UNITED STATES PATENT AND TRADEMARK...

CBM2014-00035

Patent No. 7,051,002

UNITED STATES PATENT AND TRADEMARK OFFICE

___________________________

BEFORE THE PATENT TRIAL AND APPEAL BOARD

___________________________

SECUREBUY, LLC

Petitioner

V.

CARDINALCOMMERCE CORPORATION

Patent Owner

___________________________

Case No. CBM2014-00035

U.S. Patent No. 7,051,002

___________________________

PRELIMINARY PATENT OWNER RESPONSE TO PETITION FOR

COVERED BUSINESS METHOD PATENT REVIEW

CBM2014-00035


i

I. INTRODUCTION ........................................................................................... 1

II. BACKGROUND ............................................................................................. 1

III. OVERVIEW OF THE ’002 PATENT ............................................................ 2

IV. THE ’002 PATENT PROSECUTION HISTORY .......................................... 4

V. SUMMARY OF ARGUMENT ....................................................................... 5

VI. CLAIM CONSTRUCTION .......................................................................... 11

A. “Authentication Protocol” ................................................................... 12

B. “Authentication Determination” ......................................................... 14

C. “Connection Layer” ............................................................................. 15

D. “Plug-in Layer” ................................................................................... 16

E. “Distribution Layer” ............................................................................ 17

VII. RESPONSE TO GROUND 1: CLAIMS 1–14 OF THE ’002

PATENT ARE DIRECTED TO PATENTABLE SUBJECT

MATTER ....................................................................................................... 18

A. 35 U.S.C. § 101 ................................................................................... 18

B. The ’002 Patent Claims Are Directed To A Technical Solution

To A Technical Problem ..................................................................... 20

C. Petitioner’s Attempt to Define the Claims of the ’002 Patent as

an Abstract Idea Is Baseless ................................................................ 27

VIII. RESPONSE TO GROUND 2: THE CLAIMS OF THE ’002

PATENT ARE PATENTABLE UNDER 35 U.S.C. § 102(a) ...................... 33

A. Claims 1, 2, 4, 5, 9, 13 and 14 of the ’002 Patent Are Not

Anticipated by Weller ......................................................................... 33

1. General Description of Weller ..................................................34

2. Weller Does Not Disclose “A Plurality of Authentication

Protocols” as Recited in the ’002 Patent Claims ......................35

CBM2014-00035


ii

3. Weller Does Not Disclose “Determining” or “Selecting”

the Authentication Protocol as Recited in the ’002 Patent

Claims .......................................................................................36

4. Weller Does Not Disclose the Third-Party Server or

Universal Platform Server Recited in the ’002 Patent

Claims .......................................................................................40

B. The Absent Claim Limitations are Not Inherent in Weller ................. 45

C. The Chatterjee Expert Declaration Does Not Save Petitioner’s

Anticipation Arguments ...................................................................... 48

IX. RESPONSE TO GROUND 3: CLAIMS 1–11, 13 and 14 OF THE

’002 PATENT ARE NOT INVALID UNDER 35 U.S.C. § 103(a) ............. 49

A. Claims 1–11, 13 and 14 of the ’002 Patent Are Not Invalid

Under 35 U.S.C. 103(a) over Weller in View of Swain ..................... 52

1. The Scope and Content of Weller and Swain ...........................52

2. The Combination of Weller in view of Swain Does Not

Disclose Each and Every Limitation of any Claims of the

’002 Patent ................................................................................58

3. One of Ordinary Skill Would Not Have Combined or

Modified Weller in view of Swain in the Way Suggested

by the Claims ............................................................................62

B. Claims 1, 10 and 17 Are Not Obvious over the Admitted Prior

Art in view of Kay ............................................................................... 68

1. The Scope and Content of the Admitted Art and Kay ..............68

2. The Combination of the Admitted Prior Art in View of

Kay Does Not Disclose Each and Every Limitation of

Claims 1, 5 and 14 of the ’002 Patent .......................................69

3. One of Ordinary Skill in the Art Would Not Have

Combined or Modified the Alleged Prior Art References

as Recited by the Claims ...........................................................71

CBM2014-00035


iii

C. Claim 1 of the ’002 Patent Is Not Obvious Over the Admitted

Prior Art in view of Gudgin ................................................................ 76

1. The Scope and Content of the Admitted Prior Art and

Gudgin .......................................................................................77

2. The Combination of the Background Prior Art in View of

Gudgin Does Not Disclose Each Limitation of Claim 1 .........77


Combined or Modified the Alleged Prior Art Reference

With Gudgin as Recited in Claim 1 ..........................................79

X. CONCLUSION .............................................................................................. 80

CBM2014-00035


iv

TABLE OF AUTHORITIES

Cases

ActiveVideo Networks, Inc. v. Verizon Comm’ns, Inc.,

694 F.3d 1312 (Fed. Cir. 2012) ............................................................................49

Alexsam, Inc. v. IDT Corp.,

715 F.3d 1336 (Fed. Cir. 2013) ............................................................................67

Apple Inc. v. Sightsound Tech., LLC,

CBM2013-19, Doc. 17 (P.T.A.B. Oct. 8, 2013) ..................................... 20, 26, 31

Application of Ratti,

270 F.2d 810 (C.C.P.A. 1959) ....................................................................... 66, 74

August Tech. Corp. v. Camtek, Ltd.,

655 F.3d 1278 (Fed. Cir. 2011) ..................................................................... 59, 61

Bilski v. Kappos,

130 S. Ct. 3218 (2010) .................................................................................. 18, 19

Broadcom Corp. v. Emulex Corp.,

732 F.3d 1325 (Fed. Cir. 2013) ..................................................................... 59, 61

Diamond v. Diehr,

450 U.S. 175 (1981) ...................................................................................... 19, 31

Ecolochem, Inc. v. S. Cal. Edison Co.,

227 F.3d 1361 (Fed. Cir. 2000) ..................................................................... 76, 80

In re Abbott Diabetes Care Inc.,

696 F.3d 1142 (Fed. Cir. 2012) ............................................................................12

In re Bilski,

545 F.3d 943 (Fed. Cir. 2008) ..............................................................................19

In re Fritch,

972 F.2d 1260 (Fed. Cir. 1992) ..................................................................... 67, 76

In re Gordon,

733 F.2d 900 (Fed. Cir. 1984) ....................................................................... 66, 74

CBM2014-00035


v

In re Gurley,

27 F.3d 551 (Fed. Cir. 1994) ................................................................................58

In re Lowry,

32 F.3d 1579 (Fed. Cir. 1994) ..............................................................................51

In re NTP, Inc.,

654 F.3d 1279 (Fed. Cir. 2011) ............................................................................12

In re Omeprazole Patent Lit.,

483 F.3d 1364 (Fed. Cir. 2007) ..................................................................... 46, 48

In re Robertson,

169 F.3d 743 (Fed. Cir. 1999) ..............................................................................45

KSR Int’l Co. v. Teleflex Inc.,

550 U.S. 398 (2007) ...................................................................................... 50, 51

Mayo Collaborative Servs. v. Prometheus Labs., Inc.,

132 S. Ct. 1289 (2012) .........................................................................................19

Mintz v. Dietz & Watson, Inc.,

679 F.3d 1372 (Fed. Cir. 2012) ..................................................................... 76, 80

Motorola Mobility, LLC v. Int’l Trade Comm’n,

737 F.3d 1345 (Fed. Cir. 2013) ..................................................................... 46, 48

Oakley, Inc. v. Sunglass Hut Int’l,

316 F.3d 1331 (Fed. Cir. 2003) ............................................................................49

Phillips v. AWH Corp.,

415 F.3d 1303 (Fed. Cir. 2005) ............................................................................12

Research Corp. Techs., Inc. v. Microsoft Corp.,

627 F.3d 859 (Fed. Cir. 2010) ........................................................... 20, 24, 27, 28

Richardson v. Suzuki Motor Co.,

868 F.2d 1226 (Fed. Cir. 1989) ............................................................................34

Santarus, Inc. v. Par Pharm., Inc.,

694 F.3d 1344 (Fed. Cir. 2012) ............................................................................58

CBM2014-00035


vi

SAP America, Inc. v. Versata Development Group, Inc.,

CBM2012-0001 (P.T.A.B. June 11, 2013) ..........................................................18

Scripps Clinic & Research Found. v. Genentech, Inc.,

927 F.2d 1565 (Fed. Cir. 1991) ............................................................................34

SiRF Tech., Inc. v. Int’l Trade Comm’n,

601 F.3d 1319 (Fed. Cir. 2010) ............................................................................25

St. Jude Med., Inc. v. Access Closure, Inc.,

729 F.3d 1369 (Fed. Cir. 2013) ............................................................... 51, 59, 61

Star Scientific, Inc. v. R.J. Reynolds Tobacco Co.,

655 F.3d 1364 (Fed. Cir. 2011) ............................................................................52

Ultramercial, Inc. v. Hulu, LLC,

722 F.3d 1335 (Fed. Cir. 2013) .................................................................... passim

Verdegaal Bros. v. Union Oil Co. of Cal.,

814 F.2d 628 (Fed. Cir. 1987) ..............................................................................34

W.L. Gore & Assoc., Inc. v. Garlock, Inc.,

721 F.2d 1540 (Fed. Cir. 1983) ......................................................... 51, 58, 67, 76

Statutes

35 U.S.C. § 101 ........................................................................................................18

35 U.S.C. § 103(a) ...................................................................................................50

35 U.S.C. § 325(d) ...................................................................................................68

Rules

37 C.F.R. §§ 42.207(a); 42.300(a) ............................................................................. 1

77 Fed. Reg. 48680, 48702 ......................................................................................68

MPEP § 2131.02 ......................................................................................................34

CBM2014-00035


I. INTRODUCTION

Pursuant to 37 C.F.R. §§ 42.207(a) and 42.300(a), Patent Owner

CardinalCommerce Corporation (“Cardinal”) submits this Preliminary Response to

the Corrected Petition (Paper No. 5) (the “Petition”) filed by SecureBuy, LLC

(“SecureBuy” or “Petitioner”) requesting covered business method review of

claims 1–14 of U.S. Patent No. 7,051,002 (the “’002 Patent,” Ex. 1001). Cardinal

respectfully requests that the Patent Trial and Appeal Board (the “Board”) deny

institution because Petitioner fails to establish that any claim is more likely than

not to be found invalid.

II. BACKGROUND

Cardinal is the owner of the ’002 Patent. It is an industry leader in payment

authentication for e-commerce and mobile commerce. One of Cardinal’s premier

offerings is the Cardinal Centinel® platform, which practices claims of the ’002

Patent. The platform facilitates payment authentication for transactions between

consumers and thousands of merchants and merchant service providers involving

various payment brands, such as Visa and MasterCard. . Cardinal has processed

almost two billion transactions using its patented technology.

On November 1, 2013, SecureBuy filed two declaratory judgment actions

against Cardinal concerning the ’002 Patent, one in the District of Delaware, 13-

cv-1792 (LPS), and one in the Southern District of Mississippi, 13-cv-417. On

CBM2014-00035


2

November 12, 2013, Cardinal filed a counterclaim in the District of Delaware

action against SecureBuy for infringement of the ’002 Patent.

III. OVERVIEW OF THE ’002 PATENT

The ’002 Patent is entitled “Universal Merchant Platform for Payment

Authentication” and generally relates to a novel system for facilitating the

authentication of a consumer during the processing of an Internet transaction. ’002

Patent at 4:46–49.

The ’002 Patent discloses that the “use of standard cards in connection with

e-commerce presents certain difficulties, including difficulties concerning the

authentication or positive identification of the cardholder.” Id. at 1:34–38. To

authenticate a consumer, a merchant’s payment processing system must

communicate with a credit/debit card issuer or its agent using issuer-specific

authentication protocols. A prior-art payment processing solution described in the

Background of the ’002 Patent required a merchant to install software (“plug-ins”)

on its system for each payment brand and authentication initiative that it supported.

Id. at 2:1–43, 2:53–64. That solution, however, was burdensome for merchants

because supporting plug-ins required substantial storage space and computing

power and required frequent maintenance. Id. at 2:48–3:4.

The ’002 Patent overcame those problems by removing the need for

merchants to install a plug-in in their local environment. Instead, the ’002 Patent

CBM2014-00035


3

discloses that plug-ins are installed and maintained on a third party’s centralized

processing system/server(s) that determines and selects the appropriate

authentication protocol to use for a particular transaction based on payment

information received for that transaction. Id. at 4:53–56.

One implementation of the invention uses a “thin-client” (i.e., small-in-size)

software application installed on the merchant’s server. This application allows

the merchant to communicate with the third-party centralized processing system

and use the various payment authentication initiatives that the system supported.

Id. at 6:21–46. Specifically, the thin-client communicates data elements (e.g., card

number, account number or name, and transaction amount) between the merchant’s

website and the centralized payment processing system. See id. at 5:22–51,

Figs. 2–3. The centralized system contains logic for payment authentication. Id.

Thus, using the thin-client allows the merchant to participate in various payment

authentication initiatives (e.g., Verified by Visa, MCS Amex SafeKey, and PayPal)

without any significant reprogramming of the merchant’s server or its website.

’002 Patent at 6:26–43.

The claims of the ’002 Patent are directed to specific solutions to the

problems in the prior-art systems. In particular, claims 1–14 are directed to

systems and methods for authenticating a consumer for an e-commerce transaction

using one of a plurality of authentication protocols supported by a universal

CBM2014-00035


4

platform server that includes specific software layers or steps for performing

particular functions.

