 25, 2011)