IV. THE ’002 PATENT PROSECUTION HISTORY

The ’002 Patent issued from U.S. Patent Application Serial No. 10/459,849,

filed on June 12, 2003. It claims priority to Provisional Application

No. 60/386,345, filed on June 12, 2002. On November 4, 2004, the Examiner

issued a non-final office action rejecting claims 1–4, 7, 9, 10 and 15 as anticipated

by U.S. Patent No. 6,560,581; claims 5–6 and 8 as obvious in view of that patent;

and claims 1–3, 10 and 14 as anticipated by “applicant’s Background of Invention

section.” On March 21, 2005, Applicants responded by cancelling claims 1–2 and

15, amending claims 3–4, 7–11 and adding new claims 16 and 17. 3/21/2005

Amendment at 2–6. Applicants amended the “distribution layer” limitation recited

in application claim 11, issued claim 1, to recite how an “authentication program”

is determined based on “payment information.” Id. at 3–4.

On August 15, 2005, the applicants submitted a letter to the Patent Office

explaining the importance and commercial success of the invention:

Notably, the present application relates to an important

invention embodied in commercially successful software products,

services and technology that are currently being made available by the

assignee of record CardinalCommerce Corporation. Moreover, the

commercial significance and uniqueness of the invention is

CBM2014-00035


5

validated by the wide acceptance and recognition that

CardinalCommerce’s technology is receiving in the payment

processing industry, e.g., by industry leaders that have adopted

and/or backed their technology. CardinalCommerce’s partners and

customers include: over 100 issuing banks; over 35 acquirers and/or

merchant service providers ....

8/15/2005 Letter at 2–3. Thereafter, the ’002 Patent issued on May 23, 2006.

V. SUMMARY OF ARGUMENT

A trial should not be instituted because the Petitioner has failed to establish

that any claim of the ’002 Patent is more likely than not invalid. Petitioner

trivializes the patented inventions by characterizing them as “[t]he use of a

separate, non-merchant platform for authentication.” Pet. at 4; Napsky Decl. (Ex.

1008) ¶ 17 (“[T]he claims … are directed toward providing the plug-ins on a

platform of a third party instead of on the platform of the merchant.). In doing so,

Petitioner disregards meaningful claim limitations directed to specific functionality

(either in the form of structural components or method steps) that must be

performed by or included in a universal platform server. Each of Petitioner’s

submitted grounds thus falls flat.

With Ground 1, Petitioner wrongly asserts that the ’002 Patent claims are

invalid under 35 U.S.C. § 101 because the “claim[s] preempt all manner of third

party authentication.” Pet. at 24. Instead, the claims expressly recite systems

CBM2014-00035


6

wherein a third-party server or “universal platform server,” has a specific layered

software architecture to support a transaction conducted between a consumer and a

merchant according to one of a plurality of different authentication protocols

supported by the server or platform, and determines the prescribed authentication

protocol from a plurality of authentication protocols based on received payment

information, and uses that authentication protocol to communicate with an issuer

or service organization (e.g., Visa) to obtain an authentication determination about

a consumer.

Petitioner’s suggestion that the claims “preempt[] all manner of third party

authentication” of a cardholder and are directed to an “abstract idea” (Pet. at 27)

ignores the specific, meaningful claim limitations. Moreover, the universal

platform server is integral to the functionality recited in the ’002 Patent claims,

which are directed to methods and systems that are technological improvements

over the prior art. Thus, the claims are directed to patentable subject matter.

With Ground 2, Petitioner incorrectly asserts that certain claims are invalid

as anticipated by Weller (Ex. 1006).1 Similar to the systems disclosed in the

Background, Weller discloses only a single merchant plug-in located on a

1 If the Board institutes trial based in any part on Weller, then Cardinal intends to

introduce evidence showing that, under 37 C.F.R. § 1.131, Weller is not prior art.

CBM2014-00035


7

merchant’s server. Instead of addressing whether Weller discloses every claim

limitation, Petitioner focuses on whether Weller discloses the abstract idea of third-

party authentication. However, Weller does not disclose the claimed “plurality of

different authentication protocols.” Thus, Weller also fails to disclose both the

claimed “determining” and “selecting” of an authentication protocol from a

plurality of different authentication protocols. Nor does it disclose a universal

platform server or system with the recited layered software architecture.

Chief among Petitioner’s failures is its argument that Weller’s disclosure of

“various authentication methods” is synonymous with the recited “plurality of

authentication protocols.” The claimed “authentication protocol” encompasses

rules for formatting and routing messages between entities used to authenticate a

party. Further, Petitioner fails to establish that Weller discloses determining or

selecting an authentication method from among a plurality of authentication

methods as required by the claims. Petitioner also simply disregards the specific

layered software architecture of claim 1 including the various functions that are

required to be performed by each software layer and the particular arrangement of

those software layers. Indeed, Petitioner at least tacitly concedes that Weller fails

to disclose every limitation recited in the claims by arguing that Weller inherently

discloses numerous limitations. Pet. at 34–36. That argument also fails because

Petitioner does not establish that any limitations are necessarily disclosed in

CBM2014-00035


8

Weller. Therefore, Weller does not anticipate any of the ’002 Patent claims.

With Ground 3, Petitioner argues that certain ’002 Patent claims are invalid

as obvious in view of three separate proposed combinations of alleged prior art

references. Lacking any legitimate reason to make those proposed combinations,

Petitioner improperly uses the claimed invention as a roadmap to selectively cull

disclosures from the prior art to allegedly piece together the claim limitations. For

example, Swain and Kay disclose servers for performing various functions, but

Petitioner—informed by twelve years of seeing the payment authentication

industry develop, not to mention the ’002 Patent—improperly strips the disclosed

servers of their intended purposes disregarding the teachings of the references and

reconstitutes those servers to perform different functions—namely, those claimed

in the ’002 Patent.2 Such blatant hindsight reconstruction is improper.

First, Petitioner asserts that claims 1–11, 13 and 14 of the ’002 Patent are

2 If the Board institutes on Ground 3, Cardinal intends to introduce evidence that

persons of ordinary skill in the art at the time of the invention (1) were moving

away from the claimed inventions and (2) would have been discouraged from

making the proposed combinations and modifications, and (3) that there are factors

evidencing non-obviousness, such as (a) the failure of others, (b) industry

recognition of the patented technology, (c) commercial success and (d) skepticism.

CBM2014-00035


9

invalid as obvious over Weller in view of Swain (Ex. 1005).3 However, the

proposed combination fails to disclose every limitation of any of those claims.

And other than the problem recognized by the inventors about installing plug-ins in

a merchant’s system, Petitioner fails to identify any defect, problem or concern

with the system described in Weller that would have led one of ordinary skill in the

art at the time of the invention to modify that system. Without a legitimate reason

to do so, it would not have been apparent to one of ordinary skill to modify the

Weller system to achieve the systems and methods claimed in the ’002 Patent.

Moreover, Petitioner fails to explain why one of ordinary skill would have ignored

the affirmative teaching in Swain about using a common unifying interface, which

would have led such person to adopt a common authentication protocol and taught

away from a plurality of authentication protocols as required by the ’002 Patent

claims. Further, Petitioner fails to explain why one of ordinary skill would have

positioned the Swain merchant wallet server between the merchant and issuer in

the Weller PAS architecture. Doing so would improperly prevent the Swain

merchant wallet server from performing one of its intended purposes—allowing a

cardholder to authenticate a merchant before a cardholder’s information is sent to

3 If the Board institutes trial based on Swain, Cardinal intends to introduce

evidence showing that, under 37 C.F.R. § 1.131, Swain is not prior art.

CBM2014-00035


10

the merchant.

Petitioner’s second proposed obviousness combination is equally

unsupported. Petitioner asserts that claims 1, 2, 4-8, 10, 13, and 14 are obvious

over the admitted prior art in the ’002 Patent in view of Kay (Ex. 1007). Kay

discloses a front-end proxy server that communicates using a single

communication protocol, not a plurality of communication protocols. The front-

end proxy server acts as a single entry point to a website and is connected to one or

more back-end web servers in a localized environment. Using the Kay front-end

proxy server as the entry point to different back-end authentication systems of

different issuing banks or service organizations while remaining true to the

teaching of Kay that the server acts as a single entry point to a website would

require a different “front-end proxy server” for each issuing bank or service

organization supported. That would result in a plurality of servers each equipped

to format and route messages to accommodate a single protocol to communicate

with a single issuer or service organization, not one server with a “distribution

layer” for communicating with multiple issuers according to a “plurality of

authentication protocols,” as required by claim 1, or a “universal platform server”

as required by claims 5 and 14.

Instead, using the patent as a guide, Petitioner disregards the purpose of the

Kay front-end proxy server and its use in a localized environment and argues that

CBM2014-00035


11

one of ordinary skill in the art would have modified the prior-art system disclosed

in the ’002 Patent to achieve the claimed invention because the prior art system

was “ready for improvement.” However, in coming to that determination,

Petitioner improperly relies on the inventors’ teachings about problems in the prior

art and fails to identify any evidence that one of ordinary skill in the art at the time

of the invention knew of or would have recognized such a need.

Petitioner’s third and final obviousness combination also fails. It involves

combining the prior art disclosed in the patent with Gudgin (Ex. 1010). Petitioner

argues that one of ordinary skill could have used SOAP to communicate with a

third-party server embodying the system of claim 1. That argument is based on a

misunderstanding of SOAP’s functionality, the false premise that such a server

existed in the prior art and a disregard of the specific layered software architecture

of claim 1.

In sum, the Board should deny to institute review because Petitioner fails to

establish that any claim of the ’002 Patent is more likely than not invalid,.

VI. CLAIM CONSTRUCTION

For purposes of this Preliminary Response, Cardinal does not dispute the

broadest reasonable interpretation of the means-plus-function limitations identified

by Petitioner. Below are Cardinal’s proposals for other claim terms Petitioner

identified for construction. As discussed below, each of Cardinal’s proposed

CBM2014-00035


12

constructions is consistent the specification, while Petitioner’s proposals

improperly narrow the claims. Therefore, the Board should adopt Cardinal’s

proposals. Phillips v. AWH Corp., 415 F.3d 1303, 1315 (Fed. Cir. 2005) (“[T]he

specification ‘is always highly relevant to the claim construction analysis. Usually,

it is dispositive; it is the single best guide to the meaning of a disputed term.”); In

re Abbott Diabetes Care Inc., 696 F.3d 1142, 1149–50 (Fed. Cir. 2012) (rejecting

Board’s construction as inconsistent with specification); In re NTP, Inc., 654 F.3d

1279, 1287-90 (Fed. Cir. 2011) (same).

A. “Authentication Protocol”

Term Cardinal’s Proposal Petitioner’s

Proposal

“authentication

protocol”

A prescribed set of rules, including those for

formatting and routing messages, governing

the transmission of messages over a

communications network to verify that a

consumer is likely who he/she claims to be

A process used

to authenticate a

cardholder

Cardinal’s proposal is consistent with the use of the term “authentication

protocol” in the claims and the specification. For example, claim 5 expressly

recognizes that the rules for formatting and routing are part of the authentication

protocol. See, e.g., Claim 5 (“formatting messages and routing the formatted

CBM2014-00035


13

messages over the communications network in accordance with one or more

mandates of the selected authentication protocol”). So too does the specification:

“[A] transaction processing service provider (TPSP) 70 … formats and routes

various messages and takes other defined actions on behalf of the merchant 60 in

accordance with authentication protocols prescribed by the payment processing

network to which the payment instrument being used for the transaction belongs.”

’002 Patent at 5:27–33. The specification also discloses that “the plug-in

component 232 formats and routes messages in accordance with the authentication

protocols prescribed for the determined type of payment instrument or method

being used.” Id. at 10:47–50.

Petitioner’s proposal ignores those clear teachings. Without support or

explanation, Petitioner asserts that a method used to authenticate a consumer, such

as a username and password, is an “authentication protocol.” See Pet. at 37. But

how a person is authenticated, e.g., using passwords, is different from the protocol

used to communicate with the entity that performs the authentication. Only the

latter is disclosed and claimed in the ’002 Patent.

Petitioner’s proposal also improperly attempts to limit the claims to the

authentication of a cardholder. To be sure, the specification states that use of

“standard cards in connection with e-commerce presents certain difficulties,

including difficulties concerning authentication or positive identification of the

CBM2014-00035


14

cardholder.” ’002 Patent at 1:34–38. But the balance of the specification uses the

term “authentication” to refer to consumers in any type of transaction, not just

those involving cards. See id. at 4:63–65(“to authenticate users”), 9:47–50 (the

disclosed system “provides a method for authenticating a consumer”).

B. “Authentication Determination”

Term Cardinal’s Proposal Petitioner’s Proposal

“authentication

determination”

An indication of whether a

consumer has been

authenticated

Verifying the card holder is

authorized to make the

expenditure

Cardinal’s proposal is entirely consistent with the specification. See, e.g.,

’002 Patent at Abstract, 3:25–29, 5:45–51, 11:1–11:10 (“the operative plug-in

component 232 optionally formats and routes a second message to the merchant

such that the consumer/cardholder is redirected to the issuing entity for completing

authentication therewith, whereupon the authentication determination is made. A

response containing the authentication determination made by the issuing entity is

then returned in accordance with routing instructions...”). Petitioner’s proposal is

incorrect because it speaks in terms of authorization to make an expenditure,

which is different from authentication. Authorization concerns “approval to

complete a transaction.” Barron’s Dictionary of Banking Terms at 31 (4th Ed.

CBM2014-00035


15

2000) (defining “authorization” as “issuance of approval to complete a transaction

or pay funds, for example a bank card authorization or payment authorization”)

(Ex. 2001). In contrast, authentication is the “positive identification of a

cardholder” or the process by which “to verify that a consumer is likely who he/she

claims to be.” ’002 Patent at 1:34–38, 4:63–65, 9:47–50. Even where a consumer

is authenticated, he/she may not be authorized to complete a transaction because of

spending limits or the like.

C. “Connection Layer”


“connection

layer”

An software layer interface used

to communicate with external

resources

Software for communicating

over a network

Cardinal’s proposal is consistent with the ordinary meaning of the term and

supported by the specification’s disclosure that MAPS 200 contains two layers for

communicating with external resources—external connection layer 240 and the

connectivity layer 210. Id. at 7:33–38. “The external connection layer 240

provides a generic interface that is used by the MAPS 200 to communicate with

outside resources, e.g., the directory or the like as prescribed by various

authentication protocols.” Id. at 7:35–39. Similarly, “[t]he connectivity layer 210

CBM2014-00035


16

provides a generic layer for external entities such as merchants to connect to and

process a specific payment authentication transaction.” Id. at 7:40–42.

Petitioner’s proposal disregards that the specific connection software interfaces of

the system are part of the layered architecture recited in claim 1 and instead refers

broadly to any software for communicating over a network.

D. “Plug-in Layer”


“plug-in layer” A software layer

comprising various plug-in

components

A plurality of software components

for authenticating card holders

based on the payment information

Cardinal’s proposal is consistent with the ordinary meaning of the term and

its use in the claim 1, which recites a “plug-in layer including a plurality of plug-in

components.” It also is consistent with the specification which states that “plug-in

layer 230 includes a plurality of individual authentication initiative plug-in

components 232.” See id. at 8:47–63, Fig. 3. Petitioner’s proposal disregards that

the plug-in layer is part of the layered system architecture of claim 1 comprising

plug-in components. Petitioner’s proposal also adds functionality inconsistent with

the plain claim language and the teaching of the ’002 Patent—neither of which

limits the use of a plug-in for authentication of cardholders. Also, the’002 Patent

CBM2014-00035


17

discloses that the plug-ins are used to facilitate communication with the issuer or

service organization—the plug-ins do not authenticate the consumer themselves.

Id. at 11:1–11:10 (“the authentication determination made by the issuing entity”).

E. “Distribution Layer”


“distribution

layer”

Software layer for routing messages

among other software layers within

the system

Software for routing data

among software

components

Cardinal’s proposal is consistent with the ordinary meaning of the claim

term and supported by the specification, which discloses that “[t]he message

distribution layer 220 is a component within the software architecture [of the

MAPS 200].” ’002 Patent at 8:38–40; see id. at 7:32–39, Fig. 3 (element 220).

Further, the ’002 Patent discloses that distribution layer 220 “is preferably a low

footprint message distribution application configured to route XML or other like

messages to specific plug-in components in the plug-in layer 230 for appropriate

transaction processing.” ’002 Patent at 8:43–46. Petitioner’s proposal, however,

disregards that the distribution “layer” is a part of the layered system architecture

of claim 1 and ignores that it sends messages to other software layers within that

system.

CBM2014-00035


18

VII. RESPONSE TO GROUND 1: CLAIMS 1–14 OF THE ’002 PATENT

ARE DIRECTED TO PATENTABLE SUBJECT MATTER

Petitioner fails to establish that the ’002 Patent claims are more likely than

not unpatentable under 35 U.S.C. § 101. Petitioner alleges that the claims are

patent ineligible because they are drawn to an abstract idea. Pet. at 25–34. In SAP

America, Inc. v. Versata Development Group, Inc., CBM2012-0001 (P.T.A.B. June

11, 2013), the Board explained that a patent claim does not recite an abstract idea if

it incorporates sufficient meaningful limitations. Here, such meaningful

limitations exist in the ’002 Patent claims.

A. 35 U.S.C. § 101

Section 101 controls the inquiry into what constitutes patentable subject

matter. It states “[w]hoever invents or discovers any new and useful process,

machine, manufacture, or composition of matter, or any new and useful

improvement thereof, may obtain a patent therefor, subject to the conditions and

requirements of this title.” 35 U.S.C. § 101. “Underscoring its breadth, § 101 both

uses expansive categories and modifies them with the word ‘any.’ The Supreme

Court has emphasized that, ‘[i]n choosing such expansive terms modified by the

comprehensive ‘any,’ Congress plainly contemplated that the patent laws would be

given wide scope.’” Ultramercial, Inc. v. Hulu, LLC, 722 F.3d 1335, 1341 (Fed.

Cir. 2013), quoting Bilski v. Kappos, 130 S. Ct. 3218, 3226 (2010) (“Bilski II”). Of

CBM2014-00035


19

the three limited, judicially created categories of patent-ineligible subject matter

under § 101—laws of nature, natural phenomena, and abstract ideas, Mayo

Collaborative Servs. v. Prometheus Labs., Inc., 132 S. Ct. 1289, 1293 (2012), only

the “abstract idea” exception is at issue here.

To determine whether a patent claim satisfies § 101 and/or is directed to an

abstract idea, the claim as a whole must be analyzed. Diamond v. Diehr, 450 U.S.

175, 188 (1981). “[I]t is irrelevant that any individual step or limitation of such

processes by itself would be unpatentable under § 101.” In re Bilski, 545 F.3d 943,

958 (Fed. Cir. 2008). As the Supreme Court explained:

It is inappropriate to dissect the claims into old and new elements and

then to ignore the presence of the old elements in the analysis. This is

particularly true in a process claim because a new combination of

steps in a process may be patentable even though all the constituents

of the combination were well known and in common use before the

combination was made.

Diehr, 450 U.S. at 188. Thus, while an abstract idea by itself is not patentable, a

practical application of an abstract idea is deserving of patent protection. Mayo,

132 S. Ct. 1293–94; Bilski II, 130 S. Ct. at 3230; Diehr, 450 U.S. at 187.

“[T]he fact that a claim is limited by a tie to a computer is an important

indication of patent eligibility. This tie to a machine moves it farther away from a

claim to the abstract idea itself. Moreover, that same tie makes it less likely that

CBM2014-00035


20

the claims will pre-empt all practical applications of the idea.” Ultramercial, 722

F.3d at 1348. With method claims, where a “claim recites a specific combination

of computer components, at specific locations, that interact in a specific way to

accomplish the steps,” the claim is not directed to an abstract idea. Apple Inc. v.

Sightsound Tech., LLC, CBM2013-19, Doc. 17, at 18 (P.T.A.B. Oct. 8, 2013).

Finally, a claim is directed to an abstract idea only if that idea “exhibit[s]

itself so manifestly as to override the broad statutory categories of eligible subject

matter and the statutory context that directs primary attention on the patentability

criteria of the rest of the Patent Act.” Research Corp. Techs., Inc. v. Microsoft

Corp., 627 F.3d 859, 868 (Fed. Cir. 2010).

B. The ’002 Patent Claims Are Directed To A Technical Solution To

A Technical Problem

As detailed above, the ’002 Patent claims are directed to a technical solution

to a technical problem in the prior art, and not to an abstract idea. The prior-art

payment authentication solution described in the Background required e-commerce

merchants to install software (“plug-ins”) in their payment processing systems for

each debit or credit card payment brand that it supported and wished to

authenticate. ’002 Patent at 2:56–2:64. The ’002 Patent describes the technical

solution of the prior-art systems, including a description of how “the merchant 20,

via a plug-in 22 installed on their server, passes a verify enrollment request

CBM2014-00035


21

(VEReq) message to a directory 38 on a server, e.g., suitably operated by the credit

card network 34” and the interactions of the directory and issuer in response to

such message. ’002 Patent at 1:64–2:35. One problem that the inventors

recognized with that technical solution was the burden for merchants to maintain

plug-ins corresponding to each authentication initiative the merchant wished to

support. Id.

The ’002 Patent invention overcame those problems by having the merchant

install on its server a simplified thin-client and installing on a third-party server, or

universal platform server (MAPS 200, depicted below in Figure 3), the

complicated plug-ins for a plurality of authentication protocols. Id. at 4:56–62.

That third-party centralized processing system/server(s) is a “core component

within the system” and contains processing logic and functionality for facilitating

the authentication of a consumer during the processing of an e-commerce

transaction. See id. at 7:7–11:31.

CBM2014-00035


22

The claims of the ’002 Patent are directed to a technical solution to the

problems described in the Background. Claim 5, which largely is the only claim

Petitioner addressed, recites that a “first party server” has “software … that sends

payment information … to a universal platform server being equipped to format

and route messages over the communications network in different manners to

accommodate the plurality of different authentication protocols prescribed by the

different payment methods”, a “universal platform server” that “receiv[es]

payment information from the first party,” “determin[es] … which of the different

authentication protocols is prescribed by the payment network”, “select[s] … a

CBM2014-00035


23

particular the authentication protocol from [a] plurality of different authentication

protocols” and “obtain[s] an authentication determination … in accordance with

the selected authentication protocol, including formatting and routing the formatted

messages over the communications network in accordance with one or more of the

mandates of the selected authentication protocol.”

Independent claim 1, which Petitioner largely ignores, requires a specific

layered system architecture, as disclosed in Fig. 3, including a “connection layer”

to receive payment information from a merchant over a communications network,

“a plug-in layer including a plurality of plug-in components, each plug-in

component administering a different one of a plurality of authentication programs

in accordance with the authentication protocols prescribed to obtain an

authentication determination for the transactions”; “a distribution layer residing

between the connection layer and the plug-in layer … [for] determining … which

of the different authentication programs is prescribed … [and] routing

communications between the connection layer and the selected plug-in components

in the plug-in layer.”

When viewed as a whole, the ’002 Patent claims simply are not directed to

an abstract idea. Claim 1 is directed to a particular server for receiving payment

information from a merchant with three processing layers, a particular arrangement

of components, i.e., a “distribution layer residing between the connection layer and

CBM2014-00035


24

the plug-in layer”, and particular limitations directed to how the particular

software/hardware components communicate, e.g., “payment information … is

routed to the plug-in component responsible for administering the authentication

program for the particular payment instrument.” Similarly, claims 5 and 14 are

directed to the “universal merchant platform” and expressly require particular

meaningful limitations to be performed by such platform including the determining

and selecting of an appropriate authentication protocol from a plurality of different

authentication protocols supported by the universal platform server and obtaining

an authentication determination in “accordance with the selected authentication

protocol, including formatting and routing the formatted messages over the

communications network in accordance with one or more of the mandates of the

selected authentication protocol.” Thus, instead of being abstract, the claims are

all directed to a novel technological solution to the problems associated with the

prior-art technological solutions described in the Background. See Research, 627

F.3d at 869 (“[I]nventions with specific applications or improvements to

technologies in the marketplace are not likely to be” directed to abstract ideas.). In

particular, the claims are directed to a technological solution in which the universal

platform server “plays a significant part in permitting” and indeed must perform

the recited functionality of determining from payment information received for a

particular transaction (which requires analysis of the payment information) which

CBM2014-00035


25

of the different authentication protocols is prescribed by the payment network,

selecting the appropriate authentication protocol from the plurality of different

authentication protocols, and obtaining an authentication determination in

accordance with the selected authentication protocol. Such claim elements

necessarily encompass and must be performed using computer and network

components. See SiRF Tech., Inc. v. Int’l Trade Comm’n, 601 F.3d 1319, 1332–33

(Fed. Cir. 2010) (holding inability of claimed method to be “performed without”

computer indicates it is directed to patentable subject matter). Indeed, Petitioner

itself argues that the universal platform server is an important element of the ’002

claims stating “[t]he use of a separate, non-merchant platform for authentication is

the essence of the claimed invention of the ’002 Patent.” Pet. at 4; see also Pet. at

28 (“[E]ach of the steps of claim 5 are performed by ‘layers’ or ‘plug-ins’, which

are disclosed to be software operating on one or more servers, i.e., computers.”),

31 (Claim 1 requires various “connection, plug-in, and distribution layers.”), 31

(Claim 14 requires the computer components of claim 1 and, in addition, a

“verification step … performed by a software component on … [a] third party

server.”). Thus, the ’002 Patent claims are clearly and admittedly “limited by a tie

to a computer,” which is “an important indication of patent eligibility.” See

Ultramercial, 722 F.3d at 1348.

Besides being tied to a computer, as detailed above, the claims are directed

CBM2014-00035


26

to specific components and/or steps performed by specific servers to support

authentication and thus contain meaningful limitations. Petitioner concedes this

point as well, noting that the claims require, among other things, “receiving,

selecting and obtaining various information” by various servers. See Pet. at 33.

There is simply nothing abstract about those actions as they require specific

machines to perform the functions required for an authentication determination.

As the Board explained, a “combination of computer components, at specific

locations, that interact in a specific way to accomplish” a technological

improvement over the prior art results in a claim that is patentable under § 101.

See Apple, CBM2013-19, at 18.

Moreover, the Australian Patent Office rejected a similar argument made by

Visa Corporation during an opposition proceeding to the Australian counterpart to

the ’002 Patent.4 Visa argued that the claims, which were similar to the claims of

the ’002 Patent, were unpatentable because they were directed to an abstract or

arbitrary concept. Ex. 2002, Australian Patent Office Opinion, at ¶¶ 17–19. The

Australian Patent Office rejected that argument:

The claims to my mind clearly set out the functionality and

4 Australian Patent Application No. 2003243523 is a foreign counterpart to U.S.

Patent Application Serial No. 10/459,849, which issued as the ’002 Patent.

CBM2014-00035


27

juxtaposition of tangible, networked features of a method and system

that supports authentication processing in an on-line commercial

transactions environment.

Id. Just like those of the Australian patent application, the ’002 Patent claims are

directed to the juxtaposition of tangible, networked features of a method and

system that supports authentication processing and thus are unlikely to be found

invalid under § 101.

C. Petitioner’s Attempt to Define the Claims of the ’002 Patent as an

Abstract Idea Is Baseless

A claim is directed to an “abstract idea” only when “th[at] disqualifying

characteristic … exhibit[s] itself so manifestly as to override the broad statutory

categories of eligible subject matter and the statutory context that directs primary

attention on the patentability criteria of the rest of the Patent Act.” Research, 627

F.3d at 868.

Petitioner argues that the “abstract idea” encompassed by the ’002 Patent

claims is “authenticating a credit card holder during an e-commerce transaction

according to known authentication programs.” Pet. at 25. That argument

disregards, however, that a claim is patent ineligible only if it is directed to the

abstract idea itself instead of an application of the idea. Ultramercial, 722 F.3d at

1343–44. As detailed above, the claims contain meaningful limitations directed to

methods and systems that improve upon the prior-art payment authentication

CBM2014-00035


28

solutions described in the Background. See Research, 627 F.3d at 869

(“[I]nventions with specific applications or improvements to technologies in the

marketplace are not likely to be so abstract that they override the statutory

language and framework of the Patent Act.”).

The claims recite a specific technological solution to authenticated payment

processing—one requiring specific hardware (a third-party server or universal

platform server) that contains specific components (plug-in and distribution layers)

and/or performs specific functionality (determining and selecting an authentication

protocol and using that protocol to format and route messages to obtain an

authentication determination). In attempt to avoid the clear implications of the

limitations of the system claims, Petitioner largely addresses only independent

method claim 5 asserting:

Claim 5 recites little more than the abstract concept of determining an

authentication for a transaction between a first party (merchant) and a

second party (buyer/card holder) with … [the] steps to provide

communication software on the merchant’s server to send payment

information constituting the transaction, determining and selecting an

appropriate protocol to guide the authentication for a particular card,

and obtaining and returning the transaction authentication to complete

the transaction.

Pet. at 20. Petitioner’s self-serving description ignores entirely the “universal

CBM2014-00035


29

platform server” of claim 5, the requirement that such server be equipped to

“format and route messages in different manners to accommodate the plurality of

different authentication protocols”, and that the “authentication determination”

must be obtaining in accordance with the formatting and routing of messages

prescribed by the mandated authentication protocol. Further, Petitioner’s self-

serving description of claim 5, recognizes that claim 5 is directed to a

technological solution for authenticated payment processing and does not preclude

the general abstract idea of all third-party authentication: “Claim 5 recites … steps

to provide communication software on the merchant’s server to send payment

information” to a third-party server which “determin[es] and select[s] an

appropriate protocol to guide the authentication” based on the received payment

information. Id.

Also, the plain language of the claims establishes that Petitioner’s suggestion

that the claims preempt “all manner of third party authentication” is simply false.

Pet. at 25. As discussed above, far from precluding all manner of third-party

authentication, as Petitioner alleges, the ’002 Patent claims instead cover one

technological solution that is an improvement over the prior art disclosed in the

Background. Nothing in the claims would prevent the use of a single

authentication protocol, as taught in Weller and discussed below. And nothing

would prevent the determination and selection of the authentication protocol based

CBM2014-00035


30

on something other than the received payment information.

Petitioner attempts to support its argument that the claims preclude “all

manner of third party authentication” by stating that certain credit card

authentication may be performed manually. See Pet. at 27. In particular, Petitioner

asserts that “[a] person could review the buyer’s payment information, look up the

buyer in a directory for the credit card bank, manually review the buyer/credit card

information, and call or email the merchant and provide the results (authenticated

or not).” Pet. at 28. That argument has no bearing on the validity of the claims

because those alleged “mental steps” are neither recited in nor implicated by the

’002 Patent claims. Ultramercial, 722 F.3d at 1350 (finding “[i]t was error for the

district court to strip away the [claim] limitations and instead imagine some ‘core’

of the invention.”). Petitioner never argues that the specific steps or system

limitations recited in the ’002 Patent claims are drawn to a series of mental steps or

were ever done manually before the ’002 Patent. Instead, Petitioner concedes that

all claims of the ’002 Patent claims are directed to a computer. See Pet. at 28

(“each of the steps of claim 5 are performed by … computers”), 31 (recognizing

that claims 1 and 14 require “various layers and plug-ins” operating on servers).

Indeed, Petitioner’s recitation of mental steps ignores entirely the processing

layers required by the claims and the authentication protocols which require

computer understandable messages to be formatted and routed according to pre-

CBM2014-00035


31

determined rules, which must be performed by a computer to comply with the

realities of an e-commerce transaction (such as encryption). The ’002 Patent

claims simply do not recite a series of mental steps and therefore are not invalid

under 35 U.S.C. § 101.

Petitioner’s Section 101 arguments also miss the mark because they confuse

and conflate patent ineligibility with patent invalidity under Sections 102 and 103.

For example, Petitioner alleges that “software layers are known to drive the

function of computers,” the claims are directed “already known steps,” “the idea of

hosting processes was known,” and the claims are not directed to “any technical

leap over the known processes” for performing authentication. Pet. at 26–30. The

focus of the analysis under 35 U.S.C. § 101, however, is on whether each claim as

a whole is directed to an abstract idea, not on whether individual claim elements

were “known.” Diehr, 450 U.S. at 188 (Under § 101, “[i]t is inappropriate to

dissect the claims into old and new elements and then to ignore the presence of the

old elements in the analysis.”); Apple, CBM2013-19, at 19 n.3 (Whether a claim is

directed to an “abstract idea” is a different question from whether it recites a

feature that is “novel and unobvious.”). Petitioner’s analysis under § 101 never

addresses any claim as a whole, i.e., the particular recited combination of

components and their claimed interaction and functionality, and therefore must be

rejected. See Diehr, 450 U.S. at 188; Apple, CBM2013-19, at 18–21.

CBM2014-00035


32

Lastly, Petitioner’s failure to specifically address the system claims of the

’002 Patent (i.e., claims 1–4 and 14)—in particular, the recited computer software

layers, and how they could possibly be abstract—completely undermines its

conclusory assertion (Pet. at 31-32) that the “only difference between the subject

matter of claim 1” and independent claims 5 is claim 1 is presented from the

perspective of an authentication program. Claim 1 expressly requires a layered

system architecture and even Petitioner concedes that each of these layers is

implemented to perform a specific function as part of a computer system. See id.

at 14. It defies logic for Petitioner to fail to address claim 1’s specific layered

system architecture, and the specific function performed by each software layer.

For example, claim 1 expressly requires a “distribution layer” that is adapted

to “determine the authentication protocol … select the plug-in associated with the

authentication protocol … and instruct the selected plug-in … to obtain an

authentication determination in accordance with its associated authentication

protocol.” It also expressly requires that the “distribution layer” is “residing

between the connection layer and the plug-in layer.” See Claim 1. Like the

meaningful limitations of the method claims, this software component of the

invention expressly ties the inventive technological solution to the problems of the

prior art identified in the Background of the ’002 Patent and requires the

“distribution layer” of the system to determine the authentication protocol and

CBM2014-00035


33

select and instruct a “plug-in” associated with authentication protocol, which is an

additional software component part of the “plug-in layer” of the claimed system,

and to use the rules for formatting and routing messages prescribed by the

authentication protocol to obtain an authentication determination. Petitioner’s

failure to address these limitations (other than to wrongly state they are largely the

same as claim 5) renders Petitioner’s assertion that claim 1 is more likely than not

to be found invalid fundamentally untenable.

VIII. RESPONSE TO GROUND 2: THE CLAIMS OF THE ’002 PATENT

ARE PATENTABLE UNDER 35 U.S.C. § 102(a)

Petitioner challenges claims 1, 2, 4, 5, 9, 13 and 14 as anticipated by an

International Publication No. WO 01/82246 to Weller (“Weller”). As discussed

below, Petitioner fails to establish that it is more likely than not to prevail in

establishing that any claim of the ’002 Patent is anticipated by Weller. Petitioner’s

argument that Weller anticipates those claims is also undermined by Visa’s

opposition to Cardinal’s Australian counterpart application, in which Mr. Weller—

a Visa employee and the author of the Weller reference—submitted a supporting

declaration but neither Mr. Weller nor Visa relied on the Weller patent in asserting

that the Australian patent claims were invalid. Ex. 2002.

A. Claims 1, 2, 4, 5, 9, 13 and 14 of the ’002 Patent Are Not

Anticipated by Weller

Weller does not anticipate any claim of the ’002 Patent. “A claim is

CBM2014-00035


34

anticipated only if each and every element as set forth in the claim is found, either

expressly or inherently described, in a single prior art reference.” Verdegaal Bros.

v. Union Oil Co. of Cal., 814 F.2d 628, 631 (Fed. Cir. 1987), see also MPEP §

2131.02. “The identical invention must be shown in as complete detail as is

contained in the ... claim.” Richardson v. Suzuki Motor Co., 868 F.2d 1226, 1236

(Fed. Cir. 1989). Accordingly, “there must be no difference between the claimed

invention and the reference disclosure, as viewed by a person of ordinary skill in

the field of the invention.” Scripps Clinic & Research Found. v. Genentech, Inc.,

927 F.2d 1565, 1576 (Fed. Cir. 1991).

1. General Description of Weller

Weller was filed by Visa International Service Association and published on

November 1, 2001, seven months before the filing date of the provisional

application to which the ’002 Patent claims priority. Similar to the prior-art

systems disclosed in the Background, Weller discloses a system “for authenticating

the identity of a cardholder during an online transaction [that] involves querying an

access control server to determine if a cardholder is enrolled in a payment

authentication service, request[ing] a password from the cardholder, verify[ing] the

password, and notif[ying] the merchant whether the cardholder’s authenticity has

been verified.” Weller at Abstract. Weller discloses a Payer Authentication

Service (PAS) used to authenticate a cardholder. Each issuer, each merchant and

CBM2014-00035


35

each cardholder must enroll in the PAS system for it to operate. Weller at 12. In

particular, Weller teaches that cardholders may be authenticated through a

“merchant plug-in software module [which] identifies the card account number and

queries the directory server 128 to verify that the account number is within a range

of numbers associated with an issuer bank that is a PAS participant.” Weller at 16.

Importantly, just like the system described in the Background, the merchant plug-

in software in Weller is installed at the merchant’s server. Id. at 9 (“merchant

plug-in software module 134 resides at the location of the merchant 132. … The

plug-in software module provides the interface between the PAS and the

merchant’s payment processing software.”). If the cardholder is registered with

PAS, the cardholder is prompted for a password by a database at the issuer’s

domain. See id. at 17, Fig. 1. Assuming entry of the correct password, the

cardholder is authenticated. Id.

2. Weller Does Not Disclose “A Plurality of Authentication

Protocols” as Recited in the ’002 Patent Claims

Every independent claim of the ’002 Patent requires “a plurality of

authentication protocols.” ’002 Patent at Claims 1, 5, 14. Weller fails to disclose

“a plurality of authentication protocols.” In an effort to rectify this defect,

Petitioner relies on Weller’s disclosure of a “variety of different authentication

methods, such as the use of passwords” supported by PAS. Pet. at 39. That

CBM2014-00035


36

argument is illogical for a number of reasons.

As explained above in Section VI.A., an “authentication protocol” is “a

prescribed set of rules, including those for formatting and routing messages,

governing the transmission of messages over a communications network to verify

that a consumer is likely who he/she claims to be.” By contrast, a password is a

credential provided by a user to potentially verify himself/herself. It is not a

construct to format, route and transmit messages over a communications network.

Thus, Weller fails to teach, disclose or suggest “a plurality of authentication

protocols” as recited in the ’002 Patent claims. Further, Weller on its face does not

disclose a layered software architecture with a “plug-in layer” having a plug-in for

each of the plurality of authentication protocols as required by Claim 1.

Claims 1, 5 and 14 (and their dependent claims) are not anticipated by

Weller because Weller fails to teach, disclose or suggest “a plurality of

authentication protocols.”

3. Weller Does Not Disclose “Determining” or “Selecting” the

Authentication Protocol as Recited in the ’002 Patent

Claims

The ’002 Patent claims require either a “distribution layer residing between

the connection layer and plug-in layer” or a “universal platform server” that

“determine[s] from the payment information received [from the merchant] which

of a different authentication program is prescribed.” Claims 1, 5, and 14. Claims 5

CBM2014-00035


37

and 14, further require selecting a particular authentication protocol from the

plurality of protocols supported by the universal platform server. As discussed

above, Weller fails to disclose “a plurality of authentication protocols” so it

necessarily also fails to disclose determining and selecting the appropriate

authentication protocol or program from a plurality of authentication protocols as

required by the claims.

With respect to claim 1, Petitioner relies on three paragraphs in support of its

allegation that a third-party server is disclosed with a distribution layer, residing

between a connection layer and a plug-in layer, that determines an authentication

protocol or program based on information received from a merchant. Pet. at 39.

None of those paragraphs have anything to do with the function required to be

performed by the distribution layer, they do not mention the specific layers and

how they are required to be configured, and, importantly, they do not mention the

determination of anything let alone an authentication protocol (or the

authentication method identified by Petitioner). Pet. at 39-40. With respect to

claims 5 and 14, Petitioner relies on the following passage to support its allegation

that Weller discloses a system that “determin[es] from the payment information

received at a universal platform server … which of the different authentication

protocols is prescribed”:

A description of the two-step process will now be provided. In the

CBM2014-00035


38

first step, the merchant plug-in software module identity the card

account number and queries the directory server 128 to verify that the

account number is within a range of numbers associated with an issuer

bank that is a PAS participant. If the account number does not fall

within a range of account numbers defined on the directory server

128, then the issuer and thereby its card holder are not registered with

the PAS.

Pet. at 31. First, that passage does not even concern “determining” what Petitioner

alleges in Weller is an “authentication protocol”—one of the disclosed

“authentication methods.” There is only one method employed. Second, that

passage provides that the merchant in Weller receives payment information and the

merchant plug-in (which is located at the merchant’s server) automatically

analyzes that information and “queries the directory server 129 to verify that” the

issuer and cardholder are registered with the PAS. Because Weller discloses that a

merchant supports only one plug-in (see Weller at Fig. 1) and that such plug-in is

associated with only one authentication protocol, Weller fails to disclose

determining the authentication protocol from a plurality of protocols. Third, that

passage discloses any prescribed determination of an authentication protocol is

performed by the merchant, and not a third-party server or “universal platform

server” as required by claims 1, 5 and 14 of the ’002 Patent.

Claims 1 recites a distribution layer that “routes payment information … to

CBM2014-00035


39

the plug-in component responsible for administering the authentication program”

and claims 5 and 14 recite “selecting … a particular authentication protocol from

the plurality of different authentication protocols supported by the universal

platform server.” With respect to claim 1, Petitioner asserts that two passages

completely unrelated to the routing of messages and/or plug-in components

disclose this limitation. Pet. at 40. Petitioner provides no explanation anywhere of

how or why these passages, which on their face do not support Petitioner, could

even possibly disclose the functionality of the “distribution layer.” With respect to

claims 5 and 14, Petitioner relies on the following two passages from Weller as

disclosing the required “selecting” claim elements:

The authentication service of the present invention allows a card

issuer to verify a cardholder’s identify using a variety of

authentication methods, such as the use of passwords.

The issuer domain 102 includes an enrollment site 108, an issuer

cardholder system 110, the cardholder client device 122, an

enrollment server 112, an access control server 114, and issuer or

third party identity authentication component 116, and an account

holder file 118.

Pet. at 43–44 (citations omitted). None of those passages concern selecting an

authentication method. Instead, those passages disclose that the PAS single plug-

in system allows for different “authentication methods,” and that the “issuer

CBM2014-00035


40

domain” may include various servers. Petitioner simply fails to identify anything

in Weller that discloses selecting the authentication protocol from a plurality of

protocols as recited in claims 5 and 14. Further, with respect to claim 1, Weller is

not alleged to, and does not, disclose a layered software architecture with a

“distribution layer” for determining an authentication program associated with an

authentication protocol.

Weller’s failure to teach, disclose or suggest the various functions of the

“distribution layer” of claims 1, 2 and 4 and a “universal platform server” for

“determining” an authentication protocol from the payment information received

from a merchant, and selecting the authentication protocol from the plurality of

authentication protocols, as required by claims 5, 9, 13 and 14, is another

independent basis why those claims are not invalid as anticipated by Weller.

4. Weller Does Not Disclose the Third-Party Server or

Universal Platform Server Recited in the ’002 Patent

Claims

Petitioner alleges that “Weller discloses a payment system in which credit

card authentication is performed on behalf of a merchant by a third party system

that comprises a connection layer, a plug-in layer, and a distribution layer.” Pet. at

35. That is incorrect. Weller does not teach, disclose or suggest the servers and/or

systems recited in the ’002 Patent claims.

As recognized by Petitioner, the claims of the ’002 Patent require a third-

CBM2014-00035


41

party system that facilitates, on behalf of a merchant, the authentication of a

consumer by an issuer. See Napsky at¶ 17. Contrary to Petitioner’s assertions, and

as made plain by Figure 1 of Weller (depicted below), Weller discloses the

consumer (not shown); the merchant 132; the service organization, such as Visa,

which operates directory 128; and the issuer, which controls issuer domain 102.

Absent from Weller is any disclosure of the “third party” or universal platform

server recited in the ’ 002 Patent claims. In particular, Weller fails to teach,

disclose or suggest a “universal platform server” that (1) supports “a plurality of

authentication protocols”; (2) “determin[es] an authentication protocol from the

received payment information”; (3) “select[s] the authentication protocol from the

CBM2014-00035


42

plurality of authentication protocols” and (4) uses an authentication protocol to

“obtain[] an authentication determination in accordance with the selected

authentication protocol” as recited in claims 5 and 14 of the ’002 Patent claims.

Weller further wholly fails to suggest the “connection layer”, “plug-in layer” and

“distribution layer” required by claim 1, let alone the “distribution layer residing

between the connection layer and the plug-in layer.” Notwithstanding Petitioner’s

contrary assertion, the closest thing that Weller discloses to the claimed

functionality takes place at the merchant (the party who sends information to the

universal platform server in the ’002 Patent claims): the “merchant plug-in

software module 134 resides at the location of the merchant 132.” Weller at 9.

Petitioner appears to assert that either the service organization (with

directory 128) or issuer disclosed in Weller is the recited “universal platform

server” in the ’002 Patent claims but fails to provide any specific guidance as to its

allegations. See Pet. at 36–37 (identifying “service organization” and “enrollment

server 112” for steps5(a) and 5(d) and directory server 128 for step 5(b)).

Specifically, Petitioner states that “[t]he service organization 128 of Weller

disclose third party authentication implemented by a third party 128 that interacts

between a merchant and an issuer. Weller also discloses an agent 102 of the issuer

that would act as a third party between the merchant and the issuer.” Pet. at 36.

Those allegations simply do not address whether a third-party server exists for

CBM2014-00035


43

performing the claimed functions.

First, contrary to Petitioner’s assertion, Weller does not disclose that “agent

102 of the issuer that would act as a third party between the merchant and the

issuer.” Instead, Weller discloses that “issuer domain 102 … [is] primarily

controlled by an issuer.” Weller at 8:14–15. Alternatively, Weller discloses that

issuer domain 102 may be controlled by a service association or “even an agent

acting for an issuer.” Weller at 8:19–21. As the issuer domain 102 is controlled

by either the issuer itself or an agent acting for the issuer—meaning either can

make an authentication determination—the agent of the issuer in Weller cannot be

operating the claimed universal platform server because the server must “obtain[]

an authentication determination for the transaction in accordance with the selected

authentication protocol.”

Second, Weller never discloses that either the issuer or service organization

(with directory 128) supports a plurality of authentication protocols or performs

any of the other functionality required by the ’002 Patent claims. Indeed,

Petitioner’s allegations regarding some elements recited in the claims point to the

merchant for performing some of those activities while pointing to the issuer or

CBM2014-00035


44

service organization for others.5 That switching back and forth between the

merchant, issuer and service organization as the entity performing the recited steps

belies Weller’s failure to teach, disclose or suggest the recited “third party.”

Third, in Weller neither the service organization nor the issuer is the claimed

“universal platform server.” Weller discloses that “[d]irectory 128 [, which is

operated by a service organization, such as Visa,] routes authentication requests

from merchants to specific access control servers.” Weller 10. Weller further

discloses that “[t]he card issuer or a service organization, such as Visa, on behalf

of the issuer may operate the access control server 114.” Weller at 9. Hence,

either the issuer or service organization (which in this regard is acting on behalf of

the issuer) will make an authentication determination. See Weller at 3 (“The

authentication service of the present invention allows a card issuer to verify a

cardholder's identity using a variety of authentication methods, such as the use of

passwords.”) (emphasis added). Because the ’002 Patent claims provide that the

5 Petitioner relies on servers of “issuer domain 102” for purposes of the selecting

step and functionality recited in the ’002 Patent claims. See Pet. at 43 (element

5e), 46 (element 14c) & 39 (element “distribution layer”). But for purposes of the

determining steps and functionality of the ’002 Patent claims,” Petitioner relies on

the merchant. See Pet. at 39 (“plug-in layer”), 43 (element 5b), 42 (element 14b).

CBM2014-00035


45

“determination” of an authentication protocol is done by the third-party server or

universal platform server, neither the service organization nor the issuer can

operate that server.

Fourth, Weller does not disclose either a distribution layer or a universal

platform server that “determin[es] from the payment information received …

which of the different authentication [methods] is prescribed for the type of

payment instrument identified in the payment information.” Claim 1; see Claims

5 and 14. Weller discloses the same so-called protocol (or authentication method),

i.e., passwords, will be used regardless of the payment option used by the customer

(second party) for the transaction. Weller at Fig. 1.

Weller’s failure to teach, disclose or suggest the “third party” of independent

claims 1, 5 and 14 (and their independent claims is another independent basis why

those claims are not anticipated by Weller.

B. The Absent Claim Limitations are Not Inherent in Weller

Recognizing the deficiencies in Weller, Petitioner tacitly admits that Weller

does not expressly disclose each claim limitation by resorting to alleging that

various claim elements are disclosed inherently. Pet. 35–37. “To establish

inherency, the extrinsic evidence must make clear that the missing descriptive

matter is necessarily present in the thing described in the reference.” In re

Robertson, 169 F.3d 743,745 (Fed. Cir. 1999). “The mere fact that a certain thing

CBM2014-00035


46

may result from a given set of circumstances is not sufficient.” Id. Instead,

“anticipation by inherent disclosure is appropriate only when the reference

discloses prior art that must necessarily include the unstated limitation, or the

reference cannot inherently anticipate the claims.” In re Omeprazole Patent Lit.,

483 F.3d 1364, 1378 (Fed. Cir. 2007); see Motorola Mobility, LLC v. Int’l Trade

Comm’n, 737 F.3d 1345, 1350 (Fed. Cir. 2013) (rejecting inherency argument

where claim element was not established to be “necessarily required”, noting that

“[i]nherency requires more than probabilities or possibilities.”).

Petitioner alleges that the “third party issuers would inherently include:

[(1)] a connection layer (so as to be able to connect to the merchant); [(2)] a plug-

in layer (so as to verify enrollment); and [(3)] a distribution layer (so as to route an

authentication request to a specific access control server).” Pet. at 36. Notably,

Petitioner fails to allege that all the claimed functionality of those layers would

have been inherent. Petitioner fails to even allege that the recited relative

arrangement of those layers—“a distribution layer residing between the connection

layer and the plug-in layer … each transaction is routed to the plug-in

component”—would be inherent. Further, claim 1 recites that the “plug-in layer

include[s] a plurality of plug-in components, each plug-in component

administering a different one of a plurality of authentication programs” but

Petitioner does not allege (and indeed cannot establish) that anything disclosed in

CBM2014-00035


47

Weller necessarily supports “a plurality of authentication protocols.” Nor does

Petitioner allege that the system of Weller necessarily “determine[s] the

authentication protocol” associated with each of the one or more transactions from

payment information received from the merchant as required by the distribution

layer of claim 1 and the language of claims 5 and 14. This is unsurprising because

neither would seem likely as Weller discloses that issuer 102 uses its access control

server to authenticate a consumer and therefore would need only to support the one

authentication protocol that it mandates merchants to use (if an authentication

protocol even is necessary to perform its internal operations). Moreover, as

discussed above in Section VIII.B.4., issuer 102 of Weller does not use or operate

the claimed “universal platform server.”

Petitioner also argues that “because the issuer can include ‘an issuer or third

party identity authentication component 116,’ there is inherently a distribution

layer that routes an authentication request to either the issuer identity

authentication component or the third party authentication component.” Pet. at 36-

37. That is not the function of the distribution layer of claim 1 of the ’002 Patent.

Further, that argument disregards Weller’s disclosure that issuer or third party

identity authentication database 116 is used to enroll or register a cardholder to the

Payment Authentication Service, not to authenticate a consumer engaged in a

transaction with a merchant:

CBM2014-00035


48

Issuer or third party identity authentication database 116 contains

information that the issuer or third party already has on file regarding

cardholders. Database 116 is used by issuer in the process of

enrolling cardholders to verify the identity of the cardholders. For

instance, information entered by cardholders during the PAS

registration process must match the information already on file in the

authentication database 116 in order for cardholders to successfully

register for PAS. Third parties can be companies such as Equifax.

Weller at 10. Thus, it is unclear what Petitioner hopes to gain by relying on this

passage because it concerns functionality (consumer enrollment or registration) not

implicated by the ’002 Patent claims.

Therefore, the Board should reject Petitioner’s inherency argument because

Petitioner failed to establish that the issuer in Weller necessarily performs the steps

recited in independent claims 5 and 14 or necessarily includes the claimed layers

recited in independent claim 1. See Motorola Mobility, 737 F.3d at 1350; In re

Omeprazole Patent Lit., 483 F.3d at 1378.

C. The Chatterjee Expert Declaration Does Not Save Petitioner’s

Anticipation Arguments

Petitioner submitted a declaration from Dr. Sandeep Chatterjee in support of

its Petition. That declaration devotes only four largely conclusory paragraphs to

Petitioner’s anticipation argument—one of which refers to the claim chart in the

Petition. Chatterjee Decl. (Ex. 1009) ¶¶ 93–96. Notably, Dr. Chatterjee fails to

CBM2014-00035


49

explain how any element claimed in the ’002 Patent not expressly disclosed in

Weller is inherently disclosed in the reference. Instead, the declaration merely

rubber stamps “the claim chart found in the [Petition as] set[ting] forth where each

of the limitations of claims 1–14 are found in Weller.” Chatterjee Decl. ¶ 95. As

explained in the preceding sections VIII.B. and C., the paragraphs relied on in the

claim chart fail to teach, disclose or suggest each and every limitation recited in the

’002 Patent claims.

Simply put, because Dr. Chatterjee “fail[s] to explain” how Weller discloses

each and every limitation, his testimony cannot be used to fill the gaping holes in

the Petition in an attempt to establish that it is more likely than not the ’002 Patent

claims are invalid as anticipated by Weller. See ActiveVideo Networks, Inc. v.

Verizon Comm’ns, Inc., 694 F.3d 1312, 1328–30 (Fed. Cir. 2012) (finding claims

not anticipated as a matter of law where expert “failed to explain” how alleged

prior art disclosed claim limitation”); Oakley, Inc. v. Sunglass Hut Int’l, 316 F.3d

1331, 1343 (Fed. Cir. 2003) (finding anticipation argument “facially deficient”

where expert affidavit contained oncly conclusory statements and did not explain

the expert’s basis for his opinion that each claim limitation was met).

IX. RESPONSE TO GROUND 3: CLAIMS 1–11, 13 AND 14 OF THE ’002

PATENT ARE NOT INVALID UNDER 35 U.S.C. § 103(a)

Petitioner argues that claims 1–14 of the ’002 Patent are invalid as obvious

CBM2014-00035


50

based on a collection of markedly deficient prior art. In particular, Petitioner

alleges that claims 1–11, 13 and 14 of the ’002 Patent are obvious over Weller in

view of International Patent Publication WO 2002/25604 by Swain (“Swain”).

Petitioner further alleges that claims 1, 2, 4–8, 10, 13 and 14 are obvious over the

admitted prior art in the ’002 Patent, most of which is described in the Background

of the ’002 Patent (“Admitted Prior Art”), in view of U.S. Patent No. 6,262,492 to

Kay (“Kay”). Finally, Petitioner alleges that claim 1 of the ’002 Patent is invalid

over the Admitted Prior Art in view of SOAP Version 1.2 Specification by Gudgin

et al. (“Gudgin”). As discussed below, Petitioner fails to establish that it is more

likely than not that any claim of the ’002 Patent is invalid.

Obviousness is a question of law, based on four factual inquiries: (1) the

scope and content of the prior art, (2) the differences between the prior art and the

claimed invention, (3) the level of ordinary skill in the field of the invention, and

(4) any relevant objective considerations. KSR Int’l Co. v. Teleflex Inc., 550 U.S.

398, 406 (2007). An obviousness “rejection[] cannot be sustained by mere

conclusory statements; instead, there must be some articulated reasoning with

some rational underpinning to support the legal conclusion of obviousness.” See

KSR, 550 U.S. at 418. The articulated reasoning must take into account all claim

limitations in order to evaluate the “invention as a whole” as the statute mandates.

35 U.S.C. § 103). Further, it is well settled that all words in a claim must be

CBM2014-00035


51

considered in judging the patentability of that claim against the prior art. In re

Lowry, 32 F.3d 1579, 1582 (Fed. Cir. 1994) (all claim limitations must be

considered); see also M.P.E.P. §§ 2141.02 (“The Claimed Invention as a Whole

Must be Considered”), 2143.03.

A determination of obviousness cannot be based on the hindsight

combination of components selectively culled from the prior art to fit the

parameters of the patented invention. KSR, 500 U.S. at 420; St. Jude Med., Inc. v.

Access Closure, Inc., 729 F.3d 1369, 1381 (Fed. Cir. 2013) (rejecting obviousness

argument because “[e]ven under … expansive and flexible of obviousness analysis,

we must guard against ‘hindsight bias’ and ‘ex post reasoning’”). Indeed, the

Federal Circuit has emphasized the insidious effect that hindsight can have in an

obviousness analysis and the need to take great care to avoid it. W.L. Gore &

Assoc., Inc. v. Garlock, Inc., 721 F.2d 1540, 1553 (Fed. Cir. 1983) (“To imbue one

of ordinary skill in the art with knowledge of the invention in suit, when no prior

art reference or references of record convey or suggest that knowledge, is to fall

victim to the insidious effect of a hindsight syndrome wherein that which only the

inventor taught is used against its teacher.”) (Markey, C.J.).

Instead, to render a patent claim invalid as being obvious from a

combination of references, there must be some evidence within the prior art as a

whole to suggest the desirability, and thus the obviousness, of initially making the

CBM2014-00035


52

combination in a way that would produce the patented invention. Id. Thus, “even

when all claim limitations are found in prior art references, the fact-finder must not

only determine what the prior art teaches, but [also] whether the prior art teaches

away from the claimed invention and whether there is a motivation to combine

teachings from separate references.” Star Scientific, Inc. v. R.J. Reynolds Tobacco

Co., 655 F.3d 1364, 1374–75 (Fed. Cir. 2011) (citations and quotations omitted).

A. Claims 1–11, 13 and 14 of the ’002 Patent Are Not Invalid Under

35 U.S.C. 103(a) over Weller in View of Swain

Petitioner challenges claims 1–11, 13 and 14 of the ’002 Patent as obvious

over Weller in view of Swain. As discussed, Petitioner fails to establish that it is

more likely than not that it will prevail on this ground.

1. The Scope and Content of Weller and Swain

Weller: The scope and content of Weller—in particular, those claim

elements recited in the ’002 Patent that Weller fails to disclose—is discussed in

detail above in Sections VIII.B.–VIII.C.

Swain: Swain was published on March 28, 2002, three months before the filing

date of the provisional application to which the ’002 Patent claims priority. Swain

is directed to a system and method for unifying payment transactions between a

customer and merchant that uses “customer information in one or more electronic

CBM2014-00035


53

wallets” for the transaction.6 Swain at Abstract. Swain discloses that “[t]here are

three components to the generic wallet server architecture: the cardholder, the

client wallet sever, and the merchant website,” where the cardholder is the owner

of a particular client wallet server account. Swain at 2:25–27. Swain also

discloses that a cardholder uses its cardholder wallet server account to conduct a

transaction with a merchant. Swain at 2:27–3:11, 6:12–25.

The particular system and method disclosed in Swain addresses some

disadvantages with prior client wallet solutions such as compatibility between the

client wallet servers and merchant systems and the need to ensure that client

personal information is transmitted to a verified merchant. In particular, Swain

discloses that a disadvantage with the client wallet system was that each client

wallet server used a proprietary interface (API), so a merchant that wanted to

support multiple client wallet servers had to conform to the differing APIs used by

6 An electronic wallet, like the one disclosed in Swain, is a virtual wallet in which a

consumer may store his/her personal and payment information, such as billing and

shipping addresses, credit card information, bank account information. The wallet

may be used at various web merchants and saves the consumer time by avoiding

the need to fill out forms requesting personal and payment information during

checkout and instead transmits his/her wallet information to the merchant.

CBM2014-00035


54

the various client wallet servers. Swain at 3:13–17. Another disadvantage

disclosed in Swain is that “the client is not assured that the merchant entity asking

for cardholder credentials is an authentic and trusted merchant or that the system

being used by the merchant is an authentic and trusted system.” Swain at 6:21–31.

To overcome those limitations, Swain discloses a trusted merchant wallet

server (MWS) that uses a common unifying interface or API to communicate with

client wallet servers from various vendors. Swain at 5:5–6, 7:1–5, 6:24–26.

Instead of the merchant interacting directly with a client wallet server, the

merchant wallet server communicates with both the client wallet server and

merchant website to process the payment transaction. Swain at 7:12–20. The

merchant wallet server shares the cardholder secret encryption key before the

cardholder gives final authorization (i.e., approval) to proceed with any payment,

which assures the cardholder “that he/she is dealing with a trusted system and a

trusted merchant prior to providing final authorization to proceed with the

transaction as only a trusted merchant using a trusted system would have” the

cardholder’s secret key. Swain 12:11–24.

As recognized by Petitioner (Pet. at 51 and 61), Swain does not disclose “a

plurality of authentication protocols prescribed for the respective different types of

payment instruments.” Petitioner further concedes that Swain fails to teach a

“plurality of different payment instrument types having different authentication

CBM2014-00035


55

protocols prescribed therefor by their respective payment networks” as required by

Claims 5 and 14. Pet. at 54. Despite Petitioner’s admission, Petitioner relies on a

single passage in Swain disclosing that “[t]he merchant wallet server has the ability

to engage in payment transaction through an SSL payment gateway[, which] …

provides a good level of security making use of keys for message encryption and

certificates for bi-directional authentication” for many of the claim limitations.

Pet. at 50–61. SSL or Secure Sockets Layer is a security technology for

establishing an encrypted link between a server and a client—typically a web

server (website) and a browser—which verifies via digital certificates the

computers/servers used to conduct a transaction. Importantly, however, SSL is not

alleged to and does not “authenticate” the person (i.e., the consumer) conducting

the transaction and it does not do so. Simply, SSL is not “a prescribed set of rules,

including those for formatting and routing messages, governing the transmission of

messages over a communications network to verify that a consumer is who he/she

claims to be.” Even assuming SSL is an authentication protocol, it is only one

authentication protocol, not “a plurality of different authentication protocols” as

conceded by Petitioner, and there is no disclosure of selecting or determining

whether to use SSL as opposed to a different protocol based on the consumer

financial information.

Consequently, Swain also fails to disclose “a plug-in layer …[wherein] each

CBM2014-00035


56

plug-in component administer[s] a different one of a plurality of authentication

programs in accordance with the authentication protocols”, as required by claim 1

of the ’002 Patent, and “determining from the information received at the universal

platform server … which of the different authentication protocols is prescribed,”

as required by claims 5 and 14.

Further, Swain fails to disclose a “distribution layer residing between the

connection layer and the plug-in layer … determining from the payment

information received … which of the different authentication program is

prescribed … and routing communications between the connection layer and

selected plug-in components in the plug-in layer,” as required by claim 1, and the

“determining” and “selecting” steps of claims 5 and 14. Petitioner quotes a single

passage from Swain about the merchant wallet server providing a common

unifying interface as allegedly disclosing these limitations. Pet. at 52-53, 55-56.

That passage provides as follows:

The MWS is designed such that it is independent of the specific client

wallet server and of the merchant website. That is, the MWS is coded

with specific adapters to available client wallet servers. Furthermore,

the MWS provides a common unifying interface (or API's) to the

merchant for performing payment processing and connectivity to

client wallets. This alleviates the cost overhead of having to add new

API’s for each new client wallet being supported, by the merchant.

CBM2014-00035


57

Swain at 7:22–27. Contrary to Petitioner’s assertion, nothing in that passage

discloses the various software layers required by claim 1, let alone the routing of

communications between software layers, and nothing discloses the “determining”

and/or “selecting” steps required by claims 5 and 14. As explained above, the

merchant wallet server admittedly does not disclose a “plurality of authentication

protocols” and, therefore, it plainly does not disclose determining or selecting an

authentication protocol from among a plurality of authentication protocols. That

passage from Swain discloses that the merchant wallet server may, through

“specific adaptors,” receive messages from the client wallet servers that use

different protocols but uses one “common unifying interface” to send messages to

the merchant.

If anything, Swain discloses an affirmative teaching away from a server

being equipped to format and route messages or to send messages according to a

plurality of different authentication protocols. Swain discloses that the merchant

wallet server receives messages from a client wallet server, which may use

different protocols, but the merchant wallet server sends messages using only a

single API thereby “alleviat[ing] the cost overhead of having to add new API’s for

each new client wallet being supported[] by the merchant.” Id. at 7:22–27. As

with the system disclosed in Weller, that is a teaching that the best approach is the

adoption of a unified, one size-fits all, approach for sending messages. That

CBM2014-00035


58

teaching would suggest to one of ordinary skill in the art at the time of the

invention to use a common unifying authentication protocol for all issuing

networks and payment brands instead of supporting a plurality of different

authentication protocols. See Santarus, Inc. v. Par Pharm., Inc., 694 F.3d 1344,

1354 (Fed. Cir. 2012) (“A reference ‘teaches away’ when it ‘suggests that the line

of development flowing from the reference’s disclosure is unlikely to be

productive of the result sought by the [inventor].’”); In re Gurley, 27 F.3d 551, 553

(Fed. Cir. 1994) (“A reference may be said to teach away when a person of

ordinary skill, upon reading the reference, would be discouraged from following

the path set out in the reference, or would be led in a direction divergent from the

path that was taken by the applicant.”); W.L. Gore, , 721 F.2d at 1552 (“He

proceeded contrary to the accepted wisdom of the prior art by … That fact is strong

evidence of nonobviousness.”) (Markey, C.J.). Accordingly, there are significant

differences between the system disclosed in Swain and the systems and methods

recited in the ’002 Patent claims.

2. The Combination of Weller in view of Swain Does Not

Disclose Each and Every Limitation of any Claims of the

’002 Patent

Neither Swain nor Weller disclose the various software layers of claim 1 and

the juxtaposition of such layers, and/or the plurality of authentication protocols,

determining an authentication protocol, or selecting an authentication protocol

CBM2014-00035


59

from among a plurality of authentication protocols in the manner claimed by the

claims of the ’002 Patent.

The inability to show that each and every claim limitation is disclosed or

taught by the asserted combination of prior art references or elsewhere in the

relevant art, suggests that the claim is nonobvious. See Broadcom Corp. v. Emulex

Corp., 732 F.3d 1325, 1334–35 (Fed. Cir. 2013) (claim not obvious where prior art

reference failed to disclose a “data path” limitation as claimed, and there was no

apparent reason to modify the prior art reference to include the “data path” as the

prior art reference was directed to solving a different problem than that solved by

the claimed invention); St. Jude, 729 F.3d at 1381 (claim not obvious where

“[n]either Takayasu nor Smiley discloses a balloon configured to operate as a

positioning device to prevent a plug from entering a blood vessel as claimed in the

Fowler patents.”); August Tech. Corp. v. Camtek, Ltd., 655 F.3d 1278, 1287 (Fed.

Cir. 2011) (claim not obvious because the alleged combination failed to disclose all

the claim limitations).

The proposed combination of Weller and Swain fails to disclose a

“plurality of authentication protocols” supported by a third-party server, or a

universal platform server, as required by the ’002 Patent claims. Petitioner

argues that “[t]he MWS entity in Swain … can be incorporated into the

authentication system of Weller,” and that the combined “entity would provide a

CBM2014-00035


60

unifying interface for the ‘variety of authentication methods’ and protocols in

Weller.” Pet. at 49. As explained above in SectionsVIII.B.2, the “authentication

methods” disclosed in Weller are not the claimed “authentication protocols.” As

further explained above, at best, Weller discloses one authentication protocol

associated with one merchant plug-in installed at the merchant location. See

Weller at 10:25–30, Fig. 1. Swain admittedly does not disclose the claimed

“plurality of authentication protocols.” Section VIII.A.1. Thus, because both

Weller and Swain each disclose one authentication protocol, the combination of

those references would yield a system with one authentication protocol as well.

Even assuming that Weller disclosed a “plurality of authentication protocols,”

changing to “a unifying interface for the ‘variety of authentication methods’ and

protocols,” as Petitioner suggests (Pet. at 49), would lead to one protocol being

used by the system, not a plurality of protocols.

The proposed combination fails to disclose the “connection layer for

connecting with the merchants”, the “plug-in layer … a different one of a

plurality of authentication programs in accordance with the authentication

protocols”, and a distribution layer residing between the connection layer and

the plug-in layer … routing communications between the connection layer

and … the plug-in layer” recited in claim 1. Section VIII.B.3 establishes that

Weller fails to disclose each of these various components of the system claims.

CBM2014-00035


61

And as discussed in Section IX.A.2., the single paragraph of Swain relied on by

Petitioner fails to disclose the functionality of each of these components.

The proposed combination also fails to disclose a third-party server as

required by claims 1 and 5, see Claim 1 (“a connection layer for connecting

with the merchant”) and Claim 5 (“universal platform server”), that

“determin[es] the authentication protocol from the received payment

information” and “routes” communications either between the various

software layers based on the determined protocol or to the issuer. Section

VIII.B.3 establishes that Weller fails to disclose the various software/hardware

layers of claims 1 and 5 and the “determining” steps required by all of the claims.

And as discussed in Section IX.A.2., Swain too fails to disclose these limitations.

Lastly, Petitioner fails to address the layered system architecture required by

claim 1 let alone why it would be obvious to use the particular layered system

architecture. Presumably, this is why Petitioner’s constructions of the various

software “layers” read out any requirement that they have to be software layers.

Because Weller in view of Swain fails to disclose the limitations of the asserted

claims, and Petitioner fails to address these deficiencies, the claims of the ’002

Patent are not obvious over Weller in view of Swain. See Broadcom, 732 F.3d at

1335; St. Jude, 729 F.3d at 1381; August Tech., 655 F.3d at 1287–90 (claim not

obvious because the alleged combination failed to disclose all the claim

CBM2014-00035


62

limitations).

3. One of Ordinary Skill Would Not Have Combined or

Modified Weller in view of Swain in the Way Suggested by

the Claims

Petitioner alleges that it would have been obvious to incorporate the features

of Swain into the system of Weller because Swain teaches providing a common

interface to a wallet server that “‘alleviates the cost overhead of having to add new

API’s for each new client wallet being supported, by the merchant” and performs

authentication. Pet. at 49; Chatterjee Decl. ¶¶ 113-4. Petitioner also alleges that a

reason to combine Weller and Swain is that Swain “supports Secure Electronic

Transactions, which was an initiative started by Visa and MasterCard [and] … the

system in Weller was … developed by Visa.” Pet. at 46–47.

Petitioner’s expert Dr. Chatterjee does not even rely on Swain’s disclosure

of SET as a reason to combine Weller and Swain. Chatterjee Decl. ¶¶ 112–14.

“Secure Electronic Transaction” or “SET” is a decentralized authentication

protocol where authentication occurs by inference based on the receipt by the

issuer of multiple digital certificates, which is fundamentally different from the

centralized processing system/server(s) operated by the issuer disclosed in Weller

and the third-party centralized processing system/server disclosed and claimed in

the ’002 Patent. Contrary to providing a reason to combine the references, if any,

one of ordinary skill in the art at the time of the invention would have understood

CBM2014-00035


63

Swain’s disclosure of SET as another reason to avoid a combination with Weller

because the use of SET is incompatible with the system disclosed in Weller.

Notably, Petitioner’s expert Dr. Chatterjee does not appear to agree that this is a

legitimate reason to combine Weller and Swain, as it is not mentioned in his

obviousness analysis. Chatterjee Decl. ¶¶ 113–15.

Moreover, notwithstanding Petitioner’s allegations about SET, absent from

the Petition is any legitimate reason why one of ordinary skill in the art at the time

of the invention would have combined Weller in view of Swain and modified that

combination to arrive at the claimed invention. Dr. Chatterjee’s declaration suffers

from the same failure. Chatterjee Decl. ¶¶ 113–15.

That is a glaring omission because Weller discloses a complete alternative

technological solution to payment authentication—i.e., one that authenticates a

consumer in an e-commerce transaction. Indeed, Petitioner fails to identify any

defect, problem or concern raised as to the Weller system other than the problem

identified by the inventors and solved and claimed in the ’002 Patent. Without a

reason to modify the Weller system, it would not have been apparent to one of

ordinary skill in the art at the time of the invention to modify the Weller system to

achieve the system and method claimed in the ’002 Patent.

At best, Weller discloses a system using a single merchant plug-in software

module installed at a merchant site that is associated with a single authentication

CBM2014-00035


64

protocol. Swain discloses a trusted merchant wallet server that is able to

communicate with client wallet servers that use different protocols to send

messages. Swain at 7:2–5. The merchant wallet server “is positioned between the

client wallet server and the merchant web site and effects transactions directly with

a financial host,” performing the payment processing obligations of the merchant.

Id. at 7:8–20. The merchant wallet server receives messages from the client wallet

server which may use different protocols but the merchant wallet server teaches

sending messages using a single API, “alleviat[ing] the cost overhead of having to

add new API’s for each new client wallet being supported[] by the merchant.” Id.

at 7:22–27. Given the teaching in Swain about the importance of compatibility of

the Swain merchant wallet server with different protocols used by various client

wallet servers and the use of a common unifying interface for communicating (see

Swain at 3:13–17, 7:22–27), one of ordinary skill in the art at the time of the

invention tasked with combining the Weller system with the Swain merchant

wallet server would set out to build a system that supports only one authentication

protocol that would be used to communicate with each issuer/service organization

to obtain an authentication determination. This is not only what is suggested by

Swain but it is also what is expressly taught in Weller.

Contrary to Petitioner’s allegation (Pet. at 49), the resulting combination of

Weller of Swain would not “include an entity that is located between a merchant’s

CBM2014-00035


65

server and a card issuer’s server.” Swain expressly discloses that the merchant

wallet server “is an entity positioned between the client wallet server and the

merchant web site and effects transactions directly with a financial host.” Swain at

7:7–10. Indeed, Petitioner recognizes this point. Pet. at 48 (“The MWS is

positioned between a client wallet server and a merchant web site.”). Despite this

express disclosure, Petitioner alleges that “[t]he resulting combination [of Weller

and Swain] would include an entity that is located between a merchant’s server and

the card issuer’s server.” Pet. at 49 (emphasis added). Petitioner cites nothing for

this sleight of hand. Of course, the only logical conclusion for one of ordinary skill

in the art when combining Weller in view of Swain would have been to place the

Swain merchant wallet sever between the cardholder and merchant website in the

Weller PAS architecture.

Further, by rewriting the references to place the merchant wallet server

between the merchant and the issuer, Petitioner ignores that a purpose of the Swain

merchant wallet server is to allow a cardholder to authenticate a merchant before

sending its card information to the merchant. See Swain at 12:11–24. Placing the

merchant wallet server between the merchant and the card issuer would destroy the

system taught in the Swain reference and deprive the cardholder of the

“assur[ance] that he/she is dealing with a trusted system and a trusted merchant

prior to providing final authorization to proceed with the transaction, i.e., before

CBM2014-00035


66

forwarding the merchant the cardholder’s information.” See Swain at 12:21–24.

That alone suggests that one of ordinary skill in the art would not have made the

proposed modification of the combined Weller and Swain system that Petitioner

advocates here. See In re Gordon, 733 F.2d 900, 902 (Fed. Cir. 1984) (reversing

Board’s obviousness conclusion where prior art reference “would be rendered

inoperable for its intended purpose” by proposed modification); Application of

Ratti, 270 F.2d 810, 813 (C.C.P.A. 1959) (no motivation to make suggested

combination of references because it “would require a substantial reconstruction

and redesign of the elements shown in [the prior art reference] as well as a change

in the basic principles under which [that reference’s] construction was designed to

operate”). Petitioner’s conclusory argument on obviousness is not supported by

evidence and completely fails to address why one of skill in the art would ignore

the intended purpose of the Swain merchant wallet server and/or modify the Swain

wallet server by moving it to a different location in the proposed combination.

Petitioner’s failure to provide a legitimate reason why one of ordinary skill

would have modified the combined Weller and Swain systems to achieve the

claimed invention strongly suggests that Petitioner has engaged in a hindsight

reconstruction using the teachings of the ’002 Patent (and the decade of knowledge

gained from seeing this aspect of the payments industry develop) as a roadmap to

modify the prior art to arrive at the claimed invention. That is improper. In re

CBM2014-00035


67

Fritch, 972 F.2d 1260, 1266 (Fed. Cir. 1992) (“It is impermissible to use the

claimed invention as an instruction manual or ‘template’ to piece together the

teachings of the prior art so that the claimed invention is rendered obvious.”); W.L.

Gore, 721 F.2d at 1553.

Dr. Chatterjee’s declaration suffers from the same failures. Specifically,

Dr. Chatterjee fails to explain how or why one of skill in the art at the time of the

invention would have modified the combined Weller and Swain system to achieve

the claimed invention.

Because both Petitioner and Dr. Chatterjee fail to recognize the differences

between the prior art and the claimed inventions and provide no legitimate reason

why one of ordinary skill in the art would have combined and modified the Weller

and Swain systems to achieve the claimed inventions, the conclusory statements in

the Chatterjee declaration are insufficient to establish that the claims are likely to

be held invalid. See Alexsam, Inc. v. IDT Corp., 715 F.3d 1336, 1347–48 (Fed.

Cir. 2013) (holding claims non-obvious where “[e]xpert testimony was required

not only to explain what the prior-art references disclosed, but also to show that a

person skilled in the art would have been motivated to combine them in order to

achieve the claimed invention.”).

CBM2014-00035


68

B. Claims 1, 10 and 17 Are Not Obvious over the Admitted Prior Art

in view of Kay

Petitioner challenges claims 1, 5 and 14 of the ’002 Patent as obvious over

the Admitted Prior Art in view of Kay. As discussed below, Petitioner fails to

establish that it is more likely than not that any claim is invalid on that ground.

1. The Scope and Content of the Admitted Art and Kay

Admitted Prior Art: The Background of the ’002 Patent discloses a

particular prior art payment processing system that conducts e-commerce

transactions between a merchant and consumer. That prior art system required

installing a merchant plug-in on a merchant’s payment system for each debit and

credit card that the merchant wished to support. Id. at 2:63–3:4. Each merchant

plug-in is associated with an issuer-specific authentication protocol used to

communicate with the issuer or its agent, who authenticates the consumer.

The Admitted Prior Art was before the USPTO during prosecution of the

application that issued as the ’002 Patent. This argument involves both the same

prior art and the same or substantially similar arguments previously presented to

the Patent Office during the initial examination of the ’002 Patent. For that reason

alone, the Board should deny Petitioner’s obviousness argument based on the prior

art described in the ’002 Patent. See 77 Fed. Reg. 48680, 48702; 35 U.S.C.

§ 325(d).

CBM2014-00035


69

KAY: Kay discloses that a problem with prior art website management

systems related to their inability “to add functional enhancements to a website that

requires no modification or replacement of the content-storing servers and is

transparent to web browser software.” Kay at 1:19–34. To address this need, Kay

discloses a website 100 with a front-end proxy server 104 and a back-end web

server 102—the arrangement of which allows for functional enhancements to be

added that require no modification or replacement of the content-storing servers

and is transparent to the web browser software. Id. at 1:37–41, 2:32–37. The

front-end proxy server supports only a single communication protocol (e.g.,

HTTP), not a plurality of communication protocols. See id. at 2:37–41. The front-

end proxy server provides an end user (or visitor to a website) a single entry point

to a website and its back-end web servers and typically includes no content on its

own. Id. at 2:66–3:7. Kay discloses that the front-end proxy server can connect to

more than one back-end web server in a localized environment. Id. at 3:8–12.

2. The Combination of the Admitted Prior Art in View of Kay

Does Not Disclose Each and Every Limitation of Claims 1, 5

and 14 of the ’002 Patent

The combination of the Admitted Prior Art in view of Kay does not render

claims 1, 5 or 14 obvious. First, neither the Admitted Prior Art nor Kay discloses

“a plurality of authentication protocols” supported by a third party as required by

the ’002 Patent claims. Although Petitioner recognizes that “the claims … are

CBM2014-00035


70

directed toward providing the plug-ins on a platform of a third party instead of on

the platform of the merchant” (Napsky Decl. ¶ 17), Petitioner relies on the

disclosure in the ’002 Patent that, in the prior art, merchants installed a plug-in into

their processing systems and any such plug-in was associated with an issuer-

specific authentication protocol. See Pet. at 67, 71 and 76. Petitioner simply

asserts that Kay discloses “a plurality of authentication protocols” and a plug-in

layer (without insight into how those elements are disclosed).

Second, neither the Admitted Prior Art nor Kay discloses the universal

platform server, nor the server that receives payment information from a merchant,

as required by the’002 Patent claims. Further, neither the Admitted Prior Art nor

Kay disclose the particular software layers required by the claims of the ’002

Patent. The Admitted Prior Art discloses an issuer or service organization—

neither of which can be the third party of the ’002 Patent claims because they do

not even allegedly contain a server programmed with the specific layers required

by claim 1 and/or they do not allegedly perform the steps of the “universal

platform server” required by claims 5 and 14. Further, Petitioner does not allege

that Kay discloses the claimed third party.

Third, Petitioner fails to address the layered software architecture required

by Claim 1 let alone why it would be obvious to use the particular layered software

architecture of claim 1. There is no disclosure in the Background of the required

CBM2014-00035


71

software architecture and no such architecture is alleged to be disclosed in Kay.

Petitioner glosses over those deficiencies by alleging that the combination of

the Admitted Prior Art system with the Kay front-end proxy server would result in

“a front-end proxy server that acts as a unifying interface between various backend

authentication systems and a merchant’s website.” Pet. at 64. As detailed below,

that argument is illogical on its face. Further, such a combination fails to disclose

each and every element of the claims.


Combined or Modified the Alleged Prior Art References as

Recited by the Claims

Plainly, the combination of the Kay “front-end proxy server 104” with the

Admitted Prior Art would result in the use of a front-end proxy server that sits

between the end user (i.e., the consumer accessing web browser 114) and the

merchant’s back-end web server (102).

Kay at Figure 1(a). Indeed, the only web site remotely relevant to the claimed e-

CBM2014-00035


72

commerce transaction is the merchant’s website. Also, the only entity accessing

the merchant’s website is the consumer not the issuer. Indeed, because the Kay

“front-end proxy server” is intended to sit in front of a website and serve as the

single entry point to the website thereby controlling the website visitor’s access to

the back-end web server in a local environment, it is antithetical to the teachings of

Kay to de-couple the front-end proxy server from the back-end web server(s) and

move it to a location between the merchant and the issuer where in it no longer

serves its purpose as an entry point for a single website or a localized environment.

Petitioner fails to explain why one of skill in the art at the time of the invention

would have chosen not to use the “front-end server 104” for its intended purpose

and instead place the front-end server between a merchant’s back-end server and

the issuer’s processing system.

It is also contrary to the teachings of Kay to suggest that “the front-end

proxy server … acts as a unifying interface between various back-end

authentication systems and a merchant website.” Pet. at 64. Kay discloses that the

front-end proxy server 104 may be coupled to multiple back-end severs 202. Kay

at 4:40–53. Those back-end servers 202a and 202b are distributed back-end

servers for web site 200 coupled to the front-end proxy server by a communication

link. Id. at 4:40–45. Web site 200 may be distributed across multiple back-end

servers; however, the “front-end proxy server 204 still acts as the entry point to

CBM2014-00035


73

web site 200. This allows organizations that have servers that maintain different

types of information or have different owners to unify these servers to project a

single end-user entry point” Id. at 4:54–58. Thus, it is irrelevant whether multiple

entities own a server that supports an organization’s website because the front-end

proxy server acts as the entry point for the web site.

Using the Kay front-end proxy server as the entry point to different back-end

authentication systems supported by different issuing banks or service

organizations (e.g., Visa, MasterCard and American Express) while still remaining

true to the teaching of Kay that the front-end proxy server acts as a single entry

point to a web site would require a different “front-end proxy server” for each

issuing bank or service organization supported. Further, in that arrangement the

individual “front-end proxy servers” would not determine or select the particular

authentication protocol from the plurality of different authentication protocols as

required by the claims because the “front-end proxy server” would be a point of

entry for a single issuer and thus each “front-end proxy server” would only need or

use a single authentication protocol.

Lastly, even if one of ordinary skill in the art at the time of the invention

would have chosen to use the front-end proxy server disclosed in Kay as the entry

point for communication between a merchant and multiple card issuers, it would

have required the front-end proxy server to be repurposed to serve as the entry

CBM2014-00035


74

point to multiple different back-end systems, thus improperly destroying the

reference. See In re Gordon, 733 F.2d at 902 (reversing Board’s obviousness

conclusion where prior art reference “would be rendered inoperable for its intended

purpose” by proposed modification); Application of Ratti, 270 F.2d at 813 (no

motivation to make suggested combination of references under § 103 because it

“would require a substantial reconstruction and redesign of the elements shown in

[the prior art reference] as well as a change in the basic principles under which

[that reference’s] construction was designed to operate”). Petitioner’s conclusory

obviousness argument is unsupported by evidence and fails to address why one of

ordinary skill in the art at would have ignored the intended purpose of the Kay

front-end proxy server or provide a legitimate reason why one of ordinary skill in

the art would have moved the Kay front-end proxy server to a different location in

the proposed combination. Moreover, it is illogical to suggest that the Kay “front-

end proxy server” would be owned or controlled by an entity other than the

merchant.

Petitioner alleges that it would have been obvious to one of ordinary skill in

the art to combine the Admitted Prior Art with Kay because the ’002 Patent

discloses that in the prior art system “merchants … are responsible for updating

and/or changing their plug-in components to reflect” any changes mandated by the

issuers. Pet. at 64. Petitioner alleges that under the proposed modification, the

CBM2014-00035


75

client, i.e., merchant, would be “free[] .. from having to track all the modifications

made to the back-end server.” Pet. at 64. But the merchant would not be free from

having to track all the authentication protocol changes made by the issuer under

this proposed modification. Instead, the merchants would still be responsible for

updating and/or changing the plug-in components at the front-end proxy server(s)

used by the modified system because the merchant would necessarily own and

control those front-end proxy servers.

Petitioner also argues that Kay provides the motivation to combine because

it “provides a unified interface between a client device and a back-end server and

frees the client device from having to track all the modifications made to the back-

end server.” Pet. at 64. That argument ignores that a merchant’s use of the Kay

front-end proxy server is simply different from the use of a third-party server that

facilitates the authentication of a consumer in an e-commerce transaction because

the ’002 Patent claims require that the third-party server (as opposed to the

merchant) must determine, select and use the authentication protocol.

Further, Petitioner alleges that the combination “is merely applying a well-

known technique of using proxy servers to a known authentication system that is

ready for improvement in order to extract predictable results.” However, Petitioner

cites no support for arguing that the alleged Admitted Prior Art was “ready for

improvement” except for the inventor’s teachings and disclosure of the ’002

CBM2014-00035


76

Patent. See Pet. at 64-65. That is improper. See Mintz v. Dietz & Watson, Inc.,

679 F.3d 1372, 1377 (Fed. Cir. 2012) (“The district court has used the invention to

define the problem that the invention solves. Often the inventive contribution lies

in defining the problem in a new revelatory way. In other words, when someone is

presented with the identical problem and told to make the patented invention, it

often becomes virtually certain that the artisan will succeed in making the

invention.”); Ecolochem, Inc. v. S. Cal. Edison Co., 227 F.3d 1361, 1372–75 (Fed.

Cir. 2000) (reversing obviousness holding because district court engaged in

hindsight analysis in using the solution the inventor found to provide the

motivation to combine the references in a manner to make the claimed invention).

Accordingly, Petitioner clearly has used the teachings of the ’002 Patent as a

roadmap to modify the proposed combination of the Admitted Prior Art and Kay to

achieve the claimed invention. Such a hindsight reconstruction of the claimed

invention is improper. In re Fritch, 972 F.2d at 1266; The Gillette Co., 919 F.2d at

726; W.L. Gore, 721 F.2d at 1553.

C. Claim 1 of the ’002 Patent Is Not Obvious Over the Admitted

Prior Art in view of Gudgin

Petitioner fails to establish that it is more likely than not to prevail in arguing

that claim 1 of the ’002 Patent is invalid on this ground.

CBM2014-00035


77

1. The Scope and Content of the Admitted Prior Art and

Gudgin

Admitted Prior Art: The scope and content of the Admitted Prior Art is

detailed above in Section IX.B.1.

Gudgin: Gudgin is a specification for SOAP, which is a communication

protocol. Chatterjee Decl. ¶ 69.7 As Dr, Chatterjee explained, “SOAP, which

together with HTTP, is the communications protocol used in Web Services.”

Chatterjee Decl. ¶ 71. “SOAP version 1.2 is a lightweight protocol for exchange of

information in a decentralized, distributed environment.” Gudgin, abstract.

2. The Combination of the Background Prior Art in View of

Gudgin Does Not Disclose Each Limitation of Claim 1

Combining the Admitted Prior Art with Gudgin does not result in the

invention recited in claim 1 of the ’002 Patent. As discussed above in Section

IX.B.1., various elements recited in claim 1 are not disclosed in the Admitted Prior

Art. In particular, in the Admitted Prior Art the recited steps take place at the

merchant server but claim 1 contains layers adapted to connect with the merchant

and is plainly not a merchant system. See Claim 1 (“a connection layer for

connecting with the merchants to exchange communications therewith”); Pet. at 4

(“The use of a separate, non-merchant platform for authentication is the essence of

the claimed invention of the ’002 Patent …”); Napsky Decl. at ¶ 17 (“[T]he claims

7 SOAP is the acronym for Simple Object Access Protocol.

CBM2014-00035


78

… are directed toward providing the plug-ins on a platform of a third party instead

of on the platform of the merchant.). Despite recognizing that a third-party server

is required, Petitioner fails to identify anything in Gudgin that teaches, discloses or

suggests an intermediary third-party server between the merchant and issuer, much

less one that contains the specific processing layers as required by claim 1.

Petitioner’s argument primarily is based on the remote procedure call (RPC)

functionality of SOAP, which allows a client to call and execute a software module

located on a remote server. That argument necessarily presumes that a server of

the claimed third party exists in the system resulting from the combination of

Gudgin’s version of SOAP with the Admitted Prior Art. Pet. at 77–78. That is not

so. Rather, combining Gudgin’s version of SOAP with the Admitted Prior Art

would result in the prior-art system described in the ’002 Patent—in particular, the

merchant—using SOAP (and its remote procedure calls) to send messages to

external resources, such as the issuing bank or service organization. The issuing

bank or service organization cannot operate the claimed third-party server, which

obtains an authentication determination in accordance with the selected

authentication protocol because they actual make the authentication determination.

Further, there is simply no disclosure of the various processing layers of claim 1 in

either the Admitted Prior Art or SOAP. As Gudgin and the Admitted Prior Art in

combination do not disclose the “connection layer” for communicating with the

CBM2014-00035


79

merchant or the “distribution layer … residing between the connection layer and

the plug-in layer … routing communications between the connection layer and

selected plug-in components in the plug-in layer”, and there is no rationale

provided for why the a combined system would include such limitations, they do

not render Claim 1 obvious. See Pet. at 77-79.


Combined or Modified the Alleged Prior Art Reference

With Gudgin as Recited in Claim 1

Petitioner alleges that it would have been obvious at the time of the

invention to combine the Admitted Prior Art with Gudgin in the manner recited in

claim 1 of the ’002 because (1) “[d]oing so is merely applying the well-known

technique of remote procedure calls to the well-known authentication system that

is ready for improvement to yield predictable results” and (2) the teachings “found

in the background of the ’002 Patent, which states that as authentication protocols

are updated, the merchants would need to update them as well.” Pet. at 78.

Just like with its argument concerning the Admitted Prior Art in view of

Kay, Petitioner cites no support for arguing that the alleged Admitted Prior Art

was “ready for improvement” except for the inventor’s own identification of a

problem in the prior art and the disclosure of the technological solution for that

problem found in the ’002 Patent. See Pet. at 78. That is improper. The Federal

Circuit has emphasized that “[o]ften the inventive contribution lies in defining the

CBM2014-00035


80

problem in a new revelatory way. In other words, when someone is presented with

the identical problem and told to make the patented invention, it often becomes

virtually certain that the artisan will succeed in making the invention.” Mintz, 679

at 1377; Ecolochem, 227 F.3d at 1372–75.

X. CONCLUSION

In view of the above, Cardinal respectfully submits that Petitioner has failed

to establish that it is more likely than not that it will prevail as to at least one claim.

Accordingly, Cardinal respectfully requests that the Board decline to institute

Covered Business Method review of the ’002 Patent.

Respectfully Submitted,

/ Mark J. Abate /

Mark J. Abate (Reg. No. 32,527)

GOODWIN PROCTER LLP

The New York Times Building

620 Eighth Avenue

New York, NY 10018-1405

Telephone: 212-813-8800

Facsimile: 212-355-3333

E-mail: [email protected]

Jennifer A. Albert (Reg. No. 32,012)

GOODWIN PROCTER LLP

901 New York Avenue NW

Washington, D.C. 20001

Telephone: 202-346-4000

Facsimile: 202-346-4444


CBM2014-00035


CERTIFICATE OF SERVICE

I certify that a copy of the foregoing Preliminary Patent Owner Response to

Petition for Covered Business Method Review was served on February 21, 2014 by

electronic service via e-mail and First Class Mail to counsel for petitioner at the

following address:

Brian A. Tollefson

William N. Hughet

ROTHWELL, FIGG, ERNST

& MANBECK, P.C.

607 14th Street, N.W., Suite 800

Washington, D.C. 20005


[email protected]

/s/ Mark J. Abate

Mark J. Abate

ACTIVE/71587806.1

APPENDIX 1

LIST OF EXHIBITS RELIED UPON IN SUPPORT OF THIS

PATENT OWNER PRELIMINARY RESPONSE TO CORRECTED

PETITION FOR COVERED BUSINESS METHOD REVIEW

Exhibit 2001 Excerpt from Barron’s Dictionary of

Banking Terms (4th Ed. 2000)

Exhibit 2002 Decision of Delegate of the

Commissioner of Patents re: Australian

Patent Application No. 2003243523

(Australian Patent Office May 25, 2011)

UNITED STATES PATENT AND TRADEMARK...

Documents

Transcript of UNITED STATES PATENT AND TRADEMARK...